PPTP user manager issue with special character "ç"



  • I just stumbled upon the fact of the old PPTP user manager not being capable of special characters in names or passwords.

    When I type in User "Test1234ç" (that is a c circonflex 0xE7) then i get:

    The following input errors were detected:

    * The username contains invalid characters.

    But if i use the "ç" in the password filed it says:

    The PPTP user list has been modified.
    You must apply the changes in order for them to take effect.
    Warning: this will terminate all current PPTP sessions!

    That would leave me thinking it is ok but there is no new user in the list !  :o

    But it actually plainly crashes the user manager in terms of it forces the config to be restored!
    I get the message in the acknowledge lin in browser:
    "[config.xml] pfsense is restoring the configuration /cf/conf/backup/config…."

    I have checked the know issues and just wanted to report this bug (or missing feature #1099?).
    Is this the right spot to report this? (I am new to pfsense and to this board)

    Cheers

    PS.
    Forgot to mention that the above i can do wothout any problems in the new user manager (system).

    PS2:
    FDorgot to mention my version: Version 2.0-BETA5  (i386) built on Sat Jan 8 01:01:27 EST 2011


  • Rebel Alliance Developer Netgate

    They should probably just be rejected in the password, just like they are from the username.



  • For now yes but for the future I would like to disagree. I rather see it move to the new user manager one fine day.
    The reason is simple:
    As I use software to create secure passwords it will generate characters that do NOT work with the current user manager.
    And as stated it already: it works fine in the new user manager.


  • Rebel Alliance Developer Netgate

    Then fix your software that generates passwords :-)

    We are bound by limitations of the underlying software we use in many cases.

    In 2.1 we would like to have PPTP and other areas all using the user manager and not their individual user databases, but there are still some reasons that won't work in 2.0

    For one, the user manager only stores the encrypted version of the password, and some things like the mpd daemon used for PPTP require the password in plain text as things are now.


Locked