Dashboard login does not recognize password change

TheME · November 22, 2023, 6:04pm

After setting a new password on the CLI, the web interface don't kicks me out from an active session and the login still only accepts the old password.

The pwhash value in pihole.toml gets updated and the file's modify timestamp also changes, but FTL seem to do not get that.

dietpi@DietPi:~$ stat /etc/pihole/pihole.toml
  File: /etc/pihole/pihole.toml
  Size: 43696           Blocks: 88         IO Block: 4096   regular file
Device: 179,1   Inode: 133947      Links: 1
Access: (0660/-rw-rw----)  Uid: (  996/  pihole)   Gid: ( 1001/  pihole)
Access: 2023-11-22 17:48:49.615667230 +0000
Modify: 2023-11-22 17:48:49.619667230 +0000
Change: 2023-11-22 17:49:03.043667237 +0000
 Birth: 2023-11-22 17:48:49.615667230 +0000

dietpi@DietPi:~$ sudo pihole setpassword 1111
  [✓] New password set

dietpi@DietPi:~$ stat /etc/pihole/pihole.toml
  File: /etc/pihole/pihole.toml
  Size: 43696           Blocks: 88         IO Block: 4096   regular file
Device: 179,1   Inode: 134385      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-11-22 17:51:05.611667295 +0000
Modify: 2023-11-22 17:51:05.619667295 +0000
Change: 2023-11-22 17:51:05.643667295 +0000
 Birth: 2023-11-22 17:51:05.611667295 +0000

But if I do

sudo nano /etc/pihole/pihole.toml

and write out the file without making any changes, then I'm getting kicked out immediately from the active web session.

BTW, when tailing the FTL.log file in the browser while restarting pihole-FTL on the CLI, the last displayed output is

Shutting down... // exit code 0 // jmpret 0

Newer lines never displayed until the website gets reloaded.

I already re-wrote the OS image (dietpi) and re-installed pi-hole but still the same

rdwebdesign · November 22, 2023, 7:41pm

Thanks for the tests.

I just tested inside a container and I saw the same behavior.

pihole setpassword is not triggering the web interface reload. After manually opening and saving the config file, the process was triggered as expected.

DL6ER · November 22, 2023, 7:54pm

Please set

debug.inotify = true

either directly in the TOML file or by running something like

pihole-FTL --config debug.inotify true

and test setting the password via the CLI.

Does FTL log according change messages into /var/log/pihole/FTL.log ?

TheME · November 22, 2023, 8:03pm

Yes, it does. I get

2023-11-22 20:58:50.825 File created: /etc/pihole/pihole.toml.tmp
2023-11-22 20:58:50.825 File written: /etc/pihole/pihole.toml.tmp
2023-11-22 20:58:50.826 File moved: /etc/pihole/pihole.toml.tmp
2023-11-22 20:58:50.826 File moved: /etc/pihole/pihole.toml

DL6ER · November 22, 2023, 8:26pm

Ah, yes, that makes it clear. This is a regression of Do not rewrite config files if unchanged by DL6ER · Pull Request #1746 · pi-hole/FTL · GitHub. Before, we wrote directly to pihole.toml triggering a CLOSE_WRITE event in inotify. Now we, instead, first write to pihole.toml.tmp, compare it with pihole.toml and either replace pihole.toml (MOVE event) or simply discard pihole.toml.tmp not touching pihole.toml at all.

The inotify watching was configured to only monitor writing events but not the replacement due to move. I also refined the debug printing to instead log more explicitly:

2023-11-22 20:58:50.826 File moved from: /etc/pihole/pihole.toml.tmp
2023-11-22 20:58:50.826 File moved to: /etc/pihole/pihole.toml

~~Please try FTL from branch fix/inotify_move at your earliest convenience (pre-built binaries should become available in roughly 20-30 minutes~~
~~pihole checkout ftl fix/inotify_move~~

edit It has already been merged into development-v6

github.com/pi-hole/FTL

Inotify: Watch for config file MOVED_TO

development-v6 ← fix/inotify_move

opened 08:33PM - 22 Nov 23 UTC

DL6ER

+24 -4

# What does this implement/fix? This is a regression of https://github.com/pi…-hole/FTL/pull/1746. Before, we wrote directly to `pihole.toml` triggering a `CLOSE_WRITE` event in `inotify`. Now we, instead, first write to `pihole.toml.tmp`, compare it with `pihole.toml` and either *replace* `pihole.toml` (`MOVE` event) or simply discard `pihole.toml.tmp` not touching `pihole.toml` at all. The `inotify` watching was configured to *only* monitor writing events but not the replacement due to `move`. I also refined the debug printing to instead log more explicitly: ``` 2023-11-22 20:58:50.826 File moved from: /etc/pihole/pihole.toml.tmp 2023-11-22 20:58:50.826 File moved to: /etc/pihole/pihole.toml ``` **Related issue or feature (if applicable):** N/A **Pull request in [docs](https://github.com/pi-hole/docs) with documentation (if applicable):** N/A --- **By submitting this pull request, I confirm the following:** 1. I have read and understood the [contributors guide](https://docs.pi-hole.net/guides/github/contributing/), as well as this entire template. I understand which branch to base my commits and Pull Requests against. 2. I have commented my proposed changes within the code. 3. I am willing to help maintain this change if there are issues with it later. 4. It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) 5. I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) ## Checklist: - [x] The code change is tested and works locally. - [x] I based my code and PRs against the repositories `developmental` branch. - [x] I [signed off](https://docs.pi-hole.net/guides/github/how-to-signoff/) all commits. Pi-hole enforces the [DCO](https://docs.pi-hole.net/guides/github/dco/) for all contributions - [x] I [signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) all my commits. Pi-hole requires signatures to verify authorship - [x] I have read the above and my PR is ready for review.

yubiuser · November 22, 2023, 9:01pm

I could reproduce it on bare metal. The linked branch fixed it.

TheME · November 22, 2023, 9:48pm

Thanks. It works now as expected.

There's one more thing from the first post:

When pihole-FTL gets restarted (e.g. after an settings change or by hand via sudo service pihole-FTL restart), this will break the tailing output.
The webserver gets still queried every second for new data, but no further lines are transmitted.

DL6ER · November 22, 2023, 9:53pm

Ah yes, that's likely because the web interface keeps asking for nextID=50 so no new content is added until the new log reaches 50 lines. This needs to be reset to 0 on FTL restart. Thanks!

DL6ER · November 23, 2023, 8:43am

This will be fixed by

https://github.com/pi-hole/web/pull/2866

in combination with

https://github.com/pi-hole/FTL/pull/1780

TheME · November 23, 2023, 3:50pm

Many thanks! It works now as expected