ipcmsg = require("cmsgpack")
ipcmsg.encode = ipcmsg.pack
ipcmsg.decode = ipcmsg.unpack

socket = require("socket")
socket.unix = require("socket.unix")


local modules_path = "./modules"

local privsep = {}

function privsep.call_privileged(mod, func, sectoken, args)
	local c = assert(socket.unix())
	assert(c:connect("/var/run/privsep/root.sock"))

	local req = { mod = mod, func = func, args = args, sectoken = sectoken }
	c:send(ipcmsg.encode(req))
	local retmsg, errmsg = c:receive("*a")
	if retmsg then
		local data = ipcmsg.decode(retmsg)
		return unpack(data.result or {})
	end
	return nil
end

function privsep.wrap(modname, sessionid)
	local mod = dofile(modules_path.."/"..modname..".lua")
	local f = {}
	for k,v in pairs(mod) do
		f[k] = function(...)
			return privsep.call_privileged(modname, k, sessionid, {...})
		end
	end
	return f
end

return privsep