EasyCwmp

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000196easycwmp[All Projects] Questionpublic2017-02-03 16:572017-02-06 16:43
Reportercarlberg 
Assigned Tomohamed.kallel 
PrioritynormalSeverityblockReproducibilityalways
StatusresolvedResolutionfixed 
PlatformLinux OpenWrt 4.4.14 #1 Mon Jan OSOpenWRTOS Versionbleeding edge
Summary0000196: Missing authentication header in http request
DescriptionHi,
I cant get authentication on ACS Request to work, using easycwmp-1.4.1 and easycwmp-1.5.1.

Have tested with different configuration, but only receive HTTP 401 from server.
Have used wireshark looking at traffic and I cant see any "Authorization" header in the request to the ACS.
I am expecting a "Authorization: Digest" header...but it seem to be missing.

Using follow config:
config acs
option periodic_enable '1'
option periodic_interval '100'
option periodic_time '0001-01-01T00:00:00Z'
option username 'acs'
option password 'password123'
option url 'http://server:8000/acs' [^]

Have also tested with: digest_enable='1', without success.
But I assume that is only used on local, not on acs.

Have read and follow: http://support.easycwmp.org/view.php?id=156&history=1 [^]
Looking at the code, http.c, cant see any Authorization Digest header added in http_send_message.
but I might be looking at the wrong place.

Any suggestions?

ex. HTTP Request
------------------

POST /acs/ HTTP/1.1
Host: server:8000
User-Agent: easycwmp
Content-Type: text/xml; charset="utf-8"
SOAPAction:
Content-Length: 2818
Expect: 100-continue

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <soap_env:Envelope
xmlns:soap_env="http://schemas.xmlsoap.org/.... [^]



HTTP/1.1 100 Continue

ex. HTTP Response
------------------
HTTP/1.1 401 Unauthorized
Date: Fri, 03 Feb 2017 15:45:35 GMT
WWW-Authenticate: Digest realm="ACSRealm", domain="/acs", nonce="8agf0qdFpFxYqCdeN6U/mWTkzhH+wSk2", algorithm=MD5, qop="auth", stale=false
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 337
Server: Jetty(9.3.8.v20160314)
....


Cheers
-Anders


Steps To ReproduceConnect to an ACS that requires authentication.

If you need a server to testa with, I can provide one.
Additional InformationCreated this issue some time ago, without response.
https://github.com/pivasoftware/easycwmp/issues/30 [^]
TagsNo tags attached.
Attached Fileszip file icon ZyXEL Trace - Successful.zip [^] (19,908 bytes) 2017-02-05 18:08
zip file icon EasyCWMP Trace HTTP401.zip [^] (1,562 bytes) 2017-02-05 18:08
? file icon EasyCWMP_w_auth.pcapng [^] (5,428 bytes) 2017-02-06 13:25
? file icon EasyCWMP_w_auth_more.pcapng [^] (15,616 bytes) 2017-02-06 13:33

- Relationships

-  Notes
(0000626)
carlberg (reporter)
2017-02-03 16:59

oh,, sorry.. wasn't meaning to set it as Severity: block..
(0000627)
mohamed.kallel (manager)
2017-02-04 10:13

we need traffic capture to analyze the issue.

Try to add the following option in the easycwmp config

uci set easycwmp.@acs[0].http100continue_disable=1
(0000628)
carlberg (reporter)
2017-02-05 18:13

Added two files, Trace one for a working device (ZyXEL) and trace of a EasyCWMP 1.5.1 device.
So I cant see the EasyCWMP response to the first HTTP 401 with the correct header.

Tested using: uci set easycwmp.@acs[0].http100continue_disable=1
But, no change.

Current config:

config local
        option interface 'eth0'
        option port '7547'
        option ubus_socket '/var/run/ubus.sock'
        option date_format '%FT%T%z'
        option username 'easycwmp'
        option password 'easycwmp'
        option logging_level '3'

config acs
        option periodic_enable '1'
        option periodic_interval '100'
        option periodic_time '0001-01-01T00:00:00Z'
        option url 'http://192.168.1.120:10301/acs/' [^]
        option username 'acs'
        option password 'acs'
        option http100continue_disable '1'

config device
        option manufacturer 'OpenWrt
http://www.openwrt.org/' [^]
        option product_class 'Generic'
        option hardware_version 'v0'
        option software_version '50082'
        option oui '90F652'
        option serial_number '90F6522BF8FF'


Send me a mail if you need a ACS server to test with..
anderscarlberg74@hotmail.com
(0000629)
mohamed.kallel (manager)
2017-02-06 09:58
edited on: 2017-02-06 11:03

The files you sent do not help
please send the capture file (pcap file captured with wireshark for example)
And send also the log of easycwmp

I have a question: What is the SSL options that you you used to build libcurl?

(0000630)
carlberg (reporter)
2017-02-06 12:49
edited on: 2017-02-06 13:41

okay, I send over some pcap files.

Running on OpenWrt Main (Bleeding Edge)
I have not used any specific SSL options,
have simply follow the guide for OpenWRT build for easycwmp and microxml. http://www.easycwmp.org/install.html [^]

so, I have not built libcurl explicit.

(0000631)
carlberg (reporter)
2017-02-06 13:34

Uploaded two .pcap files.
_more, contains more then one sequence.

Get back to me if you need something..
(0000632)
carlberg (reporter)
2017-02-06 13:46

Logread logging.. (cant find any specific logging for easycwmp).

Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:19 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: retry session in 60 sec, RetryCount = 4
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:57 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: retry session in 120 sec, RetryCount = 5
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ [^]
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:33:37 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: retry session in 240 sec, RetryCount = 6
(0000633)
mohamed.kallel (manager)
2017-02-06 14:11

what is the output of the following command on your openWRT

opkg depends libcurl
(0000634)
carlberg (reporter)
2017-02-06 14:30

root@OpenWrt:/# opkg depends libcurl
libcurl depends on:
        libc
        libpolarssl
(0000635)
mohamed.kallel (manager)
2017-02-06 14:53
edited on: 2017-02-06 14:55

In the make menuconfig:
Under: Libraries > Libcurl
Check that the option "Enable cryptographic authentication" is selected.

If not selected, please select it and rebuild your libcurl and then rebuil easycwmp and then re-install both libcurl and easycwmp

(0000636)
carlberg (reporter)
2017-02-06 15:23

..it was not selected..
I am rebuilding now.. I'll get back to you when I have tested.
(0000637)
carlberg (reporter)
2017-02-06 16:34
edited on: 2017-02-06 16:42

Yeah!
It seem to work now..
I rebuild and install libcurl and it start working.

Thank you..

Now I will go ahead and start testing things..


- Issue History
Date Modified Username Field Change
2017-02-03 16:57 carlberg New Issue
2017-02-03 16:59 carlberg Note Added: 0000626
2017-02-04 10:13 mohamed.kallel Note Added: 0000627
2017-02-05 18:08 carlberg File Added: ZyXEL Trace - Successful.zip
2017-02-05 18:08 carlberg File Added: EasyCWMP Trace HTTP401.zip
2017-02-05 18:13 carlberg Note Added: 0000628
2017-02-06 09:58 mohamed.kallel Note Added: 0000629
2017-02-06 11:03 mohamed.kallel Note Edited: 0000629 View Revisions
2017-02-06 12:49 carlberg Note Added: 0000630
2017-02-06 13:25 carlberg File Added: EasyCWMP_w_auth.pcapng
2017-02-06 13:33 carlberg File Added: EasyCWMP_w_auth_more.pcapng
2017-02-06 13:34 carlberg Note Added: 0000631
2017-02-06 13:41 carlberg Note Edited: 0000630 View Revisions
2017-02-06 13:46 carlberg Note Added: 0000632
2017-02-06 14:11 mohamed.kallel Note Added: 0000633
2017-02-06 14:30 carlberg Note Added: 0000634
2017-02-06 14:53 mohamed.kallel Note Added: 0000635
2017-02-06 14:55 mohamed.kallel Note Edited: 0000635 View Revisions
2017-02-06 15:23 carlberg Note Added: 0000636
2017-02-06 16:34 carlberg Note Added: 0000637
2017-02-06 16:42 mohamed.kallel Note Edited: 0000637 View Revisions
2017-02-06 16:43 mohamed.kallel Status new => resolved
2017-02-06 16:43 mohamed.kallel Resolution open => fixed
2017-02-06 16:43 mohamed.kallel Assigned To => mohamed.kallel


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker