diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-17 08:13:36 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-17 08:13:36 +0100 |
commit | 7c17ddba9a45f93ae491c11d3baf8ca8625375f0 (patch) | |
tree | 802cb7e11c09e5ac3974dbbc3622e312dc2aaf47 /privileged-main.lua | |
parent | 1e07eccace7c50fd0e7fa3b217eda85add5a6630 (diff) | |
download | privsep-7c17ddba9a45f93ae491c11d3baf8ca8625375f0.tar.bz2 privsep-7c17ddba9a45f93ae491c11d3baf8ca8625375f0.tar.xz |
Fix privsep client to use lua-socket
Diffstat (limited to 'privileged-main.lua')
-rw-r--r-- | privileged-main.lua | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/privileged-main.lua b/privileged-main.lua index 8fe447c..8b8793a 100644 --- a/privileged-main.lua +++ b/privileged-main.lua @@ -1,50 +1,58 @@ -modname = ... +msg = ... -if not modname then - modname = "session" -end +--print("DEBUG: got message:", msg) -json = require("json") +ipcmsg = require("cmsgpack") +ipcmsg.encode = ipcmsg.pack +ipcmsg.decode = ipcmsg.unpack function ret_error(errmsg) - io.write(json.encode({false, errmsg, nil}).."\n") - os.exit(0) + io.stderr:write("ERROR: "..tostring(errmsg).."\n") + return ipcmsg.encode{ status = false, errmsg = errmsg} end function ret_success(result) - io.write(json.encode({true, "success", result}).."\n") + return ipcmsg.encode{ status = true, errmsg = "success", result = result} end +req = ipcmsg.decode(msg) + +--print("DEBUG: msg decoded") + -- path must be absolute for production so users cannot load scripts from -- non secured dirs modules_path = "./modules/" -if not modname then - return 1 +if type(req.mod) ~= "string" then + return ret_error("mod is missing in message or is bad format") +end + +if type(req.func) ~= "string" then + return ret_error("func is missing in message or is wrong format") end -- make sure we dont have any path elements in modname so we cannot pass -- modnames like '../myevilmod' -mfile = modules_path..string.gsub(modname, ".*/", "")..".lua" +mfile = modules_path..string.gsub(req.mod, ".*/", "")..".lua" -- load the module m = dofile(mfile) +--print("DEBUG: mfile:", mfile) +--print("DEBUG: '"..req.func.."' type:", type(m[req.func])) --- read args from stdin -request = json.decode(io.read("*a")) -funcname, sessionid, args = unpack(request) - ---ret_error(funcname) -- check that the func we want exists -if type(m[funcname]) ~= "function" then - ret_error(funcname..": not a function") +if type(m[req.func]) ~= "function" then + ret_error(func..": not a function in '".. mfile .."'") end -- TODO: check permissions here +--print("DEBUG: args:", req.args) -- execute the func and pack the return values into a table -result = { m[funcname](unpack(args)) } +result = { m[req.func](unpack(req.args)) } +--result = { m[func](unpack(req.args or {})) } -ret_success(result) +--print("DEBUG: result:", result) +return ret_success(result) |