unable to logon when uamsecret is turned on using Chillicontroller.js

[greemlin]

It seems to be impossible to use the Chillicontroller.js logon when chilli has a uamsecret option enabled. Everything works from the portal ( we are using the ruby controller weblogin ). It is not the case en trying to login from an angular app using the chillicontroller.js it returns the expected json with no message ( no errors or anything), the ClientState = 0 Please advice.

[irongomme]

as @muratbeser said on #218 , you should try Pepper.

I'm using it on my AppGyver mobile app, and it works fine

[greemlin]

@irongomme , thank you for your reply and time . I have tried pepper and also contacted Michele the author of pepper who confirmed the issue. Would it be too much if I d asked you to post the logon function and the pepper init you used? ( does your Chilli conf use an uamsecret ? Mine does).

NK

[irongomme]

@greemlin as i wrote on #110 , i'm using a server side script to generate authentification url , which i use to pass to an angular $http.jsonp.

Here is an extract of my app code :

$http.jsonp(coovaUrl($scope.coova.ip, 'logon', {
    username: ticket.id,
    response: result.response.data
})).success(function(status) {

        ticket.connecting = false;

        if(status.clientState == 0) {

            //A chaque tentative le challenge change
            $scope.pepper.refresh();
            $scope.connection_error = status.message;
            $scope.connection_ticket = ticket;
            $scope.template = 'no_connection';

        } else if(status.clientState == 1) {
            //Connexion OK, on va pouvoir passer à la suite
            $scope.nextStep($scope.currentStep++);
        } 
});

[greemlin]

Merci Jerome!!!!!!

[greemlin]

I am getting a reject from Chilli. how do you create a valid challenge?

in order to produce a valid url (using php server side):

$uamip = '192.168.1.1.'; //Your UAMIP $uamport = '3990'; //Your UAMPORT $username = 'user'; //Username for login $password = 'pass'; //Password associated to the username $challenge = 'abcefghijklmnopqrstywxyz12345678'; //Your dynamic challenge $chilli_secret = 'mysecret'; //Your chilli secret in your coovachilli configuration file

$hexchal = pack ("H32", $challenge); $newchal = pack ("H*", md5($hexchal . $chilli_secret)); $response = md5("\0" . $password . $newchal); $newpwd = pack("a32", $password); $pappassword = implode ("", unpack("H32", ($newpwd ^ $newchal)));

$authentification_url = 'http://' . $uamip . ':' . $uamport . '/logon'; $authentification_url.= '?username=' . urlencode($username); $authentification_url.= '&response=' . urlencode($response); $authentification_url.='&userurl=http://www.google.com';

[irongomme]

Your challenge is generated by coova :

A call to http://NAS_IP:NAS_PORT/json/status will give you the current challenge into the json response. Then you can use it to generate the authentication url.

[greemlin]

Jerome Thank you for your reply! I will look into it right now!!!! merciiiiiiiii

[greemlin]

Hi Jerome (... once again on a dead end). I got the challenge from chilli by issuing a status and then I used the request http://someip:port/logon?username=aUser&response=thecalculatedresponse I get a reject.... I really dont have a clue why I am getting rejected.... any tip?

The response is calculated by:

$uamip = '192.168.1.1.'; //Your UAMIP $uamport = '3990'; //Your UAMPORT $username = 'user'; //Username for login $password = 'pass'; //Password associated to the username $challenge = -> got it by issuing a refresh from a pepper instance $chilli_secret = 'mysecret'; //Your chilli secret in your coovachilli configuration file

$hexchal = pack ("H32", $challenge); $newchal = pack ("H*", md5($hexchal . $chilli_secret)); $response = md5("\0" . $password . $newchal);

[irongomme]

Hi @greemlin , what do you have in your radius log ?

[greemlin]

Hi Jerome! Just saw your post. Thank you for your reply, from what I am seeing even getting the challenge from the server and using the uamsecret to hash the password to the response, I get the message that the username or password is wrong..... I am really confused.... The only way I get a login is by using the hotspotlogin portal and issuing a username and password + challenge request ..... which is a hack and not useful at all....