diff options
author | PiBa-NL <pba_2k3@yahoo.com> | 2016-10-15 02:23:15 +0200 |
---|---|---|
committer | PiBa-NL <pba_2k3@yahoo.com> | 2016-10-15 17:06:54 +0200 |
commit | b77a63948b4bd54f3d2e6e9d3822588105fb5741 (patch) | |
tree | f3f79314abf97b3e6b707384c63fb958f02d538e | |
parent | 6172f3dedbf1fbcc0991f1ab5ec3b1636a4eb7c7 (diff) | |
download | pfsense-b77a63948b4bd54f3d2e6e9d3822588105fb5741.zip pfsense-b77a63948b4bd54f3d2e6e9d3822588105fb5741.tar.gz |
increase webgui usability when the remote ldap server isn't available
-rw-r--r-- | src/etc/inc/auth.inc | 5 | ||||
-rw-r--r-- | src/etc/inc/priv.inc | 14 |
2 files changed, 11 insertions, 8 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 5d20fc3..04af52f 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1664,11 +1664,12 @@ function session_auth() { $attributes = array(); if (isset($_POST['login']) && !empty($_POST['usernamefld']) && !empty($_POST['passwordfld'])) { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); - if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg, $attributes) || - authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { + $remoteauth = authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg, $attributes); + if ($remoteauth || authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { // Generate a new id to avoid session fixation session_regenerate_id(); $_SESSION['Logged_In'] = "True"; + $_SESSION['remoteauth'] = $remoteauth; $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['user_radius_attributes'] = $attributes; $_SESSION['last_access'] = time(); diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index 954f65e..c430ced 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -267,12 +267,14 @@ function getAllowedPages($username, &$attributes = array()) { $allowed_pages = array(); $allowed_groups = array(); - $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); - // obtain ldap groups if we are in ldap mode - if ($authcfg['type'] == "ldap") { - $allowed_groups = @ldap_get_groups($username, $authcfg); - } elseif ($authcfg['type'] == "radius") { - $allowed_groups = @radius_get_groups($attributes); + if ($_SESSION['remoteauth']) { + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); + // obtain ldap groups if we are in ldap mode + if ($authcfg['type'] == "ldap") { + $allowed_groups = @ldap_get_groups($username, $authcfg); + } elseif ($authcfg['type'] == "radius") { + $allowed_groups = @radius_get_groups($attributes); + } } if (!$allowed_groups) { // search for a local user by name |