741793 – "auth strong" doesn't seem to be working with md4/5 hashes

Bug 741793 - "auth strong" doesn't seem to be working with md4/5 hashes

Summary: "auth strong" doesn't seem to be working with md4/5 hashes

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	3proxy
Sub Component:
Version:	15
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Pavel Alexeev
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-27 22:06 UTC by Mr-4
Modified:	2012-02-07 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-07 15:37:52 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Mr-4 2011-09-27 22:06:20 UTC

Description of problem:
When I configure the following proxy:

users "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
auth strong
flush
allow test 127.0.0.1
proxy -a -i127.0.0.1 -p12799

and then start the browser, directing this to the new proxy service I get the user/password prompt from the browser, but when I try to enter the user (test) and the password (test) 3proxy does NOT accept it. 

When I then tried "mycrypt qwer test" that produces the above hash, I get the same result - CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1 - which isn't accepted by 3proxy, but when I execute "mycrypt test" and enter the new result (NT:0CB6948805F797BF2A82807973B89537) as part of the users option (i.e. "users test:NT:0CB6948805F797BF2A82807973B89537") that seems to be working and I can log on through my browser and use the proxy as normal.

Version-Release number of selected component (if applicable):
The latest version (0.6.1) as distributed with fc15

How reproducible:
always

Steps to Reproduce:
1. configure the above proxy (make sure fakeresolve is NOT present)
2. start 3proxy
3. try logging in using any modern browser
  
Actual results:
Password failure

Expected results:
Using the proxy after successful login

Additional info:

Comment 1 Pavel Alexeev 2011-10-08 18:56:55 UTC

Hm.

I can't reproduce that.

Default configuration of 3proxy have such:
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"

So, as I test it out of the box it is accepted like a charm, look:

$ LANG=C http_proxy=http://127.0.0.1:3128 wget --proxy-user=test --proxy-password=test http://fedoraproject.org --spider
Spider mode enabled. Check if remote file exists.
--2011-10-08 22:56:08--  http://fedoraproject.org/
Connecting to 127.0.0.1:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 22524 (22K) [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.


I do not see any troubles. Please test with default config and say if it works for you.

Comment 2 Mr-4 2012-02-07 15:37:52 UTC

The above error was caused by the overzealous SELinux policy I have deployed on that machine, preventing 3proxy access to the resources it requires (random/urandom etc), so I am closing this bug!

Note You need to log in before you can comment on or make changes to this bug.