X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fluci.git;a=blobdiff_plain;f=libs%2Fweb%2Fluasrc%2Fsauth.lua;h=32f172dcda59a0bb5770f9cbaccb0311edd035ca;hp=8ae24a5411f89fdfae5bfd5f0e2d4a54a0589507;hb=bbb44cf245c11bc0c1d59e836007c9e8c3bfa209;hpb=8fcd841aa9af96c8a4a4d3c1a555d2d1ed42332c diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua index 8ae24a541..32f172dcd 100644 --- a/libs/web/luasrc/sauth.lua +++ b/libs/web/luasrc/sauth.lua @@ -26,51 +26,76 @@ luci.config.sauth = luci.config.sauth or {} sessionpath = luci.config.sauth.sessionpath sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60 ---- Manually clean up expired sessions. -function clean() - local now = os.time() - local files = fs.dir(sessionpath) - - if not files then - return nil - end - - for file in files do - local fname = sessionpath .. "/" .. file - local stat = fs.stat(fname) - if stat and stat.type == "reg" and stat.mtime + sessiontime < now then - fs.unlink(fname) - end - end -end - --- Prepare session storage by creating the session directory. function prepare() fs.mkdir(sessionpath, 700) - if not sane() then error("Security Exception: Session path is not sane!") end end +local function _read(id) + local blob = fs.readfile(sessionpath .. "/" .. id) + return blob +end + +local function _write(id, data) + local f = nixio.open(sessionpath .. "/" .. id, "w", 600) + f:writeall(data) + f:close() +end + +local function _checkid(id) + return not not (id and #id == 32 and id:match("^[a-fA-F0-9]+$")) +end + +--- Write session data to a session file. +-- @param id Session identifier +-- @param data Session data table +function write(id, data) + if not sane() then + prepare() + end + + assert(_checkid(id), "Security Exception: Session ID is invalid!") + assert(type(data) == "table", "Security Exception: Session data invalid!") + + data.atime = luci.sys.uptime() + + _write(id, luci.util.get_bytecode(data)) +end + --- Read a session and return its content. -- @param id Session identifier --- @return Session data +-- @return Session data table or nil if the given id is not found function read(id) - if not id then - return - end - if not id:match("^%w+$") then - error("Session ID is not sane!") + if not id or #id == 0 then + return nil end - clean() + + assert(_checkid(id), "Security Exception: Session ID is invalid!") + if not sane(sessionpath .. "/" .. id) then - return + return nil end - fs.utimes(sessionpath .. "/" .. id) - return fs.readfile(sessionpath .. "/" .. id) -end + local blob = _read(id) + local func = loadstring(blob) + setfenv(func, {}) + + local sess = func() + assert(type(sess) == "table", "Session data invalid!") + + if sess.atime and sess.atime + sessiontime < luci.sys.uptime() then + kill(id) + return nil + end + + -- refresh atime in session + write(id, sess) + + return sess +end --- Check whether Session environment is sane. -- @return Boolean status @@ -81,29 +106,22 @@ function sane(file) == (file and "rw-------" or "rwx------") end - ---- Write session data to a session file. --- @param id Session identifier --- @param data Session data -function write(id, data) - if not sane() then - prepare() - end - if not id:match("^%w+$") then - error("Session ID is not sane!") - end - - local f = nixio.open(sessionpath .. "/" .. id, "w", 600) - f:writeall(data) - f:close() -end - - --- Kills a session -- @param id Session identifier function kill(id) - if not id:match("^%w+$") then - error("Session ID is not sane!") - end + assert(_checkid(id), "Security Exception: Session ID is invalid!") fs.unlink(sessionpath .. "/" .. id) end + +--- Remove all expired session data files +function reap() + if sane() then + local id + for id in nixio.fs.dir(sessionpath) do + if _checkid(id) then + -- reading the session will kill it if it is expired + read(id) + end + end + end +end