summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPhil Davis <phil.davis@inf.org>2017-02-13 11:00:29 +0545
committerRenato Botelho <renato@netgate.com>2017-02-13 09:19:51 -0200
commitc7c79905d3e0fd01172d373a15a1d0d77a5728e8 (patch)
tree1bd3f118de61f2368ba52572058ba6c0af9e4706 /src
parent42a2f7da9d2a8ff91d2c08615474d602267e20ad (diff)
downloadpfsense-c7c79905d3e0fd01172d373a15a1d0d77a5728e8.zip
pfsense-c7c79905d3e0fd01172d373a15a1d0d77a5728e8.tar.gz
Use cached groups in get_user_privileges
(cherry picked from commit 7abc3f992e5dd5bff53495844ce944163d6d1d9b)
Diffstat (limited to 'src')
-rw-r--r--src/etc/inc/auth.inc43
1 files changed, 33 insertions, 10 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 4835a00..d75874f 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -318,30 +318,53 @@ function & getGroupEntryByGID($gid) {
}
function get_user_privileges(& $user) {
- global $config;
+ global $config, $_SESSION;
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
- $names = array();
+ $allowed_groups = array();
$privs = $user['priv'];
if (!is_array($privs)) {
$privs = array();
}
+ // cache auth results for a short time to ease load on auth services & logs
+ if (isset($config['system']['webgui']['auth_refresh_time'])) {
+ $recheck_time = $config['system']['webgui']['auth_refresh_time'];
+ } else {
+ $recheck_time = 30;
+ }
+
if ($authcfg['type'] == "ldap") {
- $names = @ldap_get_groups($user['name'], $authcfg);
+ if (isset($_SESSION["ldap_allowed_groups"]) &&
+ (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
+ $allowed_groups = $_SESSION["ldap_allowed_groups"];
+ } else {
+ $allowed_groups = @ldap_get_groups($user['name'], $authcfg);
+ $_SESSION["ldap_allowed_groups"] = $allowed_groups;
+ $_SESSION["auth_check_time"] = time();
+ }
} elseif ($authcfg['type'] == "radius") {
- $names = @radius_get_groups($_SESSION['user_radius_attributes']);
+ if (isset($_SESSION["radius_allowed_groups"]) &&
+ (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
+ $allowed_groups = $_SESSION["radius_allowed_groups"];
+ } else {
+ $allowed_groups = @radius_get_groups($_SESSION['user_radius_attributes']);
+ $_SESSION["radius_allowed_groups"] = $allowed_groups;
+ $_SESSION["auth_check_time"] = time();
+ }
}
- if (empty($names)) {
- $names = local_user_get_groups($user, true);
+ if (empty($allowed_groups)) {
+ $allowed_groups = local_user_get_groups($user, true);
}
- foreach ($names as $name) {
- $group = getGroupEntry($name);
- if (is_array($group['priv'])) {
- $privs = array_merge($privs, $group['priv']);
+ if (is_array($allowed_groups)) {
+ foreach ($allowed_groups as $name) {
+ $group = getGroupEntry($name);
+ if (is_array($group['priv'])) {
+ $privs = array_merge($privs, $group['priv']);
+ }
}
}
OpenPOWER on IntegriCloud