Project

General

Profile

Actions

Bug #4140

closed

Password protect console menu setting not preserved on upgrade

Added by Phillip Davis about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Category:
Console Menu
Target version:
Start date:
12/22/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:

Description

1) Select "Password protect the console menu" from System->Advanced, Admin and press Save. The console now prompts for login in real time.
2) Reboot to confirm the setting is preserved - yep, all good - the console prompts for login at the end of the boot output.
3) Upgrade to latest snapshot.
4) Console is no longer password protected. (but config.xml has <disableconsolemenu/> correctly in it)
5) Reboot (any number of times) - console is never password protected.
6) Go to System->Advanced, Admin and press Save. Now the password protect is implemented.

The underlying cause seems to be that pfsense-utils.inc/setup_serial_port() is only called by config.lib.inc/reset_factory_defaults() and directly from system_advanced_admin.php

setup_serial_port() modifies /etc/ttys to implement the required settings on the appropriate tty entry/s.

On a nanoBSD upgrade, that needs to be done to the new /etc/ttys on the new slice. But there does not seem to be any code that does it during or after the upgrade. I looked on 2.1.5 also, and it looks like there is nothing there either and that an upgrade from an earlier version to 2.1.5 might have this same issue.

I do not know about a full upgrade - perhaps /etc/ttys will be overwritten by the upgrade file, or perhaps it will be left in place and thus will work.

I made this very high priority because it effects a user-selected security setting.

Forum topic: https://forum.pfsense.org/index.php?topic=85624.0

Actions #1

Updated by Phillip Davis about 9 years ago

setup_serial_port() does a bunch of other things related to loader.conf stuff also, so there might be other side-effects (they might be good side-effects!) of calling it some time during the upgrade processing.
So I will leave this up to one of the devs (who is already familiar with all the /boot/loader.conf /boot/loader.conf.local /etc/ttys ... things that need preserving/migrating during an upgrade) to fix in the best/right place.

Actions #2

Updated by Renato Botelho about 9 years ago

  • Assignee set to Renato Botelho
  • Priority changed from Very High to Normal

setup_serial_port() is called by /tmp/post_upgrade_command.php and should reconfigure serial port before reboot the new version. I tested it on full upgrade and it worked as expected, will try on nano to be sure.

Actions #3

Updated by Renato Botelho about 9 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Phillip Davis about 9 years ago

I just upgraded a test nanoBSD system with "Password protect the console menu" set. The setting was correctly implemented on the upgraded slice. I got a "login:" prompt at the console.
Fixed, thanks.

Actions #6

Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Resolved

confirmed, fixed

Actions

Also available in: Atom PDF