Bug #4605
closed
OpenVPN user/pass fails if usernames and/or passwords contain special characters (reopen bugs 4177 and 4340)
100%
Description
The fix for bug 4177 (OpenVPN user/pass auth fails if passwords end on special characters.) doesn't completely resolve the issue.
Bug 4340 (after upgrade pfSense to 2.2, OpenVPN fails connect for login S&V (authorization by AD).) introduces the same incomplete fix from 4177 to the "username" field.
The lines in /usr/local/sbin/ovpn_auth_verify don't urlEncode the base64 encoding properly; base64 can produce three non-alphanum characters: =, + and /.
It should be:
# Base64 and urlEncode usernames and passwords
password=$(echo -n "${password}" | openssl enc -base64 | sed -e 's_=_%3D_g;s_+_%2B_g;s_/_%2F_g')
username=$(echo -n "${username}" | openssl enc -base64 | sed -e 's_=_%3D_g;s_+_%2B_g;s_/_%2F_g')
I believe the str_replace in /etc/inc/openvpn.auth-user.php isn't needed either.
According to: http://php.net/manual/en/reserved.variables.get.php, anything retrieved through $_GET is automatically urlDecoded.
I'd like to suggest a comment for clarity:
/* Any string retrieved through $_GET is automatically urlDecoded */ $username = base64_decode($_GET['username']); $password = base64_decode($_GET['password']);
To duplicate the issue, please try the username and/or password: "00>00?0" to test.
Thanks
Updated by 
Updated by Kill Bill 
Updated by 
Updated by 
Updated by