Re: Problem using authentication in a request

[Thierry Huchard via curl-library]

Le 2022-04-30 18:53, Thierry Huchard via curl-library a écrit :
Le 2022-04-30 12:40, Thierry Huchard via curl-library a écrit :
I test as soon as I have access to the device again.
Thanks for your quick feedback.
Hi,

The operation of recuperation of the information of the device it works 
well, it is in the authentication that I fail, necessary to launch a 
job.

############################################################################
curl -k -v https://192.168.93.209:443/eSCL/ScannerCapabilities
*   Trying 192.168.93.209:443...
* TCP_NODELAY set
* Connected to 192.168.93.209 (192.168.93.209) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=Canon Imaging Product
*  start date: Jan  1 00:00:00 2012 GMT
*  expire date: Dec 31 23:59:59 2037 GMT
*  issuer: CN=Canon Imaging Product
*  SSL certificate verify result: self signed certificate (18), 
continuing anyway.
GET /eSCL/ScannerCapabilities HTTP/1.1
Host: 192.168.93.209
User-Agent: curl/7.68.0
Accept: */*

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sat, 30 Apr 2022 17:55:49 GMT
< Server: CANON HTTP Server
< Content-Type: text/xml
< Content-Length: 15712
<
<?xml version="1.0" encoding="UTF-8"?><scan:ScannerCapabilities 
xmlns:pwg="http://www.pwg.org/schemas/2010/12/sm"; 
xmlns:scan="http://schemas.hp.com/imaging/escl/2011/05/03";>
  <pwg:Version>2.63</pwg:Version>
  <pwg:MakeAndModel>Canon iR-ADV C568/478</pwg:MakeAndModel>
  <pwg:SerialNumber>3LM01066e</pwg:SerialNumber>
  <scan:Manufacturer>Canon</scan:Manufacturer>
  <scan:Certifications>
........
* Connection #0 to host 192.168.93.209 left intact
############################################################################

I would have tried ....
////////////////////////////////////////////////////////////////////////////////////////////////
curl -v -k  --user 12345:12345 -d "$CAPABILITIES"
https://192.168.93.209:443/eSCL/ScanJobs
*   Trying 192.168.93.209:443...
* TCP_NODELAY set
* Connected to 192.168.93.209 (192.168.93.209) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=Canon Imaging Product
*  start date: Jan  1 00:00:00 2012 GMT
*  expire date: Dec 31 23:59:59 2037 GMT
*  issuer: CN=Canon Imaging Product
*  SSL certificate verify result: self signed certificate (18),
continuing anyway.
* Server auth using Basic with user '12345'
POST /eSCL/ScanJobs HTTP/1.1
Host: 192.168.93.209
Authorization: Basic MTIzNDU6MTIzNDU=
User-Agent: curl/7.68.0
Accept: */*
Content-Length: 795
Content-Type: application/x-www-form-urlencoded

* upload completely sent off: 795 out of 795 bytes
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Date: Sat, 30 Apr 2022 17:50:31 GMT
< Server: CANON HTTP Server
< Content-Length: 0
<
* Connection #0 to host 192.168.93.209 left intact
//////////////////////////////////////////////////////////////////////////////////////

Thank's


Thierry

Le 30 avril 2022 12:19:48 GMT+02:00, Timothe Litt via curl-library
<curl-library@lists.haxx.se> a écrit :

Perhaps the device isn't using Basic authentication.  Or it requires
TLS with basic.

If you enable authentication on the device, and omit the --user to
cURL, you should get a 401 from the device.

What does the WWW-Authenticate header in that response show?  It
will include one or more acceptable authentication types as
described n RFC 7235.

Besides basic, it could be digest, ntlm, bearer, hoba, negotiate,
mutual, scram, ...

Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.

On 30-Apr-22 05:32, Thierry Huchard via curl-library wrote:
Hi All,

I am trying to create a job on a Canon IR DX C478i.
I have a problem when using curl with authentication:
* Mark bundle as not supporting multiuse
When I disable authentication the device works correctly.
Do you have any idea how to solve this problem?

///////////////////////////////////////////////////////////////

CAPABILITIES='<?xml version="1.0"
encoding="UTF-8"?><scan:ScanSettings
xmlns:pwg="http://www.pwg.org/schemas/2010/12/sm"; [1]
xmlns:scan="http://schemas.hp.com/imaging/escl/2011/05/03";

[2]><pwg:Version>2.0</pwg:Version><pwg:ScanRegions><pwg:ScanRegion><pwg:ContentRegionUnits>escl:ThreeHundredthsOfInches</pwg:ContentRegionUnits><pwg:Height>2550</pwg:Height><pwg:Width>4200</pwg:Width><pwg:XOffset>0</pwg:XOffset><pwg:YOffset>0</pwg:YOffset></pwg:ScanRegion></pwg:ScanRegions><pwg:DocumentFormat>application/pdf</pwg:DocumentFormat><scan:DocumentFormatExt>application/pdf</scan:DocumentFormatExt><scan:ColorMode>RGB24</scan:ColorMode><scan:XResolution>300</scan:XResolution><scan:YResolution>300</scan:YResolution><pwg:InputSource>Platen</pwg:InputSource><scan:InputSource>Platen</scan:InputSource></scan:ScanSettings>'
root@jammy:~/hplip-3.21.12+dfsg0# curl -v --user 1234:12345 -d
"$CAPABILITIES" http://192.168.93.209:80/eSCL/ScanJobs
*   Trying 192.168.93.209:80...
* Connected to 192.168.93.209 (192.168.93.209) port 80 (#0)
* Server auth using Basic with user '1234'
POST /eSCL/ScanJobs HTTP/1.1
Host: 192.168.93.209
Authorization: Basic MTIzNDoxMjM0NQ==
User-Agent: curl/7.81.0
Accept: */*
Content-Length: 795
Content-Type: application/x-www-form-urlencoded

* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Date: Sat, 30 Apr 2022 09:50:40 GMT
< Server: CANON HTTP Server
< Content-Length: 0
<
* Connection #0 to host 192.168.93.209 left intact

/////////////////////////////////////////////////////////////////

Thank's

Thierry

--
Envoyé de mon appareil Android avec Courriel Ordissimo Mail. Veuillez
excuser ma brièveté.

Links:
------
[1] http://www.pwg.org/schemas/2010/12/sm
[2] http://schemas.hp.com/imaging/escl/2011/05/03
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html