diff options
| author | Renato Botelho <renato@netgate.com> | 2017-02-13 09:25:38 -0200 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2017-02-13 09:25:38 -0200 |
| commit | 926a7f5c0ffc0d0c3e44db5f4580c19e38e87c08 (patch) | |
| tree | 5464ecf97b3ba4051e3cf9246e78911bf9c1ef31 /src | |
| parent | c7c79905d3e0fd01172d373a15a1d0d77a5728e8 (diff) | |
| download | pfsense-926a7f5c0ffc0d0c3e44db5f4580c19e38e87c08.zip pfsense-926a7f5c0ffc0d0c3e44db5f4580c19e38e87c08.tar.gz | |
Revert "Use cached groups in get_user_privileges"
This reverts commit c7c79905d3e0fd01172d373a15a1d0d77a5728e8.
Diffstat (limited to 'src')
| -rw-r--r-- | src/etc/inc/auth.inc | 43 |
1 files changed, 10 insertions, 33 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index d75874f..4835a00 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -318,53 +318,30 @@ function & getGroupEntryByGID($gid) { } function get_user_privileges(& $user) { - global $config, $_SESSION; + global $config; $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); - $allowed_groups = array(); + $names = array(); $privs = $user['priv']; if (!is_array($privs)) { $privs = array(); } - // cache auth results for a short time to ease load on auth services & logs - if (isset($config['system']['webgui']['auth_refresh_time'])) { - $recheck_time = $config['system']['webgui']['auth_refresh_time']; - } else { - $recheck_time = 30; - } - if ($authcfg['type'] == "ldap") { - if (isset($_SESSION["ldap_allowed_groups"]) && - (time() <= $_SESSION["auth_check_time"] + $recheck_time)) { - $allowed_groups = $_SESSION["ldap_allowed_groups"]; - } else { - $allowed_groups = @ldap_get_groups($user['name'], $authcfg); - $_SESSION["ldap_allowed_groups"] = $allowed_groups; - $_SESSION["auth_check_time"] = time(); - } + $names = @ldap_get_groups($user['name'], $authcfg); } elseif ($authcfg['type'] == "radius") { - if (isset($_SESSION["radius_allowed_groups"]) && - (time() <= $_SESSION["auth_check_time"] + $recheck_time)) { - $allowed_groups = $_SESSION["radius_allowed_groups"]; - } else { - $allowed_groups = @radius_get_groups($_SESSION['user_radius_attributes']); - $_SESSION["radius_allowed_groups"] = $allowed_groups; - $_SESSION["auth_check_time"] = time(); - } + $names = @radius_get_groups($_SESSION['user_radius_attributes']); } - if (empty($allowed_groups)) { - $allowed_groups = local_user_get_groups($user, true); + if (empty($names)) { + $names = local_user_get_groups($user, true); } - if (is_array($allowed_groups)) { - foreach ($allowed_groups as $name) { - $group = getGroupEntry($name); - if (is_array($group['priv'])) { - $privs = array_merge($privs, $group['priv']); - } + foreach ($names as $name) { + $group = getGroupEntry($name); + if (is_array($group['priv'])) { + $privs = array_merge($privs, $group['priv']); } } |
