From a4d187f7ee62a5453c3789f1f3c61217d4bdac6d Mon Sep 17 00:00:00 2001 From: Bill Thiede Date: Sun, 18 Aug 2013 21:07:10 -0700 Subject: [PATCH] perf: perform password auth before checking UID. On FreeBSD DevAuth was showing up as consuming ~10% of the time when doing big camputs. It disappears with this change. FreeBSD and Mac exec external programs for localhost auth, so I imagine they'll both benefit. On linux, checking the password in memory is (probably) still faster than reading from /proc (which I'm assuming turns into a roundtrip userland->kernel->userland which is nice to avoid). Making the change to UserPass under the assumption the performance improvement would be similar. Untested/unprofiled though. Change-Id: Idb7e888df6e9a36db0be671a44911e018eb7986e --- pkg/auth/auth.go | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 1bb6f06dd..7960184c3 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -203,10 +203,6 @@ type UserPass struct { } func (up *UserPass) AllowedAccess(req *http.Request) Operation { - if up.OrLocalhost && localhostAuthorized(req) { - return OpAll - } - user, pass, err := basicAuth(req) if err != nil { return 0 @@ -219,6 +215,11 @@ func (up *UserPass) AllowedAccess(req *http.Request) Operation { return OpVivify } } + + if up.OrLocalhost && localhostAuthorized(req) { + return OpAll + } + return 0 } @@ -256,12 +257,6 @@ type DevAuth struct { } func (da *DevAuth) AllowedAccess(req *http.Request) Operation { - // First see if the local TCP port is owned by the same - // non-root user as this server. - if localhostAuthorized(req) { - return OpAll - } - _, pass, err := basicAuth(req) if err != nil { return 0 @@ -272,6 +267,14 @@ func (da *DevAuth) AllowedAccess(req *http.Request) Operation { if pass == da.VivifyPass { return OpVivify } + + // See if the local TCP port is owned by the same non-root user as this + // server. This check performed last as it may require reading from the + // kernel or exec'ing a program. + if localhostAuthorized(req) { + return OpAll + } + return 0 }