perf: perform password auth before checking UID.

On FreeBSD DevAuth was showing up as consuming ~10% of the time when doing big camputs. It disappears with this change. FreeBSD and Mac exec external programs for localhost auth, so I imagine they'll both benefit. On linux, checking the password in memory is (probably) still faster than reading from /proc (which I'm assuming turns into a roundtrip userland->kernel->userland which is nice to avoid). Making the change to UserPass under the assumption the performance improvement would be similar. Untested/unprofiled though. Change-Id: Idb7e888df6e9a36db0be671a44911e018eb7986e
2013-08-18 21:07:10 -07:00 · 2013-08-18 21:07:10 -07:00 · a4d187f7ee
parent 75c79b5a77
commit a4d187f7ee
1 changed files with 13 additions and 10 deletions
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@ -203,10 +203,6 @@ type UserPass struct {
 }

 func (up *UserPass) AllowedAccess(req *http.Request) Operation {
-	if up.OrLocalhost && localhostAuthorized(req) {
-		return OpAll
-	}
-
 	user, pass, err := basicAuth(req)
 	if err != nil {
 		return 0
@ -219,6 +215,11 @@ func (up *UserPass) AllowedAccess(req *http.Request) Operation {
 			return OpVivify
 		}
 	}
+
+	if up.OrLocalhost && localhostAuthorized(req) {
+		return OpAll
+	}
+
 	return 0
 }

@ -256,12 +257,6 @@ type DevAuth struct {
 }

 func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
-	// First see if the local TCP port is owned by the same
-	// non-root user as this server.
-	if localhostAuthorized(req) {
-		return OpAll
-	}
-
 	_, pass, err := basicAuth(req)
 	if err != nil {
 		return 0
@ -272,6 +267,14 @@ func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
 	if pass == da.VivifyPass {
 		return OpVivify
 	}
+
+	// See if the local TCP port is owned by the same non-root user as this
+	// server.  This check performed last as it may require reading from the
+	// kernel or exec'ing a program.
+	if localhostAuthorized(req) {
+		return OpAll
+	}
+
 	return 0
 }