Actions
Feature #935
closed
User manager RADIUS authentication method
Status:
Resolved
Priority:
Normal
Assignee:
Category:
User Manager / Privileges
Target version:
Start date:
10/04/2010
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
pfsense 2.0 has the new radius authentication method, but the code has no way to assign privileges to the radius users.
I was able to bypass this with a crude hack:
/etc/priv.inc line 249-272
(snip..)
function getAllowedPages($username) {
global $config, $_SESSION;
if (!function_exists("ldap_connect"))
return;
$allowed_pages = array();
$allowed_groups = array();
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
// obtain ldap groups if we are in ldap mode
if ($authcfg['type'] == "ldap") {
$allowed_groups = @ldap_get_groups($username, $authcfg);
} else if ($authcfg['type'] == "radius") {
$allowed_groups = array('RadiusAuthenticated');
} else {
// search for a local user by name
$local_user = getUserEntry($username);
getPrivPages($local_user, $allowed_pages);
// obtain local groups if we have a local user
if ($local_user)
$allowed_groups = local_user_get_groups($local_user);
}
(snip...)
/etc/auth.inc line 1084-1110
function getUserGroups($username, $authcfg) {
global $config;
$allowed_groups = array();
switch($authcfg['type']) {
case 'ldap':
$allowed_groups = @ldap_get_groups($username, $authcfg);
break;
case 'radius':
$allowed_groups = array('RadiusAuthenticated');
break;
default:
$user = getUserEntry($username);
$allowed_groups = @local_user_get_groups($user, true);
break;
}
$member_groups = array();
if (is_array($config['system']['group'])) {
foreach ($config['system']['group'] as $group)
if (in_array($group['name'], $allowed_groups))
$member_groups[] = $group['name'];
}
return $member_groups;
}
and then creating a group called RadiusAuthenticated and assigning privileges to that group.
Updated by 
Updated by Ermal Luçi 
Updated by 
Updated by 
Updated by
Actions