Project

General

Profile

Actions

Bug #6086

closed

RADIUS WebUI login does not work with attribute class (25) when the server returns multiple attribute entries with different data

Added by Phillip Hernandez over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
04/07/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

After doing several packet capture and reviewing RFC 4372. It seems to be a normal operation to include the class 25 attrib in a response back to the client. This causes 2 of the same type of attribs in the same response. Since this a part of the radius standard to include a class AVP. I suggest that this be changed to filter-id since it is already a string, can be used in this specific use case, and abides by the RFC.

Code that would need to be changed.

/etc/inc/auth.inc
/*
$attributes must contain a "filter_id" key containing the groups and local
groups must exist to match.
*/
function radius_get_groups($attributes) {
$groups = array();
if (!empty($attributes) && is_array($attributes) && !empty($attributes['filter_id'])) {
$groups = explode(";", $attributes['filter_id']);
foreach ($groups as & $grp) {
$grp = trim($grp);
if (strtolower(substr($grp, 0, 3)) == "ou=") {
$grp = substr($grp, 3);
}
}
}
return $groups;
}

Actions

Also available in: Atom PDF