summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2017-02-13 09:25:38 -0200
committerRenato Botelho <renato@netgate.com>2017-02-13 09:25:38 -0200
commit926a7f5c0ffc0d0c3e44db5f4580c19e38e87c08 (patch)
tree5464ecf97b3ba4051e3cf9246e78911bf9c1ef31 /src
parentc7c79905d3e0fd01172d373a15a1d0d77a5728e8 (diff)
downloadpfsense-926a7f5c0ffc0d0c3e44db5f4580c19e38e87c08.zip
pfsense-926a7f5c0ffc0d0c3e44db5f4580c19e38e87c08.tar.gz
Revert "Use cached groups in get_user_privileges"
This reverts commit c7c79905d3e0fd01172d373a15a1d0d77a5728e8.
Diffstat (limited to 'src')
-rw-r--r--src/etc/inc/auth.inc43
1 files changed, 10 insertions, 33 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index d75874f..4835a00 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -318,53 +318,30 @@ function & getGroupEntryByGID($gid) {
}
function get_user_privileges(& $user) {
- global $config, $_SESSION;
+ global $config;
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
- $allowed_groups = array();
+ $names = array();
$privs = $user['priv'];
if (!is_array($privs)) {
$privs = array();
}
- // cache auth results for a short time to ease load on auth services & logs
- if (isset($config['system']['webgui']['auth_refresh_time'])) {
- $recheck_time = $config['system']['webgui']['auth_refresh_time'];
- } else {
- $recheck_time = 30;
- }
-
if ($authcfg['type'] == "ldap") {
- if (isset($_SESSION["ldap_allowed_groups"]) &&
- (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
- $allowed_groups = $_SESSION["ldap_allowed_groups"];
- } else {
- $allowed_groups = @ldap_get_groups($user['name'], $authcfg);
- $_SESSION["ldap_allowed_groups"] = $allowed_groups;
- $_SESSION["auth_check_time"] = time();
- }
+ $names = @ldap_get_groups($user['name'], $authcfg);
} elseif ($authcfg['type'] == "radius") {
- if (isset($_SESSION["radius_allowed_groups"]) &&
- (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
- $allowed_groups = $_SESSION["radius_allowed_groups"];
- } else {
- $allowed_groups = @radius_get_groups($_SESSION['user_radius_attributes']);
- $_SESSION["radius_allowed_groups"] = $allowed_groups;
- $_SESSION["auth_check_time"] = time();
- }
+ $names = @radius_get_groups($_SESSION['user_radius_attributes']);
}
- if (empty($allowed_groups)) {
- $allowed_groups = local_user_get_groups($user, true);
+ if (empty($names)) {
+ $names = local_user_get_groups($user, true);
}
- if (is_array($allowed_groups)) {
- foreach ($allowed_groups as $name) {
- $group = getGroupEntry($name);
- if (is_array($group['priv'])) {
- $privs = array_merge($privs, $group['priv']);
- }
+ foreach ($names as $name) {
+ $group = getGroupEntry($name);
+ if (is_array($group['priv'])) {
+ $privs = array_merge($privs, $group['priv']);
}
}
OpenPOWER on IntegriCloud