EasyCwmp - easycwmp |
View Issue Details |
|
ID | Project | Category | View Status | Date Submitted | Last Update |
0000196 | easycwmp | [All Projects] Question | public | 2017-02-03 16:57 | 2017-02-06 16:43 |
|
Reporter | carlberg | |
Assigned To | mohamed.kallel | |
Priority | normal | Severity | block | Reproducibility | always |
Status | resolved | Resolution | fixed | |
Platform | Linux OpenWrt 4.4.14 #1 Mon Jan | OS | OpenWRT | OS Version | bleeding edge |
|
Summary | 0000196: Missing authentication header in http request |
Description | Hi,
I cant get authentication on ACS Request to work, using easycwmp-1.4.1 and easycwmp-1.5.1.
Have tested with different configuration, but only receive HTTP 401 from server.
Have used wireshark looking at traffic and I cant see any "Authorization" header in the request to the ACS.
I am expecting a "Authorization: Digest" header...but it seem to be missing.
Using follow config:
config acs
option periodic_enable '1'
option periodic_interval '100'
option periodic_time '0001-01-01T00:00:00Z'
option username 'acs'
option password 'password123'
option url 'http://server:8000/acs' [^]
Have also tested with: digest_enable='1', without success.
But I assume that is only used on local, not on acs.
Have read and follow: http://support.easycwmp.org/view.php?id=156&history=1 [^]
Looking at the code, http.c, cant see any Authorization Digest header added in http_send_message.
but I might be looking at the wrong place.
Any suggestions?
ex. HTTP Request
------------------
POST /acs/ HTTP/1.1
Host: server:8000
User-Agent: easycwmp
Content-Type: text/xml; charset="utf-8"
SOAPAction:
Content-Length: 2818
Expect: 100-continue
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<soap_env:Envelope
xmlns:soap_env="http://schemas.xmlsoap.org/.... [^]
HTTP/1.1 100 Continue
ex. HTTP Response
------------------
HTTP/1.1 401 Unauthorized
Date: Fri, 03 Feb 2017 15:45:35 GMT
WWW-Authenticate: Digest realm="ACSRealm", domain="/acs", nonce="8agf0qdFpFxYqCdeN6U/mWTkzhH+wSk2", algorithm=MD5, qop="auth", stale=false
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 337
Server: Jetty(9.3.8.v20160314)
....
Cheers
-Anders
|
Steps To Reproduce | Connect to an ACS that requires authentication.
If you need a server to testa with, I can provide one. |
Additional Information | Created this issue some time ago, without response.
https://github.com/pivasoftware/easycwmp/issues/30 [^]
|
Tags | No tags attached. |
Relationships | |
Attached Files | ZyXEL Trace - Successful.zip (19,908) 2017-02-05 18:08 http://support.easycwmp.org/file_download.php?file_id=85&type=bug
EasyCWMP Trace HTTP401.zip (1,562) 2017-02-05 18:08 http://support.easycwmp.org/file_download.php?file_id=86&type=bug
EasyCWMP_w_auth.pcapng (5,428) 2017-02-06 13:25 http://support.easycwmp.org/file_download.php?file_id=87&type=bug
EasyCWMP_w_auth_more.pcapng (15,616) 2017-02-06 13:33 http://support.easycwmp.org/file_download.php?file_id=88&type=bug |
|
Issue History |
Date Modified | Username | Field | Change |
2017-02-03 16:57 | carlberg | New Issue | |
2017-02-03 16:59 | carlberg | Note Added: 0000626 | |
2017-02-04 10:13 | mohamed.kallel | Note Added: 0000627 | |
2017-02-05 18:08 | carlberg | File Added: ZyXEL Trace - Successful.zip | |
2017-02-05 18:08 | carlberg | File Added: EasyCWMP Trace HTTP401.zip | |
2017-02-05 18:13 | carlberg | Note Added: 0000628 | |
2017-02-06 09:58 | mohamed.kallel | Note Added: 0000629 | |
2017-02-06 11:03 | mohamed.kallel | Note Edited: 0000629 | bug_revision_view_page.php?bugnote_id=629#r300 |
2017-02-06 12:49 | carlberg | Note Added: 0000630 | |
2017-02-06 13:25 | carlberg | File Added: EasyCWMP_w_auth.pcapng | |
2017-02-06 13:33 | carlberg | File Added: EasyCWMP_w_auth_more.pcapng | |
2017-02-06 13:34 | carlberg | Note Added: 0000631 | |
2017-02-06 13:41 | carlberg | Note Edited: 0000630 | bug_revision_view_page.php?bugnote_id=630#r302 |
2017-02-06 13:46 | carlberg | Note Added: 0000632 | |
2017-02-06 14:11 | mohamed.kallel | Note Added: 0000633 | |
2017-02-06 14:30 | carlberg | Note Added: 0000634 | |
2017-02-06 14:53 | mohamed.kallel | Note Added: 0000635 | |
2017-02-06 14:55 | mohamed.kallel | Note Edited: 0000635 | bug_revision_view_page.php?bugnote_id=635#r304 |
2017-02-06 15:23 | carlberg | Note Added: 0000636 | |
2017-02-06 16:34 | carlberg | Note Added: 0000637 | |
2017-02-06 16:42 | mohamed.kallel | Note Edited: 0000637 | bug_revision_view_page.php?bugnote_id=637#r306 |
2017-02-06 16:43 | mohamed.kallel | Status | new => resolved |
2017-02-06 16:43 | mohamed.kallel | Resolution | open => fixed |
2017-02-06 16:43 | mohamed.kallel | Assigned To | => mohamed.kallel |
Notes |
|
|
oh,, sorry.. wasn't meaning to set it as Severity: block.. |
|
|
|
we need traffic capture to analyze the issue.
Try to add the following option in the easycwmp config
uci set easycwmp.@acs[0].http100continue_disable=1 |
|
|
|
Added two files, Trace one for a working device (ZyXEL) and trace of a EasyCWMP 1.5.1 device.
So I cant see the EasyCWMP response to the first HTTP 401 with the correct header.
Tested using: uci set easycwmp.@acs[0].http100continue_disable=1
But, no change.
Current config:
config local
option interface 'eth0'
option port '7547'
option ubus_socket '/var/run/ubus.sock'
option date_format '%FT%T%z'
option username 'easycwmp'
option password 'easycwmp'
option logging_level '3'
config acs
option periodic_enable '1'
option periodic_interval '100'
option periodic_time '0001-01-01T00:00:00Z'
option url 'http://192.168.1.120:10301/acs/' [^]
option username 'acs'
option password 'acs'
option http100continue_disable '1'
config device
option manufacturer 'OpenWrt
http://www.openwrt.org/' [^]
option product_class 'Generic'
option hardware_version 'v0'
option software_version '50082'
option oui '90F652'
option serial_number '90F6522BF8FF'
Send me a mail if you need a ACS server to test with..
anderscarlberg74@hotmail.com |
|
|
(0000629)
|
mohamed.kallel
|
2017-02-06 09:58
(edited on: 2017-02-06 11:03) |
|
The files you sent do not help
please send the capture file (pcap file captured with wireshark for example)
And send also the log of easycwmp
I have a question: What is the SSL options that you you used to build libcurl?
|
|
|
(0000630)
|
carlberg
|
2017-02-06 12:49
(edited on: 2017-02-06 13:41) |
|
okay, I send over some pcap files.
Running on OpenWrt Main (Bleeding Edge)
I have not used any specific SSL options,
have simply follow the guide for OpenWRT build for easycwmp and microxml. http://www.easycwmp.org/install.html [^]
so, I have not built libcurl explicit.
|
|
|
|
Uploaded two .pcap files.
_more, contains more then one sequence.
Get back to me if you need something.. |
|
|
|
Logread logging.. (cant find any specific logging for easycwmp).
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:19 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: retry session in 60 sec, RetryCount = 4
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:57 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: retry session in 120 sec, RetryCount = 5
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:33:37 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: retry session in 240 sec, RetryCount = 6 |
|
|
|
what is the output of the following command on your openWRT
opkg depends libcurl |
|
|
|
root@OpenWrt:/# opkg depends libcurl
libcurl depends on:
libc
libpolarssl |
|
|
(0000635)
|
mohamed.kallel
|
2017-02-06 14:53
(edited on: 2017-02-06 14:55) |
|
In the make menuconfig:
Under: Libraries > Libcurl
Check that the option "Enable cryptographic authentication" is selected.
If not selected, please select it and rebuild your libcurl and then rebuil easycwmp and then re-install both libcurl and easycwmp
|
|
|
|
..it was not selected..
I am rebuilding now.. I'll get back to you when I have tested. |
|
|
(0000637)
|
carlberg
|
2017-02-06 16:34
(edited on: 2017-02-06 16:42) |
|
Yeah!
It seem to work now..
I rebuild and install libcurl and it start working.
Thank you..
Now I will go ahead and start testing things..
|
|