Problem with SQLPasswordAuth in child gk->parent gk setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

I found some 'unexpected' behaviour with SQLPasswordAuth in 2.0.9 - maybe
someone knows if  i did some misconfiguration or if it's a bug?

Here's what i did: I have (parent) gatekeeper (2.0.9) (signaling mode)
(routing done by an external application) that works fine so far. Now i set
up another gatekeeper (2.0.9) (full proxy mode) and registered it to the
parent as endpoint typ terminal. 



[Endpoint]
Gatekeeper= xxx.xxx.xxx.xxx
Type=Terminal
H323ID=abcdefg
Password=aaa
TimeToLive=900
RRQRetryInterval=30
ARQTimeout=10
UnregisterOnReload=1


Registration works fine and call routing from parent to child gk works too. 
But when i try to set up a call from the child to the parent the ARQ gets
rejected on the parent with reason security denial. A debug trc 5 shows the
following:


2005/04/17 17:22:22.332	1	      RasSrv.cxx(1653)	GK	ARQ Received
2005/04/17 17:22:22.332	5	       gksql.cxx(326)	SQLPasswordAuth
Executing query: SELECT H235Password FROM subscribers WHERE H323ID =
'abcdefg'
2005/04/17 17:22:22.332	5	       gksql.cxx(326)	SQLPasswordAuth
Executing query: SELECT H235Password FROM subscribers WHERE H323ID =
'2527_gkfi'
2005/04/17 17:22:22.332	4	     sqlauth.cxx(482)	SQLPasswordAuth
Password not found for alias '2527_gkfi'
2005/04/17 17:22:22.332	5	       gksql.cxx(326)	SQLPasswordAuth
Executing query: SELECT H235Password FROM subscribers WHERE H323ID =
'123456789'
2005/04/17 17:22:22.332	4	     sqlauth.cxx(482)	SQLPasswordAuth
Password not found for alias '123456789'
2005/04/17 17:22:22.332	3	      gkauth.cxx(1710)	GKAUTH
SQLPasswordAuth password not found for '123456789'
2005/04/17 17:22:22.332	3	      gkauth.cxx(1243)	GKAUTH
SQLPasswordAuth ARQ check failed
2005/04/17 17:22:22.332	2	      RasSrv.cxx(1924)
ARJ|62.167.xxx.xxx:1720|99999999:dialedDigits|123456789:dialedDigits|false|s
ecurityDenial; 


The parent gk first looks up the H323ID (alias) in the DB. There is no
"result"; could the gk find a password or not? If you look at the two
following lookups for the EndpointId and the E164Number which both fails. 
What happend to the first lookup? It should have passed the password test,
since I'm sure the H323ID and password are correct and this is already
proven by the fact that the child gk could actually register with the parent
using the same username/password.
So this check should succeed and there is no need to lookup with the
EndpointId or caller phonenumber (which is IMHO a security issue - caller
phonenumbers should only be used for authentication in a RRQ but not in an
ARQ). 

This only happens in that specific situation with child gk/parent gk. If an
ARQ from an Endpoint that is directly registered with the parent gk is
received, only H323Id/password is checked and the check succeeds, so an ACF
is issued. 

Anyone has an idea what happend here? Bug or configuration issue?

Thanks a lot for your help in advance!

Greetings
Frank





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux