Opened 13 years ago
Closed 6 years ago
#78 closed Bug / Defect (fixed)
openvpn http-proxy auth issue with profiles
| Reported by: | eduda | Owned by: | Antonio Quartulli |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.4 |
| Component: | Configuration | Version: | OpenVPN git master branch (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | http-proxy option parser |
| Cc: |
Description
In misc.c
bool
get_user_pass (struct user_pass *up,
const char *auth_file,
const char *prefix,
const unsigned int flags)
{
struct gc_arena gc = gc_new ();
if (!up->defined) {
<cut>
string_mod (up->username, CC_PRINT, CC_CRLF, 0);
string_mod (up->password, CC_PRINT, CC_CRLF, 0);
up->defined = true;
this gets called each time for each <connection>, when it tried the http proxy, it calls this and asks for the username and password in the auth_file. Because up->defined was set in the first lookup, it doesn’t update the username and password in the next password file.
So if one password file has: user1 and pass1, and the other password file has user2, pass2, then username and password is always user1 and pass1. It never reads the second password file, or any other then the first.
conf:
port 10000
dev tun
cipher AES-128-CBC
auth SHA1
proto tcp-client
auth-user-pass
tls-client
ca /etc/openvpn/cert.pem
pull
verb 4
tun-mtu 1500
script-security 2
up /etc/openvpn/up.sh
<connection>
remote x.x.x.x
http-proxy 192.168.10.249 3128 /etc/openvpn/http-passwd-1 basic
http-proxy-retry
</connection>
<connection>
remote x.x.x.x
http-proxy 192.168.10.249 3128 /etc/openvpn/http-passwd-2 basic
http-proxy-retry
</connection>
Change History (8)
comment:1 Changed 13 years ago by
| Milestone: | → beta 2.3 |
|---|
comment:2 Changed 12 years ago by
| Milestone: | beta 2.3 |
|---|---|
| Priority: | critical → major |
| Version: | 2.1.2 / 2.1.3 → git master branch |
comment:3 Changed 12 years ago by
| Milestone: | → release 2.4 |
|---|
comment:4 Changed 10 years ago by
| Keywords: | option parser added |
|---|
comment:5 Changed 9 years ago by
I think this one needs re-testing as a number of bugs related to <connection> have been fixed in the meantime... I tend to point at plaisthos, but he has enough tights right now. Come back later...
comment:6 Changed 6 years ago by
am I wrong or this has been fixed by:
commit 86b58ceb29cf1cc3acf32e2ff370d9a4af68c051
Author: Antonio Quartulli <a@unstable.cc>
Date: Mon Dec 4 12:49:07 2017 +0800
reload HTTP proxy credentials when moving to the next connection profile
in 2.4.5 ?
comment:7 Changed 6 years ago by
| Owner: | set to Antonio Quartulli |
|---|---|
| Status: | new → assigned |
Since you most likely have it fixed already, throwing the ticket at you :-) - I think all it needs is re-testing with two different sets of proxy credentials and then close.
comment:8 Changed 6 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Closing, because what Gert suggested is exactly what was already tested when merging the mentioned commit. Feel free to open a new ticket if other issues with the http-proxy handling should arise.
At a quick glance this looks like typical a problem with the option parser. If so, I assume it would not be easy to correct without a major option parser rewrite. Any thoughts?