diff options
| -rw-r--r-- | src/etc/inc/auth_check.inc | 43 | ||||
| -rw-r--r-- | src/etc/inc/auth_func.inc | 64 | ||||
| -rw-r--r-- | src/etc/inc/priv.inc | 36 |
3 files changed, 71 insertions, 72 deletions
diff --git a/src/etc/inc/auth_check.inc b/src/etc/inc/auth_check.inc index 93dbd7a..cfe938f 100644 --- a/src/etc/inc/auth_check.inc +++ b/src/etc/inc/auth_check.inc @@ -18,43 +18,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +/* + * Light weight authentication check thats ment as a substitute for guiconfig.inc + * in cases where frequent automatic requests are made like graphs and widget pages. + */ -// this function is a duplicate from cmp_page_matches() in priv.inc -// however unconditionally including priv.inc takes significant more time/cpu -function cmp_page_matches2($page, & $matches, $fullwc = true) { - -// $dbg_matches = implode(",", $matches); -// log_error("debug: checking page {$page} match with {$dbg_matches}"); - - if (!is_array($matches)) { - return false; - } - - /* skip any leading fwdslash */ - $test = strpos($page, "/"); - if ($test !== false && $test == 0) { - $page = substr($page, 1); - } - - /* look for a match */ - foreach ($matches as $match) { - - /* possibly ignore full wildcard match */ - if (!$fullwc && !strcmp($match , "*")) { - continue; - } - - /* compare exact or wildcard match */ - $match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match); - $result = preg_match("@^/{$match}$@", "/{$page}"); - - if ($result) { - return true; - } - } - - return false; -} +require_once("auth_func.inc"); function session_read_single_var($varname) { $session_started = false; @@ -73,7 +42,7 @@ function session_read_single_var($varname) { $session_pagematch = session_read_single_var("page-match"); $pageuri = $_SERVER['REQUEST_URI']; -if (cmp_page_matches2($pageuri, $session_pagematch)) { +if (cmp_page_matches($pageuri, $session_pagematch)) { return; // auth OK } require_once("authgui.inc");
\ No newline at end of file diff --git a/src/etc/inc/auth_func.inc b/src/etc/inc/auth_func.inc new file mode 100644 index 0000000..0d9afb5 --- /dev/null +++ b/src/etc/inc/auth_func.inc @@ -0,0 +1,64 @@ +<?php +/* + * auth_func.inc + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate) + * Copyright (c) 2005-2006 Bill Marquette <bill.marquette@gmail.com> + * Copyright (c) 2006 Paul Taylor <paultaylor@winn-dixie.com>. + * Copyright (c) 2008 Shrew Soft Inc + * Copyright (c) 2003-2006 Manuel Kasper <mk@neon1.net>. + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Function put in seperate file to avoid processing priv.inc which is cpu intensive + * cmp_page_matches is used by both auth_check.inc and priv.inc which is used by guiconfig.inc + */ + +function cmp_page_matches($page, & $matches, $fullwc = true) { + +// $dbg_matches = implode(",", $matches); +// log_error("debug: checking page {$page} match with {$dbg_matches}"); + + if (!is_array($matches)) { + return false; + } + + /* skip any leading fwdslash */ + $test = strpos($page, "/"); + if ($test !== false && $test == 0) { + $page = substr($page, 1); + } + + /* look for a match */ + foreach ($matches as $match) { + + /* possibly ignore full wildcard match */ + if (!$fullwc && !strcmp($match , "*")) { + continue; + } + + /* compare exact or wildcard match */ + $match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match); + $result = preg_match("@^/{$match}$@", "/{$page}"); + + if ($result) { + return true; + } + } + + return false; +} diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index a80e383..3e928a9 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -24,6 +24,7 @@ */ require_once("priv.defs.inc"); +require_once("auth_func.inc"); /* Load and process custom privs. */ function get_priv_files($directory) { @@ -89,41 +90,6 @@ function sort_privs(& $privs) { uksort($privs, "cmp_privkeys"); } -function cmp_page_matches($page, & $matches, $fullwc = true) { - -// $dbg_matches = implode(",", $matches); -// log_error("debug: checking page {$page} match with {$dbg_matches}"); - - if (!is_array($matches)) { - return false; - } - - /* skip any leading fwdslash */ - $test = strpos($page, "/"); - if ($test !== false && $test == 0) { - $page = substr($page, 1); - } - - /* look for a match */ - foreach ($matches as $match) { - - /* possibly ignore full wildcard match */ - if (!$fullwc && !strcmp($match , "*")) { - continue; - } - - /* compare exact or wildcard match */ - $match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match); - $result = preg_match("@^/{$match}$@", "/{$page}"); - - if ($result) { - return true; - } - } - - return false; -} - function map_page_privname($page) { global $priv_list; |
