thr3ads.net - CentOS - [CentOS] Bug 3831: basic_ncsa_auth Blowfish and SHA support, really fixed? [Mar 2015]

If this information is useful, please help other people find it:
Share via:
Sergio Belkin
2015-Mar-18 20:22 UTC
[CentOS] Bug 3831: basic_ncsa_auth Blowfish and SHA support, really fixed?

Hi,

I'm using squid-3.3.8-12.el7_0.x86_64 on CentOS 7

I've configured squid for basic authentication, md5 password *works*, but
if fails when I try to use either blowfish or sha password.


Below is the cache.log when it fails:


2015/03/18 17:21:02.637 kid1| Checklist.cc(275) matchNode: 0x7f217e8baca8
matched=0 async=0 finished=0
2015/03/18 17:21:02.637 kid1| Checklist.cc(299) matchNode: 0x7f217e8baca8
simple mismatch
2015/03/18 17:21:02.637 kid1| Checklist.cc(160) checkAccessList:
0x7f217e8baca8 checking 'http_access  allow squid_access'
2015/03/18 17:21:02.637 kid1| Acl.cc(336) matches: ACLList::matches:
checking squid_access
2015/03/18 17:21:02.637 kid1| Acl.cc(319) checklistMatches:
ACL::checklistMatches: checking 'squid_access'
2015/03/18 17:21:02.637 kid1| Acl.cc(281) aclCacheMatchFlush:
aclCacheMatchFlush called for cache 0x7f217e9b8cc8
2015/03/18 17:21:02.637 kid1| Acl.cc(61) AuthenticateAcl: returning 2
sending credentials to helper.
2015/03/18 17:21:02.637 kid1| Acl.cc(321) checklistMatches:
ACL::ChecklistMatches: result for 'squid_access' is -1
2015/03/18 17:21:02.637 kid1| Acl.cc(346) matches: squid_access needs async
lookup
2015/03/18 17:21:02.637 kid1| Acl.cc(354) matches: squid_access result is
false
2015/03/18 17:21:02.637 kid1| Checklist.cc(275) matchNode: 0x7f217e8baca8
matched=0 async=1 finished=0
2015/03/18 17:21:02.637 kid1| Checklist.cc(312) matchNode: 0x7f217e8baca8
going async
2015/03/18 17:21:02.637 kid1| Checklist.cc(131) asyncInProgress:
ACLChecklist::asyncInProgress: 0x7f217e8baca8 async set to 1
2015/03/18 17:21:02.637 kid1| AclProxyAuth.cc(144) checkForAsync: checking
password via authenticator
2015/03/18 17:21:02.637 kid1| Checklist.cc(256) matchNodes: 0x7f217e8baca8
awaiting async operation
2015/03/18 17:21:02.638 kid1| Checklist.cc(131) asyncInProgress:
ACLChecklist::asyncInProgress: 0x7f217e8baca8 async set to 0
2015/03/18 17:21:02.638 kid1| Checklist.cc(160) checkAccessList:
0x7f217e8baca8 checking 'http_access  allow squid_access'
2015/03/18 17:21:02.638 kid1| Acl.cc(336) matches: ACLList::matches:
checking squid_access
2015/03/18 17:21:02.638 kid1| Acl.cc(319) checklistMatches:
ACL::checklistMatches: checking 'squid_access'
2015/03/18 17:21:02.638 kid1| Acl.cc(66) AuthenticateAcl: returning 3
sending authentication challenge.
2015/03/18 17:21:02.638 kid1| Checklist.cc(146) markFinished:
0x7f217e8baca8 answer AUTH_REQUIRED for AuthenticateAcl exception
2015/03/18 17:21:02.638 kid1| Acl.cc(321) checklistMatches:
ACL::ChecklistMatches: result for 'squid_access' is -1
2015/03/18 17:21:02.638 kid1| Acl.cc(343) matches: squid_access failed.
2015/03/18 17:21:02.638 kid1| Acl.cc(354) matches: squid_access result is
false
2015/03/18 17:21:02.638 kid1| Checklist.cc(275) matchNode: 0x7f217e8baca8
matched=0 async=0 finished=1
2015/03/18 17:21:02.638 kid1| Checklist.cc(294) matchNode: 0x7f217e8baca8
exception: AUTH_REQUIRED
2015/03/18 17:21:02.638 kid1| Checklist.cc(88) matchNonBlocking:
ACLChecklist::check: 0x7f217e8baca8 match found, calling back with
AUTH_REQUIRED
2015/03/18 17:21:02.638 kid1| Checklist.cc(182) checkCallback:
ACLChecklist::checkCallback: 0x7f217e8baca8 answer=AUTH_REQUIRED
2015/03/18 17:21:02.638 kid1| Gadgets.cc(58) aclGetDenyInfoPage: got called
for squid_access
2015/03/18 17:21:02.638 kid1| Gadgets.cc(77) aclGetDenyInfoPage:
aclGetDenyInfoPage: no match
2015/03/18 17:21:02.638 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7fffee83caa0
2015/03/18 17:21:02.638 kid1| Checklist.cc(334) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7fffee83caa0
2015/03/18 17:21:02.638 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7fffee83caa0
2015/03/18 17:21:02.638 kid1| Checklist.cc(334) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7fffee83caa0
2015/03/18 17:21:02.638 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7f217e8baca8
2015/03/18 17:21:02.638 kid1| Checklist.cc(334) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7f217e8baca8
2015/03/18 17:21:02.639 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0x7f217e8baca8
2015/03/18 17:21:02.639 kid1| Checklist.cc(334) ~ACLChecklist:
ACLChecklist::~ACLChecklist: destroyed 0x7f217e8baca8


Thanks in advance!
-- 
--
Sergio Belkin  http://www.sergiobelkin.com
LPIC-2 Certified - http://www.lpi.org
CentOS - Mar 2015 - Bug 3831: basic_ncsa_auth Blowfish and SHA support, really fixed?

[CentOS] Bug 3831: basic_ncsa_auth Blowfish and SHA support, really fixed?
