From c4a9f99a8d79e201b2af5053a095c83bb1a26467 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 12 Aug 2015 12:20:10 -0400
Subject: Fix GUI auth from RADIUS to grab group names from the Class
 attribute. Implements #935

The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
---
 usr/local/www/diag_authentication.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'usr/local/www')

diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php
index de8a43b..d0b81d5 100644
--- a/usr/local/www/diag_authentication.php
+++ b/usr/local/www/diag_authentication.php
@@ -57,9 +57,10 @@ if ($_POST) {
 	}
 
 	if (!$input_errors) {
-		if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg)) {
+		$attributes = array();
+		if (authenticate_user($_POST['username'], $_POST['passwordfld'], $authcfg, $attributes)) {
 			$savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully.");
-			$groups = getUserGroups($_POST['username'], $authcfg);
+			$groups = getUserGroups($_POST['username'], $authcfg, $attributes);
 			$savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />";
 			foreach ($groups as $group) {
 				$savemsg .= "{$group} ";
-- 
cgit v1.1