ns-don: add session expiration, extension, and logging

[Copilot]

The DON remote support tool lacked session lifecycle management — no expiration, no extension, no audit trail. Sessions ran indefinitely with no automatic cleanup.

Core changes

files/don

• Logging: log_message / log_error functions write to syslog (daemon.info / daemon.err) on session start, stop, expiry, extension, and failure
• Session tracking: session_start and session_extended timestamp files written to /var/run/don/
• get_session_info replaces show_credentials: reads expiry, shows time remaining or EXPIRED; full JSON support
• expire command: checks current time against 24h default (or extended) expiry; auto-calls don stop if expired — intended for cron
• extend command: sets expiry to 7 days from now; rejects already-expired sessions with an error before writing anything; calls get_session_info to confirm new state
• Variable quoting hardened throughout ($ca, $sshd_conf, $auth_keys, password pipeline, ubus JSON interpolation)

files/30_don-expire (new)

UCI default script — idempotently adds an hourly cron entry with jittered delay:

0 * * * * sleep $(( RANDOM % 60 )); /usr/sbin/don expire

Makefile

• Installs 30_don-expire as executable UCI default
• prerm hook removes the cron entry on package removal:

define Package/ns-don/prerm
#!/bin/sh
sed -i '\|/usr/sbin/don expire|d' /etc/crontabs/root
endef

Original prompt

Create a comprehensive session management improvement for the DON (remote support) tool based on PR #1542. This PR should include:

1. All features from PR feat(ns-don): enhance session management with logging and expiration checks #1554:

   • Add logging functions (log_message, log_error) that log to syslog
   • Implement session start/end timestamp tracking
   • Add session expiration check command (24h default, extendable to 7 days)
   • Add session extension command
   • Update Makefile with prerm hook to clean up cron entries
   • Create UCI script (30_don-expire) to set up hourly expiration checks via cron
   • Refactor show_credentials to get_session_info with expiration display
   • Add JSON output support for all session commands

2. Critical fixes to PR feat(ns-don): enhance session management with logging and expiration checks #1554:

   • Quote $session_start variable in the expire command (line ~245) to prevent word-splitting
   • Add validation in extend command to check that session is not already expired before allowing extension
   • Show session status after extend command by calling get_session_info
   • Add explanatory comments about expiration validation in extend function

3. Security & quality improvements:

   • Ensure all shell variables are properly quoted
   • Add validation comments where business logic requires checking state
   • Maintain consistent error handling across all commands

The resulting implementation should be production-ready with proper error handling, logging, and edge case validation.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[stephdl]

closed by #1554