Project

General

Profile

Actions

Bug #10585

closed

auth.inc: Exception calling XMLRPC method restore_config_section #-1 : Authentication failed: Invalid username or password

Added by Abelardo Acosta Moyano over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
High Availability
Target version:
Start date:
05/22/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:

Description

Hi:
I opened a discussion on this problem in the forum:
https://forum.netgate.com/topic/152604/exception-calling-xmlrpc-method-restore_config_section-1-authentication-failed-invalid-username-or-password-error-when-creating-or-deleting-a-user-in-the-local-pfsense-database

I want to thank Jim Pingle for the information and help provided.

How I reached to the problem:
Set up two pfsense with HA Sync. Create 200 users on the main (master) node in the local database. In my production environment I came up with this error when I reached approximately 100 users. If a user name was among the last of the alphabetical list, there was no problem but there was an error if it was created in the rest of cases.

Where is the problem:
I am not a professional programmer but I have located the problem in the function "getUserEntry" in the global variable $userindex of auth.inc that returns a different user than the one searched and that does not have permission for the HA Sync produced in the secondary node. I don't know the reason why the problem occurs.

Source:

function & getUserEntry ($ name) {
    global $debug, $config, $userindex;
    $authcfg = auth_get_authserver ($config['system']['webgui']['authmode']);

    if (isset($userindex[$name])) {
        return $config['system']['user'][$userindex[$name]];
    } elseif ($authcfg['type']!="Local Database"){
        $user=array();
        $user['name']=$name;
        return $user;
    }
}

My fix:

function & getUserEntry ($name) {
    global $debug, $config;

    $userindex = index_users();

    $authcfg = auth_get_authserver($config['system']['webgui']['authmode']);

    if (isset($ userindex[$name])) {
        return $config['system']['user'][$userindex[$ name]];
    } elseif ($authcfg['type']!="Local Database") {
        $user=array();
        $user['name']=$name;
        return $user;
    }
}

I want to point out again that I am not a professional programmer. I am writing this post to inform and request that you fix the problem with the best possible solution that may not be mine. I also want to report that when I was trying to locate the problem I saw code that I did not understand and that it is possible to delete it and make the code cleaner. For example:
- In the previous code the global variable $debug, is not used and it could disappear.
- In other functions I have seen another global variable called $g that is not used in these functions either.
- I have seen that the function getUserEntry, and others, are defined that way with the "&". I have searched for information about the function declaration with "&" but still do not understand how it is used. And I don't know if this is going to be the problem.
- In the authenticate_user function it calls the local_backed function with three parameters when it is defined with two parameters.

Thanks for your attention, and collaboration.

Actions

Also available in: Atom PDF