diff options
| author | Phil Davis <phil.davis@inf.org> | 2017-02-13 11:00:29 +0545 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2017-02-13 09:19:51 -0200 |
| commit | c7c79905d3e0fd01172d373a15a1d0d77a5728e8 (patch) | |
| tree | 1bd3f118de61f2368ba52572058ba6c0af9e4706 | |
| parent | 42a2f7da9d2a8ff91d2c08615474d602267e20ad (diff) | |
| download | pfsense-c7c79905d3e0fd01172d373a15a1d0d77a5728e8.zip pfsense-c7c79905d3e0fd01172d373a15a1d0d77a5728e8.tar.gz | |
Use cached groups in get_user_privileges
(cherry picked from commit 7abc3f992e5dd5bff53495844ce944163d6d1d9b)
| -rw-r--r-- | src/etc/inc/auth.inc | 43 |
1 files changed, 33 insertions, 10 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 4835a00..d75874f 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -318,30 +318,53 @@ function & getGroupEntryByGID($gid) { } function get_user_privileges(& $user) { - global $config; + global $config, $_SESSION; $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); - $names = array(); + $allowed_groups = array(); $privs = $user['priv']; if (!is_array($privs)) { $privs = array(); } + // cache auth results for a short time to ease load on auth services & logs + if (isset($config['system']['webgui']['auth_refresh_time'])) { + $recheck_time = $config['system']['webgui']['auth_refresh_time']; + } else { + $recheck_time = 30; + } + if ($authcfg['type'] == "ldap") { - $names = @ldap_get_groups($user['name'], $authcfg); + if (isset($_SESSION["ldap_allowed_groups"]) && + (time() <= $_SESSION["auth_check_time"] + $recheck_time)) { + $allowed_groups = $_SESSION["ldap_allowed_groups"]; + } else { + $allowed_groups = @ldap_get_groups($user['name'], $authcfg); + $_SESSION["ldap_allowed_groups"] = $allowed_groups; + $_SESSION["auth_check_time"] = time(); + } } elseif ($authcfg['type'] == "radius") { - $names = @radius_get_groups($_SESSION['user_radius_attributes']); + if (isset($_SESSION["radius_allowed_groups"]) && + (time() <= $_SESSION["auth_check_time"] + $recheck_time)) { + $allowed_groups = $_SESSION["radius_allowed_groups"]; + } else { + $allowed_groups = @radius_get_groups($_SESSION['user_radius_attributes']); + $_SESSION["radius_allowed_groups"] = $allowed_groups; + $_SESSION["auth_check_time"] = time(); + } } - if (empty($names)) { - $names = local_user_get_groups($user, true); + if (empty($allowed_groups)) { + $allowed_groups = local_user_get_groups($user, true); } - foreach ($names as $name) { - $group = getGroupEntry($name); - if (is_array($group['priv'])) { - $privs = array_merge($privs, $group['priv']); + if (is_array($allowed_groups)) { + foreach ($allowed_groups as $name) { + $group = getGroupEntry($name); + if (is_array($group['priv'])) { + $privs = array_merge($privs, $group['priv']); + } } } |
