Bug 741793 - "auth strong" doesn't seem to be working with md4/5 hashes
Summary: "auth strong" doesn't seem to be working with md4/5 hashes
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: 3proxy
Version: 15
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Pavel Alexeev
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-27 22:06 UTC by Mr-4
Modified: 2012-02-07 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-07 15:37:52 UTC
Type: ---


Attachments (Terms of Use)

Description Mr-4 2011-09-27 22:06:20 UTC
Description of problem:
When I configure the following proxy:

users "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
auth strong
flush
allow test 127.0.0.1
proxy -a -i127.0.0.1 -p12799

and then start the browser, directing this to the new proxy service I get the user/password prompt from the browser, but when I try to enter the user (test) and the password (test) 3proxy does NOT accept it. 

When I then tried "mycrypt qwer test" that produces the above hash, I get the same result - CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1 - which isn't accepted by 3proxy, but when I execute "mycrypt test" and enter the new result (NT:0CB6948805F797BF2A82807973B89537) as part of the users option (i.e. "users test:NT:0CB6948805F797BF2A82807973B89537") that seems to be working and I can log on through my browser and use the proxy as normal.

Version-Release number of selected component (if applicable):
The latest version (0.6.1) as distributed with fc15

How reproducible:
always

Steps to Reproduce:
1. configure the above proxy (make sure fakeresolve is NOT present)
2. start 3proxy
3. try logging in using any modern browser
  
Actual results:
Password failure

Expected results:
Using the proxy after successful login

Additional info:

Comment 1 Pavel Alexeev 2011-10-08 18:56:55 UTC
Hm.

I can't reproduce that.

Default configuration of 3proxy have such:
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"

So, as I test it out of the box it is accepted like a charm, look:

$ LANG=C http_proxy=http://127.0.0.1:3128 wget --proxy-user=test --proxy-password=test http://fedoraproject.org --spider
Spider mode enabled. Check if remote file exists.
--2011-10-08 22:56:08--  http://fedoraproject.org/
Connecting to 127.0.0.1:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 22524 (22K) [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.


I do not see any troubles. Please test with default config and say if it works for you.

Comment 2 Mr-4 2012-02-07 15:37:52 UTC
The above error was caused by the overzealous SELinux policy I have deployed on that machine, preventing 3proxy access to the resources it requires (random/urandom etc), so I am closing this bug!


Note You need to log in before you can comment on or make changes to this bug.