/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 990c00c4

Added by Renato Botelho over 8 years ago

ID 990c00c44d2cb7bb7bb778b26276300b18c750de
Parent 85582689
Child 8b5cf433

Revert "Use cached groups in get_user_privileges"

This reverts commit 855826896509a1a0bec77a51535a8f004b4ca570.

+    }
     function get_user_privileges(& $user) {
     	global $config, $_SESSION;
     	global $config;
     	$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
     	$allowed_groups = array();
     	$names = array();
     	$privs = $user['priv'];
     	if (!is_array($privs)) {
     		$privs = array();
+    	}
     	// cache auth results for a short time to ease load on auth services & logs
     	if (isset($config['system']['webgui']['auth_refresh_time'])) {
     		$recheck_time = $config['system']['webgui']['auth_refresh_time'];
     	} else {
     		$recheck_time = 30;
+    	}
     	if ($authcfg['type'] == "ldap") {
     		if (isset($_SESSION["ldap_allowed_groups"]) &&
     		    (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
     			$allowed_groups = $_SESSION["ldap_allowed_groups"];
     		} else {
     			$allowed_groups = @ldap_get_groups($user['name'], $authcfg);
     			$_SESSION["ldap_allowed_groups"] = $allowed_groups;
     			$_SESSION["auth_check_time"] = time();
+    		}
     		$names = @ldap_get_groups($user['name'], $authcfg);
     	} elseif ($authcfg['type'] == "radius") {
     		if (isset($_SESSION["radius_allowed_groups"]) &&
     		    (time() <= $_SESSION["auth_check_time"] + $recheck_time)) {
     			$allowed_groups = $_SESSION["radius_allowed_groups"];
     		} else {
     			$allowed_groups = @radius_get_groups($_SESSION['user_radius_attributes']);
     			$_SESSION["radius_allowed_groups"] = $allowed_groups;
     			$_SESSION["auth_check_time"] = time();
+    		}
     		$names = @radius_get_groups($_SESSION['user_radius_attributes']);
+    	}
     	if (empty($allowed_groups)) {
     		$allowed_groups = local_user_get_groups($user, true);
     	if (empty($names)) {
     		$names = local_user_get_groups($user, true);
+    	}
     	if (is_array($allowed_groups)) {
     		foreach ($allowed_groups as $name) {
     			$group = getGroupEntry($name);
     			if (is_array($group['priv'])) {
     				$privs = array_merge($privs, $group['priv']);
+    			}
     	foreach ($names as $name) {
     		$group = getGroupEntry($name);
     		if (is_array($group['priv'])) {
     			$privs = array_merge($privs, $group['priv']);
+    		}
+    	}

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 990c00c4

Added by Renato Botelho over 8 years ago