auth_check, move the cmp_page_matches() to its own file so it can be shared by both auth_check.inc and priv.inc

3 files changed, 71 insertions, 72 deletions

diff --git a/src/etc/inc/auth_check.inc b/src/etc/inc/auth_check.inc
index 93dbd7a..cfe938f 100644
--- a/src/etc/inc/auth_check.inc
+++ b/src/etc/inc/auth_check.inc
@@ -18,43 +18,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+/*
+ * Light weight authentication check thats ment as a substitute for guiconfig.inc
+ * in cases where frequent automatic requests are made like graphs and widget pages.
+ */
 
-// this function is a duplicate from cmp_page_matches() in priv.inc
-// however unconditionally including priv.inc takes significant more time/cpu
-function cmp_page_matches2($page, & $matches, $fullwc = true) {
-
-//	$dbg_matches = implode(",", $matches);
-//	log_error("debug: checking page {$page} match with {$dbg_matches}");
-
-	if (!is_array($matches)) {
-		return false;
-	}
-
-	/* skip any leading fwdslash */
-	$test = strpos($page, "/");
-	if ($test !== false && $test == 0) {
-		$page = substr($page, 1);
-	}
-
-	/* look for a match */
-	foreach ($matches as $match) {
-
-		/* possibly ignore full wildcard match */
-		if (!$fullwc && !strcmp($match , "*")) {
-			continue;
-		}
-
-		/* compare exact or wildcard match */
-		$match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match);
-		$result = preg_match("@^/{$match}$@", "/{$page}");
-
-		if ($result) {
-			return true;
-		}
-	}
-
-	return false;
-}
+require_once("auth_func.inc");
 
 function session_read_single_var($varname) {
 	$session_started = false;
@@ -73,7 +42,7 @@ function session_read_single_var($varname) {
 $session_pagematch = session_read_single_var("page-match");
 
 $pageuri = $_SERVER['REQUEST_URI'];
-if (cmp_page_matches2($pageuri, $session_pagematch)) {	
+if (cmp_page_matches($pageuri, $session_pagematch)) {	
 	return; // auth OK
 }
 require_once("authgui.inc");
\ No newline at end of file
diff --git a/src/etc/inc/auth_func.inc b/src/etc/inc/auth_func.inc
new file mode 100644
index 0000000..0d9afb5
--- /dev/null
+++ b/src/etc/inc/auth_func.inc
@@ -0,0 +1,64 @@
+<?php
+/*
+ * auth_func.inc
+ *
+ * part of pfSense (https://www.pfsense.org)
+ * Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
+ * Copyright (c) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
+ * Copyright (c) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
+ * Copyright (c) 2008 Shrew Soft Inc
+ * Copyright (c) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Function put in seperate file to avoid processing priv.inc which is cpu intensive
+ * cmp_page_matches is used by both auth_check.inc and priv.inc which is used by guiconfig.inc
+ */
+
+function cmp_page_matches($page, & $matches, $fullwc = true) {
+
+//	$dbg_matches = implode(",", $matches);
+//	log_error("debug: checking page {$page} match with {$dbg_matches}");
+
+	if (!is_array($matches)) {
+		return false;
+	}
+
+	/* skip any leading fwdslash */
+	$test = strpos($page, "/");
+	if ($test !== false && $test == 0) {
+		$page = substr($page, 1);
+	}
+
+	/* look for a match */
+	foreach ($matches as $match) {
+
+		/* possibly ignore full wildcard match */
+		if (!$fullwc && !strcmp($match , "*")) {
+			continue;
+		}
+
+		/* compare exact or wildcard match */
+		$match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match);
+		$result = preg_match("@^/{$match}$@", "/{$page}");
+
+		if ($result) {
+			return true;
+		}
+	}
+
+	return false;
+}
diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc
index a80e383..3e928a9 100644
--- a/src/etc/inc/priv.inc
+++ b/src/etc/inc/priv.inc
@@ -24,6 +24,7 @@
  */
 
 require_once("priv.defs.inc");
+require_once("auth_func.inc");
 
 /* Load and process custom privs. */
 function get_priv_files($directory) {
@@ -89,41 +90,6 @@ function sort_privs(& $privs) {
 	uksort($privs, "cmp_privkeys");
 }
 
-function cmp_page_matches($page, & $matches, $fullwc = true) {
-
-//	$dbg_matches = implode(",", $matches);
-//	log_error("debug: checking page {$page} match with {$dbg_matches}");
-
-	if (!is_array($matches)) {
-		return false;
-	}
-
-	/* skip any leading fwdslash */
-	$test = strpos($page, "/");
-	if ($test !== false && $test == 0) {
-		$page = substr($page, 1);
-	}
-
-	/* look for a match */
-	foreach ($matches as $match) {
-
-		/* possibly ignore full wildcard match */
-		if (!$fullwc && !strcmp($match , "*")) {
-			continue;
-		}
-
-		/* compare exact or wildcard match */
-		$match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match);
-		$result = preg_match("@^/{$match}$@", "/{$page}");
-
-		if ($result) {
-			return true;
-		}
-	}
-
-	return false;
-}
-
 function map_page_privname($page) {
 	global $priv_list;