diff options
| author | Ermal <eri@pfsense.org> | 2012-11-14 20:46:42 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-11-14 20:46:42 +0000 |
| commit | 936fc874b211185c55f32a361aedf4803e19c099 (patch) | |
| tree | 13771768df41b022e4659e03f34769411d2a5ace /etc/inc/ipsec.auth-user.php | |
| parent | 0aee7a76968931648d46b170917e647a79ef2bcb (diff) | |
| download | pfsense-936fc874b211185c55f32a361aedf4803e19c099.zip pfsense-936fc874b211185c55f32a361aedf4803e19c099.tar.gz | |
For local users check the necessary priviledge is granted
Diffstat (limited to 'etc/inc/ipsec.auth-user.php')
| -rwxr-xr-x | etc/inc/ipsec.auth-user.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/ipsec.auth-user.php b/etc/inc/ipsec.auth-user.php index 273abaf..553ba69 100755 --- a/etc/inc/ipsec.auth-user.php +++ b/etc/inc/ipsec.auth-user.php @@ -115,8 +115,14 @@ foreach ($authmodes as $authmode) { continue; $authenticated = authenticate_user($username, $password, $authcfg, $attributes); - if ($authenticated == true) + if ($authenticated == true) { + if (stristr($authmode, "local") && !userHasPrivilege($username, "user-ipsec-xauth-dialin")) { + $authenticated = false; + syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPSec since the required priviledges are missing.\n"); + continue; + } break; + } } if ($authenticated == false) { |
