Bug #1553: Dynamic DNS does not allow @ in the password - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #1553

closed

Dynamic DNS does not allow @ in the password

Added by Aaron Lusk over 13 years ago. Updated over 8 years ago.

Status:

Resolved

Priority:

Low

Assignee:

Renato Botelho

Category:

Dynamic DNS

Target version:

Start date:

05/24/2011

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

Affected Architecture:

All

Description

Dynamic DNS updater does not allow for @ symbol in the password for the update service.

Run into this problem when using a generated password for my DNS-O-Matic account. Changing the password to one generated without symbols fixed the problem.

History
Notes
Property changes

Actions

Copy link

Updated by Jim Pingle over 13 years ago

Category set to Dynamic DNS
Target version set to Future
Affected Version set to 2.0
Affected Architecture All added
Affected Architecture deleted ()

Do you mean that DNS-O-Matic rejects such a password?
I don't see that we are currently doing any kind of input validation on that password field which would reject an @, and I can save an entry with one.

If DNS-O-Matic can't take an @, that means eventually we'll probably need to have some kind of per-service input validation for the password.

Actions

Copy link

Updated by Aaron Lusk over 13 years ago

DNS-O-Matic accepts the passwords with an @ symbol on their website but when you use that password on the Dynamic DNS updater this message shows up in the log:

php: /services_dyndns_edit.php: Request completed. DNS-O-Matic reported: Couldn't resolve host 'ksdfg@updates.dnsomatic.com'

It looks like the is breaking the string being sent to DNS-0-Matic's server as "ksdfg" is part of the password I just used to test this. Seems like the best thing to do is to just not allow to be used.

Actions

Copy link

Updated by Aaron Lusk over 13 years ago

It looks like the (AT) is breaking the string being sent to DNS-0-Matic's server as "ksdfg" is part of the password I just used to test this. Seems like the best thing to do is to just not allow (AT) to be used.**

(Looks like redmine does not like the (AT) symbol either)

Actions

Copy link

Updated by Chris Buechler almost 13 years ago

Affected Version deleted (~~2.0~~)

adding comment from #2079 duplicate

Dynamic DNS updater does not allow for @ symbol in the password for the update service.

Run into this problem when using a generated password for my DNS-O-Matic account. Changing the password to one generated without symbols fixed the problem.

"/etc/inc/dyndns.class" should be fixed to allow for all characters in the username and password field for all Dynamic DNS cases.

Here is a fix to allow the (at) symbol in the password and username field for dnsomatic:

[2.0.1-RELEASE][admin@pfSense]/root(13): diff -u /etc/inc/dyndns.class.bak /etc/inc/dyndns.class
--- /etc/inc/dyndns.class.bak    2012-01-10 01:26:05.000000000 -0800
+++ /etc/inc/dyndns.class    2012-01-10 01:30:35.000000000 -0800
@@ -368,7 +368,7 @@
                     if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON";
                     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
                     curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass);
-                    $server = "https://" . $this->_dnsUser . ":" . $this->_dnsPass . "@updates.dnsomatic.com/nic/update?hostname=";
+                    $server = "https://" . '$this->_dnsUser' . ":" . '$this->_dnsPass' . "@updates.dnsomatic.com/nic/update?hostname=";
                     if($this->_dnsServer)
                         $server = $this->_dnsServer;
                     if($this->_dnsPort)

Actions

Copy link

Updated by Chris Buechler over 12 years ago

Subject changed from Dynamic DNS to Dynamic DNS does not allow @ in the password
Priority changed from Normal to Low

Actions

Copy link

Updated by Andrew DeFilippis over 11 years ago

I placed pull request 656 on git to resolve this issue, by using "rawurlencode":

@@ -438,8 +438,16 @@
             log_error("DNS-O-Matic: DNS update() starting.");
           if (isset($this->_dnsWildcard) && $this->_dnsWildcard != "OFF") $this->_dnsWildcard = "ON";
           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
-          curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass);
-          $server = "https://" . $this->_dnsUser . ":" . $this->_dnsPass . "@updates.dnsomatic.com/nic/update?hostname=";
+          /*
+          Reference: https://www.dnsomatic.com/wiki/api
+            DNS-O-Matic usernames are 3-25 characters.
+            DNS-O-Matic passwords are 6-20 characters.
+            All ASCII letters and numbers accepted.
+            Dots, dashes, and underscores allowed, but not at the beginning or end of the string.
+          Required: "rawurlencode" http://www.php.net/manual/en/function.rawurlencode.php
+            Encodes the given string according to RFC 3986.
+          */
+          $server = "https://" . rawurlencode($this->_dnsUser) . ":" . rawurlencode($this->_dnsPass) . "@updates.dnsomatic.com/nic/update?hostname=";
           if($this->_dnsServer)
             $server = $this->_dnsServer;
           if($this->_dnsPort)

Actions

Copy link