tr069 server TeamsACS 中的 Basic Auth 与 HTTP Digest Auth

发布时间: 2023-04-29 15:59:09 作者: 大象笔记

我在 TeamsACS tr069/server.go 中只找到了 BasicAuth middleware, 并没有 http digest auth (准确地说 auth_client.go 中有实现,但是 server 逻辑里没有).

Basic Auth

TeamsACS 中 basic auth 的实现很敷衍,并没有校验密码。有几种可能:

s.root.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
	Skipper: func(c echo.Context) bool {
		// 只有两种情况跳过 basic auth
		rpath := c.Request().RequestURI
		if strings.HasPrefix(rpath, "/cwmpfiles") ||
			strings.HasPrefix(rpath, "/cwmpupload") {
			return true
		} else {
			return false
		}
	},
	Validator: func(username, password string, c echo.Context) (bool, error) {
		// 增加一条 debug 日志,判断 CPE 请求是否携带了 username / password
		// [2023-04-29T10:37:17+08:00]     DEBUG   tr069/server.go:81      Basic Auth username: 8KA8WA1151100043, password:
		log.Debugf("Basic Auth username: %s, password: %s", username, password)

		// 这也太敷衍了吧
		if username == "" {
			return false, nil
		}
		return true, nil
	},
	Realm: "Restricted",
}))

这个 username 来自 CPE 模拟器的序列号:

genieacs-sim> grep 8KA8WA1151100043 -r .
./data_model_202BC1-BM632w-8KA8WA1151100043.csv:DeviceID.SerialNumber,false,false,8KA8WA1151100043,xsd:string
./data_model_202BC1-BM632w-8KA8WA1151100043.csv:InternetGatewayDevice.ManagementServer.Username,false,true,8KA8WA1151100043,xsd:string
./genieacs-sim:  .option("-m, --data-model [filename]", "Data model template", resolvePath, "./data_model_202BC1-BM632w-8KA8WA1151100043.csv")

HTTP Digest Auth

TeamsACS 中的 Digest Auth 实现似乎只用在了 ACS 向 CPE 发送请求的过程中。

> grep digest -r -i common/
common/cwmp/auth_client.go:             var authorization map[string]string = DigestAuthParams(resp)
common/cwmp/auth_client.go:             AuthHeader := fmt.Sprintf(`Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=00000001, qop=%s, response="%s", opaque="%s", algorithm=MD5`,
common/cwmp/auth_client.go: auth parameters or nil if the header is not a valid parsable Digest
common/cwmp/auth_client.go:func DigestAuthParams(r *http.Response) map[string]string {
common/cwmp/auth_client.go:     if len(s) != 2 || s[0] != "Digest" {
common/cwmp/auth_client.go: H function for MD5 algorithm (returns a lower-case hex MD5 digest)
common/cwmp/auth_client.go:     digest := md5.New()
common/cwmp/auth_client.go:     digest.Write([]byte(data))
common/cwmp/auth_client.go:     return fmt.Sprintf("%x", digest.Sum(nil))

更多

> grep ConnectionRequestAuth -r -i common/
common/cwmp/auth_client.go:func ConnectionRequestAuth(username string, password string, uri string) (bool, error) {
> grep ConnectionRequestAuth -r -i tr069/
> grep ConnectionRequestAuth -r -i controllers/
controllers/supervise/cwmp.go:  isok, err := cwmp.ConnectionRequestAuth(dev.Sn, app.GApp().GetTr069SettingsStringValue("CpeConnectionRequestPassword"), dev.CwmpUrl)

其他

我是一名山东烟台的开发者,联系作者