Opened 8 years ago

Closed 4 months ago

#78 closed Bug / Defect (fixed)

openvpn http-proxy auth issue with profiles

Reported by: eduda Owned by: Antonio
Priority: major Milestone: release 2.4
Component: Configuration Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: http-proxy option parser
Cc:

Description

In misc.c

bool
get_user_pass (struct user_pass *up,

const char *auth_file,
const char *prefix,
const unsigned int flags)

{

struct gc_arena gc = gc_new ();

if (!up->defined) {

<cut>

string_mod (up->username, CC_PRINT, CC_CRLF, 0);

string_mod (up->password, CC_PRINT, CC_CRLF, 0);

up->defined = true;

this gets called each time for each <connection>, when it tried the http proxy, it calls this and asks for the username and password in the auth_file. Because up->defined was set in the first lookup, it doesn’t update the username and password in the next password file.

So if one password file has: user1 and pass1, and the other password file has user2, pass2, then username and password is always user1 and pass1. It never reads the second password file, or any other then the first.

conf:

port 10000
dev tun
cipher AES-128-CBC
auth SHA1
proto tcp-client
auth-user-pass
tls-client
ca /etc/openvpn/cert.pem
pull
verb 4
tun-mtu 1500
script-security 2
up /etc/openvpn/up.sh
<connection>
remote x.x.x.x
http-proxy 192.168.10.249 3128 /etc/openvpn/http-passwd-1 basic
http-proxy-retry
</connection>
<connection>
remote x.x.x.x
http-proxy 192.168.10.249 3128 /etc/openvpn/http-passwd-2 basic
http-proxy-retry
</connection>

Change History (8)

comment:1 Changed 8 years ago by David Sommerseth

Milestone: beta 2.3

comment:2 Changed 7 years ago by Samuli Seppänen

Milestone: beta 2.3
Priority: criticalmajor
Version: 2.1.2 / 2.1.3git master branch

comment:3 Changed 7 years ago by Samuli Seppänen

Milestone: release 2.4

comment:4 Changed 5 years ago by Samuli Seppänen

Keywords: option parser added

At a quick glance this looks like typical a problem with the option parser. If so, I assume it would not be easy to correct without a major option parser rewrite. Any thoughts?

comment:5 Changed 3 years ago by Gert Döring

I think this one needs re-testing as a number of bugs related to <connection> have been fixed in the meantime... I tend to point at plaisthos, but he has enough tights right now. Come back later...

comment:6 Changed 4 months ago by Antonio

am I wrong or this has been fixed by:

commit 86b58ceb29cf1cc3acf32e2ff370d9a4af68c051
Author: Antonio Quartulli <a@unstable.cc>
Date:   Mon Dec 4 12:49:07 2017 +0800

    reload HTTP proxy credentials when moving to the next connection profile

in 2.4.5 ?

comment:7 Changed 4 months ago by Gert Döring

Owner: set to Antonio
Status: newassigned

Since you most likely have it fixed already, throwing the ticket at you :-) - I think all it needs is re-testing with two different sets of proxy credentials and then close.

comment:8 Changed 4 months ago by Antonio

Resolution: fixed
Status: assignedclosed

Closing, because what Gert suggested is exactly what was already tested when merging the mentioned commit. Feel free to open a new ticket if other issues with the http-proxy handling should arise.

Note: See TracTickets for help on using tickets.