View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000095||easycwmp||Bug||public||2015-11-13 07:49||2015-12-17 10:06|
|Status||resolved||Resolution||no change required|
|Summary||0000095: This is http_digest_auth_fail_response issue on easycwmp 1.2.1|
|Description||We use private ACS tool to test easycwmp. This ACS tool will first send connection request, then send informrpc to CPE; and then CPE will send inform to ACS.|
Now on easycwmp version 1.2.1, easycwmp will show http_digest_auth_fail_response after receive ACS send connection request.
I debug the source and found two places cause this issue:
1.First,this issue is caused by " *end != '\0'".
I can check:nc=00000001, nci=1, but I don't know why the "end" value is wrong.
nci = strtoul(nc, &end, 16);
if (('\0' != *end) || ((LONG_MAX == nci) && (ERANGE == errno)))
DD("Authentication failed, invalid format.");
return MHD_NO; /* invalid nonce format */
2. I comment the adjustment of "*end",and go on, but digest auth is still failed on comparing "response" and "respexp":
return (0 == strcmp(response, respexp)) ? MHD_YES : MHD_NO;
I am not sure whether it is related to libcurl and openssl, here is the information about curl, it seems that curl is compiled with openssl:
curl 7.29.0 (arm-openwrt-linux-gnu) libcurl/7.29.0 OpenSSL/1.0.1e zlib/1.2.7
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
Any suggestion is highly appreciated! Thanks!
|Tags||No tags attached.|
This is not reproduced for us. May be the problem cause is your private ACS tool. Or may be you configured your private ACS tool with a wrong login/password of Connection Request
Could you please send traffic capture.
Unauthorized.pcapng (9,244 bytes)
Hi Manager, thanks!
Please check the packets. The CPE's IP is 10.128.32.162, the ACS tool's IP is 10.128.32.58. You can see that ACS tool first sent connection requestion, then CPE responsed by seding "Unauthorized" packet;and then ACS tool continue to sent connection requestion, but CPE sent "FIN ACK" packet. Then the connection was failed.
I have a doubt that your cnonce in the http get (from your ACS tool) is not good.
Could you please make Connection Request with your web browser to your equipment and check if the digest works. Just in your browser type:
and then enter the right username/passworf of the Connection request.
The username/password of the connection request are saved in the config under:
||Hi manager, from equipment's wan side, I typed this hyperlink in browser, but could not open this GUI at all. Then I flushed iptables and typed the link, browser displayed blank page,there was no any content. Would you please provide advice? Thanks!|
You should not get any GUI. your browser send Connection request and the equipment accepts the request by sending http 1.1 200 OK without content.
So after you make the Connection request from your web browser you should see easycwmpd starting tr-069 session
what's your login/password of connection request? could you send your easycwmpd config.
What's the config of your ACS tool? could you send it? what is the login/passsword that your ACS tool use in the Connection Request?
Hi Manager, please help check, thanks!
Here is the easycwmpd config
option interface 'eth0'
option port '7547'
option ubus_socket '/var/run/ubus.sock'
option date_format '%FT%T%z'
option username 'root'
option password 'admin'
option logging_level '3'
option url 'http://10.128.32.58:9999'
option username 'admin'
option password 'admin'
option periodic_enable '1'
option periodic_interval '100'
option periodic_time '0001-01-01T00:00:00Z'
option manufacturer 'Test-device'
option oui 'FFFFFF'
option product_class 'easycwmp'
option serial_number 'ABC123456'
option hardware_version 'hw_ver-1.0'
option software_version 'sw_ver-2.0'
Here is the config of acs tool:
# The host name or IP address of the ACS server.
# The port number the ACS server is listening on.
# The port number the HTTP file server is listening on.
# The uri of the ACS server.
# username for the connection request.
# passwd for the connection request.
#the time delay of CPE messages.
Your configs look good. Since the connection request works with your web browser then it s a quite difficult to find out the cause without your acts tool.
Could u please provide us your acts tool or a remote access to reproduce the issue?
|2015-11-13 07:49||swcims||New Issue|
|2015-11-16 17:46||mohamed.kallel||Note Added: 0000322|
|2015-11-19 10:58||swcims||File Added: Unauthorized.pcapng|
|2015-11-19 11:00||swcims||Note Added: 0000323|
|2015-11-19 11:01||swcims||Note Edited: 0000323|
|2015-11-19 12:09||mohamed.kallel||Note Added: 0000324|
|2015-11-19 12:09||mohamed.kallel||Note Edited: 0000324|
|2015-11-25 08:25||swcims||Note Added: 0000325|
|2015-11-25 09:21||mohamed.kallel||Note Added: 0000326|
|2015-11-25 09:22||mohamed.kallel||Note Edited: 0000326|
|2015-12-02 11:34||swcims||Note Added: 0000335|
|2015-12-02 13:11||mohamed.kallel||Note Added: 0000336|
|2015-12-17 10:06||mohamed.kallel||Status||new => resolved|
|2015-12-17 10:06||mohamed.kallel||Resolution||open => no change required|
|2015-12-17 10:06||mohamed.kallel||Assigned To||=> mohamed.kallel|