diff options
Diffstat (limited to 'privsep.lua')
-rw-r--r-- | privsep.lua | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/privsep.lua b/privsep.lua index 5e0b915..a07b8ed 100644 --- a/privsep.lua +++ b/privsep.lua @@ -1,31 +1,29 @@ lpc = require("lpc") -ipcmsg = require("json") +ipcmsg = require("cmsgpack") +ipcmsg.encode = ipcmsg.pack +ipcmsg.decode = ipcmsg.unpack + +socket = require("socket") +socket.unix = require("socket.unix") + -local privsep_exec = "./lua-privsep" local modules_path = "./modules" local privsep = {} -function privsep.call_privileged(modname, funcname, sessionid, args) - local pid, w, r = lpc.run(privsep_exec, modname) - w:write(ipcmsg.encode{ funcname, sessionid, args }.."\n") - w:close() - local resp = r:read("*all") - local retcode = lpc.wait(pid) +function privsep.call_privileged(mod, func, sectoken, args) + local c = assert(socket.unix()) + assert(c:connect("/var/run/privsep/root.sock")) - if resp == nil or resp == "" then - io.stderr:write("remote '"..modname.."' failed: "..tostring(retcode).."\n") - return nil + local req = { mod = mod, func = func, args = args, sectoken = sectoken } + c:send(ipcmsg.encode(req)) + local retmsg, errmsg = c:receive("*a") + if retmsg then + local data = ipcmsg.decode(retmsg) + return unpack(data.result or {}) end - - local data = ipcmsg.decode(resp) - local status, errmsg, result = unpack(data) - if not status then - io.stderr:write("modname: "..tostring(errmsg).."\n") - return nil - end - return unpack(result) + return nil end function privsep.wrap(modname, sessionid) @@ -40,3 +38,4 @@ function privsep.wrap(modname, sessionid) end return privsep + |