search

kbr / fritzconnection

Python-Tool to communicate with the AVM Fritz!Box by the TR-064 protocol and the AHA-HTTP-Interface
MIT License
304 stars 59 forks source link

fritzmonitor and modules ignore username and password #99

Closed TauPan closed 3 years ago

TauPan commented 3 years ago

Correct me if I'm wrong, since I've just been experimenting and looking at the code for a couple of minutes:

It seems newer FritzOS (using 07.27) needs username and password for that and I see no precautions in the code to even use any kind of authentication.

(The regular api does work for me e.g. by setting FRITZ_USERNAME and FRITZ_PASSWORD in the environment.)

kbr commented 3 years ago

fritzconnection does not check the authentication data, but provides these data for every api-call. The box itself will raise errors on invalide authentications, depending on the api-call.

In FritzOS >= 7.24 the common default-username was removed, which is now individual for every user. That means on FritzOS >= 7.24 a password and a matching username must be provided.

But since fritzconnection 1.5 the username is optional again, even for FritzOS >= 7.24. In this case the username of the last logged-in user gets reused, as recommended by AVM (will of course not work for different users).

However: providing a username and a password is best practice anyway, regardless of the FritzOS version. And setting username und password in the environment is the best and most secure way to work with fritzconnection, as there are no passwords in the code.

TauPan commented 3 years ago

Thanks for the info.

I realize I should probably post the error here:

delgado@bluki:~> export FRITZ_IP_ADDRESS=192.168.0.254
delgado@bluki:~> export FRITZ_USERNAME=Friedel
delgado@bluki:~> export FRITZ_PASSWORD=$(keepassxc-cli show -s -a Password ~NC/secret/Passwords.kdbx 'Fritz!Box 7490')
Enter password to unlock /home/delgado/Nextcloud/secret/Passwords.kdbx:
delgado@bluki:~> fritzmonitor

fritzconnection v1.5.0
start fritzmonitor on address: 169.254.1.1
settings for socket-timeout: 10 [sec]
settings for healthcheck-timeout: 10 [sec]
(to stop press ^C)

[Errno 111] Connection refused
exit fritzmonitor
delgado@bluki:~> fritzmonitor -i $FRITZ_IP_ADDRESS

fritzconnection v1.5.0
start fritzmonitor on address: 192.168.0.254
settings for socket-timeout: 10 [sec]
settings for healthcheck-timeout: 10 [sec]
(to stop press ^C)

[Errno 111] Connection refused
exit fritzmonitor

192.168.0.254 is the correct IP Address, so apparently fritzmonitor ignores the environment variable FRITZ_IP_ADDRESS as well.

TauPan commented 3 years ago

Oh and fritzstatus does work:

delgado@bluki:~[1]> fritzstatus -i $FRITZ_IP_ADDRESS

fritzconnection v1.5.0
FRITZ!Box 7490 at http://192.168.0.254
FRITZ!OS: 7.27

FritzStatus:

    is linked             : True
    is connected          : True
    external ip (v4)      : 79.201.241.43
    external ip (v6)      : 2003:d0:bfff:31b5:3681:c4ff:fe31:abec
    internal ipv6-prefix  : 2003:d0:bf31:8600::
    uptime                : 05:49:56
    bytes send            : 2422709467
    bytes received        : 2824353490
    max. bit rate         : ('41.3 MBit/s', '92.3 MBit/s')
kbr commented 3 years ago

fritzmonitor is not TR064 based und just needs the ip. But you have to activate the call-monitor service of the box first by taking a registered phone and typing #96*5*.

TauPan commented 3 years ago

Sorry, I completely overlooked that in the documentation. I didn't scroll all the way down because I was too eager to try it out. :)