Re: ExternalPassword Auth Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You have to return a clear text password - not the hash.

PS: Your emails are hard to read - no newlines displayed
    in my Evolution email reader.

On Thu, 2004-08-12 at 05:24, rahul a wrote:
> hi .. I am using gnugk v2.2beta5. I have un-commented the
> ExternalPassword auth code in gkauth.cxx and compiled it. I am using
> openphone as the ep and setting H235Password for gatekeeper as
> 'hello'. I am using a perl script which returns the MD5 hash of
> 'hello'. I get a security denial because of this h235auth.cxx(525)
> H235RAS H235AuthSimpleMD5 digest does not match What passwords does it
> try to match ? What algorithm does it use ? Thanks in advance -rahul
> The perl script is as follows :
> ------------------------------------------ #!/usr/bin/perl -w # Make
> it simple: username == password use Digest::MD5; my $user = $ARGV[0];
> my $msg = "hello"; chomp $msg; print Digest::MD5::md5_hex($msg);
> -------------------------------------------- the trace log is as
> follows : 2004/08/11 18:42:20.592 1 gkauth.cxx(147) GKAUTH
> ExternalPasswordAuth rule added to check RAS: ARQ RRQ, OTHER: NONE
> 2004/08/11 18:42:20.593 1 gkauth.cxx(1105) GKAUTH ExternalPasswordAuth
> KeyFilled config variable is missing 2004/08/11 18:42:20.595 3
> gkauth.cxx(2180) GkAuth In ExternalPasswordAuth::ExternalPasswordAuth
> 2004/08/11 18:42:20.596 3 gkauth.cxx(2189) GkAuth In
> ExternalPasswordAuth::ExternalInit 2004/08/11 18:42:20.598 1
> gkauth.cxx(147) GKAUTH default rule added to check RAS: ARQ BRQ DRQ
> GRQ IRQ LRQ RRQ URQ, OTHER: SETUP SETUPUNREG 2004/08/11 18:42:20.608 1
> gkacct.cxx(179) GKACCT Created module SQLAcct with event mask 7
> 2004/08/11 18:42:20.620 3 gksql.cxx(144) SQLAcct Database connection
> pool created: gnugk@localhost[gkcontrol] 2004/08/11 18:42:20.623 1
> gkacct.cxx(179) GKACCT Created module FileAcct with event mask 7
> 2004/08/11 18:42:20.625 1 gkacct.cxx(390) GKACCT FileAcct unsupported
> rotation method: 0 - rotation disabled 2004/08/11 18:42:20.628 2
> gkacct.cxx(403) GKACCT FileAcct CDR file:
> /usr/local/src/openh323gkCVS/dbin/cdr.log 2004/08/11 18:42:20.629 2
> Routing.cxx(463) VQueue (CTI) Virtual queues disabled - no virtual
> queues configured 2004/08/11 18:42:20.631 2 singleton.cxx(28) Create
> instance: Routing::Analyzer(7) 2004/08/11 18:42:20.636 2
> gkacct.cxx(936) GKACCT Successfully logged event 8 2004/08/11
> 18:42:26.962 2 RasSrv.cxx(151) RAS Read from 10.1.3.43:3577 2004/08/11
> 18:42:26.973 3 RasSrv.cxx(190) RAS gatekeeperRequest { requestSeqNum =
> 45240 protocolIdentifier = 0.0.8.2250.0.4 rasAddress = ipAddress { ip
> = 4 octets { 0a 01 03 2b ...+ } port = 3577 } endpointType = { vendor
> = { vendor = { t35CountryCode = 9 t35Extension = 0 manufacturerCode =
> 61 } productId = 23 octets { 45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70
> 65 6e Equivalence Open 50 68 6f 6e 65 00 00 Phone.. } versionId = 26
> octets { 31 2e 39 2e 33 20 28 4f 70 65 6e 48 33 32 33 20 1.9.3
> (OpenH323 76 31 2e 31 35 2e 30 29 00 00 v1.15.0).. } } terminal = { }
> mc = FALSE undefinedNode = FALSE } endpointAlias = 1 entries {
> [0]=h323_ID 5 characters { 0076 0065 006e 006b 0079 venky } }
> authenticationCapability = 2 entries { [0]=pwdHash <<null>>
> [1]=authenticationBES radius <<null>> } algorithmOIDs = 2 entries {
> [0]=1.2.840.113549.2.5 [1]=1.2.840.113548.10.1.2.1 } supportsAltGK =
> <<null>> } 2004/08/11 18:42:27.130 1 RasSrv.cxx(311) RAS GRQ Received
> 2004/08/11 18:42:27.131 3 gkauth.h(787) GKAUTH default GRQ check ok
> 2004/08/11 18:42:27.139 2 RasSrv.cxx(356)
> GCF|10.1.3.43|venky:h323_ID|terminal; 2004/08/11 18:42:27.141 3
> RasSrv.cxx(202) RAS Send to 10.1.3.43:3577 gatekeeperConfirm {
> requestSeqNum = 45240 protocolIdentifier = 0.0.8.2250.0.4
> gatekeeperIdentifier = 6 characters { 0053 0069 0066 0079 0047 004b
> SifyGK } rasAddress = ipAddress { ip = 4 octets { 0a 01 03 13 .... }
> port = 1719 } authenticationMode = pwdHash <<null>> algorithmOID =
> 1.2.840.113549.2.5 } 2004/08/11 18:42:27.172 2 RasSrv.cxx(151) RAS
> Read from 10.1.3.43:3577 2004/08/11 18:42:27.183 3 RasSrv.cxx(190) RAS
> registrationRequest { requestSeqNum = 45241 protocolIdentifier =
> 0.0.8.2250.0.4 discoveryComplete = TRUE callSignalAddress = 1 entries
> { [0]=ipAddress { ip = 4 octets { 0a 01 03 2b ...+ } port = 1720 } }
> rasAddress = 1 entries { [0]=ipAddress { ip = 4 octets { 0a 01 03 2b
> ...+ } port = 3577 } } terminalType = { vendor = { vendor = {
> t35CountryCode = 9 t35Extension = 0 manufacturerCode = 61 } productId
> = 23 octets { 45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65 6e
> Equivalence Open 50 68 6f 6e 65 00 00 Phone.. } versionId = 26 octets
> { 31 2e 39 2e 33 20 28 4f 70 65 6e 48 33 32 33 20 1.9.3 (OpenH323 76
> 31 2e 31 35 2e 30 29 00 00 v1.15.0).. } } terminal = { } mc = FALSE
> undefinedNode = FALSE } terminalAlias = 1 entries { [0]=h323_ID 5
> characters { 0076 0065 006e 006b 0079 venky } } gatekeeperIdentifier =
> 6 characters { 0053 0069 0066 0079 0047 004b SifyGK } endpointVendor =
> { vendor = { t35CountryCode = 9 t35Extension = 0 manufacturerCode = 61
> } productId = 23 octets { 45 71 75 69 76 61 6c 65 6e 63 65 20 4f 70 65
> 6e Equivalence Open 50 68 6f 6e 65 00 00 Phone.. } versionId = 26
> octets { 31 2e 39 2e 33 20 28 4f 70 65 6e 48 33 32 33 20 1.9.3
> (OpenH323 76 31 2e 31 35 2e 30 29 00 00 v1.15.0).. } } cryptoTokens =
> 1 entries { [0]=cryptoEPPwdHash { alias = h323_ID 5 characters { 0076
> 0065 006e 006b 0079 venky } timeStamp = 1092230590 token = {
> algorithmOID = 1.2.840.113549.2.5 paramS = { } hash = Hex: ce e6 9b a9
> 5c 09 f6 de cc 10 5d 0e 4b 37 81 53 } } } keepAlive = FALSE
> willSupplyUUIEs = TRUE maintainConnection = FALSE supportsAltGK =
> <<null>> usageReportingCapability = { nonStandardUsageTypes = 0
> entries { } startTime = <<null>> endTime = <<null>> terminationCause =
> <<null>> } callCreditCapability = { canDisplayAmountString = TRUE
> canEnforceDurationLimit = TRUE } } 2004/08/11 18:42:27.251 1
> RasSrv.cxx(311) RAS RRQ Received 2004/08/11 18:42:27.704 3
> gkauth.cxx(2206) GkAuth ExternalPasswordAuth Got Password ->
> 5d41402abc4b2a76b9719d911017c592 2004/08/11 18:42:27.709 1
> h235auth.cxx(525) H235RAS H235AuthSimpleMD5 digest does not match.
> 2004/08/11 18:42:27.712 3 gkauth.cxx(964) GKAUTH ExternalPasswordAuth
> RRQ check failed 2004/08/11 18:42:27.716 2 RasSrv.cxx(356)
> RRJ|10.1.3.43|venky:h323_ID|terminal|securityDenial; 2004/08/11
> 18:42:27.717 3 RasSrv.cxx(202) RAS Send to 10.1.3.43:3577
> registrationReject { requestSeqNum = 45241 protocolIdentifier =
> 0.0.8.2250.0.4 rejectReason = securityDenial <<null>>
> gatekeeperIdentifier = 6 characters { 0053 0069 0066 0079 0047 004b
> SifyGK } } My config is as follows : [Gatekeeper::Main] Fourtytwo=42
> Name=SifyGK EndpointIDSuffix=_sifyep1 StatusPort=7000 TimeToLive=-1
> TotalBandwidth=-1 [RoutedMode] GKRouted=1 H245Routed=0
> CallSignalPort=1720 CallSignalHandlerNumber=2
> RemoveH245AddressOnTunneling=1 AcceptNeighborsCalls=0
> AcceptUnregisteredCalls=0 DropCallsByReleaseComplete=1
> SendReleaseCompleteOnDRQ=1 SupportNATedEndpoints=1
> Q931PortRange=20000-20020 H245PortRange=30000-30010
> ConnectTimeout=60000 [Proxy] Enable=1
> ;InternalNetwork=192.168.1.127/255.255.255.128,
> 192.168.1.255/255.255.255.128 T120PortRange=1024-65535
> RTPPortRange=1024-65535 ProxyForNAT=1 ProxyForSameNAT=0
> [GkStatus::Auth] rule=allow Shutdown=forbid ;KeyFilled=11
> [RasSrv::GWPrefixes] [RasSrv::RewriteE164]
> [RasSrv::PermanentEndpoints] [RasSrv::Neighbors] [RasSrv::LRQFeatures]
> NeighborTimeout=2 ForwardHopCount=2 IncludeDestinationInfoInLCF=1
> CiscoGKCompatible=1 [RasSrv::RRQFeatures] AcceptGatewayPrefixes=1
> OverwriteEPOnSameAddress=1 [RasSrv::ARQFeatures]
> ArjReasonRouteCallToSCN=1 ArjReasonRouteCallToGatekeeper=1
> CallUnregisteredEndpoints=0 RemoveTrailingChar=# [CallTable]
> GenerateNBCDR=1 GenerateUCCDR=1 DefaultCallDurationLimit=0
> AcctUpdateInterval=60 [EndPoint] Gatekeeper=no Type=Gateway
> RRQRetryInterval=10 ARQTimeout=2 [Endpoint::RewriteE164]
> [Gatekeeper::Auth] ExternalPasswordAuth=required;RRQ,ARQ
> ;SimplePasswordAuth=optional;RRQ ;AliasAuth=optional;RRQ
> ;SQLPasswordAuth=optional;RRQ ;SQLAliasAuth=optional;RRQ default=allow
> ;[Password] ;KeyFilled=123 ;PasswordTimeuot=120 [ExternalPasswordAuth]
> PasswordProgram=/usr/local/src/openh323gkCVS/dbin/webauth.pl
> [RasSrv::RRQAuth] MYEP5=allow [SQLPasswordAuth] Driver=MySQL
> Host=localhost Database=gkcontrol Username=gnugk Password=secret
> CacheTimeout=300 Query=SELECT h235password FROM users WHERE alias =
> '%1' AND IS active [SQLAliasAuth] Driver=MySQL Host=localhost:3306
> Database=gkcontrol Username=gnugk Password=secret CacheTimeout=300
> Query=SELECT IF(LENGTH(TRIM(authcond)), authcond,
> CONCAT('sigip:',host, IF(port, CONCAT(':',port),''))) as authrule FROM
> users WHERE alias = '%1' AND GatekeeperId = '%2' AND active
> [Gatekeeper::Acct] SQLAcct=required;start,update,stop
> FileAcct=alternative;start,update,stop [Accounting] AlwaysUseCLID=1
> [FileAcct] DetailFile=/usr/local/src/openh323gkCVS/dbin/cdr.log
> Rotate=0 [SQLAcct] Driver=MySQL Host=localhost:3306 Database=gkcontrol
> Username=gnugk Password=secret MinPoolSize=5 StartQuery=INSERT INTO
> call (gkname, callnum, d_cause, sessid, H323id, setup_time,
> connect_time, disconnect_time, caller_ip, callee_ip, calling_number,
> caller_number) VALUES ("%g", "%n", "%c", "%s", "%u", "%{setup-time}",
> "%{connect-time}", "%{disconnect-time}", "%{caller-ip}",
> "%{callee-ip}", "%{Calling-Station-Id}", "%{Caller-Station-Id}")
> StartQueryAlt=INSERT INTO call (gkname, callnum, duration, d_cause,
> sessid, H323id, setup_time, connect_time, disconnect_time, caller_ip,
> callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%d",
> "%c", "%s", "%u", "%{setup-time}", "%{connect-time}",
> "%{disconnect-time}", "%{caller-ip}", "%{callee-ip}",
> "%{Calling-Station-Id}", "%{Caller-Station-Id}") UpdateQuery=UPDATE
> call SET duration = %d WHERE gkname = "%g" AND sessid = "%s"
> StopQuery=UPDATE call SET duration = %d, disconnect_time =
> "%{disconnect-time}" WHERE gkname = "%g" AND sessid = "%s"
> StopQueryAlt=INSERT INTO call (gkname, callnum, d_cause, sessid,
> H323id, setup_time, connect_time, disconnect_time, caller_ip,
> callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%c",
> "%s", "%u", "%{setup-time}", "%{connect-time}", "%{disconnect-time}",
> "%{caller-ip}", "%{callee-ip}", "%{Calling-Station-Id}",
> "%{Caller-Station-Id}") 



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux