Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #11582

closed

FreeRADIUS XML-RPC Sync doesn't sync all configuration sections

Added by Alexis Mestag about 1 year ago. Updated 6 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

Viktor Gurov

Category:

FreeRADIUS

Target version:

Start date:

03/01/2021

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

Using the XML-RPC Sync feature of the FreeRADIUS package doesn't sync all configuration sections.

For example:

tab Users is correctly synced.
tab MACs is correctly synced.
tab NAS / Clients is correctly synced.

But the following tabs are not synced to the backup server:

Interfaces
Settings
EAP

(I did not test the other tabs.)

I did some digging into the FreeRADIUS package source code, and found the following (some code is omitted):

function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncport, $varsyncprotocol, $varsynctimeout) {
    // [... some omitted code ...]

    /* XML will hold the sections to sync. */
    $xml = array();
    $xml['freeradius'] = $config['installedpackages']['freeradius'];
    $xml['freeradiusauthorizedmacs'] = $config['installedpackages']['freeradiusauthorizedmacs'];
    $xml['freeradiusclients'] = $config['installedpackages']['freeradiusclients'];

    $execcmd  = "require_once('/usr/local/pkg/freeradius.inc');\n";
    $execcmd .= "freeradius_all_after_XMLRPC_resync();";

    // [... some omitted code ...]
}

So the behavior matches the code.
This method synchronizes only the sections :

freeradius
freeradiusauthorizedmacs (which holds settings from the MACs tab)
freeradiusclients (which holds settings from the NAS / Clients tab)

and omits the sections :

freeradiuseapconf (which holds settings from the EAP tab)
freeradiusinterfaces (which holds settings from the Interfaces tab)
freeradiusinterfaces (which holds settings from the Settings tab)
freeradiussync (this one I understand why it's omitted: in order to avoid a sync loop)

I manually edited the source code to make it sync the missing sections, and it seems to work well (at least, the configuration is well-synced).
It there a reason why these 3 sections (freeradiuseapconf, freeradiusinterfaces, freeradiusinterfaces) are omitted from the synchronization mechanism ?

Files

Download all files

63.diff (1.12 KB) 63.diff		Viktor Gurov, 03/02/2021 05:04 AM
69.diff (1.87 KB) 69.diff		Viktor Gurov, 03/09/2021 02:15 AM

Actions

Copy link

Updated by Viktor Gurov about 1 year ago

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/63

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Status changed from New to Pull Request Review

Actions

Copy link

Updated by Alexis Mestag about 1 year ago

It seems I don't have access to https://gitlab.netgate.com/.
Is there a way for me to see the patch (out of curiosity, and I would have liked to give it a try) ?
Will the PR be mirrored to GitHub ?

Actions

Copy link

Updated by Viktor Gurov about 1 year ago

File 63.diff 63.diff added

Alexis Mestag wrote:

It seems I don't have access to https://gitlab.netgate.com/.
Is there a way for me to see the patch (out of curiosity, and I would have liked to give it a try) ?
Will the PR be mirrored to GitHub ?

This is a private gitlab repo
Please try this patch:

Actions

Copy link

Updated by Renato Botelho about 1 year ago

Status changed from Pull Request Review to Feedback
Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions

Copy link

Updated by Alexis Mestag about 1 year ago

Sorry, there are still some issues, even after I successfully applied the patch, using the System_Patches package.

XMLRPC doesn't sync to backup server if I go to EAP tab, do some changes, and then click `Save`. See the following logs:

Mar  8 10:16:16 pfSense check_reload_status: Syncing firewall
Mar  8 10:16:16 pfSense radiusd[15505]: Signalled to terminate
Mar  8 10:16:16 pfSense radiusd[15505]: Exiting normally
Mar  8 10:16:16 pfSense radiusd[79733]: Debugger not attached
Mar  8 10:16:16 pfSense radiusd[81641]: Loaded virtual server <default>
Mar  8 10:16:16 pfSense radiusd[81641]: Loaded virtual server default
Mar  8 10:16:16 pfSense radiusd[81641]: Ignoring "sql" (see raddb/mods-available/README.rst)
Mar  8 10:16:16 pfSense radiusd[81641]: Ignoring "ldap" (see raddb/mods-available/README.rst)
Mar  8 10:16:16 pfSense radiusd[81641]: Loaded virtual server inner-tunnel-peap
Mar  8 10:16:16 pfSense radiusd[81641]: Loaded virtual server inner-tunnel-ttls
Mar  8 10:16:16 pfSense radiusd[81641]: Ready to process requests
Mar  8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php.
Mar  8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.host_firmware_version).
Mar  8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: XMLRPC versioncheck: 19.1 -- 19.1
Mar  8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php.
Mar  8 10:16:20 pfSense php-fpm[334]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.restore_config_section).

I need to manually go to XMLRPC Sync tab, and click Save to have it sync the configuration to the backup server. This time, I get the following logs:

Mar  8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: [FreeRADIUS]: XMLRPC sync is starting with timeout 150 seconds.
Mar  8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php.
Mar  8 10:21:59 pfSense check_reload_status: Syncing firewall
Mar  8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.merge_installedpackages_section).
Mar  8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php.
Mar  8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.exec_php).
Mar  8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: [FreeRADIUS]: XMLRPC sync is ending.
Mar  8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php.
Mar  8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.host_firmware_version).
Mar  8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: XMLRPC versioncheck: 19.1 -- 19.1
Mar  8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php.
Mar  8 10:22:03 pfSense php-fpm[335]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.restore_config_section).

But it successfully does so when I add an entry in the NAS / Clients tab.
- Another thing is: If I delete an entry from the NAT / Clients, then the deletion isn't synced to the backup server.

Actions

Copy link

Updated by Viktor Gurov about 1 year ago

Status changed from Feedback to New

Alexis Mestag wrote:

Sorry, there are still some issues, even after I successfully applied the patch, using the System_Patches package.

XMLRPC doesn't sync to backup server if I go to EAP tab, do some changes, and then click `Save`. See the following logs:
[...]

I need to manually go to XMLRPC Sync tab, and click Save to have it sync the configuration to the backup server. This time, I get the following logs:
[...]

But it successfully does so when I add an entry in the NAS / Clients tab.

Another thing is: If I delete an entry from the NAT / Clients, then the deletion isn't synced to the backup server.