Project

General

Profile

Actions

Bug #6688

closed

Special characters in a password cause problems

Added by John Dickinson about 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Dynamic DNS
Target version:
Start date:
08/09/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

With the following config snippet (some info redacted), pfsense reports:

php-fpm[71756]: /services_dyndns_edit.php: phpDynDNS (home): (Error) Not a valid username or password!

After changing the password in OpenDNS to something that had different special characters, the issue is resolved (ie OpenDNS is updated properly).

<dyndnses>
    <dyndns>
        <type>opendns</type>
        <username>XXX-redacted-XXX</username>
        <password>dy[&gt;9nk?27ymz2u2khWVTi}2Mkra?yPRuBW[,9QR4U27&gt;Qz*C+</password>
        <host>home</host>
        <domainname/>
        <mx/>
        <enable/>
        <interface>wan</interface>
        <zoneid/>
        <ttl/>
        <updateurl/>
        <resultmatch/>
        <requestif>wan</requestif>
        <descr><![CDATA[OpenDNS]]></descr>
        <force/>
        <id>0</id>
    </dyndns>
</dyndnses>
Actions #1

Updated by Jim Pingle about 5 years ago

  • Category set to Dynamic DNS
  • Target version set to 2.4.0
  • Affected Version set to All

If that example you posted is the one that didn't work, I can see why. Looks like ">" was changed to "&gt;" twice in the same password.

The password field probably needs to be base64 encoded in config.xml so it doesn't fall into traps like that.

Actions #2

Updated by John Dickinson about 5 years ago

Although I don't really know PHP, I can dive into the code and poke around. It looks like it's pretty easy to do base64 encode/decode, and that would fix it for me. However, I'm not really sure how to tackle the migration or testing issue. I can simply decode whatever's there in the field now, because that would break existing users who have set the password, and it doesn't seem very friendly to force users to re-enter their password so it can be encoded. And for testing, I don't really know how that works for PHP.

Any guidance would be appreciated.

Actions #3

Updated by Phillip Davis about 5 years ago

Have a look at the end of https://github.com/pfsense/pfsense/blob/master/src/etc/inc/upgrade_config.inc
You can add a new section there that will encode existing passwords.
Increment the latest_config number in globals.inc and check https://github.com/pfsense/pfsense/blob/master/src/conf.default/config.xml (the default config provided on install and reset to factory defaults)
This commit had recent code that upgraded the config, useful as an example:
https://github.com/pfsense/pfsense/commit/2ce5cd33ef6434d3eb265c59f06e6ffb4930f0d9

Actions #4

Updated by Jim Thompson almost 5 years ago

  • Assignee set to Jim Pingle

Please look at Phil'a patch

Actions #5

Updated by Jim Pingle almost 5 years ago

I committed a fix to store the passwords in base64. Worked fine here but could use more testing. 2.4 only for the time being.

Actions #6

Updated by Jim Pingle almost 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #7

Updated by Jim Pingle almost 5 years ago

  • Status changed from Feedback to Resolved

Base64 encoding works fine here.

Actions

Also available in: Atom PDF