diff options
| author | scherma <joash.lewis@gmail.com> | 2017-01-03 20:52:13 +0000 |
|---|---|---|
| committer | scherma <joash.lewis@gmail.com> | 2017-01-03 20:52:13 +0000 |
| commit | b399d623158affc84b8175dd5ceeca8946f5ef7e (patch) | |
| tree | c3d11b493cba78a0ee586823b448e604f873d737 | |
| parent | 4cfd15a94a97445d1334ad87bddf0c3700f74bf2 (diff) | |
| download | pfsense-b399d623158affc84b8175dd5ceeca8946f5ef7e.zip pfsense-b399d623158affc84b8175dd5ceeca8946f5ef7e.tar.gz | |
SESSION remembers authentication instead of checking for every HTTP request
| -rw-r--r-- | src/etc/inc/priv.inc | 76 |
1 files changed, 58 insertions, 18 deletions
diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index c430ced..9a2d28c 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -3,24 +3,56 @@ * priv.inc * * part of pfSense (https://www.pfsense.org) - * Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) + * Copyright (c) 2004-2016 Electric Sheep Fencing, LLC * Copyright (c) 2005-2006 Bill Marquette <bill.marquette@gmail.com> * Copyright (c) 2006 Paul Taylor <paultaylor@winn-dixie.com>. * Copyright (c) 2008 Shrew Soft Inc * Copyright (c) 2003-2006 Manuel Kasper <mk@neon1.net>. * All rights reserved. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: * - * http://www.apache.org/licenses/LICENSE-2.0 + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense® software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. */ require_once("priv.defs.inc"); @@ -267,14 +299,22 @@ function getAllowedPages($username, &$attributes = array()) { $allowed_pages = array(); $allowed_groups = array(); - if ($_SESSION['remoteauth']) { - $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); - // obtain ldap groups if we are in ldap mode - if ($authcfg['type'] == "ldap") { - $allowed_groups = @ldap_get_groups($username, $authcfg); - } elseif ($authcfg['type'] == "radius") { - $allowed_groups = @radius_get_groups($attributes); - } + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); + // obtain ldap groups if we are in ldap mode + if ($authcfg['type'] == "ldap") { + if ( !isset($_SESSION["ldap_allowed_groups"]) ) { + $allowed_groups = @ldap_get_groups($username, $authcfg); + $_SESSION["ldap_allowed_groups"] = $allowed_groups; + } else { + $allowed_groups = $_SESSION["ldap_allowed_groups"]; + } + } elseif ($authcfg['type'] == "radius") { + if ( !isset($_SESSION["radius_allowed_groups"]) ) { + $allowed_groups = @radius_get_groups($attributes); + $_SESSION["radius_allowed_groups"] = $allowed_groups; + } else { + $allowed_groups = $_SESSION["radius_allowed_groups"]; + } } if (!$allowed_groups) { // search for a local user by name |
