From a9157b6b83620ee4aeccbc09dd702b9644cd5c85 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Mon, 19 Nov 2012 16:54:33 +0000
Subject: Correct checking for privileges.

---
 etc/inc/ipsec.auth-user.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'etc/inc/ipsec.auth-user.php')

diff --git a/etc/inc/ipsec.auth-user.php b/etc/inc/ipsec.auth-user.php
index b2fcb55..97ec0e3 100755
--- a/etc/inc/ipsec.auth-user.php
+++ b/etc/inc/ipsec.auth-user.php
@@ -116,10 +116,13 @@ foreach ($authmodes as $authmode) {
 
 	$authenticated = authenticate_user($username, $password, $authcfg, $attributes);
 	if ($authenticated == true) {
-		if (stristr($authmode, "local") && !userHasPrivilege($username, "user-ipsec-xauth-dialin")) {
-			$authenticated = false;
-			syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPSec since the required privileges are missing.\n");
-			continue;
+		if (stristr($authmode, "local")) {
+			$user = getUserEntry($username); 
+			if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) {
+				$authenticated = false;
+				syslog(LOG_WARNING, "user '{$username}' cannot authenticate through IPSec since the required privileges are missing.\n");
+				continue;
+			}
 		}
 		break;
 	}
-- 
cgit v1.1