X-Git-Url: https://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=session.sh;h=1f4699e441357303b4dd4b6e4daeff3af1bb47c8;hp=8929ab3de62638fa4084cbf3f6d50ba5510ec960;hb=e02243e96d7cc400b63c3e856d0e80d4140c6805;hpb=52e798535235e32bd536c3275d25aa7fda65f27d diff --git a/session.sh b/session.sh index 8929ab3..1f4699e 100755 --- a/session.sh +++ b/session.sh @@ -16,8 +16,16 @@ fi if which openssl >/dev/null; then session_mac(){ { [ $# -gt 0 ] && printf %s "$*" || cat; } | openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode; } else - # sham hmac if openssl is unavailable - session_mac(){ { [ $# -gt 0 ] && printf %s "$*" || cat; server_key; } | sha256sum |cut -d\ -f1; } + # Gonzo MAC if openssl is unavailable + session_mac(){ + { server_key | dd status=none bs=256 count=1 skip=1 + { server_key | dd status=none bs=256 count=1 + [ $# -gt 0 ] && printf %s "$*" || cat + } \ + | sha256sum -; + } \ + | sha256sum | cut -d\ -f1 + } fi server_key(){ @@ -67,6 +75,7 @@ checkid(){ { [ $# -gt 0 ] && printf %s "$*" || cat; } | grep -m 1 -xE '[0-9a-zA- update_session(){ local session sid time sig checksig + unset SESSION_KEY SESSION_ID read -r sid time sig <<-END $(POST session_key || COOKIE session) @@ -74,23 +83,38 @@ update_session(){ checksig="$(session_mac "$sid" "$time")" - if ! [ "$checksig" = "$sig" \ - -a "$time" -ge "$_DATE" \ - -a "$(printf %s "$sid" |checkid)" ] 2>&- + if [ "$checksig" = "$sig" \ + -a "$time" -ge "$_DATE" \ + -a "$(checkid "$sid")" ] 2>&- then - debug "Setting up new session" - sid="$(randomid)" + time=$(( $_DATE + $SESSION_TIMEOUT )) + sig="$(session_mac "$sid" "$time")" + + SESSION_KEY="${sid} ${time} ${sig}" + SESSION_ID="${sid}" + return 0 + else + return 1 fi +} + +new_session(){ + local sid time sig + + debug "Setting up new session" + sid="$(randomid)" time=$(( $_DATE + $SESSION_TIMEOUT )) sig="$(session_mac "$sid" "$time")" - printf %s\\n "${sid} ${time} ${sig}" + + SESSION_KEY="${sid} ${time} ${sig}" + SESSION_ID="${sid}" } SESSION_BIND() { # Set tamper-proof authenticated cookie local key="$1" value="$2" - SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" + SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" Path="/${_BASE#/}" SameSite=Strict HttpOnly } SESSION_VAR() { @@ -106,6 +130,9 @@ SESSION_VAR() { fi } -SESSION_KEY="$(update_session)" -SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly -SESSION_ID="${SESSION_KEY%% *}" +SESSION_COOKIE() { + [ "$1" = new ] && new_session + SET_COOKIE 0 session="$SESSION_KEY" Path="/${_BASE#/}" SameSite=Strict HttpOnly +} + +update_session || new_session