$Id$
]]--
+
+--- LuCI session library.
module("luci.sauth", package.seeall)
-require("luci.fs")
+require("luci.util")
+require("luci.sys")
require("luci.config")
+local nixio = require "nixio", require "nixio.util"
+local fs = require "nixio.fs"
luci.config.sauth = luci.config.sauth or {}
sessionpath = luci.config.sauth.sessionpath
-sessiontime = tonumber(luci.config.sauth.sessiontime)
-
+sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60
+--- Manually clean up expired sessions.
function clean()
local now = os.time()
- local files = luci.fs.dir(sessionpath)
+ local files = fs.dir(sessionpath)
if not files then
return nil
end
- for i, file in pairs(files) do
+ for file in files do
local fname = sessionpath .. "/" .. file
- local stat = luci.fs.stat(fname)
- if stat and stat.type == "regular" and stat.atime + sessiontime < now then
- luci.fs.unlink(fname)
+ local stat = fs.stat(fname)
+ if stat and stat.type == "reg" and stat.mtime + sessiontime < now then
+ fs.unlink(fname)
end
end
end
+--- Prepare session storage by creating the session directory.
function prepare()
- luci.fs.mkdir(sessionpath)
- luci.fs.chmod(sessionpath, "a-rwx,u+rwx")
+ fs.mkdir(sessionpath, 700)
+
+ if not sane() then
+ error("Security Exception: Session path is not sane!")
+ end
end
+--- Read a session and return its content.
+-- @param id Session identifier
+-- @return Session data
function read(id)
if not id then
return
end
+ if not id:match("^%w+$") then
+ error("Session ID is not sane!")
+ end
clean()
- return luci.fs.readfile(sessionpath .. "/" .. id)
+ if not sane(sessionpath .. "/" .. id) then
+ return
+ end
+ fs.utimes(sessionpath .. "/" .. id)
+ return fs.readfile(sessionpath .. "/" .. id)
+end
+
+
+--- Check whether Session environment is sane.
+-- @return Boolean status
+function sane(file)
+ return luci.sys.process.info("uid")
+ == fs.stat(file or sessionpath, "uid")
+ and fs.stat(file or sessionpath, "modestr")
+ == (file and "rw-------" or "rwx------")
end
+
+--- Write session data to a session file.
+-- @param id Session identifier
+-- @param data Session data
function write(id, data)
- if not luci.fs.stat(sessionpath) then
+ if not sane() then
prepare()
end
- luci.fs.writefile(sessionpath .. "/" .. id, data)
- luci.fs.chmod(sessionpath .. "/" .. id, "a-rwx,u+rw")
-end
\ No newline at end of file
+ if not id:match("^%w+$") then
+ error("Session ID is not sane!")
+ end
+
+ local f = nixio.open(sessionpath .. "/" .. id, "w", 600)
+ f:writeall(data)
+ f:close()
+end
+
+
+--- Kills a session
+-- @param id Session identifier
+function kill(id)
+ if not id:match("^%w+$") then
+ error("Session ID is not sane!")
+ end
+ fs.unlink(sessionpath .. "/" .. id)
+end
projects / project / luci.git / blobdiff