Регистрация через AMI с применением алгоритма MD5

yuo23 · Сообщение **yuo23** » 09 дек 2013, 15:26

Всем привет!
Не проходит авторизация при использовании алгоритма MD5. Без MD5 всё нормально. Что не так делаю?
************************************************
АВТОРИЗАЦИЯ БЕЗ MD5
[root@localhost ~]# telnet 127.0.0.1 5038
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Asterisk Call Manager/1.3
action:login
username:admin
secret:amp111xxx

Response: Success
Message: Authentication accepted

Event: FullyBooted
Privilege: system,all
Status: Fully Booted

action:logoff

Response: Goodbye
Message: Thanks for all the fish.

Connection closed by foreign host.
[root@localhost ~]#
**********************************************
АВТОРИЗАЦИЯ C MD5
[root@localhost ~]# telnet 127.0.0.1 5038
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Asterisk Call Manager/1.3
action:challenge
username:amp111xxx
authtype:md5

Response: Success
Challenge: xxxxxxxxx

На сайте http://foxtools.ru/Hash вычисляю хеш-сумму
для строки:xxxxxxxxxamp111xxx
Получаю кеу:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[root@localhost ~]# telnet 127.0.0.1 5038
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Asterisk Call Manager/1.3
action:login
username:admin
authtype:md5
key:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Response: Error
Message: Authentication failed

Connection closed by foreign host.
[root@localhost ~]#

**************************************************

;
; AMI - Asterisk Manager interface
;
; FreePBX needs this to be enabled. Note that if you enable it on a different IP, you need
; to assure that this can't be reached from un-authorized hosts with the ACL settings (permit/deny).
; Also, remember to configure non-default port or IP-addresses in amportal.conf.
;
; The AMI connection is used both by the portal and the operator's panel in FreePBX.
;
; FreePBX assumes an AMI connection to localhost:5038 by default.
;
[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0

displayconnects=no ;only effects 1.6+
allowmultiplelogin = yes

[admin]
secret = amp111xxx
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate
writetimeout = 5000

#include manager_additional.conf
#include manager_custom.conf

Vlad1983 · Сообщение **Vlad1983** » 09 дек 2013, 15:42

http://www.asteriskdocs.org/en/2nd_Edit ... ECT-1.html

If you’re worried about sending your secret across the wire in plain text (which you should be), you can also authenticate using an MD5 challenge-response system, which works very similar to HTTP digest authentication. To do this, you first call the Challenge action, which will present you with a challenge token:

Action: Challenge
AuthType: MD5

Response: Success
Challenge: 840415273

You can then take that challenge token, concatenate the plaintext secret onto the end of it, and calculate the MD5 checksum of the resulting string. The result can then be used to login without passing your secret in plain text.

Action: Login
AuthType: MD5
Username: Admin
Key: e7a056e1488882c6c509bbe71a049978

Response: Success
Message: Authentication accepted

yuo23 · Сообщение **yuo23** » 09 дек 2013, 16:11

Не получаеться всё равно:

[root@localhost ~]# telnet 127.0.0.1 5038
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Asterisk Call Manager/1.3
Action: Login
Username: admin
Secret: amp111yuo

Response: Success
Message: Authentication accepted

Event: FullyBooted
Privilege: system,all
Status: Fully Booted

Action: Challenge
Authtype: MD5

Response: Success
Challenge: 166122745

Action: logoff

Response: Goodbye
Message: Thanks for all the fish.

Connection closed by foreign host.
[root@localhost ~]# telnet 127.0.0.1 5038
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Asterisk Call Manager/1.3
Action: Login
AuthType: MD5
Username: admin
Key: 6dac742d54ca53b4e0d709290023e3f6

Response: Error
Message: Authentication failed

Connection closed by foreign host.
[root@localhost ~]#

yuo23 · Сообщение **yuo23** » 09 дек 2013, 16:40

Контрольную сумму вичислял для строки: 166122745amp111yuo

Vlad1983 · Сообщение **Vlad1983** » 09 дек 2013, 17:30

нужно делать в рамках одной сессии

yuo23 · Сообщение **yuo23** » 09 дек 2013, 17:52

Когда в рамках одной сессии то: Already authenticated. Непонятно, может контрольную сумму не правильно вычисляю.

[root@localhost ~]# telnet 127.0.0.1 5038
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Asterisk Call Manager/1.3
Action: Login
Username: admin
Secret: amp111yuo

Response: Success
Message: Authentication accepted

Event: FullyBooted
Privilege: system,all
Status: Fully Booted

Action: Challenge
Authtype: MD5

Response: Success
Challenge: 171984624

Action: Login
AuthType: MD5
Username: admin
Key: ebe9bece621fde6073e66e85c1d73181

Response: Success
Message: Already authenticated

Vlad1983 · Сообщение **Vlad1983** » 09 дек 2013, 19:08

какой великий смысл в рамках одной сессии логиниться сначала открытым текстом, а потом через хеш?

yuo23 · Сообщение **yuo23** » 09 дек 2013, 19:24

Ты же писал:
Re: Регистрация через AMI с применением алгоритма MD5
Сообщение Vlad1983 » Сегодня, 21:30

нужно делать в рамках одной сессии.

yuo23 · Сообщение **yuo23** » 10 дек 2013, 08:18

Решено. Для получения маркера не надо выполнять вход.

Vlad1983 · Сообщение **Vlad1983** » 10 дек 2013, 08:56

не прошло и суток