From 926a7f5c0ffc0d0c3e44db5f4580c19e38e87c08 Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Mon, 13 Feb 2017 09:25:38 -0200
Subject: Revert "Use cached groups in get_user_privileges"

This reverts commit c7c79905d3e0fd01172d373a15a1d0d77a5728e8.
---
 src/etc/inc/auth.inc | 43 ++++++++++---------------------------------
 1 file changed, 10 insertions(+), 33 deletions(-)

(limited to 'src')

diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index d75874f..4835a00 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -318,53 +318,30 @@ function & getGroupEntryByGID($gid) {
 }
 
 function get_user_privileges(& $user) {
-	global $config, $_SESSION;
+	global $config;
 
 	$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
-	$allowed_groups = array();
+	$names = array();
 
 	$privs = $user['priv'];
 	if (!is_array($privs)) {
 		$privs = array();
 	}
 
-	// cache auth results for a short time to ease load on auth services & logs
-	if (isset($config['system']['webgui']['auth_refresh_time'])) {
-		$recheck_time = $config['system']['webgui']['auth_refresh_time'];
-	} else {
-		$recheck_time = 30;
-	}
-
 	if ($authcfg['type'] == "ldap") {
-		if (isset($_SESSION["ldap_allowed_groups"]) &&
-		    (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
-			$allowed_groups = $_SESSION["ldap_allowed_groups"];
-		} else {
-			$allowed_groups = @ldap_get_groups($user['name'], $authcfg);
-			$_SESSION["ldap_allowed_groups"] = $allowed_groups;
-			$_SESSION["auth_check_time"] = time();
-		}
+		$names = @ldap_get_groups($user['name'], $authcfg);
 	} elseif ($authcfg['type'] == "radius") {
-		if (isset($_SESSION["radius_allowed_groups"]) &&
-		    (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
-			$allowed_groups = $_SESSION["radius_allowed_groups"];
-		} else {
-			$allowed_groups = @radius_get_groups($_SESSION['user_radius_attributes']);
-			$_SESSION["radius_allowed_groups"] = $allowed_groups;
-			$_SESSION["auth_check_time"] = time();
-		}
+		$names = @radius_get_groups($_SESSION['user_radius_attributes']);
 	}
 
-	if (empty($allowed_groups)) {
-		$allowed_groups = local_user_get_groups($user, true);
+	if (empty($names)) {
+		$names = local_user_get_groups($user, true);
 	}
 
-	if (is_array($allowed_groups)) {
-		foreach ($allowed_groups as $name) {
-			$group = getGroupEntry($name);
-			if (is_array($group['priv'])) {
-				$privs = array_merge($privs, $group['priv']);
-			}
+	foreach ($names as $name) {
+		$group = getGroupEntry($name);
+		if (is_array($group['priv'])) {
+			$privs = array_merge($privs, $group['priv']);
 		}
 	}
 
-- 
cgit v1.1