View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000196 | easycwmp | Question | public | 2017-02-03 16:57 | 2017-02-06 16:43 |
Reporter | carlberg | Assigned To | mohamed.kallel | ||
Priority | normal | Severity | block | Reproducibility | always |
Status | resolved | Resolution | fixed | ||
Platform | Linux OpenWrt 4.4.14 #1 Mon Jan | OS | OpenWRT | OS Version | bleeding edge |
Summary | 0000196: Missing authentication header in http request | ||||
Description | Hi, I cant get authentication on ACS Request to work, using easycwmp-1.4.1 and easycwmp-1.5.1. Have tested with different configuration, but only receive HTTP 401 from server. Have used wireshark looking at traffic and I cant see any "Authorization" header in the request to the ACS. I am expecting a "Authorization: Digest" header...but it seem to be missing. Using follow config: config acs option periodic_enable '1' option periodic_interval '100' option periodic_time '0001-01-01T00:00:00Z' option username 'acs' option password 'password123' option url 'http://server:8000/acs' Have also tested with: digest_enable='1', without success. But I assume that is only used on local, not on acs. Have read and follow: http://support.easycwmp.org/view.php?id=156&history=1 Looking at the code, http.c, cant see any Authorization Digest header added in http_send_message. but I might be looking at the wrong place. Any suggestions? ex. HTTP Request ------------------ POST /acs/ HTTP/1.1 Host: server:8000 User-Agent: easycwmp Content-Type: text/xml; charset="utf-8" SOAPAction: Content-Length: 2818 Expect: 100-continue <?xml version="1.0" encoding="UTF-8" standalone="no"?> <soap_env:Envelope xmlns:soap_env="http://schemas.xmlsoap.org/.... HTTP/1.1 100 Continue ex. HTTP Response ------------------ HTTP/1.1 401 Unauthorized Date: Fri, 03 Feb 2017 15:45:35 GMT WWW-Authenticate: Digest realm="ACSRealm", domain="/acs", nonce="8agf0qdFpFxYqCdeN6U/mWTkzhH+wSk2", algorithm=MD5, qop="auth", stale=false Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 337 Server: Jetty(9.3.8.v20160314) .... Cheers -Anders | ||||
Steps To Reproduce | Connect to an ACS that requires authentication. If you need a server to testa with, I can provide one. | ||||
Additional Information | Created this issue some time ago, without response. https://github.com/pivasoftware/easycwmp/issues/30 | ||||
Tags | No tags attached. | ||||
e-mail notification | |||||
|
oh,, sorry.. wasn't meaning to set it as Severity: block.. |
|
we need traffic capture to analyze the issue. Try to add the following option in the easycwmp config uci set easycwmp.@acs[0].http100continue_disable=1 |
|
|
|
|
|
Added two files, Trace one for a working device (ZyXEL) and trace of a EasyCWMP 1.5.1 device. So I cant see the EasyCWMP response to the first HTTP 401 with the correct header. Tested using: uci set easycwmp.@acs[0].http100continue_disable=1 But, no change. Current config: config local option interface 'eth0' option port '7547' option ubus_socket '/var/run/ubus.sock' option date_format '%FT%T%z' option username 'easycwmp' option password 'easycwmp' option logging_level '3' config acs option periodic_enable '1' option periodic_interval '100' option periodic_time '0001-01-01T00:00:00Z' option url 'http://192.168.1.120:10301/acs/' option username 'acs' option password 'acs' option http100continue_disable '1' config device option manufacturer 'OpenWrt http://www.openwrt.org/' option product_class 'Generic' option hardware_version 'v0' option software_version '50082' option oui '90F652' option serial_number '90F6522BF8FF' Send me a mail if you need a ACS server to test with.. anderscarlberg74@hotmail.com |
|
The files you sent do not help please send the capture file (pcap file captured with wireshark for example) And send also the log of easycwmp I have a question: What is the SSL options that you you used to build libcurl? |
|
okay, I send over some pcap files. Running on OpenWrt Main (Bleeding Edge) I have not used any specific SSL options, have simply follow the guide for OpenWRT build for easycwmp and microxml. http://www.easycwmp.org/install.html so, I have not built libcurl explicit. |
|
|
|
|
|
Uploaded two .pcap files. _more, contains more then one sequence. Get back to me if you need something.. |
|
Logread logging.. (cant find any specific logging for easycwmp). Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: start session Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external script init Mon Feb 6 12:31:18 2017 daemon.notice easycwmpd: external: execute inform parameter Mon Feb 6 12:31:19 2017 daemon.notice easycwmpd: send Inform Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401 Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending http message failed Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: sending Inform failed Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external: execute apply service Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: external script exit Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: end session failed Mon Feb 6 12:31:20 2017 daemon.notice easycwmpd: retry session in 60 sec, RetryCount = 4 Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: add event '2 PERIODIC' Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: start session Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ Mon Feb 6 12:31:56 2017 daemon.notice easycwmpd: external script init Mon Feb 6 12:31:57 2017 daemon.notice easycwmpd: external: execute inform parameter Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: send Inform Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401 Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending http message failed Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: sending Inform failed Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external: execute apply service Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: external script exit Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: end session failed Mon Feb 6 12:31:58 2017 daemon.notice easycwmpd: retry session in 120 sec, RetryCount = 5 Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC' Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: start session Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: configured acs url http://192.168.1.120:10301/acs/digitalnordix/ Mon Feb 6 12:33:36 2017 daemon.notice easycwmpd: external script init Mon Feb 6 12:33:37 2017 daemon.notice easycwmpd: external: execute inform parameter Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: send Inform Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: LibCurl Error: The requested URL returned error: 401 Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending http message failed Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: sending Inform failed Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external: execute apply service Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: external script exit Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: end session failed Mon Feb 6 12:33:38 2017 daemon.notice easycwmpd: retry session in 240 sec, RetryCount = 6 |
|
what is the output of the following command on your openWRT opkg depends libcurl |
|
root@OpenWrt:/# opkg depends libcurl libcurl depends on: libc libpolarssl |
|
In the make menuconfig: Under: Libraries > Libcurl Check that the option "Enable cryptographic authentication" is selected. If not selected, please select it and rebuild your libcurl and then rebuil easycwmp and then re-install both libcurl and easycwmp |
|
..it was not selected.. I am rebuilding now.. I'll get back to you when I have tested. |
|
Yeah! It seem to work now.. I rebuild and install libcurl and it start working. Thank you.. Now I will go ahead and start testing things.. |
Date Modified | Username | Field | Change |
---|---|---|---|
2017-02-03 16:57 | carlberg | New Issue | |
2017-02-03 16:59 | carlberg | Note Added: 0000626 | |
2017-02-04 10:13 | mohamed.kallel | Note Added: 0000627 | |
2017-02-05 18:08 | carlberg | File Added: ZyXEL Trace - Successful.zip | |
2017-02-05 18:08 | carlberg | File Added: EasyCWMP Trace HTTP401.zip | |
2017-02-05 18:13 | carlberg | Note Added: 0000628 | |
2017-02-06 09:58 | mohamed.kallel | Note Added: 0000629 | |
2017-02-06 11:03 | mohamed.kallel | Note Edited: 0000629 | |
2017-02-06 12:49 | carlberg | Note Added: 0000630 | |
2017-02-06 13:25 | carlberg | File Added: EasyCWMP_w_auth.pcapng | |
2017-02-06 13:33 | carlberg | File Added: EasyCWMP_w_auth_more.pcapng | |
2017-02-06 13:34 | carlberg | Note Added: 0000631 | |
2017-02-06 13:41 | carlberg | Note Edited: 0000630 | |
2017-02-06 13:46 | carlberg | Note Added: 0000632 | |
2017-02-06 14:11 | mohamed.kallel | Note Added: 0000633 | |
2017-02-06 14:30 | carlberg | Note Added: 0000634 | |
2017-02-06 14:53 | mohamed.kallel | Note Added: 0000635 | |
2017-02-06 14:55 | mohamed.kallel | Note Edited: 0000635 | |
2017-02-06 15:23 | carlberg | Note Added: 0000636 | |
2017-02-06 16:34 | carlberg | Note Added: 0000637 | |
2017-02-06 16:42 | mohamed.kallel | Note Edited: 0000637 | |
2017-02-06 16:43 | mohamed.kallel | Status | new => resolved |
2017-02-06 16:43 | mohamed.kallel | Resolution | open => fixed |
2017-02-06 16:43 | mohamed.kallel | Assigned To | => mohamed.kallel |