EasyCwmp - easycwmp
View Issue Details
0000196easycwmp[All Projects] Questionpublic2017-02-03 16:572017-02-06 16:43
carlberg 
mohamed.kallel 
normalblockalways
resolvedfixed 
Linux OpenWrt 4.4.14 #1 Mon Jan OpenWRTbleeding edge
0000196: Missing authentication header in http request
Hi,
I cant get authentication on ACS Request to work, using easycwmp-1.4.1 and easycwmp-1.5.1.

Have tested with different configuration, but only receive HTTP 401 from server.
Have used wireshark looking at traffic and I cant see any "Authorization" header in the request to the ACS.
I am expecting a "Authorization: Digest" header...but it seem to be missing.

Using follow config:
config acs
option periodic_enable '1'
option periodic_interval '100'
option periodic_time '0001-01-01T00:00:00Z'
option username 'acs'
option password 'password123'
option url 'http://server:8000/acs' [^]

Have also tested with: digest_enable='1', without success.
But I assume that is only used on local, not on acs.

Have read and follow: http://support.easycwmp.org/view.php?id=156&history=1 [^]
Looking at the code, http.c, cant see any Authorization Digest header added in http_send_message.
but I might be looking at the wrong place.

Any suggestions?

ex. HTTP Request
------------------

POST /acs/ HTTP/1.1
Host: server:8000
User-Agent: easycwmp
Content-Type: text/xml; charset="utf-8"
SOAPAction:
Content-Length: 2818
Expect: 100-continue

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <soap_env:Envelope
xmlns:soap_env="http://schemas.xmlsoap.org/.... [^]



HTTP/1.1 100 Continue

ex. HTTP Response
------------------
HTTP/1.1 401 Unauthorized
Date: Fri, 03 Feb 2017 15:45:35 GMT
WWW-Authenticate: Digest realm="ACSRealm", domain="/acs", nonce="8agf0qdFpFxYqCdeN6U/mWTkzhH+wSk2", algorithm=MD5, qop="auth", stale=false
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 337
Server: Jetty(9.3.8.v20160314)
....


Cheers
-Anders


Connect to an ACS that requires authentication.

If you need a server to testa with, I can provide one.
Created this issue some time ago, without response.
https://github.com/pivasoftware/easycwmp/issues/30 [^]
No tags attached.
zip ZyXEL Trace - Successful.zip (19,908) 2017-02-05 18:08
http://support.easycwmp.org/file_download.php?file_id=85&type=bug
zip EasyCWMP Trace HTTP401.zip (1,562) 2017-02-05 18:08
http://support.easycwmp.org/file_download.php?file_id=86&type=bug
? EasyCWMP_w_auth.pcapng (5,428) 2017-02-06 13:25
http://support.easycwmp.org/file_download.php?file_id=87&type=bug
? EasyCWMP_w_auth_more.pcapng (15,616) 2017-02-06 13:33
http://support.easycwmp.org/file_download.php?file_id=88&type=bug
Issue History
2017-02-03 16:57carlbergNew Issue
2017-02-03 16:59carlbergNote Added: 0000626
2017-02-04 10:13mohamed.kallelNote Added: 0000627
2017-02-05 18:08carlbergFile Added: ZyXEL Trace - Successful.zip
2017-02-05 18:08carlbergFile Added: EasyCWMP Trace HTTP401.zip
2017-02-05 18:13carlbergNote Added: 0000628
2017-02-06 09:58mohamed.kallelNote Added: 0000629
2017-02-06 11:03mohamed.kallelNote Edited: 0000629bug_revision_view_page.php?bugnote_id=629#r300
2017-02-06 12:49carlbergNote Added: 0000630
2017-02-06 13:25carlbergFile Added: EasyCWMP_w_auth.pcapng
2017-02-06 13:33carlbergFile Added: EasyCWMP_w_auth_more.pcapng
2017-02-06 13:34carlbergNote Added: 0000631
2017-02-06 13:41carlbergNote Edited: 0000630bug_revision_view_page.php?bugnote_id=630#r302
2017-02-06 13:46carlbergNote Added: 0000632
2017-02-06 14:11mohamed.kallelNote Added: 0000633
2017-02-06 14:30carlbergNote Added: 0000634
2017-02-06 14:53mohamed.kallelNote Added: 0000635
2017-02-06 14:55mohamed.kallelNote Edited: 0000635bug_revision_view_page.php?bugnote_id=635#r304
2017-02-06 15:23carlbergNote Added: 0000636
2017-02-06 16:34carlbergNote Added: 0000637
2017-02-06 16:42mohamed.kallelNote Edited: 0000637bug_revision_view_page.php?bugnote_id=637#r306
2017-02-06 16:43mohamed.kallelStatusnew => resolved
2017-02-06 16:43mohamed.kallelResolutionopen => fixed
2017-02-06 16:43mohamed.kallelAssigned To => mohamed.kallel

Notes
(0000626)
carlberg   
2017-02-03 16:59   
oh,, sorry.. wasn't meaning to set it as Severity: block..
(0000627)
mohamed.kallel   
2017-02-04 10:13   
we need traffic capture to analyze the issue.

Try to add the following option in the easycwmp config

uci set easycwmp.@acs[0].http100continue_disable=1
(0000628)
carlberg   
2017-02-05 18:13   
Added two files, Trace one for a working device (ZyXEL) and trace of a EasyCWMP 1.5.1 device.
So I cant see the EasyCWMP response to the first HTTP 401 with the correct header.

Tested using: uci set easycwmp.@acs[0].http100continue_disable=1
But, no change.

Current config:

config local
        option interface 'eth0'
        option port '7547'
        option ubus_socket '/var/run/ubus.sock'
        option date_format '%FT%T%z'
        option username 'easycwmp'
        option password 'easycwmp'
        option logging_level '3'

config acs
        option periodic_enable '1'
        option periodic_interval '100'
        option periodic_time '0001-01-01T00:00:00Z'
        option url 'http://192.168.1.120:10301/acs/' [^]
        option username 'acs'
        option password 'acs'
        option http100continue_disable '1'

config device
        option manufacturer 'OpenWrt
http://www.openwrt.org/' [^]
        option product_class 'Generic'
        option hardware_version 'v0'
        option software_version '50082'
        option oui '90F652'
        option serial_number '90F6522BF8FF'


Send me a mail if you need a ACS server to test with..
anderscarlberg74@hotmail.com
(0000629)
mohamed.kallel   
2017-02-06 09:58   
(edited on: 2017-02-06 11:03)
The files you sent do not help
please send the capture file (pcap file captured with wireshark for example)
And send also the log of easycwmp

I have a question: What is the SSL options that you you used to build libcurl?

(0000630)
carlberg   
2017-02-06 12:49   
(edited on: 2017-02-06 13:41)
okay, I send over some pcap files.

Running on OpenWrt Main (Bleeding Edge)
I have not used any specific SSL options,
have simply follow the guide for OpenWRT build for easycwmp and microxml. http://www.easycwmp.org/install.html [^]

so, I have not built libcurl explicit.

(0000631)
carlberg   
2017-02-06 13:34   
Uploaded two .pcap files.
_more, contains more then one sequence.

Get back to me if you need something..
(0000632)
carlberg   
2017-02-06 13:46   
Logread logging.. (cant find any specific logging for easycwmp).

Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:19 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: retry session in 60 sec, RetryCount = 4
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:57 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: retry session in 120 sec, RetryCount = 5
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:33:37 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: retry session in 240 sec, RetryCount = 6
(0000633)
mohamed.kallel   
2017-02-06 14:11   
what is the output of the following command on your openWRT

opkg depends libcurl
(0000634)
carlberg   
2017-02-06 14:30   
root@OpenWrt:/# opkg depends libcurl
libcurl depends on:
        libc
        libpolarssl
(0000635)
mohamed.kallel   
2017-02-06 14:53   
(edited on: 2017-02-06 14:55)
In the make menuconfig:
Under: Libraries > Libcurl
Check that the option "Enable cryptographic authentication" is selected.

If not selected, please select it and rebuild your libcurl and then rebuil easycwmp and then re-install both libcurl and easycwmp

(0000636)
carlberg   
2017-02-06 15:23   
..it was not selected..
I am rebuilding now.. I'll get back to you when I have tested.
(0000637)
carlberg   
2017-02-06 16:34   
(edited on: 2017-02-06 16:42)
Yeah!
It seem to work now..
I rebuild and install libcurl and it start working.

Thank you..

Now I will go ahead and start testing things..