Project

General

Profile

Bug #10585

Updated by Jim Pingle 3 months ago

Hi:
I opened a discussion on this problem in the forum:
https://forum.netgate.com/topic/152604/exception-calling-xmlrpc-method-restore_config_section-1-authentication-failed-invalid-username-or-password-error-when-creating-or-deleting-a-user-in-the-local-pfsense-database

I want to thank @jimp for the information and help provided.

How I reached to the problem:
Set up two pfsense with HA Sync. Create 200 users on the main (master) node in the local database. In my production environment I came up with this error when I reached approximately 100 users. If a user name was among the last of the alphabetical list, there was no problem but there was an error if it was created in the rest of cases.

Where is the problem:
I am not a professional programmer but I have located the problem in the function "getUserEntry" in the global variable $userindex of auth.inc that returns a different user than the one searched and that does not have permission for the HA Sync produced in the secondary node. I don't know the reason why the problem occurs.

Source:

<pre>
function & getUserEntry ($ name) {
global $debug, $config, $userindex;
$authcfg = auth_get_authserver ($config['system']['webgui']['authmode']);

if (isset($userindex[$name])) {
return $config['system']['user'][$userindex[$name]];
} elseif ($authcfg['type']!="Local Database"){
$user=array(); $user=array ();
$user['name']=$name;
return $user;
}
}
</pre>


My fix:

<pre>
function & getUserEntry ($name) {
global $debug, $config;

$userindex = index_users();

$authcfg = auth_get_authserver($config['system']['webgui']['authmode']); auth_get_authserver($ config['system']['webgui']['authmode']);

if (isset($ userindex[$name])) userindex[$ name])) {
return $config['system']['user'][$userindex[$ $config['system']['user'][$ userindex[$ name]];
} elseif ($authcfg['type']!="Local Database") {
$user=array(); $user=array ();
$user['name']=$name;
return $user;
}
}
</pre>


I want to point out again that I am not a professional programmer. I am writing this post to inform and request that you fix the problem with the best possible solution that may not be mine. I also want to report that when I was trying to locate the problem I saw code that I did not understand and that it is possible to delete it and make the code cleaner. For example:
- In the previous code the global variable $debug, is not used and it could disappear.
- In other functions I have seen another global variable called $g that is not used in these functions either.
- I have seen that the function getUserEntry, and others, are defined that way with the "&". I have searched for information about the function declaration with "&" but still do not understand how it is used. And I don't know if this is going to be the problem.
- In the authenticate_user function it calls the local_backed function with three parameters when it is defined with two parameters.

Thanks for your attention, and collaboration.

Back