Project

General

Profile

Actions

Bug #9539

closed

HA: admin user's authorized key(s) won't get synced

Added by Jens Groh almost 5 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
XMLRPC
Target version:
Start date:
05/20/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4_2
Affected Architecture:

Description

Follow up from the forums: https://forum.netgate.com/topic/143452/admin-user-not-fully-synced/3

We had that tested on three HA-CARP-Cluster setups and all three showed the same behavior:

  • new users are synced master->standby
  • changing a new user's authorized_keys field syncs to standby
  • changing the admin user's authkeys (just typing in some letters or pasting a whole key) won't sync to the standby system, the field stays empty

Greets
Jens

Actions #1

Updated by James Webb almost 5 years ago

This is to do with how users are synced in /usr/local/www/xmlrpc.php

In this file one will find:

else if ($user['uid'] < 2000) {
    $u2keep[] = $idx;
} else if ($user != $local_users[$idx]) {
    $u2add[] = $user;
    $u2del[] = $user;
    $u2del_idx[] = $idx;
}

An admin has a uid below 2000, whilst regular users are 2000+. Thus, one will find that the admin user is never updated due to the special case. I will fix this and submit a PR to GitHub soon.

JW

Actions #2

Updated by James Webb almost 5 years ago

Discussion ongoing in PR 4068 - https://github.com/pfsense/pfsense/pull/4068

Actions #3

Updated by Jim Pingle over 4 years ago

Fixing this may also fix #9622

Actions #4

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
Actions #5

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0

PR https://github.com/pfsense/pfsense/pull/4221 was merged and should fix this

Actions #6

Updated by Max Leighton over 3 years ago

  • Status changed from Feedback to Resolved

Tested in

2.5.0-DEVELOPMENT (amd64)
built on Thu Oct 15 07:04:11 EDT 2020
FreeBSD 12.2-STABLE

With the Synchronize admin option checked in System>High Availability Sync, changes to the admin user sync as expected including Authorized SSH Keys.

Marking this ticket resolved.

Actions #7

Updated by Jim Pingle over 3 years ago

  • Category changed from User Manager / Privileges to XMLRPC
Actions

Also available in: Atom PDF