Rewrote state based redirection

[project/luci.git] / libs / web / luasrc / sauth.lua

diff --git a/libs/web/luasrc/sauth.lua b/libs/web/luasrc/sauth.lua
index 8182679..894732d 100644 (file)
--- a/libs/web/luasrc/sauth.lua
+++ b/libs/web/luasrc/sauth.lua
@@ -17,12 +17,13 @@ $Id$
 module("luci.sauth", package.seeall)
 require("luci.fs")
 require("luci.util")
+require("luci.sys")
 require("luci.config")
 
 
 luci.config.sauth = luci.config.sauth or {}
 sessionpath = luci.config.sauth.sessionpath
-sessiontime = tonumber(luci.config.sauth.sessiontime)
+sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60
 
 --- Manually clean up expired sessions.
 function clean()
@@ -45,7 +46,9 @@ end
 --- Prepare session storage by creating the session directory.
 function prepare()
        luci.fs.mkdir(sessionpath)
-       if not luci.fs.chmod(sessionpath, "a-rwx,u+rwx") then
+       luci.fs.chmod(sessionpath, "a-rwx,u+rwx")
+        
+       if not sane() then
                error("Security Exception: Session path is not sane!")
        end
 end
@@ -54,18 +57,24 @@ end
 -- @param id   Session identifier
 -- @return             Session data
 function read(id)
-       if not id or not sane() then
+       if not id then
                return
        end
        clean()
+       if not sane(sessionpath .. "/" .. id) then
+               return
+       end
        return luci.fs.readfile(sessionpath .. "/" .. id)
 end
 
 
 --- Check whether Session environment is sane.
 -- @return Boolean status
-function sane()
-       return luci.fs.stat(sessionpath, "mode") == "rwx------"
+function sane(file)
+       return luci.sys.process.info("uid")
+                       == luci.fs.stat(file or sessionpath, "uid")
+               and luci.fs.stat(file or sessionpath, "mode")
+                       == (file and "rw-------" or "rwx------")
 end