Project

General

Profile

Bug #9539

HA: admin user's authorized key(s) won't get synced

Added by Jens Groh 5 months ago. Updated about 1 month ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
User Manager / Privileges
Target version:
-
Start date:
05/20/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.4_2
Affected Architecture:

Description

Follow up from the forums: https://forum.netgate.com/topic/143452/admin-user-not-fully-synced/3

We had that tested on three HA-CARP-Cluster setups and all three showed the same behavior:

  • new users are synced master->standby
  • changing a new user's authorized_keys field syncs to standby
  • changing the admin user's authkeys (just typing in some letters or pasting a whole key) won't sync to the standby system, the field stays empty

Greets
Jens

History

#1 Updated by James Webb 5 months ago

This is to do with how users are synced in /usr/local/www/xmlrpc.php

In this file one will find:

else if ($user['uid'] < 2000) {
    $u2keep[] = $idx;
} else if ($user != $local_users[$idx]) {
    $u2add[] = $user;
    $u2del[] = $user;
    $u2del_idx[] = $idx;
}

An admin has a uid below 2000, whilst regular users are 2000+. Thus, one will find that the admin user is never updated due to the special case. I will fix this and submit a PR to GitHub soon.

JW

#2 Updated by James Webb 5 months ago

Discussion ongoing in PR 4068 - https://github.com/pfsense/pfsense/pull/4068

#3 Updated by Jim Pingle about 2 months ago

Fixing this may also fix #9622

#4 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review

Also available in: Atom PDF