From: Paul Hänsch Date: Thu, 4 Apr 2019 12:09:45 +0000 (+0200) Subject: Merge branch 'master' of plutz.net:cgilite X-Git-Url: http://git.plutz.net/?p=cgilite;a=commitdiff_plain;h=e2678dc719c2dcda2de9a6079ac63837681e1a26;hp=d0c60cf4f8431e100a0a326931388e6d11a5fd56 Merge branch 'master' of plutz.net:cgilite --- diff --git a/cgilite.sh b/cgilite.sh index 8af3eb1..7eab08a 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -49,7 +49,7 @@ HEX_DECODE=' ' HEX_DECODE(){ - printf "$(printf %s "$1" |sed -r "$HEX_DECODE")" + printf -- "$(printf %s "$1" |sed -r "$HEX_DECODE")" } if [ -z "$REQUEST_METHOD" ]; then @@ -116,7 +116,7 @@ cgilite_value(){ str=${str#*&${name}=} cnt=$((cnt - 1)) done - printf "$(printf %s "${str%%&*}" |sed -r 's;\+; ;g;'"$HEX_DECODE")" + printf -- "$(printf %s "${str%%&*}" |sed -r 's;\+; ;g;'"$HEX_DECODE")" } cgilite_keys(){ diff --git a/html-sh.sed b/html-sh.sed index cb1c613..976d42e 100755 --- a/html-sh.sed +++ b/html-sh.sed @@ -1,4 +1,12 @@ -#!/bin/sed -nrf +#!/bin/sed -nEf + +:Escapes +s,\\\\,\\,g; s,\\&,\&,g; +s,\\<,\<,g; s,\\>,\>,g; +s,\\",\",g; s,\\',\',g; +s,\\\[,\[,g; s,\\\],\],g; +s,\\\.,\.,g; s,\\#,\#,g; +s,\\,,g; :CommentHandle x; /^<\/!-->/{ diff --git a/logging.sh b/logging.sh new file mode 100755 index 0000000..31bb24d --- /dev/null +++ b/logging.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# LOGLEVEL 1: Crash condition +# LOGLEVEL 2: Unexpected condition +# LOGLEVEL 3: Failed action (i.e. due to config error) +# LOGLEVEL 4: Debug + +[ -n "$include_logging" ] && return 0 +include_logging="$0" + +LOGLEVEL="${LOGLEVEL:-3}" +LOGFILE="${LOGFILE:-/dev/stderr}" + +logmsg(){ + local ll="${1:-3}" + shift 1 + if [ "$ll" -le "$LOGLEVEL" -a "$#" -gt 0 ]; then + printf %s\\n "$*" >>"${LOGFILE}" + elif [ "$ll" -le "$LOGLEVEL" ]; then + tee -a "${LOGFILE}" + elif [ ! "$#" -gt 0 ]; then + cat + fi +} + +die(){ + [ "$#" -gt 0 ] && logmsg 1 "$@" + exit 1 +} +panic(){ logmsg 2 "$@"; } +error(){ logmsg 3 "$@"; } +debug(){ logmsg 4 "$@"; } diff --git a/session.sh b/session.sh new file mode 100755 index 0000000..25a6598 --- /dev/null +++ b/session.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +[ -n "$include_session" ] && return 0 +include_session="$0" + +server_key(){ + IDFILE="${IDFILE:-${_DATA:-.}/serverkey}" + if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then + dd count=1 bs=512 if=/dev/urandom \ + | tee "$IDFILE" + fi 2>&- +} + +slopecode(){ + # 6-Bit Code that retains sort order of input data, while beeing safe to use + # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes + + uuencode -m - | sed ' + 1d;$d; + y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz; + ' +} + +randomid(){ + dd bs=12 count=1 if=/dev/urandom 2>&- \ + | slopecode +} + +timeid(){ + d=$(($(date +%s) % 4294967296)) + { printf "$( + printf \\%o \ + $((d / 16777216 % 256)) \ + $((d / 65536 % 256)) \ + $((d / 256 % 256)) \ + $((d % 256)) + )" + dd bs=8 count=1 if=/dev/urandom 2>&- + } | slopecode +} + +checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; } + +update_session(){ + local session sid time sig serverkey checksig + + IFS=- read -r sid time sig <<-END + $(COOKIE session) + END + serverkey="$(server_key)" + + checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)" + checksig="${checksig%% *}" + d=$(date +%s) + + if [ "$checksig" != "$sig" \ + -o "$time" -lt "$d" \ + -o ! "$(printf %s "$sid" |checkid)" ] 2>&- + then + debug Setting up new session + sid="$(randomid)" + fi + + time=$(( $(date +%s) + 7200 )) + sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)" + sig="${sig%% *}" + printf %s\\n "${sid}-${time}-${sig}" +} + +SESSION_ID="$(update_session)" +SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly +SESSION_ID="${SESSION_ID%%-*}"