From af46866998fc62c825934910b4e5fd2c17ce2cd3 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 22 Nov 2023 18:39:50 +0100 Subject: [PATCH] VPN: IPsec: Connections - remote authentication. Add support for radis class groups, fix missing mapping in https://github.com/opnsense/core/commit/928d2f829947017bb91078128e9421d250fe2880 for https://github.com/opnsense/core/issues/3295 --- .../mvc/app/models/OPNsense/IPsec/Swanctl.php | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php b/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php index 638913be9..c4058c527 100644 --- a/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php +++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php @@ -30,6 +30,7 @@ namespace OPNsense\IPsec; use Phalcon\Messages\Message; use OPNsense\Base\BaseModel; +use OPNsense\Core\Config; use OPNsense\Firewall\Util; /** @@ -38,6 +39,27 @@ use OPNsense\Firewall\Util; */ class Swanctl extends BaseModel { + /** + * convert group ids to group (class) names + */ + private function gidToNames($gids) + { + $result = []; + $cnf = Config::getInstance()->object(); + $mapping = []; + if (isset($cnf->system->group)) { + foreach ($cnf->system->group as $group) { + $mapping[(string)$group->gid] = (string)$group->name; + } + } + foreach (explode(',', $gids) as $gid) { + if (!empty($mapping[$gid])) { + $result[] = $mapping[$gid]; + } + } + return implode(',', $result); + } + /** * {@inheritdoc} */ @@ -175,6 +197,8 @@ class Swanctl extends BaseModel $pool_names[$node_uuid] = (string)$attr; } continue; + } elseif (is_a($attr, 'OPNsense\Base\FieldTypes\AuthGroupField')) { + $thisnode[$attr_name] = $this->gidToNames((string)$attr); } elseif (is_a($attr, 'OPNsense\Base\FieldTypes\BooleanField')) { $thisnode[$attr_name] = (string)$attr == '1' ? 'yes' : 'no'; } elseif (is_a($attr, 'OPNsense\Base\FieldTypes\CertificateField')) {