Bug #6688
closedSpecial characters in a password cause problems
100%
Description
With the following config snippet (some info redacted), pfsense reports:
php-fpm[71756]: /services_dyndns_edit.php: phpDynDNS (home): (Error) Not a valid username or password!
After changing the password in OpenDNS to something that had different special characters, the issue is resolved (ie OpenDNS is updated properly).
<dyndnses> <dyndns> <type>opendns</type> <username>XXX-redacted-XXX</username> <password>dy[>9nk?27ymz2u2khWVTi}2Mkra?yPRuBW[,9QR4U27>Qz*C+</password> <host>home</host> <domainname/> <mx/> <enable/> <interface>wan</interface> <zoneid/> <ttl/> <updateurl/> <resultmatch/> <requestif>wan</requestif> <descr><![CDATA[OpenDNS]]></descr> <force/> <id>0</id> </dyndns> </dyndnses>
Updated by Jim Pingle over 8 years ago
- Category set to Dynamic DNS
- Target version set to 2.4.0
- Affected Version set to All
If that example you posted is the one that didn't work, I can see why. Looks like ">" was changed to ">" twice in the same password.
The password field probably needs to be base64 encoded in config.xml so it doesn't fall into traps like that.
Updated by John Dickinson over 8 years ago
Although I don't really know PHP, I can dive into the code and poke around. It looks like it's pretty easy to do base64 encode/decode, and that would fix it for me. However, I'm not really sure how to tackle the migration or testing issue. I can simply decode whatever's there in the field now, because that would break existing users who have set the password, and it doesn't seem very friendly to force users to re-enter their password so it can be encoded. And for testing, I don't really know how that works for PHP.
Any guidance would be appreciated.
Updated by Phillip Davis over 8 years ago
Have a look at the end of https://github.com/pfsense/pfsense/blob/master/src/etc/inc/upgrade_config.inc
You can add a new section there that will encode existing passwords.
Increment the latest_config number in globals.inc and check https://github.com/pfsense/pfsense/blob/master/src/conf.default/config.xml (the default config provided on install and reset to factory defaults)
This commit had recent code that upgraded the config, useful as an example:
https://github.com/pfsense/pfsense/commit/2ce5cd33ef6434d3eb265c59f06e6ffb4930f0d9
Updated by Jim Pingle about 8 years ago
I committed a fix to store the passwords in base64. Worked fine here but could use more testing. 2.4 only for the time being.
Updated by Jim Pingle about 8 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 86584ded30c27b9ad1b017fb743399dc01180f02.
Updated by Jim Pingle about 8 years ago
- Status changed from Feedback to Resolved
Base64 encoding works fine here.