X-Git-Url: http://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=session.sh;fp=session.sh;h=27693289adfe4d2163ef435a7cdf30a81e9d40e2;hp=0000000000000000000000000000000000000000;hb=3b749d034d316a0f5b29683929153a3fbc04e947;hpb=5c24129a2347b2be54fedfec74acc156758e3533 diff --git a/session.sh b/session.sh new file mode 100755 index 0000000..2769328 --- /dev/null +++ b/session.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +[ -n "$include_session" ] && return 0 +include_session="$0" + +server_key(){ + IDFILE="${IDFILE:-${_DATA:-.}/serverkey}" + if ! grep -m1 -xE '.{512}' "$IDFILE"; then + dd count=1 bs=512 if=/dev/urandom \ + | tee "$IDFILE" + fi 2>&- +} + +slopecode(){ + # 6-Bit Code that retains sort order of input data, while beeing safe to use + # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes + + uuencode -m - | sed ' + 1d;$d; + y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz; + ' +} + +randomid(){ + dd bs=12 count=1 if=/dev/urandom \ + | slopecode 2>&- +} + +timeid(){ + d=$(($(date +%s) % 4294967296)) + { printf "$( + printf \\%o \ + $((d / 16777216 % 256)) \ + $((d / 65536 % 256)) \ + $((d / 256 % 256)) \ + $((d % 256)) + )" + dd bs=8 count=1 if=/dev/urandom + } | slopecode 2>&- +} + +checkid(){ grep -m 1 -xE '[0-9a-zA-Z:_]{16}'; } + +update_session(){ + local session sid time sig serverkey checksig + + IFS=- read -r sid time sig <<-END + $(COOKIE session) + END + serverkey="$(server_key)" + + checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)" + checksig="${checksig%% *}" + d=$(date +%s) + + if [ "$checksig" != "$sig" -o "$time" -lt "$d" ] 2>&-; then + sid="$(randomid)" + fi + + time=$(( $(date +%s) + 7200 )) + sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)" + sig="${sig%% *}" + printf %s\\n "${sid}-${time}-${sig}" +} + +SESSION_ID="$(update_session)" +SET_COOKIE 0 "session=$SESSION_ID" +SESSION_ID="${SESSION_ID%%-*}"