diff options
Diffstat (limited to 'privsep.lua')
| -rw-r--r-- | privsep.lua | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/privsep.lua b/privsep.lua new file mode 100644 index 0000000..de4087a --- /dev/null +++ b/privsep.lua @@ -0,0 +1,42 @@ + +lpc = require("lpc") +json = require("json") + +local privsep_exec = "./lua-privsep" +local modules_path = "./modules" + +local privsep = {} +function privsep.call_privileged(modname, funcname, sessionid, args) + local pid, w, r = lpc.run(privsep_exec, modname) + w:write(json.encode{ funcname, sessionid, args }.."\n") + w:close() + + local resp = r:read("*all") + local retcode = lpc.wait(pid) + + if resp == nil or resp == "" then + io.stderr:write("remote '"..modname.."' failed: "..tostring(retcode).."\n") + return nil + end + + local data = json.decode(resp) + local status, errmsg, result = unpack(data) + if not status then + io.stderr:write("modname: "..tostring(errmsg).."\n") + return nil + end + return unpack(result) +end + +function privsep.wrap(modname, sessionid) + local mod = dofile(modules_path.."/"..modname..".lua") + local f = {} + for k,v in pairs(mod) do + f[k] = function(...) + return privsep.call_privileged(modname, k, sessionid, {...}) + end + end + return f +end + +return privsep |