View Issue Details

IDProjectCategoryView StatusLast Update
0000196easycwmpQuestionpublic2017-02-06 16:43
Reportercarlberg Assigned Tomohamed.kallel  
PrioritynormalSeverityblockReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinux OpenWrt 4.4.14 #1 Mon Jan OSOpenWRTOS Versionbleeding edge
Summary0000196: Missing authentication header in http request
DescriptionHi,
I cant get authentication on ACS Request to work, using easycwmp-1.4.1 and easycwmp-1.5.1.

Have tested with different configuration, but only receive HTTP 401 from server.
Have used wireshark looking at traffic and I cant see any "Authorization" header in the request to the ACS.
I am expecting a "Authorization: Digest" header...but it seem to be missing.

Using follow config:
config acs
option periodic_enable '1'
option periodic_interval '100'
option periodic_time '0001-01-01T00:00:00Z'
option username 'acs'
option password 'password123'
option url 'http://server:8000/acs'

Have also tested with: digest_enable='1', without success.
But I assume that is only used on local, not on acs.

Have read and follow: http://support.easycwmp.org/view.php?id=156&history=1
Looking at the code, http.c, cant see any Authorization Digest header added in http_send_message.
but I might be looking at the wrong place.

Any suggestions?

ex. HTTP Request
------------------

POST /acs/ HTTP/1.1
Host: server:8000
User-Agent: easycwmp
Content-Type: text/xml; charset="utf-8"
SOAPAction:
Content-Length: 2818
Expect: 100-continue

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <soap_env:Envelope
xmlns:soap_env="http://schemas.xmlsoap.org/....



HTTP/1.1 100 Continue

ex. HTTP Response
------------------
HTTP/1.1 401 Unauthorized
Date: Fri, 03 Feb 2017 15:45:35 GMT
WWW-Authenticate: Digest realm="ACSRealm", domain="/acs", nonce="8agf0qdFpFxYqCdeN6U/mWTkzhH+wSk2", algorithm=MD5, qop="auth", stale=false
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 337
Server: Jetty(9.3.8.v20160314)
....


Cheers
-Anders


Steps To ReproduceConnect to an ACS that requires authentication.

If you need a server to testa with, I can provide one.
Additional InformationCreated this issue some time ago, without response.
https://github.com/pivasoftware/easycwmp/issues/30
TagsNo tags attached.

Activities

carlberg

2017-02-03 16:59

reporter   ~0000626

oh,, sorry.. wasn't meaning to set it as Severity: block..

mohamed.kallel

2017-02-04 10:13

administrator   ~0000627

we need traffic capture to analyze the issue.

Try to add the following option in the easycwmp config

uci set easycwmp.@acs[0].http100continue_disable=1

carlberg

2017-02-05 18:08

reporter  

carlberg

2017-02-05 18:08

reporter  

carlberg

2017-02-05 18:13

reporter   ~0000628

Added two files, Trace one for a working device (ZyXEL) and trace of a EasyCWMP 1.5.1 device.
So I cant see the EasyCWMP response to the first HTTP 401 with the correct header.

Tested using: uci set easycwmp.@acs[0].http100continue_disable=1
But, no change.

Current config:

config local
        option interface 'eth0'
        option port '7547'
        option ubus_socket '/var/run/ubus.sock'
        option date_format '%FT%T%z'
        option username 'easycwmp'
        option password 'easycwmp'
        option logging_level '3'

config acs
        option periodic_enable '1'
        option periodic_interval '100'
        option periodic_time '0001-01-01T00:00:00Z'
        option url 'http://192.168.1.120:10301/acs/'
        option username 'acs'
        option password 'acs'
        option http100continue_disable '1'

config device
        option manufacturer 'OpenWrt
http://www.openwrt.org/'
        option product_class 'Generic'
        option hardware_version 'v0'
        option software_version '50082'
        option oui '90F652'
        option serial_number '90F6522BF8FF'


Send me a mail if you need a ACS server to test with..
anderscarlberg74@hotmail.com

mohamed.kallel

2017-02-06 09:58

administrator   ~0000629

Last edited: 2017-02-06 11:03

The files you sent do not help
please send the capture file (pcap file captured with wireshark for example)
And send also the log of easycwmp

I have a question: What is the SSL options that you you used to build libcurl?

carlberg

2017-02-06 12:49

reporter   ~0000630

Last edited: 2017-02-06 13:41

okay, I send over some pcap files.

Running on OpenWrt Main (Bleeding Edge)
I have not used any specific SSL options,
have simply follow the guide for OpenWRT build for easycwmp and microxml. http://www.easycwmp.org/install.html

so, I have not built libcurl explicit.

carlberg

2017-02-06 13:25

reporter  

EasyCWMP_w_auth.pcapng (5,428 bytes)

carlberg

2017-02-06 13:33

reporter  

carlberg

2017-02-06 13:34

reporter   ~0000631

Uploaded two .pcap files.
_more, contains more then one sequence.

Get back to me if you need something..

carlberg

2017-02-06 13:46

reporter   ~0000632

Logread logging.. (cant find any specific logging for easycwmp).

Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:19 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: retry session in 60 sec, RetryCount = 4
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/
Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:31:57 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: retry session in 120 sec, RetryCount = 5
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: start session
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/
Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: external script init
Mon Feb 6 12:33:37 2017 daemon.notice easycwmpd: external: execute inform parameter
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: send Inform
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending http message failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending Inform failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external: execute apply service
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external script exit
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: end session failed
Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: retry session in 240 sec, RetryCount = 6

mohamed.kallel

2017-02-06 14:11

administrator   ~0000633

what is the output of the following command on your openWRT

opkg depends libcurl

carlberg

2017-02-06 14:30

reporter   ~0000634

root@OpenWrt:/# opkg depends libcurl
libcurl depends on:
        libc
        libpolarssl

mohamed.kallel

2017-02-06 14:53

administrator   ~0000635

Last edited: 2017-02-06 14:55

In the make menuconfig:
Under: Libraries > Libcurl
Check that the option "Enable cryptographic authentication" is selected.

If not selected, please select it and rebuild your libcurl and then rebuil easycwmp and then re-install both libcurl and easycwmp

carlberg

2017-02-06 15:23

reporter   ~0000636

..it was not selected..
I am rebuilding now.. I'll get back to you when I have tested.

carlberg

2017-02-06 16:34

reporter   ~0000637

Last edited: 2017-02-06 16:42

Yeah!
It seem to work now..
I rebuild and install libcurl and it start working.

Thank you..

Now I will go ahead and start testing things..

Issue History

Date Modified Username Field Change
2017-02-03 16:57 carlberg New Issue
2017-02-03 16:59 carlberg Note Added: 0000626
2017-02-04 10:13 mohamed.kallel Note Added: 0000627
2017-02-05 18:08 carlberg File Added: ZyXEL Trace - Successful.zip
2017-02-05 18:08 carlberg File Added: EasyCWMP Trace HTTP401.zip
2017-02-05 18:13 carlberg Note Added: 0000628
2017-02-06 09:58 mohamed.kallel Note Added: 0000629
2017-02-06 11:03 mohamed.kallel Note Edited: 0000629
2017-02-06 12:49 carlberg Note Added: 0000630
2017-02-06 13:25 carlberg File Added: EasyCWMP_w_auth.pcapng
2017-02-06 13:33 carlberg File Added: EasyCWMP_w_auth_more.pcapng
2017-02-06 13:34 carlberg Note Added: 0000631
2017-02-06 13:41 carlberg Note Edited: 0000630
2017-02-06 13:46 carlberg Note Added: 0000632
2017-02-06 14:11 mohamed.kallel Note Added: 0000633
2017-02-06 14:30 carlberg Note Added: 0000634
2017-02-06 14:53 mohamed.kallel Note Added: 0000635
2017-02-06 14:55 mohamed.kallel Note Edited: 0000635
2017-02-06 15:23 carlberg Note Added: 0000636
2017-02-06 16:34 carlberg Note Added: 0000637
2017-02-06 16:42 mohamed.kallel Note Edited: 0000637
2017-02-06 16:43 mohamed.kallel Status new => resolved
2017-02-06 16:43 mohamed.kallel Resolution open => fixed
2017-02-06 16:43 mohamed.kallel Assigned To => mohamed.kallel