From f495b390da6eb257ca101889deb70ccc22bb99c7 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@icinga.com>
Date: Thu, 16 Nov 2017 12:01:06 +0100
Subject: [PATCH] Apply role to all users if the role is defined with users=*

If the users directive contains at least one single asterisk, the role is applied to all users.
So, this supports roles which define users=username, ..., * and users=*

refs #3095
---
 library/Icinga/Authentication/AdmissionLoader.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/Icinga/Authentication/AdmissionLoader.php b/library/Icinga/Authentication/AdmissionLoader.php
index 0a80be127..8ee43dbfb 100644
--- a/library/Icinga/Authentication/AdmissionLoader.php
+++ b/library/Icinga/Authentication/AdmissionLoader.php
@@ -28,6 +28,9 @@ class AdmissionLoader
         $username = strtolower($username);
         if (! empty($section->users)) {
             $users = array_map('strtolower', StringHelper::trimSplit($section->users));
+            if (in_array('*', $users)) {
+                return true;
+            }
             if (in_array($username, $users)) {
                 return true;
             }