EasyCwmp

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000065easycwmp[All Projects] Bugpublic2015-07-03 12:292015-10-05 14:40
Reporterfeckert 
Assigned Tomohamed.kallel 
PriorityurgentSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Summary0000065: http_digest_auth_fail_response with easycwmp
DescriptionHello,

i am using easycwmp on the cpe side and genieacs on the acs side. If we set a password on the cpe side the acs cannot make a connection request to the cpe. Only if the cpe makes a connection request the task will be started.

I have asked the geniacs developer if his software is responsible for the failer. So i made a tcpdump and send it to him.
His answer was:

"I may have found the cause of the problem. The client is sending a response without Content-Length header or a terminating CRLF sequence (in case of chunked encoding) which Node.js interprets, correctly so, as invalid HTTP response. Working around this involves implementing HTTP GET on top of Node.js sockets which isn't trivial. I suspect it worked using a web browser because browsers always seem to be more lenient towards this kind of quirks. I suggest you contact EasyCWMP guys to investigate."

Steps To ReproduceUse eascwmp on the cpe side
Use genieacs on the acs side
Set a password on the easycwmp side for connection request from acs to cpe

Nothing will happen if you make a request. The request will be served when the cpe makes a request to the acs
Additional Informationtcpdump of the connection request

on failer with geniacs and easycwmp
on success with browser and easycwmp
TagsNo tags attached.
Attached Files? file icon tcpdump [^] (25,067 bytes) 2015-07-03 12:29 [Show Content]

- Relationships

-  Notes
(0000232)
mohamed.kallel (manager)
2015-07-04 21:40

change the following lines in the http.c file:

http_end_child:
            fflush(fp);
            if (auth_status) {
                status = 0;
                fputs("HTTP/1.1 200 OK\r\n", fp);
            } else {
                status = EACCES;
                fputs("HTTP/1.1 401 Unauthorized\r\n", fp);
                fputs("Connection: close\r\n", fp);
                http_digest_auth_fail_response(fp, "GET", "/", REALM, OPAQUE);
            }
            fputs("\r\n", fp);



by the following lines:


http_end_child:
            fflush(fp);
            if (auth_status) {
                status = 0;
                fputs("HTTP/1.1 200 OK\r\n", fp);
                fputs("Content-Length: 0\r\n", fp);
            } else {
                status = EACCES;
                fputs("HTTP/1.1 401 Unauthorized\r\n", fp);
                fputs("Content-Length: 0\r\n", fp);
                fputs("Connection: close\r\n", fp);
                http_digest_auth_fail_response(fp, "GET", "/", REALM, OPAQUE);
            }
            fputs("\r\n", fp);

I will update the easycwmp code with that in the next delivery
(0000234)
feckert (reporter)
2015-07-05 00:40
edited on: 2015-07-05 00:41

Hello Mohamed,

thank you for bug fixing.
I will upgrade my easycwmp to the newest version where this is fixed :-)

Kind regards flo

(0000236)
feckert (reporter)
2015-07-07 10:44

Hello Mohamed,

we have tested it but its alread not working. The genieacs developer checked it again and figured out the Problem. You have to added an single additional "\r\n" in the of your headers.

Following lind are from the developer of genieacs:
------
Looking at the response, it seems that it's still the CRLF missing at
the end of the response. This is a valid response:

    HTTP/1.1 405 Method Not Allowed\r\nAllow: POST\r\nContent-Length: 0:
    Content-Length: 0\r\nDate: Mon, 06 Jul 2015 22:39:34
    GMT\r\nConnection: close\r\n\r\n

And this is the response form your CPE which is invalid:

    HTTP/1.1 401 Unauthorized\r\nContent-Length: 0\r\nConnection:
    close\r\nWWW-Authenticate: Digest
    realm=\"realm@easycwmp\",qop=\"auth\",nonce=\"16694e41cf86d490e3b9a12a256476bd000094a1\",opaque=\"328458fab28345ae87ab3210a8513b14eff452a2\"\r\n


Note in the first one there are two pairs of CRLF. One to indicate the
end of a particular header, and one to indicate the end of the headers
section. Sorry, I should have made that clearer in my original comment.

Please keep me posted on this progress of this with EasyCWMP.
----

Please add this to your next version
(0000237)
mohamed.kallel (manager)
2015-07-07 12:39

please provide your http.c with patch applied
(0000238)
feckert (reporter)
2015-07-07 13:54

Hello Mohamed,

that are the changes we have made to http.c to get it working with the newest easycwmp 1.1.3

Index: src/http.c
===================================================================
--- src.orig/http.c
+++ src/http.c
@@ -254,11 +254,14 @@ http_end_child:
             if (auth_status) {
                 status = 0;
                 fputs("HTTP/1.1 200 OK\r\n", fp);
+ fputs("Content-Length: 0\r\n", fp);
             } else {
                 status = EACCES;
                 fputs("HTTP/1.1 401 Unauthorized\r\n", fp);
+ fputs("Content-Length: 0\r\n", fp);
                 fputs("Connection: close\r\n", fp);
                 http_digest_auth_fail_response(fp, "GET", "/", REALM, OPAQUE);
+ fputs("\r\n", fp);
             }
             fputs("\r\n", fp);
             goto done_child;
===================================================================
(0000239)
mohamed.kallel (manager)
2015-07-07 14:09

so it works now with this patch?
(0000240)
feckert (reporter)
2015-07-07 14:19
edited on: 2015-07-07 14:23

Yes thats right,

as noted in 0000236 the last "CRLN" is for "to indicate the end of the headers
section".
It is because genieacs is written in node.js and it wants an valid http respond. If this is not so the whole message is discard.

Flo

(0000253)
feckert (reporter)
2015-07-28 14:01

Hello,

I have downloaded the newest version of easycwmp but as i saw the patch of this issue was not applied!

Do you need any test?

Kind regards

flo
(0000254)
mohamed.kallel (manager)
2015-07-28 18:05

Hi Flo

Sorry, I m really busy
I will try to merge your patch as soon as possible

Regards
(0000255)
feckert (reporter)
2015-07-30 13:59

Hello Mohamed,

thank you :-)
(0000297)
mohamed.kallel (manager)
2015-10-05 14:40

fixed in EasyCwmp-1.1.7

- Issue History
Date Modified Username Field Change
2015-07-03 12:29 feckert New Issue
2015-07-03 12:29 feckert File Added: tcpdump
2015-07-04 21:40 mohamed.kallel Note Added: 0000232
2015-07-05 00:40 feckert Note Added: 0000234
2015-07-05 00:40 feckert Note Edited: 0000234 View Revisions
2015-07-05 00:41 feckert Note Edited: 0000234 View Revisions
2015-07-07 10:44 feckert Note Added: 0000236
2015-07-07 12:39 mohamed.kallel Note Added: 0000237
2015-07-07 13:54 feckert Note Added: 0000238
2015-07-07 14:09 mohamed.kallel Note Added: 0000239
2015-07-07 14:19 feckert Note Added: 0000240
2015-07-07 14:23 feckert Note Edited: 0000240 View Revisions
2015-07-28 14:01 feckert Note Added: 0000253
2015-07-28 18:05 mohamed.kallel Note Added: 0000254
2015-07-30 13:59 feckert Note Added: 0000255
2015-10-05 14:40 mohamed.kallel Note Added: 0000297
2015-10-05 14:40 mohamed.kallel Status new => resolved
2015-10-05 14:40 mohamed.kallel Resolution open => fixed
2015-10-05 14:40 mohamed.kallel Assigned To => mohamed.kallel


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker