Special characters in a password cause problems
With the following config snippet (some info redacted), pfsense reports:
php-fpm: /services_dyndns_edit.php: phpDynDNS (home): (Error) Not a valid username or password!
After changing the password in OpenDNS to something that had different special characters, the issue is resolved (ie OpenDNS is updated properly).
<dyndnses> <dyndns> <type>opendns</type> <username>XXX-redacted-XXX</username> <password>dy[>9nk?27ymz2u2khWVTi}2Mkra?yPRuBW[,9QR4U27>Qz*C+</password> <host>home</host> <domainname/> <mx/> <enable/> <interface>wan</interface> <zoneid/> <ttl/> <updateurl/> <resultmatch/> <requestif>wan</requestif> <descr><![CDATA[OpenDNS]]></descr> <force/> <id>0</id> </dyndns> </dyndnses>
#1 Updated by Jim Pingle 9 months ago
- Category set to Dynamic DNS
- Target version set to 2.4.0
- Affected version set to All
If that example you posted is the one that didn't work, I can see why. Looks like ">" was changed to ">" twice in the same password.
The password field probably needs to be base64 encoded in config.xml so it doesn't fall into traps like that.
#2 Updated by John Dickinson 8 months ago
Although I don't really know PHP, I can dive into the code and poke around. It looks like it's pretty easy to do base64 encode/decode, and that would fix it for me. However, I'm not really sure how to tackle the migration or testing issue. I can simply decode whatever's there in the field now, because that would break existing users who have set the password, and it doesn't seem very friendly to force users to re-enter their password so it can be encoded. And for testing, I don't really know how that works for PHP.
Any guidance would be appreciated.
#3 Updated by Phillip Davis 8 months ago
Have a look at the end of https://github.com/pfsense/pfsense/blob/master/src/etc/inc/upgrade_config.inc
You can add a new section there that will encode existing passwords.
Increment the latest_config number in globals.inc and check https://github.com/pfsense/pfsense/blob/master/src/conf.default/config.xml (the default config provided on install and reset to factory defaults)
This commit had recent code that upgraded the config, useful as an example: