EasyCwmp - easycwmp
View Issue Details
0000095easycwmp[All Projects] Bugpublic2015-11-13 07:492015-12-17 10:06
swcims 
mohamed.kallel 
urgentblockalways
resolvedno change required 
0000095: This is http_digest_auth_fail_response issue on easycwmp 1.2.1
We use private ACS tool to test easycwmp. This ACS tool will first send connection request, then send informrpc to CPE; and then CPE will send inform to ACS.

Now on easycwmp version 1.2.1, easycwmp will show http_digest_auth_fail_response after receive ACS send connection request.

I debug the source and found two places cause this issue:
1.First,this issue is caused by " *end != '\0'".
    I can check:nc=00000001, nci=1, but I don't know why the "end" value is wrong.
    nci = strtoul(nc, &end, 16);
        if (('\0' != *end) || ((LONG_MAX == nci) && (ERANGE == errno)))
        {
            DD("Authentication failed, invalid format.");
            return MHD_NO; /* invalid nonce format */
        }

2. I comment the adjustment of "*end",and go on, but digest auth is still failed on comparing "response" and "respexp":
    return (0 == strcmp(response, respexp)) ? MHD_YES : MHD_NO;

I am not sure whether it is related to libcurl and openssl, here is the information about curl, it seems that curl is compiled with openssl:
   curl -V
   curl 7.29.0 (arm-openwrt-linux-gnu) libcurl/7.29.0 OpenSSL/1.0.1e zlib/1.2.7
   Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
   Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
   Any suggestion is highly appreciated! Thanks!
No tags attached.
? Unauthorized.pcapng (9,244) 2015-11-19 10:58
https://support.easycwmp.org/file_download.php?file_id=54&type=bug
Issue History
2015-11-13 07:49swcimsNew Issue
2015-11-16 17:46mohamed.kallelNote Added: 0000322
2015-11-19 10:58swcimsFile Added: Unauthorized.pcapng
2015-11-19 11:00swcimsNote Added: 0000323
2015-11-19 11:01swcimsNote Edited: 0000323bug_revision_view_page.php?bugnote_id=323#r219
2015-11-19 12:09mohamed.kallelNote Added: 0000324
2015-11-19 12:09mohamed.kallelNote Edited: 0000324bug_revision_view_page.php?bugnote_id=324#r221
2015-11-25 08:25swcimsNote Added: 0000325
2015-11-25 09:21mohamed.kallelNote Added: 0000326
2015-11-25 09:22mohamed.kallelNote Edited: 0000326bug_revision_view_page.php?bugnote_id=326#r223
2015-12-02 11:34swcimsNote Added: 0000335
2015-12-02 13:11mohamed.kallelNote Added: 0000336
2015-12-17 10:06mohamed.kallelStatusnew => resolved
2015-12-17 10:06mohamed.kallelResolutionopen => no change required
2015-12-17 10:06mohamed.kallelAssigned To => mohamed.kallel

Notes
(0000322)
mohamed.kallel   
2015-11-16 17:46   
This is not reproduced for us. May be the problem cause is your private ACS tool. Or may be you configured your private ACS tool with a wrong login/password of Connection Request

Could you please send traffic capture.
(0000323)
swcims   
2015-11-19 11:00   
(edited on: 2015-11-19 11:01)
Hi Manager, thanks!
Please check the packets. The CPE's IP is 10.128.32.162, the ACS tool's IP is 10.128.32.58. You can see that ACS tool first sent connection requestion, then CPE responsed by seding "Unauthorized" packet;and then ACS tool continue to sent connection requestion, but CPE sent "FIN ACK" packet. Then the connection was failed.

(0000324)
mohamed.kallel   
2015-11-19 12:09   
I have a doubt that your cnonce in the http get (from your ACS tool) is not good.

Could you please make Connection Request with your web browser to your equipment and check if the digest works. Just in your browser type:

http://<equipment_ip_address>:7547 [^]

and then enter the right username/passworf of the Connection request.

The username/password of the connection request are saved in the config under:
easycwmp.@local[0].username
easycwmp.@local[0].password

(0000325)
swcims   
2015-11-25 08:25   
Hi manager, from equipment's wan side, I typed this hyperlink in browser, but could not open this GUI at all. Then I flushed iptables and typed the link, browser displayed blank page,there was no any content. Would you please provide advice? Thanks!
(0000326)
mohamed.kallel   
2015-11-25 09:21   
(edited on: 2015-11-25 09:22)
You should not get any GUI. your browser send Connection request and the equipment accepts the request by sending http 1.1 200 OK without content.

So after you make the Connection request from your web browser you should see easycwmpd starting tr-069 session

what's your login/password of connection request? could you send your easycwmpd config.
What's the config of your ACS tool? could you send it? what is the login/passsword that your ACS tool use in the Connection Request?

(0000335)
swcims   
2015-12-02 11:34   
Hi Manager, please help check, thanks!

Here is the easycwmpd config

config local
        option interface 'eth0'
        option port '7547'
        option ubus_socket '/var/run/ubus.sock'
        option date_format '%FT%T%z'
        option username 'root'
        option password 'admin'
        option logging_level '3'

config acs
        option url 'http://10.128.32.58:9999' [^]
        option username 'admin'
        option password 'admin'
        option periodic_enable '1'
        option periodic_interval '100'
        option periodic_time '0001-01-01T00:00:00Z'

config device
        option manufacturer 'Test-device'
        option oui 'FFFFFF'
        option product_class 'easycwmp'
        option serial_number 'ABC123456'
        option hardware_version 'hw_ver-1.0'
        option software_version 'sw_ver-2.0'

Here is the config of acs tool:
disableAuth=false
xmlValidation=true
license=51745e0a18351d48456666e1e015b49554e515b5a4b797a6b7a636477
needConnRequest=true
cwmpComplianceSOAPArray=false
cwmpOldStyleCookie=true

# The host name or IP address of the ACS server.
acsHost=10.128.32.58

# The port number the ACS server is listening on.
acsPort=9999

# The port number the HTTP file server is listening on.
fileServerPort=9797

# The uri of the ACS server.
uri=/acs

cpeUsername=admin

cpePassword=admin

cpeHost=10.128.32.101

cpePort=7547

# username for the connection request.
connectionReqUsername=root

# passwd for the connection request.
connectionReqPassword=admin

#the time delay of CPE messages.
socketTimeout=60
(0000336)
mohamed.kallel   
2015-12-02 13:11   
Your configs look good. Since the connection request works with your web browser then it s a quite difficult to find out the cause without your acts tool.
Could u please provide us your acts tool or a remote access to reproduce the issue?