View Issue Details

IDProjectCategoryView StatusLast Update
0000095easycwmpBugpublic2015-12-17 10:06
Reporterswcims Assigned Tomohamed.kallel  
PriorityurgentSeverityblockReproducibilityalways
Status resolvedResolutionno change required 
Summary0000095: This is http_digest_auth_fail_response issue on easycwmp 1.2.1
DescriptionWe use private ACS tool to test easycwmp. This ACS tool will first send connection request, then send informrpc to CPE; and then CPE will send inform to ACS.

Now on easycwmp version 1.2.1, easycwmp will show http_digest_auth_fail_response after receive ACS send connection request.

I debug the source and found two places cause this issue:
1.First,this issue is caused by " *end != '\0'".
    I can check:nc=00000001, nci=1, but I don't know why the "end" value is wrong.
    nci = strtoul(nc, &end, 16);
        if (('\0' != *end) || ((LONG_MAX == nci) && (ERANGE == errno)))
        {
            DD("Authentication failed, invalid format.");
            return MHD_NO; /* invalid nonce format */
        }

2. I comment the adjustment of "*end",and go on, but digest auth is still failed on comparing "response" and "respexp":
    return (0 == strcmp(response, respexp)) ? MHD_YES : MHD_NO;

I am not sure whether it is related to libcurl and openssl, here is the information about curl, it seems that curl is compiled with openssl:
   curl -V
   curl 7.29.0 (arm-openwrt-linux-gnu) libcurl/7.29.0 OpenSSL/1.0.1e zlib/1.2.7
   Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
   Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
   Any suggestion is highly appreciated! Thanks!
TagsNo tags attached.
e-mail notification

Activities

mohamed.kallel

2015-11-16 17:46

administrator   ~0000322

This is not reproduced for us. May be the problem cause is your private ACS tool. Or may be you configured your private ACS tool with a wrong login/password of Connection Request

Could you please send traffic capture.

swcims

2015-11-19 10:58

reporter  

Unauthorized.pcapng (9,244 bytes)

swcims

2015-11-19 11:00

reporter   ~0000323

Last edited: 2015-11-19 11:01

Hi Manager, thanks!
Please check the packets. The CPE's IP is 10.128.32.162, the ACS tool's IP is 10.128.32.58. You can see that ACS tool first sent connection requestion, then CPE responsed by seding "Unauthorized" packet;and then ACS tool continue to sent connection requestion, but CPE sent "FIN ACK" packet. Then the connection was failed.

mohamed.kallel

2015-11-19 12:09

administrator   ~0000324

Last edited: 2015-11-19 12:09

I have a doubt that your cnonce in the http get (from your ACS tool) is not good.

Could you please make Connection Request with your web browser to your equipment and check if the digest works. Just in your browser type:

http://<equipment_ip_address>:7547

and then enter the right username/passworf of the Connection request.

The username/password of the connection request are saved in the config under:
easycwmp.@local[0].username
easycwmp.@local[0].password

swcims

2015-11-25 08:25

reporter   ~0000325

Hi manager, from equipment's wan side, I typed this hyperlink in browser, but could not open this GUI at all. Then I flushed iptables and typed the link, browser displayed blank page,there was no any content. Would you please provide advice? Thanks!

mohamed.kallel

2015-11-25 09:21

administrator   ~0000326

Last edited: 2015-11-25 09:22

You should not get any GUI. your browser send Connection request and the equipment accepts the request by sending http 1.1 200 OK without content.

So after you make the Connection request from your web browser you should see easycwmpd starting tr-069 session

what's your login/password of connection request? could you send your easycwmpd config.
What's the config of your ACS tool? could you send it? what is the login/passsword that your ACS tool use in the Connection Request?

swcims

2015-12-02 11:34

reporter   ~0000335

Hi Manager, please help check, thanks!

Here is the easycwmpd config

config local
        option interface 'eth0'
        option port '7547'
        option ubus_socket '/var/run/ubus.sock'
        option date_format '%FT%T%z'
        option username 'root'
        option password 'admin'
        option logging_level '3'

config acs
        option url 'http://10.128.32.58:9999'
        option username 'admin'
        option password 'admin'
        option periodic_enable '1'
        option periodic_interval '100'
        option periodic_time '0001-01-01T00:00:00Z'

config device
        option manufacturer 'Test-device'
        option oui 'FFFFFF'
        option product_class 'easycwmp'
        option serial_number 'ABC123456'
        option hardware_version 'hw_ver-1.0'
        option software_version 'sw_ver-2.0'

Here is the config of acs tool:
disableAuth=false
xmlValidation=true
license=51745e0a18351d48456666e1e015b49554e515b5a4b797a6b7a636477
needConnRequest=true
cwmpComplianceSOAPArray=false
cwmpOldStyleCookie=true

# The host name or IP address of the ACS server.
acsHost=10.128.32.58

# The port number the ACS server is listening on.
acsPort=9999

# The port number the HTTP file server is listening on.
fileServerPort=9797

# The uri of the ACS server.
uri=/acs

cpeUsername=admin

cpePassword=admin

cpeHost=10.128.32.101

cpePort=7547

# username for the connection request.
connectionReqUsername=root

# passwd for the connection request.
connectionReqPassword=admin

#the time delay of CPE messages.
socketTimeout=60

mohamed.kallel

2015-12-02 13:11

administrator   ~0000336

Your configs look good. Since the connection request works with your web browser then it s a quite difficult to find out the cause without your acts tool.
Could u please provide us your acts tool or a remote access to reproduce the issue?

Issue History

Date Modified Username Field Change
2015-11-13 07:49 swcims New Issue
2015-11-16 17:46 mohamed.kallel Note Added: 0000322
2015-11-19 10:58 swcims File Added: Unauthorized.pcapng
2015-11-19 11:00 swcims Note Added: 0000323
2015-11-19 11:01 swcims Note Edited: 0000323
2015-11-19 12:09 mohamed.kallel Note Added: 0000324
2015-11-19 12:09 mohamed.kallel Note Edited: 0000324
2015-11-25 08:25 swcims Note Added: 0000325
2015-11-25 09:21 mohamed.kallel Note Added: 0000326
2015-11-25 09:22 mohamed.kallel Note Edited: 0000326
2015-12-02 11:34 swcims Note Added: 0000335
2015-12-02 13:11 mohamed.kallel Note Added: 0000336
2015-12-17 10:06 mohamed.kallel Status new => resolved
2015-12-17 10:06 mohamed.kallel Resolution open => no change required
2015-12-17 10:06 mohamed.kallel Assigned To => mohamed.kallel