Summary: | ASTERISK-17224: Manager Event Interface w/Digest authentication does not work! | ||
Reporter: | Sergey Korobeynikov (ksn) | Labels: | |
Date Opened: | 2011-01-11 13:14:33.000-0600 | Date Closed: | 2011-05-04 21:34:31 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Core/HTTP |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | Hello all! Experience problems when using the interface with Digest authentication: /amanager => HTML Manager Event Interface w/Digest authentication /arawman => Raw HTTP Manager Event Interface w/Digest authentication /amxml => XML Manager Event Interface w/Digest authentication (http show status) For example queries on Asterisk: kremlin:~# curl -u "admin:12345" --digest -v "http://127.0.0.1:8088/amxml?action=CoreShowChannels" [^] Get: * About to connect() to 127.0.0.1 port 8088 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 8088 (#0) * Server auth using Digest with user 'admin' > GET /amxml?action=CoreShowChannels HTTP/1.1 > User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18 > Host: 127.0.0.1:8088 > Accept: */* > < HTTP/1.1 401 Unauthorized < Server: Asterisk/1.8.1.1 < Date: Tue, 11 Jan 2011 18:50:21 GMT < Connection: close < Cache-Control: no-cache, no-store < Content-Length: 210 < WWW-authenticate: Digest algorithm=MD5, realm="asterisk", nonce="38ec76af", qop="auth", opaque="38ec76af" < Content-type: text/html < * Closing connection #0 * Issue another request to this URL: 'http://127.0.0.1:8088/amxml?action=CoreShowChannels' [^] * About to connect() to 127.0.0.1 port 8088 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 8088 (#0) * Server auth using Digest with user 'admin' > GET /amxml?action=CoreShowChannels HTTP/1.1 > Authorization: Digest username="admin", realm="asterisk", nonce="38ec76af", uri="/amxml?action=CoreShowChannels", cnonce="NzM0Nzg2", nc=00000001, qop="auth", response="517711f9bf37372916d89746943f0030", opaque="38ec76af", algorithm="MD5" > User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18 > Host: 127.0.0.1:8088 > Accept: */* > < HTTP/1.1 401 Unauthorized < Server: Asterisk/1.8.1.1 < Date: Tue, 11 Jan 2011 18:50:21 GMT < Connection: close < Cache-Control: no-cache, no-store < Content-Length: 210 * Authentication problem. Ignoring this. < WWW-authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1032537c", qop="auth", opaque="1032537c" < Content-type: text/html < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>401 Unauthorized</h1> <hr /> <address>Asterisk Server</address> </body></html> * Closing connection #0 kremlin:~# The problem seems to be old. Can anybody explain and help me? | ||
Comments: | By: Leif Madsen (lmadsen) 2011-01-12 15:33:04.000-0600 Assigned to russell to look at as he couldn't get this working either in the AMI chapter of A:TDG. By: Digium Subversion (svnbot) 2011-05-04 21:23:29 Repository: asterisk Revision: 316917 U branches/1.8/main/manager.c ------------------------------------------------------------------------ r316917 | seanbright | 2011-05-04 21:23:29 -0500 (Wed, 04 May 2011) | 5 lines Make sure that tcptls_session is properly initialized. (issue ASTERISK-17224) Reported by: ksn ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316917 By: Digium Subversion (svnbot) 2011-05-04 21:25:21 Repository: asterisk Revision: 316918 U branches/1.8/main/utils.c ------------------------------------------------------------------------ r316918 | seanbright | 2011-05-04 21:25:20 -0500 (Wed, 04 May 2011) | 5 lines Look at the correct buffer for our digest info instead of an empty one. (issue ASTERISK-17224) Reported by: ksn ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316918 By: Digium Subversion (svnbot) 2011-05-04 21:30:46 Repository: asterisk Revision: 316919 U branches/1.8/main/http.c ------------------------------------------------------------------------ r316919 | seanbright | 2011-05-04 21:30:45 -0500 (Wed, 04 May 2011) | 10 lines Use the correct HTTP method when generating our digest, otherwise we always fail. When calculating the 'A2' portion of our digest for verification, we need the HTTP method that is currently in use. Unfortunately our mapping function was incorrect, resulting in invalid hashes being generated and, in turn, failures in authentication. (closes issue ASTERISK-17224) Reported by: ksn ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316919 By: Digium Subversion (svnbot) 2011-05-04 21:34:30 Repository: asterisk Revision: 316920 _U trunk/ U trunk/main/http.c U trunk/main/manager.c U trunk/main/utils.c ------------------------------------------------------------------------ r316920 | seanbright | 2011-05-04 21:34:30 -0500 (Wed, 04 May 2011) | 31 lines Merged revisions 316917-316919 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r316917 | seanbright | 2011-05-04 22:23:28 -0400 (Wed, 04 May 2011) | 5 lines Make sure that tcptls_session is properly initialized. (issue ASTERISK-17224) Reported by: ksn ........ r316918 | seanbright | 2011-05-04 22:25:20 -0400 (Wed, 04 May 2011) | 5 lines Look at the correct buffer for our digest info instead of an empty one. (issue ASTERISK-17224) Reported by: ksn ........ r316919 | seanbright | 2011-05-04 22:30:45 -0400 (Wed, 04 May 2011) | 10 lines Use the correct HTTP method when generating our digest, otherwise we always fail. When calculating the 'A2' portion of our digest for verification, we need the HTTP method that is currently in use. Unfortunately our mapping function was incorrect, resulting in invalid hashes being generated and, in turn, failures in authentication. (closes issue ASTERISK-17224) Reported by: ksn ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=316920 |