[Home]

Summary:ASTERISK-17224: Manager Event Interface w/Digest authentication does not work!
Reporter:Sergey Korobeynikov (ksn)Labels:
Date Opened:2011-01-11 13:14:33.000-0600Date Closed:2011-05-04 21:34:31
Priority:MinorRegression?No
Status:Closed/CompleteComponents:Core/HTTP
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:Hello all!

Experience problems when using the interface with Digest authentication:
/amanager => HTML Manager Event Interface w/Digest authentication
/arawman => Raw HTTP Manager Event Interface w/Digest authentication
/amxml => XML Manager Event Interface w/Digest authentication
(http show status)

For example queries on Asterisk:

kremlin:~# curl -u "admin:12345" --digest -v "http://127.0.0.1:8088/amxml?action=CoreShowChannels" [^]

Get:
* About to connect() to 127.0.0.1 port 8088 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 8088 (#0)
* Server auth using Digest with user 'admin'
> GET /amxml?action=CoreShowChannels HTTP/1.1
> User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
> Host: 127.0.0.1:8088
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: Asterisk/1.8.1.1
< Date: Tue, 11 Jan 2011 18:50:21 GMT
< Connection: close
< Cache-Control: no-cache, no-store
< Content-Length: 210
< WWW-authenticate: Digest algorithm=MD5, realm="asterisk", nonce="38ec76af", qop="auth", opaque="38ec76af"
< Content-type: text/html
<
* Closing connection #0
* Issue another request to this URL: 'http://127.0.0.1:8088/amxml?action=CoreShowChannels' [^]
* About to connect() to 127.0.0.1 port 8088 (#0)
* Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 8088 (#0)
* Server auth using Digest with user 'admin'
> GET /amxml?action=CoreShowChannels HTTP/1.1
> Authorization: Digest username="admin", realm="asterisk", nonce="38ec76af", uri="/amxml?action=CoreShowChannels", cnonce="NzM0Nzg2", nc=00000001, qop="auth", response="517711f9bf37372916d89746943f0030", opaque="38ec76af", algorithm="MD5"
> User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18
> Host: 127.0.0.1:8088
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: Asterisk/1.8.1.1
< Date: Tue, 11 Jan 2011 18:50:21 GMT
< Connection: close
< Cache-Control: no-cache, no-store
< Content-Length: 210
* Authentication problem. Ignoring this.
< WWW-authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1032537c", qop="auth", opaque="1032537c"
< Content-type: text/html
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>401 Unauthorized</h1>


<hr />
<address>Asterisk Server</address>
</body></html>
* Closing connection #0
kremlin:~#

The problem seems to be old. Can anybody explain and help me?
Comments:By: Leif Madsen (lmadsen) 2011-01-12 15:33:04.000-0600

Assigned to russell to look at as he couldn't get this working either in the AMI chapter of A:TDG.

By: Digium Subversion (svnbot) 2011-05-04 21:23:29

Repository: asterisk
Revision: 316917

U   branches/1.8/main/manager.c

------------------------------------------------------------------------
r316917 | seanbright | 2011-05-04 21:23:29 -0500 (Wed, 04 May 2011) | 5 lines

Make sure that tcptls_session is properly initialized.

(issue ASTERISK-17224)
Reported by: ksn

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=316917

By: Digium Subversion (svnbot) 2011-05-04 21:25:21

Repository: asterisk
Revision: 316918

U   branches/1.8/main/utils.c

------------------------------------------------------------------------
r316918 | seanbright | 2011-05-04 21:25:20 -0500 (Wed, 04 May 2011) | 5 lines

Look at the correct buffer for our digest info instead of an empty one.

(issue ASTERISK-17224)
Reported by: ksn

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=316918

By: Digium Subversion (svnbot) 2011-05-04 21:30:46

Repository: asterisk
Revision: 316919

U   branches/1.8/main/http.c

------------------------------------------------------------------------
r316919 | seanbright | 2011-05-04 21:30:45 -0500 (Wed, 04 May 2011) | 10 lines

Use the correct HTTP method when generating our digest, otherwise we always fail.

When calculating the 'A2' portion of our digest for verification, we need the
HTTP method that is currently in use.  Unfortunately our mapping function was
incorrect, resulting in invalid hashes being generated and, in turn, failures
in authentication.

(closes issue ASTERISK-17224)
Reported by: ksn

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=316919

By: Digium Subversion (svnbot) 2011-05-04 21:34:30

Repository: asterisk
Revision: 316920

_U  trunk/
U   trunk/main/http.c
U   trunk/main/manager.c
U   trunk/main/utils.c

------------------------------------------------------------------------
r316920 | seanbright | 2011-05-04 21:34:30 -0500 (Wed, 04 May 2011) | 31 lines

Merged revisions 316917-316919 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8

........
 r316917 | seanbright | 2011-05-04 22:23:28 -0400 (Wed, 04 May 2011) | 5 lines
 
 Make sure that tcptls_session is properly initialized.
 
 (issue ASTERISK-17224)
 Reported by: ksn
........
 r316918 | seanbright | 2011-05-04 22:25:20 -0400 (Wed, 04 May 2011) | 5 lines
 
 Look at the correct buffer for our digest info instead of an empty one.
 
 (issue ASTERISK-17224)
 Reported by: ksn
........
 r316919 | seanbright | 2011-05-04 22:30:45 -0400 (Wed, 04 May 2011) | 10 lines
 
 Use the correct HTTP method when generating our digest, otherwise we always fail.
 
 When calculating the 'A2' portion of our digest for verification, we need the
 HTTP method that is currently in use.  Unfortunately our mapping function was
 incorrect, resulting in invalid hashes being generated and, in turn, failures
 in authentication.
 
 (closes issue ASTERISK-17224)
 Reported by: ksn
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=316920