On Tue, 10 Jan 2006, Matthew Closson wrote:
Hello,
I'm trying to get sockd (A SOCKS4/5 proxy from the /usr/ports/security/dante
port) working with BSD username/password authentication. Currently it is
saying userauthentication failed. I have made sure it is not something
simple like wrong password. Here is the relevant info:
Here is the contents of /etc/sockd.conf:
---------------------------------------------------------------------------
logoutput: syslog stdout /var/log/sockd
internal: 192.168.0.1 port = 1080
external: fxp0
method: username
clientmethod: none
user.privileged: root
user.notprivileged: proxy
iotimeout: 0
client pass {
from: 192.168.0.1/24 port 1-65535 to: 0.0.0.0/0
log: connect disconnect error
}
pass {
from: 192.168.0.1/24 to: 0.0.0.0/0
method: username
log: connect disconnect error
}
-----------------------------------------------------------------------------
Now here is the output written to the console by sockd when trying to
connect:
$ sudo /usr/local/sbin/sockd
Jan 10 11:41:34 (1136911294) sockd[0]: socks_seteuid(): old: 0, new: 0
Jan 10 11:41:34 (1136911294) sockd[0]: socks_reseteuid(): current: 0, new: 0
Jan 10 11:41:34 (1136911294) sockd[0]: socks_seteuid(): old: 0, new: 71
Jan 10 11:41:34 (1136911294) sockd[0]: socks_reseteuid(): current: 71, new: 0
Jan 10 11:41:34 (1136911294) sockd[0]: fixsettings(): setting the libwrap uid
to 0 is not recommended
Jan 10 11:41:34 (1136911294) sockd[23668]: dante/server v1.1.17 running
Jan 10 11:41:34 (1136911294) sockd[2926]: created new negotiatorchild
Jan 10 11:41:34 (1136911294) sockd[20194]: created new requestchild
Jan 10 11:41:34 (1136911294) sockd[32229]: created new requestchild
Jan 10 11:41:34 (1136911294) sockd[22256]: created new requestchild
Jan 10 11:41:34 (1136911294) sockd[1030]: created new requestchild
Jan 10 11:41:34 (1136911294) sockd[23452]: created new iochild
Jan 10 11:42:04 (1136911324) sockd[2926]: pass(1): tcp/accept [: 192.168.0.5
6636 -> 192.168.0.1.1080
Jan 10 11:42:04 (1136911324) sockd[2926]: pass(1): tcp/accept ]: 192.168.0.5
Jan 10 11:44:27 (1136911467) sockd[2926]: pass(1): tcp/accept [: 192.168.0.5
6700 -> 192.168.0.1.1080
Jan 10 11:44:27 (1136911467) sockd[2926]: pass(1): tcp/accept ]:
[EMAIL PROTECTED] -> 192.168.0.1.1080: system password
userauthentication failed
---------------------------------------------------------------------------
I am connecting from a Windows2000 box running FreeCap
(http://freecap.ru/eng) to SOCKSify my applications.
The FreeCap is setup to use SOCKSv5 username/password authentication.
Any ideas, or anyone have a working sockd.conf for this? In sockd.conf
the method: username is supposed to have it authenticate to the system
password file. Thanks for any info, I am subscribed.
-Matt-
After looking at the source a bit it seems that this is comparing the
socks password to the encrypted hash in /etc/passwd using crypt() - DES.
Obviously this won't work for OpenBSD being blowfish and using
/etc/master.passwd. Does anyone have a patch already to make it use the
proper facility and blowfish hash? If I don't get any replies I'll try to
write one for it. Thanks,
-Matt-
