From 461bae6b08d883d232db853a21337e688c1defee Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 7 Apr 2016 10:58:38 -0400 Subject: Respect all Class attributes returned by the RADIUS server, not only the last one received. Fixes #6086 --- src/etc/inc/auth.inc | 11 +++++++++-- src/etc/inc/radius.inc | 5 ++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index d8dd709..10509a4 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1441,8 +1441,15 @@ function radius_backed($username, $passwd, $authcfg, &$attributes = array()) { */ function radius_get_groups($attributes) { $groups = array(); - if (!empty($attributes) && is_array($attributes) && !empty($attributes['class'])) { - $groups = explode(";", $attributes['class']); + if (!empty($attributes) && is_array($attributes) && (!empty($attributes['class']) || !empty($attributes['class_int']))) { + /* Some RADIUS servers return multiple class attributes, so check them all. */ + $groups = array(); + if (!empty($attributes['class']) && is_array($attributes['class'])) { + foreach ($attributes['class'] as $class) { + $groups = array_unique(array_merge($groups, explode(";", $class))); + } + } + foreach ($groups as & $grp) { $grp = trim($grp); if (strtolower(substr($grp, 0, 3)) == "ou=") { diff --git a/src/etc/inc/radius.inc b/src/etc/inc/radius.inc index a63b831..326b359 100644 --- a/src/etc/inc/radius.inc +++ b/src/etc/inc/radius.inc @@ -480,7 +480,10 @@ class Auth_RADIUS extends PEAR { break; case RADIUS_CLASS: - $this->attributes['class'] = radius_cvt_string($data); + if (!array($this->attributes['class'])) { + $this->attributes['class'] = array(); + } + $this->attributes['class'][] = radius_cvt_string($data); break; case RADIUS_FRAMED_PROTOCOL: -- cgit v1.1