Complain if password is !UTF-8

for the "shared secret is incorrect" check.  The old code
checked for "printable" characters.  Changing it to a check for
!UTF-8 is more general, and likely more robust with fewer false
positives

diff --git a/src/main/auth.c b/src/main/auth.c
index e6adeee8fbe16ae6872a007fb08aabe06202dd8f..e9ced05b3fe4c94d39e8b801b27e9515986d46ab 100644 (file)
--- a/src/main/auth.c
+++ b/src/main/auth.c
@@ -696,12 +696,15 @@ autz_redo:
                        char *p;
 
                        p = auth_item->vp_strvalue;
-                       while (*p != '\0') {
-                               if (!isprint((int) *p)) {
-                                       log_debug("  WARNING: Unprintable characters in the password.\n\t  Double-check the shared secret on the server and the NAS!");
+                       while (*p) {
+                               int size;
+
+                               size = fr_utf8_char(p);
+                               if (!size) {
+                                       log_debug("  WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!");
                                        break;
                                }
-                               p++;
+                               p += size;
                        }
                }
        }