ExternalPassword Auth Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi .. I am using gnugk v2.2beta5. I have un-commented the ExternalPassword auth code in gkauth.cxx and compiled it. I am using openphone as the ep and setting H235Password for gatekeeper as 'hello'. I am using a perl script which returns the MD5 hash of 'hello'. I get a security denial because of this h235auth.cxx(525) H235RAS H235AuthSimpleMD5 digest does not match What passwords does it try to match ? What algorithm does it use ? Thanks in advance -rahul The perl script is as follows : ------------------------------------------ #!/usr/bin/perl -w # Make it simple: username == password use Digest::MD5; my $user = $ARGV[0]; my $msg = "hello"; chomp $msg; print Digest::MD5::md5_hex($msg); -------------------------------------------- the trace log is as follows : 2004/08/11 18:42:20.592 1 gkauth.cxx(147) GKAUTH ExternalPasswordAuth rule added to check RAS: ARQ RRQ, OTHER: NONE 2004/08/11 18:42:20.593 1 gkauth.cxx(1105) GKAUTH ExternalPasswordAuth KeyFilled config variable is missing 2004/08/11 18:42:20.595 3 gkauth.cxx(2180) GkAuth In ExternalPasswordAuth::ExternalPasswordAuth 2004/08/11 18:42:20.596 3 gkauth.cxx(2189) GkAuth In ExternalPasswordAuth::ExternalInit 2004/08/11 18:42:20.598 1 gkauth.cxx(147) GKAUTH default rule added to check RAS: ARQ BRQ DRQ GRQ IRQ LRQ RRQ URQ, OTHER: SETUP SETUPUNREG 2004/08/11 18:42:20.608 1 gkacct.cxx(179) GKACCT Created module SQLAcct with event mask 7 2004/08/11 18:42:20.620 3 gksql.cxx(144) SQLAcct Database connection pool created: gnugk@localhost[gkcontrol] 2004/08/11 18:42:20.623 1 gkacct.cxx(179) GKACCT Created module FileAcct with event mask 7 2004/08/11 18:42:20.625 1 gkacct.cxx(390) GKACCT FileAcct unsupported rotation method: 0 - rotation disabled 2004/08/11 18:42:20.628 2 gkacct.cxx(403) GKACCT FileAcct CDR file: /usr/local/src/openh323gkCVS/dbin/cdr.log 2004/08/11 18:42:20.629 2 Routing.cxx(463) VQueue (CTI) Virtual queues disabled - no virtual queues configured 2004/08/11 18:42:20.631 2 singleton.cxx(28) Create instance: Routing::Analyzer(7) 2004/08/11 18:42:20.636 2 gkacct.cxx(936) GKACCT Successfully logged event 8 2004/08/11 18:42:26.962 2 RasSrv.cxx(151) RAS Read from 10.1.3.43:3577 2004/08/11 18:42:26.973 3 RasSrv.cxx(190) RAS gatekeeperRequest { requestSeqNum = 45240 protocolIdentifier = 0.0.8.2250.0.4 rasAddress = ipAddress { ip = 4 octets { 0a 01 03 2b ...+ } port = 3577 } endpointType = { vendor = { vendor = { t35CountryCode = 9 t35Extension = 0 manufacturerCode = 61 } productId = 23 octets { 45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open 50 68 6f 6e 65 00 00 Phone.. } versionId = 26 octets { 31 2e 39 2e 33 20 28 4f 70 65 6e 48 33 32 33 20 1.9.3 (OpenH323 76 31 2e 31 35 2e 30 29 00 00 v1.15.0).. } } terminal = { } mc = FALSE undefinedNode = FALSE } endpointAlias = 1 entries { [0]=h323_ID 5 characters { 0076 0065 006e 006b 0079 venky } } authenticationCapability = 2 entries { [0]=pwdHash <<null>> [1]=authenticationBES radius <<null>> } algorithmOIDs = 2 entries { [0]=1.2.840.113549.2.5 [1]=1.2.840.113548.10.1.2.1 } supportsAltGK = <<null>> } 2004/08/11 18:42:27.130 1 RasSrv.cxx(311) RAS GRQ Received 2004/08/11 18:42:27.131 3 gkauth.h(787) GKAUTH default GRQ check ok 2004/08/11 18:42:27.139 2 RasSrv.cxx(356) GCF|10.1.3.43|venky:h323_ID|terminal; 2004/08/11 18:42:27.141 3 RasSrv.cxx(202) RAS Send to 10.1.3.43:3577 gatekeeperConfirm { requestSeqNum = 45240 protocolIdentifier = 0.0.8.2250.0.4 gatekeeperIdentifier = 6 characters { 0053 0069 0066 0079 0047 004b SifyGK } rasAddress = ipAddress { ip = 4 octets { 0a 01 03 13 .... } port = 1719 } authenticationMode = pwdHash <<null>> algorithmOID = 1.2.840.113549.2.5 } 2004/08/11 18:42:27.172 2 RasSrv.cxx(151) RAS Read from 10.1.3.43:3577 2004/08/11 18:42:27.183 3 RasSrv.cxx(190) RAS registrationRequest { requestSeqNum = 45241 protocolIdentifier = 0.0.8.2250.0.4 discoveryComplete = TRUE callSignalAddress = 1 entries { [0]=ipAddress { ip = 4 octets { 0a 01 03 2b ...+ } port = 1720 } } rasAddress = 1 entries { [0]=ipAddress { ip = 4 octets { 0a 01 03 2b ...+ } port = 3577 } } terminalType = { vendor = { vendor = { t35CountryCode = 9 t35Extension = 0 manufacturerCode = 61 } productId = 23 octets { 45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open 50 68 6f 6e 65 00 00 Phone.. } versionId = 26 octets { 31 2e 39 2e 33 20 28 4f 70 65 6e 48 33 32 33 20 1.9.3 (OpenH323 76 31 2e 31 35 2e 30 29 00 00 v1.15.0).. } } terminal = { } mc = FALSE undefinedNode = FALSE } terminalAlias = 1 entries { [0]=h323_ID 5 characters { 0076 0065 006e 006b 0079 venky } } gatekeeperIdentifier = 6 characters { 0053 0069 0066 0079 0047 004b SifyGK } endpointVendor = { vendor = { t35CountryCode = 9 t35Extension = 0 manufacturerCode = 61 } productId = 23 octets { 45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e Equivalence Open 50 68 6f 6e 65 00 00 Phone.. } versionId = 26 octets { 31 2e 39 2e 33 20 28 4f 70 65 6e 48 33 32 33 20 1.9.3 (OpenH323 76 31 2e 31 35 2e 30 29 00 00 v1.15.0).. } } cryptoTokens = 1 entries { [0]=cryptoEPPwdHash { alias = h323_ID 5 characters { 0076 0065 006e 006b 0079 venky } timeStamp = 1092230590 token = { algorithmOID = 1.2.840.113549.2.5 paramS = { } hash = Hex: ce e6 9b a9 5c 09 f6 de cc 10 5d 0e 4b 37 81 53 } } } keepAlive = FALSE willSupplyUUIEs = TRUE maintainConnection = FALSE supportsAltGK = <<null>> usageReportingCapability = { nonStandardUsageTypes = 0 entries { } startTime = <<null>> endTime = <<null>> terminationCause = <<null>> } callCreditCapability = { canDisplayAmountString = TRUE canEnforceDurationLimit = TRUE } } 2004/08/11 18:42:27.251 1 RasSrv.cxx(311) RAS RRQ Received 2004/08/11 18:42:27.704 3 gkauth.cxx(2206) GkAuth ExternalPasswordAuth Got Password -> 5d41402abc4b2a76b9719d911017c592 2004/08/11 18:42:27.709 1 h235auth.cxx(525) H235RAS H235AuthSimpleMD5 digest does not match. 2004/08/11 18:42:27.712 3 gkauth.cxx(964) GKAUTH ExternalPasswordAuth RRQ check failed 2004/08/11 18:42:27.716 2 RasSrv.cxx(356) RRJ|10.1.3.43|venky:h323_ID|terminal|securityDenial; 2004/08/11 18:42:27.717 3 RasSrv.cxx(202) RAS Send to 10.1.3.43:3577 registrationReject { requestSeqNum = 45241 protocolIdentifier = 0.0.8.2250.0.4 rejectReason = securityDenial <<null>> gatekeeperIdentifier = 6 characters { 0053 0069 0066 0079 0047 004b SifyGK } } My config is as follows : [Gatekeeper::Main] Fourtytwo=42 Name=SifyGK EndpointIDSuffix=_sifyep1 StatusPort=7000 TimeToLive=-1 TotalBandwidth=-1 [RoutedMode] GKRouted=1 H245Routed=0 CallSignalPort=1720 CallSignalHandlerNumber=2 RemoveH245AddressOnTunneling=1 AcceptNeighborsCalls=0 AcceptUnregisteredCalls=0 DropCallsByReleaseComplete=1 SendReleaseCompleteOnDRQ=1 SupportNATedEndpoints=1 Q931PortRange=20000-20020 H245PortRange=30000-30010 ConnectTimeout=60000 [Proxy] Enable=1 ;InternalNetwork=192.168.1.127/255.255.255.128, 192.168.1.255/255.255.255.128 T120PortRange=1024-65535 RTPPortRange=1024-65535 ProxyForNAT=1 ProxyForSameNAT=0 [GkStatus::Auth] rule=allow Shutdown=forbid ;KeyFilled=11 [RasSrv::GWPrefixes] [RasSrv::RewriteE164] [RasSrv::PermanentEndpoints] [RasSrv::Neighbors] [RasSrv::LRQFeatures] NeighborTimeout=2 ForwardHopCount=2 IncludeDestinationInfoInLCF=1 CiscoGKCompatible=1 [RasSrv::RRQFeatures] AcceptGatewayPrefixes=1 OverwriteEPOnSameAddress=1 [RasSrv::ARQFeatures] ArjReasonRouteCallToSCN=1 ArjReasonRouteCallToGatekeeper=1 CallUnregisteredEndpoints=0 RemoveTrailingChar=# [CallTable] GenerateNBCDR=1 GenerateUCCDR=1 DefaultCallDurationLimit=0 AcctUpdateInterval=60 [EndPoint] Gatekeeper=no Type=Gateway RRQRetryInterval=10 ARQTimeout=2 [Endpoint::RewriteE164] [Gatekeeper::Auth] ExternalPasswordAuth=required;RRQ,ARQ ;SimplePasswordAuth=optional;RRQ ;AliasAuth=optional;RRQ ;SQLPasswordAuth=optional;RRQ ;SQLAliasAuth=optional;RRQ default=allow ;[Password] ;KeyFilled=123 ;PasswordTimeuot=120 [ExternalPasswordAuth] PasswordProgram=/usr/local/src/openh323gkCVS/dbin/webauth.pl [RasSrv::RRQAuth] MYEP5=allow [SQLPasswordAuth] Driver=MySQL Host=localhost Database=gkcontrol Username=gnugk Password=secret CacheTimeout=300 Query=SELECT h235password FROM users WHERE alias = '%1' AND IS active [SQLAliasAuth] Driver=MySQL Host=localhost:3306 Database=gkcontrol Username=gnugk Password=secret CacheTimeout=300 Query=SELECT IF(LENGTH(TRIM(authcond)), authcond, CONCAT('sigip:',host, IF(port, CONCAT(':',port),''))) as authrule FROM users WHERE alias = '%1' AND GatekeeperId = '%2' AND active [Gatekeeper::Acct] SQLAcct=required;start,update,stop FileAcct=alternative;start,update,stop [Accounting] AlwaysUseCLID=1 [FileAcct] DetailFile=/usr/local/src/openh323gkCVS/dbin/cdr.log Rotate=0 [SQLAcct] Driver=MySQL Host=localhost:3306 Database=gkcontrol Username=gnugk Password=secret MinPoolSize=5 StartQuery=INSERT INTO call (gkname, callnum, d_cause, sessid, H323id, setup_time, connect_time, disconnect_time, caller_ip, callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%c", "%s", "%u", "%{setup-time}", "%{connect-time}", "%{disconnect-time}", "%{caller-ip}", "%{callee-ip}", "%{Calling-Station-Id}", "%{Caller-Station-Id}") StartQueryAlt=INSERT INTO call (gkname, callnum, duration, d_cause, sessid, H323id, setup_time, connect_time, disconnect_time, caller_ip, callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%d", "%c", "%s", "%u", "%{setup-time}", "%{connect-time}", "%{disconnect-time}", "%{caller-ip}", "%{callee-ip}", "%{Calling-Station-Id}", "%{Caller-Station-Id}") UpdateQuery=UPDATE call SET duration = %d WHERE gkname = "%g" AND sessid = "%s" StopQuery=UPDATE call SET duration = %d, disconnect_time = "%{disconnect-time}" WHERE gkname = "%g" AND sessid = "%s" StopQueryAlt=INSERT INTO call (gkname, callnum, d_cause, sessid, H323id, setup_time, connect_time, disconnect_time, caller_ip, callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%c", "%s", "%u", "%{setup-time}", "%{connect-time}", "%{disconnect-time}", "%{caller-ip}", "%{callee-ip}", "%{Calling-Station-Id}", "%{Caller-Station-Id}")
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux