From 821a4351bf85b3934ba6ba2a8f2b91b2b2365a8e Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Thu, 19 Nov 2015 13:22:43 -0200
Subject: Use full 'Local Database' name to be sure it's authmode is local,
 fixes #4469

---
 src/etc/inc/ipsec.auth-user.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/etc/inc/ipsec.auth-user.php')

diff --git a/src/etc/inc/ipsec.auth-user.php b/src/etc/inc/ipsec.auth-user.php
index 2589598..99e62ce 100755
--- a/src/etc/inc/ipsec.auth-user.php
+++ b/src/etc/inc/ipsec.auth-user.php
@@ -123,13 +123,13 @@ if (($strictusercn === true) && ($common_name != $username)) {
 $attributes = array();
 foreach ($authmodes as $authmode) {
 	$authcfg = auth_get_authserver($authmode);
-	if (!$authcfg && $authmode != "local") {
+	if (!$authcfg && $authmode != "Local Database") {
 		continue;
 	}
 
 	$authenticated = authenticate_user($username, $password, $authcfg, $attributes);
 	if ($authenticated == true) {
-		if (stristr($authmode, "local")) {
+		if ($authmode == "Local Database") {
 			$user = getUserEntry($username);
 			if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) {
 				$authenticated = false;
-- 
cgit v1.1