Respect all Class attributes returned by the RADIUS server, not only the last one received. Fixes #6086

2 files changed, 13 insertions, 3 deletions

diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index d8dd709..10509a4 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -1441,8 +1441,15 @@ function radius_backed($username, $passwd, $authcfg, &$attributes = array()) {
 */
 function radius_get_groups($attributes) {
 	$groups = array();
-	if (!empty($attributes) && is_array($attributes) && !empty($attributes['class'])) {
-		$groups = explode(";", $attributes['class']);
+	if (!empty($attributes) && is_array($attributes) && (!empty($attributes['class']) || !empty($attributes['class_int']))) {
+		/* Some RADIUS servers return multiple class attributes, so check them all. */
+		$groups = array();
+		if (!empty($attributes['class']) && is_array($attributes['class'])) {
+			foreach ($attributes['class'] as $class) {
+				$groups = array_unique(array_merge($groups, explode(";", $class)));
+			}
+		}
+
 		foreach ($groups as & $grp) {
 			$grp = trim($grp);
 			if (strtolower(substr($grp, 0, 3)) == "ou=") {
diff --git a/src/etc/inc/radius.inc b/src/etc/inc/radius.inc
index a63b831..326b359 100644
--- a/src/etc/inc/radius.inc
+++ b/src/etc/inc/radius.inc
@@ -480,7 +480,10 @@ class Auth_RADIUS extends PEAR {
                 break;
 
             case RADIUS_CLASS:
-                $this->attributes['class'] = radius_cvt_string($data);
+                if (!array($this->attributes['class'])) {
+                        $this->attributes['class'] = array();
+                }
+                $this->attributes['class'][] = radius_cvt_string($data);
                 break;
 
             case RADIUS_FRAMED_PROTOCOL: