module("luci.sauth", package.seeall)
require("luci.fs")
require("luci.util")
+require("luci.sys")
require("luci.config")
luci.config.sauth = luci.config.sauth or {}
sessionpath = luci.config.sauth.sessionpath
-sessiontime = tonumber(luci.config.sauth.sessiontime)
+sessiontime = tonumber(luci.config.sauth.sessiontime) or 15 * 60
--- Manually clean up expired sessions.
function clean()
function prepare()
luci.fs.mkdir(sessionpath)
luci.fs.chmod(sessionpath, "a-rwx,u+rwx")
+
+ if not sane() then
+ error("Security Exception: Session path is not sane!")
+ end
end
--- Read a session and return its content.
return
end
clean()
+ if not sane(sessionpath .. "/" .. id) then
+ return
+ end
return luci.fs.readfile(sessionpath .. "/" .. id)
end
+--- Check whether Session environment is sane.
+-- @return Boolean status
+function sane(file)
+ return luci.sys.process.info("uid")
+ == luci.fs.stat(file or sessionpath, "uid")
+ and luci.fs.stat(file or sessionpath, "mode")
+ == (file and "rw-------" or "rwx------")
+end
+
+
--- Write session data to a session file.
-- @param id Session identifier
-- @param data Session data
function write(id, data)
- if not luci.fs.stat(sessionpath) then
+ if not sane() then
prepare()
end
luci.fs.writefile(sessionpath .. "/" .. id, data)