diff options
author | PiBa-NL <pba_2k3@yahoo.com> | 2017-05-11 21:53:25 +0200 |
---|---|---|
committer | PiBa-NL <pba_2k3@yahoo.com> | 2017-05-11 21:53:25 +0200 |
commit | c07071cbcadd1c9de9951d9ba497b73752ee52cc (patch) | |
tree | 5667e262c46886b4fde8a48960a09a7ceefa96bd /src | |
parent | 449a980f261993ad9aef3788536e0b02ea4edd6a (diff) | |
download | pfsense-c07071cbcadd1c9de9951d9ba497b73752ee52cc.zip pfsense-c07071cbcadd1c9de9951d9ba497b73752ee52cc.tar.gz |
auth_check lowers cpu usage for checking if the user has permission for the page requested when used in place of guiconfig, especially useful for frequent requests like those made by stats and traffic widgets
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/auth_check.inc | 79 | ||||
-rw-r--r-- | src/usr/local/www/bandwidth_by_ip.php | 2 | ||||
-rw-r--r-- | src/usr/local/www/getstats.php | 2 | ||||
-rw-r--r-- | src/usr/local/www/ifstats.php | 2 | ||||
-rw-r--r-- | src/usr/local/www/widgets/widgets/ipsec.widget.php | 2 |
5 files changed, 83 insertions, 4 deletions
diff --git a/src/etc/inc/auth_check.inc b/src/etc/inc/auth_check.inc new file mode 100644 index 0000000..93dbd7a --- /dev/null +++ b/src/etc/inc/auth_check.inc @@ -0,0 +1,79 @@ +<?php +/* + * auth_check.inc + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2017 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// this function is a duplicate from cmp_page_matches() in priv.inc +// however unconditionally including priv.inc takes significant more time/cpu +function cmp_page_matches2($page, & $matches, $fullwc = true) { + +// $dbg_matches = implode(",", $matches); +// log_error("debug: checking page {$page} match with {$dbg_matches}"); + + if (!is_array($matches)) { + return false; + } + + /* skip any leading fwdslash */ + $test = strpos($page, "/"); + if ($test !== false && $test == 0) { + $page = substr($page, 1); + } + + /* look for a match */ + foreach ($matches as $match) { + + /* possibly ignore full wildcard match */ + if (!$fullwc && !strcmp($match , "*")) { + continue; + } + + /* compare exact or wildcard match */ + $match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match); + $result = preg_match("@^/{$match}$@", "/{$page}"); + + if ($result) { + return true; + } + } + + return false; +} + +function session_read_single_var($varname) { + $session_started = false; + if (!session_id()) { + session_start(); + $session_started = true; + } + $result = $_SESSION[$varname]; + if ($session_started) { + // if we started the session then lets close it.. + session_abort(); + } + return $result; +} + +$session_pagematch = session_read_single_var("page-match"); + +$pageuri = $_SERVER['REQUEST_URI']; +if (cmp_page_matches2($pageuri, $session_pagematch)) { + return; // auth OK +} +require_once("authgui.inc");
\ No newline at end of file diff --git a/src/usr/local/www/bandwidth_by_ip.php b/src/usr/local/www/bandwidth_by_ip.php index 9259924..d403dcc 100644 --- a/src/usr/local/www/bandwidth_by_ip.php +++ b/src/usr/local/www/bandwidth_by_ip.php @@ -19,7 +19,7 @@ * limitations under the License. */ -require_once('guiconfig.inc'); +require_once('auth_check.inc'); require_once('interfaces.inc'); require_once('pfsense-utils.inc'); require_once('util.inc'); diff --git a/src/usr/local/www/getstats.php b/src/usr/local/www/getstats.php index 9bc913f..940a7dc 100644 --- a/src/usr/local/www/getstats.php +++ b/src/usr/local/www/getstats.php @@ -32,7 +32,7 @@ header("Expires: " . gmdate("D, j M Y H:i:s", time()) . " GMT"); header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP/1.1 header("Pragma: no-cache"); // HTTP/1.0 -require_once("guiconfig.inc"); +require_once("auth_check.inc"); include_once("includes/functions.inc.php"); echo get_stats(); diff --git a/src/usr/local/www/ifstats.php b/src/usr/local/www/ifstats.php index dd10b93..671d5df 100644 --- a/src/usr/local/www/ifstats.php +++ b/src/usr/local/www/ifstats.php @@ -28,7 +28,7 @@ $nocsrf = true; -require_once('guiconfig.inc'); +require_once('auth_check.inc'); require_once("interfaces.inc"); diff --git a/src/usr/local/www/widgets/widgets/ipsec.widget.php b/src/usr/local/www/widgets/widgets/ipsec.widget.php index 62aa804..1c66153 100644 --- a/src/usr/local/www/widgets/widgets/ipsec.widget.php +++ b/src/usr/local/www/widgets/widgets/ipsec.widget.php @@ -28,7 +28,7 @@ $nocsrf = true; -require_once("guiconfig.inc"); +require_once("auth_check.inc"); require_once("functions.inc"); require_once("ipsec.inc"); |