don't try to enable legacy Xauth and radius at the same time + fix bug with $ph1ent

f12e4e4b · Ad Schellevis · 4f4791c4 · f12e4e4b
Commit f12e4e4b authored Jan 31, 2017 by Ad Schellevis
Show whitespace changes
Inline Side-by-side

Showing with 38 additions and 32 deletions

ipsec.inc src/etc/inc/ipsec.inc +38 -32

No files found.
--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -700,27 +700,11 @@ EOD;
            }
            $strongswan .= "\t\t}\n";

-            if ($a_client['user_source'] != "none") {
-                $strongswan .= "\t\txauth-generic {\n";
-                $strongswan .= "\t\t\tscript = /usr/local/etc/inc/ipsec.auth-user.php\n";
-                $strongswan .= "\t\t\tauthcfg = ";
-                $firstsed = 0;
-                $authcfgs = explode(",", $a_client['user_source']);
-                foreach ($authcfgs as $authcfg) {
-                    if ($firstsed > 0) {
-                        $strongswan .= ",";
-                    }
-                    if ($authcfg == "system") {
-                        $authcfg = "Local Database";
-                    }
-                    $strongswan .= $authcfg;
-                    $firstsed = 1;
-                }
-                $strongswan .= "\n";
-                $strongswan .= "\t\t}\n";
-            }
-
+            $disable_xauth = false;
+            foreach ($a_phase1 as $ph1ent) {
+                if (!isset($ph1ent['disabled']) && isset($ph1ent['mobile'])) {
                    if ($ph1ent['authentication_method'] == "eap-radius") {
+                        $disable_xauth = true; // disable Xauth when radius is used.
                        $strongswan .= "\t\teap-radius {\n";
                        $radius_servers = "";
                        $radius_server_num = 1;
@@ -749,6 +733,28 @@ EOD;
                        $strongswan .= $radius_servers;
                        $strongswan .= "\t\t\t}\n";
                        $strongswan .= "\t\t}\n";
+                        break; // there can only be one mobile phase1, exit loop
+                    }
+                }
+            }
+            if ($a_client['user_source'] != "none" && $disable_xauth == false) {
+                $strongswan .= "\t\txauth-generic {\n";
+                $strongswan .= "\t\t\tscript = /usr/local/etc/inc/ipsec.auth-user.php\n";
+                $strongswan .= "\t\t\tauthcfg = ";
+                $firstsed = 0;
+                $authcfgs = explode(",", $a_client['user_source']);
+                foreach ($authcfgs as $authcfg) {
+                    if ($firstsed > 0) {
+                        $strongswan .= ",";
+                    }
+                    if ($authcfg == "system") {
+                        $authcfg = "Local Database";
+                    }
+                    $strongswan .= $authcfg;
+                    $firstsed = 1;
+                }
+                $strongswan .= "\n";
+                $strongswan .= "\t\t}\n";
            }
        }