Asterisk
  1. Asterisk
  2. ASTERISK-17224

Manager Event Interface w/Digest authentication does not work!

    Details

    • Type: Bug Bug
    • Status: Closed
    • Severity: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Target Release Version/s: None
    • Component/s: Core/HTTP
    • Labels:
      None
    • Mantis ID:
      18598
    • Regression:
      No

      Description

      Hello all!

      Experience problems when using the interface with Digest authentication:
      /amanager => HTML Manager Event Interface w/Digest authentication
      /arawman => Raw HTTP Manager Event Interface w/Digest authentication
      /amxml => XML Manager Event Interface w/Digest authentication
      (http show status)

      For example queries on Asterisk:

      kremlin:~# curl -u "admin:12345" --digest -v "http://127.0.0.1:8088/amxml?action=CoreShowChannels" [^]

      Get:

      • About to connect() to 127.0.0.1 port 8088 (#0)
      • Trying 127.0.0.1... connected
      • Connected to 127.0.0.1 (127.0.0.1) port 8088 (#0)
      • Server auth using Digest with user 'admin'
        > GET /amxml?action=CoreShowChannels HTTP/1.1
        > User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
        > Host: 127.0.0.1:8088
        > Accept: /
        >
        < HTTP/1.1 401 Unauthorized
        < Server: Asterisk/1.8.1.1
        < Date: Tue, 11 Jan 2011 18:50:21 GMT
        < Connection: close
        < Cache-Control: no-cache, no-store
        < Content-Length: 210
        < WWW-authenticate: Digest algorithm=MD5, realm="asterisk", nonce="38ec76af", qop="auth", opaque="38ec76af"
        < Content-type: text/html
        <
      • Closing connection #0
      • Issue another request to this URL: 'http://127.0.0.1:8088/amxml?action=CoreShowChannels' [^]
      • About to connect() to 127.0.0.1 port 8088 (#0)
      • Trying 127.0.0.1... connected
      • Connected to 127.0.0.1 (127.0.0.1) port 8088 (#0)
      • Server auth using Digest with user 'admin'
        > GET /amxml?action=CoreShowChannels HTTP/1.1
        > Authorization: Digest username="admin", realm="asterisk", nonce="38ec76af", uri="/amxml?action=CoreShowChannels", cnonce="NzM0Nzg2", nc=00000001, qop="auth", response="517711f9bf37372916d89746943f0030", opaque="38ec76af", algorithm="MD5"
        > User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
        > Host: 127.0.0.1:8088
        > Accept: /
        >
        < HTTP/1.1 401 Unauthorized
        < Server: Asterisk/1.8.1.1
        < Date: Tue, 11 Jan 2011 18:50:21 GMT
        < Connection: close
        < Cache-Control: no-cache, no-store
        < Content-Length: 210
      • Authentication problem. Ignoring this.
        < WWW-authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1032537c", qop="auth", opaque="1032537c"
        < Content-type: text/html
        <
        <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        <html><head>
        <title>401 Unauthorized</title>
        </head><body>
        <h1>401 Unauthorized</h1>

      <hr />
      <address>Asterisk Server</address>
      </body></html>

      • Closing connection #0
        kremlin:~#

      The problem seems to be old. Can anybody explain and help me?

        Issue Links

          Activity

          Hide
          Leif Madsen added a comment -

          Assigned to russell to look at as he couldn't get this working either in the AMI chapter of A:TDG.

          Show
          Leif Madsen added a comment - Assigned to russell to look at as he couldn't get this working either in the AMI chapter of A:TDG.
          Hide
          Digium Subversion added a comment -

          Repository: asterisk
          Revision: 316917

          U branches/1.8/main/manager.c

          ------------------------------------------------------------------------
          r316917 | seanbright | 2011-05-04 21:23:29 -0500 (Wed, 04 May 2011) | 5 lines

          Make sure that tcptls_session is properly initialized.

          (issue ASTERISK-17224)
          Reported by: ksn

          ------------------------------------------------------------------------

          http://svn.digium.com/view/asterisk?view=rev&revision=316917

          Show
          Digium Subversion added a comment - Repository: asterisk Revision: 316917 U branches/1.8/main/manager.c ------------------------------------------------------------------------ r316917 | seanbright | 2011-05-04 21:23:29 -0500 (Wed, 04 May 2011) | 5 lines Make sure that tcptls_session is properly initialized. (issue ASTERISK-17224 ) Reported by: ksn ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316917
          Hide
          Digium Subversion added a comment -

          Repository: asterisk
          Revision: 316918

          U branches/1.8/main/utils.c

          ------------------------------------------------------------------------
          r316918 | seanbright | 2011-05-04 21:25:20 -0500 (Wed, 04 May 2011) | 5 lines

          Look at the correct buffer for our digest info instead of an empty one.

          (issue ASTERISK-17224)
          Reported by: ksn

          ------------------------------------------------------------------------

          http://svn.digium.com/view/asterisk?view=rev&revision=316918

          Show
          Digium Subversion added a comment - Repository: asterisk Revision: 316918 U branches/1.8/main/utils.c ------------------------------------------------------------------------ r316918 | seanbright | 2011-05-04 21:25:20 -0500 (Wed, 04 May 2011) | 5 lines Look at the correct buffer for our digest info instead of an empty one. (issue ASTERISK-17224 ) Reported by: ksn ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316918
          Hide
          Digium Subversion added a comment -

          Repository: asterisk
          Revision: 316919

          U branches/1.8/main/http.c

          ------------------------------------------------------------------------
          r316919 | seanbright | 2011-05-04 21:30:45 -0500 (Wed, 04 May 2011) | 10 lines

          Use the correct HTTP method when generating our digest, otherwise we always fail.

          When calculating the 'A2' portion of our digest for verification, we need the
          HTTP method that is currently in use. Unfortunately our mapping function was
          incorrect, resulting in invalid hashes being generated and, in turn, failures
          in authentication.

          (closes issue ASTERISK-17224)
          Reported by: ksn

          ------------------------------------------------------------------------

          http://svn.digium.com/view/asterisk?view=rev&revision=316919

          Show
          Digium Subversion added a comment - Repository: asterisk Revision: 316919 U branches/1.8/main/http.c ------------------------------------------------------------------------ r316919 | seanbright | 2011-05-04 21:30:45 -0500 (Wed, 04 May 2011) | 10 lines Use the correct HTTP method when generating our digest, otherwise we always fail. When calculating the 'A2' portion of our digest for verification, we need the HTTP method that is currently in use. Unfortunately our mapping function was incorrect, resulting in invalid hashes being generated and, in turn, failures in authentication. (closes issue ASTERISK-17224 ) Reported by: ksn ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316919
          Hide
          Digium Subversion added a comment -

          Repository: asterisk
          Revision: 316920

          _U trunk/
          U trunk/main/http.c
          U trunk/main/manager.c
          U trunk/main/utils.c

          ------------------------------------------------------------------------
          r316920 | seanbright | 2011-05-04 21:34:30 -0500 (Wed, 04 May 2011) | 31 lines

          Merged revisions 316917-316919 via svnmerge from
          https://origsvn.digium.com/svn/asterisk/branches/1.8

          ........
          r316917 | seanbright | 2011-05-04 22:23:28 -0400 (Wed, 04 May 2011) | 5 lines

          Make sure that tcptls_session is properly initialized.

          (issue ASTERISK-17224)
          Reported by: ksn
          ........
          r316918 | seanbright | 2011-05-04 22:25:20 -0400 (Wed, 04 May 2011) | 5 lines

          Look at the correct buffer for our digest info instead of an empty one.

          (issue ASTERISK-17224)
          Reported by: ksn
          ........
          r316919 | seanbright | 2011-05-04 22:30:45 -0400 (Wed, 04 May 2011) | 10 lines

          Use the correct HTTP method when generating our digest, otherwise we always fail.

          When calculating the 'A2' portion of our digest for verification, we need the
          HTTP method that is currently in use. Unfortunately our mapping function was
          incorrect, resulting in invalid hashes being generated and, in turn, failures
          in authentication.

          (closes issue ASTERISK-17224)
          Reported by: ksn
          ........

          ------------------------------------------------------------------------

          http://svn.digium.com/view/asterisk?view=rev&revision=316920

          Show
          Digium Subversion added a comment - Repository: asterisk Revision: 316920 _U trunk/ U trunk/main/http.c U trunk/main/manager.c U trunk/main/utils.c ------------------------------------------------------------------------ r316920 | seanbright | 2011-05-04 21:34:30 -0500 (Wed, 04 May 2011) | 31 lines Merged revisions 316917-316919 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r316917 | seanbright | 2011-05-04 22:23:28 -0400 (Wed, 04 May 2011) | 5 lines Make sure that tcptls_session is properly initialized. (issue ASTERISK-17224 ) Reported by: ksn ........ r316918 | seanbright | 2011-05-04 22:25:20 -0400 (Wed, 04 May 2011) | 5 lines Look at the correct buffer for our digest info instead of an empty one. (issue ASTERISK-17224 ) Reported by: ksn ........ r316919 | seanbright | 2011-05-04 22:30:45 -0400 (Wed, 04 May 2011) | 10 lines Use the correct HTTP method when generating our digest, otherwise we always fail. When calculating the 'A2' portion of our digest for verification, we need the HTTP method that is currently in use. Unfortunately our mapping function was incorrect, resulting in invalid hashes being generated and, in turn, failures in authentication. (closes issue ASTERISK-17224 ) Reported by: ksn ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316920

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development