Dear list,
I switched gnugk from w32 platform to RH9 to be able to make use of the
integrated Mysql support. Compiled openh323 1.12.2 with pwlib 1.5.2 and
gnugk 2.05. After some struggle with mydql++ the compilation of gnugk has
worked out fine. I received an enormous amount of help from Hemant to
achieve all this. Now I run into this problem that might be an
interpretation error on my site but I can't get it fixed and there fore
would like to ask the forum for any ideas. ( I just spent 4 days debugging
it but still No GO!)
If I use MySQPasswordAuth the cryptotokens are taken out of the RAS messages
from my EP and the authorization tool can find the information to be matched
to the succesfully connected Mysql dbase table info. Therefore it uses
h235ras.cxx from openh323 and gkauth.cxx from openh323gk. This mechanism
works fine for endpoints that allow h235 signalling and do have the correct
info in the mysql table.
If I understand the manual correct than the next rule that can be used in
the same section is MySQLAliasAuth and this module is using normal RAS
authentication for the EP's.
For testing purposes I am using an endpoint that makes use of openphone and
in the ini section of gnugk I have
[RasSrv::RRQ]
rule = allow
[Gatekeeper::Auth]
MySQLPasswordAuth=required;RRQ
MySQLAliasAuth=required;RRQ
default=allow
[MySQLAuth]
;
; SELECT Password FROM IPNData WHERE IPN = %id AND Kind > 1
;
Host=localhost
Database=testbase
User=root
Password=testpassword
Table=IPNData
IDField=IPN
PasswordField=Password
ExtraCriterion=Kind > 1
[MySQLAliasAuth]
;
;SELECT IPAddr FROM IPNData WHERE IPN = %id AND Kind > 1
;
Host=localhost
Database=testbase
User=root
Password=testpassword
Table=IPNData
IDField=IPN
IPField=IPAddr
ExtraCriterion=Kind > 1
CacheTimeout=300
My database layout is like the mentiond names above with varchar(30) for all
fields.
So now it comes. The error log from gnugk shows me a successfull pass for
the EP while registering using the MySQLPassword section but than get into a
"Unknown RRQAuth condition: on this part of the gkauth.cxx code. (check line
1003 in this module) just before entering the MySQLAliasAuth section .
else if (rName=="sigip") {
if (rule.GetSize() < 2)
return false;
PIPSocket::Address ip;
PIPSocket::GetHostAddress(rule[1], ip);
WORD port = (rule.GetSize() < 3) ? GK_DEF_ENDPOINT_SIGNAL_PORT :
rule[2].AsInteger();
return (SignalAdr == SocketToH225TransportAddr(ip, port));
} else {
PTRACE(4, "Unknown RRQAuth condition: " << Condition);
return ON_ERROR;
It looks like the fetched IP address for the EP to be matched is in some RRQ
authorization although the rule is set to allow or the IP address can not be
fetched from the EP therefore this section bails out with error message and
causing the MySQLAliasAuth section NOT be able to do its query while there
is no IP address to be matched. ( I am sure that the Ip address in the
tables matches with the one from the registering EP)
Also when I completely bypass the MySQLPassword section it return with
exactly the same error
I have tried several different EP's all with the same result ( Security
Denial while registering at the gnugk in the same part of the gkauth.cxx
code).
My questions are:
1.. Is there an interpretation error in the above? If yes please explain.
2.. Does MySQLAliasAuth work in combination with RedHat 9 and gnugk 2.05
3.. Is there a special need to set up the mysql tables with a special
format?
4.. Does anybody has a solution??????
I am a complete rookie in the linux world.
Any response will be more than welcome!!! Tjapko.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
