Fix #4605

After base64 encoding username/password, properly escape characters =,+,/ before submitting auth details
author: Edin Sarajlic <edin@saronline.net> 2016-01-27 13:33:29 -0200
committer: Renato Botelho <renato@netgate.com> 2016-01-27 13:34:59 -0200
commit: a3d88018522c0cb30501cb5e4a18ea881230bbc9 (patch)
tree: a6bcb023bea722ae7dc259fc1715f063a90eeba8 /src/usr/local/sbin
parent: eaf03b3d61f885ea64933dcd8e1964c676c4bf58 (diff)
download: pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.zip
pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/usr/local/sbin/ovpn_auth_verify b/src/usr/local/sbin/ovpn_auth_verify
index e7b8c6c..e84aad2 100755
--- a/src/usr/local/sbin/ovpn_auth_verify
+++ b/src/usr/local/sbin/ovpn_auth_verify
@@ -5,8 +5,8 @@ if [ "$1" = "tls" ]; then
 else
 	# Single quoting $password breaks getting the value from the variable.
 	# Base64 and urlEncode usernames and passwords
-	password=$(echo -n "${password}" | openssl enc -base64 | sed -e 's/=/%3D/g')
-	username=$(echo -n "${username}" | openssl enc -base64 | sed -e 's/=/%3D/g')
+	password=$(echo -n "${password}" | openssl enc -base64 | sed -e 's_=_%3D_g;s_+_%2B_g;s_/_%2F_g')
+	username=$(echo -n "${username}" | openssl enc -base64 | sed -e 's_=_%3D_g;s_+_%2B_g;s_/_%2F_g')
 	RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.auth-user.php -d "username=$username&password=$password&cn=$common_name&strictcn=$3&authcfg=$2&modeid=$4")
 fi
author	Edin Sarajlic <edin@saronline.net>	2016-01-27 13:33:29 -0200
committer	Renato Botelho <renato@netgate.com>	2016-01-27 13:34:59 -0200
commit	a3d88018522c0cb30501cb5e4a18ea881230bbc9 (patch)
tree	a6bcb023bea722ae7dc259fc1715f063a90eeba8 /src/usr/local/sbin
parent	eaf03b3d61f885ea64933dcd8e1964c676c4bf58 (diff)
download	pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.zip pfsense-a3d88018522c0cb30501cb5e4a18ea881230bbc9.tar.gz