VPN: IPsec: Connections - remote authentication. Add support for radi…

…s class groups, fix missing mapping in 928d2f8 for #3295
opnsense · Nov 22, 2023 · af46866 · af46866
1 parent 1dab8ca
commit af46866
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php b/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php
@@ -30,6 +30,7 @@
 
 use Phalcon\Messages\Message;
 use OPNsense\Base\BaseModel;
+use OPNsense\Core\Config;
 use OPNsense\Firewall\Util;
 
 /**
@@ -38,6 +39,27 @@
  */
 class Swanctl extends BaseModel
 {
+    /**
+     * convert group ids to group (class) names
+     */
+    private function gidToNames($gids)
+    {
+        $result = [];
+        $cnf = Config::getInstance()->object();
+        $mapping = [];
+        if (isset($cnf->system->group)) {
+            foreach ($cnf->system->group as $group) {
+                $mapping[(string)$group->gid] = (string)$group->name;
+            }
+        }
+        foreach (explode(',',  $gids) as $gid) {
+            if (!empty($mapping[$gid])) {
+                $result[] = $mapping[$gid];
+            }
+        }
+        return implode(',', $result);
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -175,6 +197,8 @@ public function getConfig()
                             $pool_names[$node_uuid] = (string)$attr;
                         }
                         continue;
+                    } elseif (is_a($attr, 'OPNsense\Base\FieldTypes\AuthGroupField')) {
+                        $thisnode[$attr_name] = $this->gidToNames((string)$attr);
                     } elseif (is_a($attr, 'OPNsense\Base\FieldTypes\BooleanField')) {
                         $thisnode[$attr_name] = (string)$attr == '1' ? 'yes' : 'no';
                     } elseif (is_a($attr, 'OPNsense\Base\FieldTypes\CertificateField')) {