PHP errors in latest 2.7.0 snapshot
-
I cannot seem to install suricata successfully as a result of the error below (never shows up in the menu after installation). The auth.inc error is also present, but unrelated to the suricata issue. I was running 2.7.0 snapshot for months, and got this breakage after updating to the latest (noticed the ABI went from freebsd 12 -> 14 during the process).
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n255799-28f6f5e488e: Thu Oct 6 06:28:39 UTC 2022 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-master-main/obj/amd64/NhQdlQvV/var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-devCrash report details:
PHP Errors:
[06-Oct-2022 09:01:50 America/New_York] PHP Fatal error: Unparenthesizeda ? b : c ? d : eis not supported. Use either(a ? b : c) ? d : eora ? b : (c ? d : e)in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 396
[06-Oct-2022 09:03:39 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/getstats.php(37): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199 -
Go read this thread in the IDS/IPS area: https://forum.netgate.com/topic/174915/snort-and-suricata-problems-with-the-new-php-8-1-and-freebsd-main-snapshots.
P.S. -- I recommend always checking for any new or relevant posts about the IDS/IPS packages in that forum area before upgrading Snort or Suricata.
-
Still getting a lot of the following.
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n255802-8d2600d5897c: Thu Oct 20 06:30:27 UTC 2022 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-master-main/obj/amd64/BmxMzMyh/var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-deCrash report details:
PHP Errors:
[20-Oct-2022 11:23:20 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/getstats.php(37): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199
[20-Oct-2022 11:23:29 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/ifstats.php(33): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199
[20-Oct-2022 11:30:08 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/getstats.php(37): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199
[20-Oct-2022 11:30:16 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/ifstats.php(33): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199No FreeBSD crash data found.
-
@typhoon said in PHP errors in latest 2.7.0 snapshot:
Still getting a lot of the following.
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n255802-8d2600d5897c: Thu Oct 20 06:30:27 UTC 2022 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-master-main/obj/amd64/BmxMzMyh/var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-deCrash report details:
PHP Errors:
[20-Oct-2022 11:23:20 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/getstats.php(37): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199
[20-Oct-2022 11:23:29 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/ifstats.php(33): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199
[20-Oct-2022 11:30:08 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/getstats.php(37): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199
[20-Oct-2022 11:30:16 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /etc/inc/auth.inc:199
Stack trace:
#0 /etc/inc/authgui.inc(27): include_once()
#1 /etc/inc/auth_check.inc(43): require_once('/etc/inc/authgu...')
#2 /usr/local/www/ifstats.php(33): require_once('/etc/inc/auth_c...')
#3 {main}
thrown in /etc/inc/auth.inc on line 199No FreeBSD crash data found.
Those errors are not coming from the Suricata or Snort package code. That file is part of the baseline pfSense code. Notice the path where the errors are being thrown:
/etc/inc/authgui.incand/etc/inc/auth.inc. Those are base pfSense system files and not part of either of the IDS/IPS packages.You should report the errors on the pfSense Redmine Site. They should be happening with other things besides just Suricata or Snort.
-
@bmeeks I have reported it at: https://redmine.pfsense.org/issues/13581
If there is something wrong with my report, please let me know and I will make a change.
-
@typhoon said in PHP errors in latest 2.7.0 snapshot:
@bmeeks I have reported it at: https://redmine.pfsense.org/issues/13581
If there is something wrong with my report, please let me know and I will make a change.
Your report looks okay, but it might also be helpful to the Netgate developer who works the ticket if you shared what you were doing that triggered the errors. Also, is there something a bit different in your configuration? It seems, based on the errors, that you have some security permissions defined for certain users. That would be a factor. The default setup generally has just one user, "admin", and that user has all roles and permissions. That kind of setup is not likely to trigger the error you are getting.
-
@bmeeks All I do is log in to the web interface and it displays this error. The traffic graphs on the web interface no longer work, unsure if it is related.
-
@typhoon It might be related to users.. I have 2 users that are also in the admins group.
-
@typhoon said in PHP errors in latest 2.7.0 snapshot:
@bmeeks All I do is log in to the web interface and it displays this error. The traffic graphs on the web interface no longer work, unsure if it is related.
Hmm... I didn't see that in my own testing via a virtual machine last night. Do you have specific user permissions enabled in your configuration? That would trigger the calls to the "auth" routines (for authentication to validate permissions).
-
@bmeeks I have 2 users, the only permissions on both are:
Inherited from Name Description Action
admins WebCfg - All pages Allow access to all pages (admin privilege)Admin account is disabled.
-
Traffic Graphs and Interface stats are broken. If you see in the log from earlier, getstats.php is included in the error. Have you tried enabling the traffic graphs/interface statistics? This is actually the only issue that I am having with the web interface (is both of these features being broken). This had me thinking that maybe you don't have these things enabled in your view. Just curious if when they are enabled you get the same errors or not, or if this works fine for you.
-
@TyphooN:
I don't have the Traffic Graph widget enabled on the dashboard of my test virtual machine, but I am able to successfully view stats by using STATUS > TRAFFIC GRAPHS.Your problem is almost certainly related to having the admin account disabled and depending on permissions assigned to other user accounts.
There are still several PHP 8.1 related bugs in the pfSense 2.7.0-DEVEL GUI code. The Netgate team is fixing them as they are discovered and they have time to get them done. Around a month or so ago they moved 2.7.0-DEVEL from FreeBSD 12.3-STABLE to FreeBSD-CURRENT (which is 14.0) and also upgraded the PHP engine from 7.4 to 8.1. The move to PHP 8.1 is what has generated all of the PHP errors because 8.1 changed what were formerly just notices and warnings to full-blown errors.
You can dive in and play with PHP code yourself, or wait for the Netgate team to fix the issue you reported via Redmine.
