diff options
author | PiBa-NL <pba_2k3@yahoo.com> | 2017-02-27 22:33:25 +0100 |
---|---|---|
committer | PiBa-NL <pba_2k3@yahoo.com> | 2017-02-27 22:51:31 +0100 |
commit | 82cd6022de7483d9e05b8a8f02100e5adb4e9f6e (patch) | |
tree | 3e9fde7eda898aa73f385c6cec0a84b834b3c88e /src/etc | |
parent | 69860ee4f5ff9f1e5b87bc6fdcb6dfea66062726 (diff) | |
download | pfsense-82cd6022de7483d9e05b8a8f02100e5adb4e9f6e.zip pfsense-82cd6022de7483d9e05b8a8f02100e5adb4e9f6e.tar.gz |
phpsessionmanager, this helps starting and committing the php session preventing other requests from being blocked longer than required.
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/auth.inc | 12 | ||||
-rw-r--r-- | src/etc/inc/authgui.inc | 6 | ||||
-rw-r--r-- | src/etc/inc/config.lib.inc | 12 | ||||
-rw-r--r-- | src/etc/inc/phpsessionmanager.inc | 80 | ||||
-rw-r--r-- | src/etc/inc/priv.inc | 3 |
5 files changed, 97 insertions, 16 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 563987b..676283c 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -26,6 +26,7 @@ * NOTE : Portions of the mschapv2 support was based on the BSD licensed CHAP.php * file courtesy of Michael Retterklieber. */ +include_once('phpsessionmanager.inc'); if (!$do_not_include_config_gui_inc) { require_once("config.gui.inc"); } @@ -1747,12 +1748,11 @@ function session_auth() { true ); - if (!session_id()) { - session_start(); - } + phpsession_begin(); // Detect protocol change if (!isset($_POST['login']) && !empty($_SESSION['Logged_In']) && $_SESSION['protocol'] != $config['system']['webgui']['protocol']) { + phpsession_end(); return false; } @@ -1770,6 +1770,7 @@ function session_auth() { $_SESSION['user_radius_attributes'] = $attributes; $_SESSION['last_access'] = time(); $_SESSION['protocol'] = $config['system']['webgui']['protocol']; + phpsession_end(true); if (!isset($config['system']['webgui']['quietlogin'])) { log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], $_SERVER['REMOTE_ADDR'])); } @@ -1795,6 +1796,7 @@ function session_auth() { /* Show login page if they aren't logged in */ if (empty($_SESSION['Logged_In'])) { + phpsession_end(true); return false; } @@ -1842,7 +1844,7 @@ function session_auth() { } /* and destroy it */ - session_destroy(); + phpsession_destroy(); $scriptName = explode("/", $_SERVER["SCRIPT_FILENAME"]); $scriptElms = count($scriptName); @@ -1873,7 +1875,7 @@ function session_auth() { if ($_REQUEST['enable_ajax']) { unset($_SESSION['NO_AJAX']); } - + phpsession_end(true); return true; } diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc index f0b7751..c7d3362 100644 --- a/src/etc/inc/authgui.inc +++ b/src/etc/inc/authgui.inc @@ -33,7 +33,7 @@ if (!session_auth()) { display_login_form(); exit; } - +phpsession_begin(); /* * Once here, the user has authenticated with the web server. * We give them access only to the appropriate pages based on @@ -90,9 +90,9 @@ if (!$_SESSION['Post_Login']) { /* * Close session data to allow other scripts from same host to come in. - * A session can be reactivated from calling session_start again + * A session can be reactivated from calling phpsession_begin again */ -session_commit(); +phpsession_end(true); /* * determine if the user is allowed access to the requested page diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc index 21aeb11..252b3b2 100644 --- a/src/etc/inc/config.lib.inc +++ b/src/etc/inc/config.lib.inc @@ -443,21 +443,19 @@ function write_config($desc="Unknown", $backup = true, $write_config_only = fals global $config, $g; if (!empty($_SERVER['REMOTE_ADDR'])) { - if (!session_id()) { - @session_start(); - } + @phpsession_begin(); if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != "admin")) { $user = getUserEntry($_SESSION['Username']); if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { - session_commit(); + phpsession_end(true); return false; } } + if (!isset($argc)) { + phpsession_end(true); + } } - if (!isset($argc)) { - session_commit(); - } if ($backup) { backup_config(); diff --git a/src/etc/inc/phpsessionmanager.inc b/src/etc/inc/phpsessionmanager.inc new file mode 100644 index 0000000..b07caf1 --- /dev/null +++ b/src/etc/inc/phpsessionmanager.inc @@ -0,0 +1,80 @@ +<?php +/* + * phpsessionmanager.inc + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2016 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +include_once('notices.inc'); + +$session_opencounter = 0; +$session_write = false; +$session_action_list = array(); + +function simplestacktrace() { + $stack = debug_backtrace(); + $str = ""; + foreach($stack as $s) { + // $s['args'] + $str .= "\n{$s['function']}(..) - {$s['file']}:{$s['line']}"; + } + return $str; +} + +function phpsession_begin() { + global $session_opencounter, $session_action_list; + $session_action_list[] = "#### phpsession_begin ####" . simplestacktrace(); + if ($session_opencounter == 0) { + session_start(); + } + $session_opencounter++; +} + +function phpsession_destroy() { + global $session_opencounter, $session_action_list; + $session_action_list[] = "#### phpsession_destroy ####" . simplestacktrace(); + session_destroy(); + $session_opencounter = 0; +} + +function phpsession_end($write = false) { + global $session_opencounter, $session_write, $session_action_list; + $session_action_list[] = "#### phpsession_end ####" . simplestacktrace(); + $session_write |= $write; + $session_opencounter--; + if ($session_opencounter == 0) { + if ($session_write) { + session_commit(); + $session_write = false; + } else { + session_abort(); + } + } + if ($session_opencounter < 0) { + $session_opencounter = 0; + file_notice("sessionmanager", "PHPSESSION closed more often than opened!" . simplestacktrace()); + } +} + +function phpsession_cleanupcheck() { + global $session_opencounter, $session_action_list; + if ($session_opencounter > 0) { + file_notice("sessionmanager", "PHPSESSION {$session_opencounter} open sessions left at shutdown script!".print_r($session_action_list, true)); + } +} + +register_shutdown_function('phpsession_cleanupcheck');
\ No newline at end of file diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index a2e2763..a80e383 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -275,6 +275,7 @@ function getAllowedPages($username, &$attributes = array()) { $allowed_pages = array(); $allowed_groups = array(); + phpsession_begin(); if ($_SESSION['remoteauth']) { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); // cache auth results for a short time to ease load on auth services & logs @@ -331,7 +332,7 @@ function getAllowedPages($username, &$attributes = array()) { // log_error("debug: user {$username} pages = {$dbg_pages}"); $_SESSION['page-match'] = $allowed_pages; - + phpsession_end(true); return $allowed_pages; } |