diff options
author | Ermal <eri@pfsense.org> | 2012-11-19 16:54:33 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-11-19 16:54:50 +0000 |
commit | a9157b6b83620ee4aeccbc09dd702b9644cd5c85 (patch) | |
tree | b742e0aa4749c50af0e607dd232ace5d80d7e9fa | |
parent | 589e9633af8476229f6cbfe8a4a64b0f7d75d5df (diff) | |
download | pfsense-a9157b6b83620ee4aeccbc09dd702b9644cd5c85.zip pfsense-a9157b6b83620ee4aeccbc09dd702b9644cd5c85.tar.gz |
Correct checking for privileges.
-rwxr-xr-x | etc/inc/ipsec.auth-user.php | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/etc/inc/ipsec.auth-user.php b/etc/inc/ipsec.auth-user.php index b2fcb55..97ec0e3 100755 --- a/etc/inc/ipsec.auth-user.php +++ b/etc/inc/ipsec.auth-user.php @@ -116,10 +116,13 @@ foreach ($authmodes as $authmode) { $authenticated = authenticate_user($username, $password, $authcfg, $attributes); if ($authenticated == true) { - if (stristr($authmode, "local") && !userHasPrivilege($username, "user-ipsec-xauth-dialin")) { - $authenticated = false; - syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPSec since the required privileges are missing.\n"); - continue; + if (stristr($authmode, "local")) { + $user = getUserEntry($username); + if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) { + $authenticated = false; + syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPSec since the required privileges are missing.\n"); + continue; + } } break; } |