libs/web: Add additional sanity checks to session mechanism

[project/luci.git] / libs / web / luasrc / sauth.lua

diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua
index fc4942b..8182679 100644 (file)
--- a/libs/web/luasrc/sauth.lua
+++ b/libs/web/luasrc/sauth.lua
@@ -12,6 +12,8 @@ You may obtain a copy of the License at
 $Id$
 
 ]]--
+
+--- LuCI session library.
 module("luci.sauth", package.seeall)
 require("luci.fs")
 require("luci.util")
@@ -22,7 +24,7 @@ luci.config.sauth = luci.config.sauth or {}
 sessionpath = luci.config.sauth.sessionpath
 sessiontime = tonumber(luci.config.sauth.sessiontime)
 
-
+--- Manually clean up expired sessions.
 function clean()
        local now   = os.time()
        local files = luci.fs.dir(sessionpath)
@@ -40,21 +42,38 @@ function clean()
        end
 end
 
+--- Prepare session storage by creating the session directory.
 function prepare()
        luci.fs.mkdir(sessionpath)
-       luci.fs.chmod(sessionpath, "a-rwx,u+rwx")
+       if not luci.fs.chmod(sessionpath, "a-rwx,u+rwx") then
+               error("Security Exception: Session path is not sane!")
+       end
 end
 
+--- Read a session and return its content.
+-- @param id   Session identifier
+-- @return             Session data
 function read(id)
-       if not id then
+       if not id or not sane() then
                return
        end
        clean()
        return luci.fs.readfile(sessionpath .. "/" .. id)
 end
 
+
+--- Check whether Session environment is sane.
+-- @return Boolean status
+function sane()
+       return luci.fs.stat(sessionpath, "mode") == "rwx------"
+end
+
+
+--- Write session data to a session file.
+-- @param id   Session identifier
+-- @param data Session data
 function write(id, data)
-       if not luci.fs.stat(sessionpath) then
+       if not sane() then
                prepare()
        end
        luci.fs.writefile(sessionpath .. "/" .. id, data)