diff options
3 files changed, 35 insertions, 16 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index 795b62bedb..8b8d1fa349 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -114,7 +114,14 @@ function authenticator.htmlauth(validator, accs, default) if context.urltoken.stok then context.urltoken.stok = nil - http.header("Set-Cookie", "sysauth=; path="..build_url()) + + local cookie = 'sysauth=%s; expires=%s; path=%s/' %{ + http.getcookie('sysauth') or 'x', + 'Thu, 01 Jan 1970 01:00:00 GMT', + build_url() + } + + http.header("Set-Cookie", cookie) http.redirect(build_url()) else require("luci.i18n") @@ -329,13 +336,14 @@ function dispatch(request) if not util.contains(accs, user) then if authen then local user, sess = authen(sys.user.checkpasswd, accs, def) + local token if not user or not util.contains(accs, user) then return else if not sess then - local sdat = util.ubus("session", "create", { timeout = luci.config.sauth.sessiontime }) + local sdat = util.ubus("session", "create", { timeout = tonumber(luci.config.sauth.sessiontime) }) if sdat then - local token = sys.uniqueid(16) + token = sys.uniqueid(16) util.ubus("session", "set", { ubus_rpc_session = sdat.ubus_rpc_session, values = { @@ -345,15 +353,19 @@ function dispatch(request) } }) sess = sdat.ubus_rpc_session - ctx.urltoken.stok = token end end - if sess then - http.header("Set-Cookie", "sysauth=" .. sess.."; path="..build_url()) - http.redirect(build_url(unpack(ctx.requestpath))) + if sess and token then + http.header("Set-Cookie", 'sysauth=%s; path=%s/' %{ + sess, build_url() + }) + + ctx.urltoken.stok = token ctx.authsession = sess ctx.authuser = user + + http.redirect(build_url(unpack(ctx.requestpath))) end end else @@ -371,6 +383,9 @@ function dispatch(request) end if track.setuser then + -- trigger ubus connection before dropping root privs + util.ubus() + sys.process.setuser(track.setuser) end diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/index.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/index.lua index 74a3fd9adc..d00d546b64 100644 --- a/modules/luci-mod-admin-full/luasrc/controller/admin/index.lua +++ b/modules/luci-mod-admin-full/luasrc/controller/admin/index.lua @@ -28,13 +28,17 @@ end function action_logout() local dsp = require "luci.dispatcher" local utl = require "luci.util" - if dsp.context.authsession then - utl.ubus("session", "destroy", { - ubus_rpc_session = dsp.context.authsession - }) + local sid = dsp.context.authsession + + if sid then + utl.ubus("session", "destroy", { ubus_rpc_session = sid }) + dsp.context.urltoken.stok = nil + + luci.http.header("Set-Cookie", "sysauth=%s; expires=%s; path=%s/" %{ + sid, 'Thu, 01 Jan 1970 01:00:00 GMT', dsp.build_url() + }) end - luci.http.header("Set-Cookie", "sysauth=; path=" .. dsp.build_url()) luci.http.redirect(luci.dispatcher.build_url()) end diff --git a/modules/luci-mod-freifunk/luasrc/view/freifunk/public_status.htm b/modules/luci-mod-freifunk/luasrc/view/freifunk/public_status.htm index 72bd136c5e..42a58f9dd3 100644 --- a/modules/luci-mod-freifunk/luasrc/view/freifunk/public_status.htm +++ b/modules/luci-mod-freifunk/luasrc/view/freifunk/public_status.htm @@ -23,12 +23,12 @@ local load = string.format("%.2f, %.2f, %.2f", loads[1] / 65535.0, loads[2] / 65 local mem = string.format( "%.2f MB (%.2f %s, %.2f %s, %.2f %s)", - memory.total / 1024 / 1024, - (memory.total - memory.free) / 1024 / 1024, + meminfo.total / 1024 / 1024, + (meminfo.total - meminfo.free) / 1024 / 1024, tostring(i18n.translate("used")), - memory.free / 1024 / 1024, + meminfo.free / 1024 / 1024, tostring(i18n.translate("free")), - memory.buffered / 1024 / 1024, + meminfo.buffered / 1024 / 1024, tostring(i18n.translate("buffered")) ) |