3 [ -n "$include_session" ] && return 0
7 SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}"
9 if ! which uuencode >/dev/null; then
10 uuencode() { busybox uuencode "$@"; }
12 if ! which sha256sum >/dev/null; then
13 sha256sum() { busybox sha256sum "$@"; }
16 if which openssl >/dev/null; then
17 session_mac(){ { [ $# -gt 0 ] && printf %s "$*" || cat; } | openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode; }
19 # Gonzo MAC if openssl is unavailable
21 { server_key | dd status=none bs=256 count=1 skip=1
22 { server_key | dd status=none bs=256 count=1
23 [ $# -gt 0 ] && printf %s "$*" || cat
27 | sha256sum | cut -d\ -f1
32 IDFILE="${IDFILE:-${_DATA:-.}/serverkey}"
33 if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then
34 dd count=1 bs=512 if=/dev/urandom \
40 # 6-Bit Code that retains sort order of input data, while beeing safe to use
41 # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes
43 { [ $# -gt 0 ] && printf %s "$*" || cat; } \
44 | uuencode -m - | sed '
46 y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz;
51 dd bs=12 count=1 if=/dev/urandom 2>&- \
56 d=$(($_DATE % 4294967296))
59 $((d / 16777216 % 256)) \
60 $((d / 65536 % 256)) \
64 dd bs=8 count=1 if=/dev/urandom 2>&-
69 # transaction ID to modify a given file
71 session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID"
74 checkid(){ { [ $# -gt 0 ] && printf %s "$*" || cat; } | grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
77 local session sid time sig checksig
79 read -r sid time sig <<-END
80 $(POST session_key || COOKIE session)
83 checksig="$(session_mac "$sid" "$time")"
85 if ! [ "$checksig" = "$sig" \
86 -a "$time" -ge "$_DATE" \
87 -a "$(printf %s "$sid" |checkid)" ] 2>&-
89 debug "Setting up new session"
93 time=$(( $_DATE + $SESSION_TIMEOUT ))
94 sig="$(session_mac "$sid" "$time")"
95 printf %s\\n "${sid} ${time} ${sig}"
99 # Set tamper-proof authenticated cookie
100 local key="$1" value="$2"
101 SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")"
105 # read authenticated cookie
106 # fail if value has been tampered with
107 local key="$1" value sig
108 value="$(COOKIE "$key")"
109 sig="${value##* }" value="${value% *}"
110 if [ "$sig" = "$(session_mac "$value" "$SESSION_ID")" ]; then
111 printf %s\\n "$value"
117 SESSION_KEY="$(update_session)"
118 SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
119 SESSION_ID="${SESSION_KEY%% *}"