1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
lpc = require("lpc")
ipcmsg = require("json")
local privsep_exec = "./lua-privsep"
local modules_path = "./modules"
local privsep = {}
function privsep.call_privileged(modname, funcname, sessionid, args)
local pid, w, r = lpc.run(privsep_exec, modname)
w:write(ipcmsg.encode{ funcname, sessionid, args }.."\n")
w:close()
local resp = r:read("*all")
local retcode = lpc.wait(pid)
if resp == nil or resp == "" then
io.stderr:write("remote '"..modname.."' failed: "..tostring(retcode).."\n")
return nil
end
local data = ipcmsg.decode(resp)
local status, errmsg, result = unpack(data)
if not status then
io.stderr:write("modname: "..tostring(errmsg).."\n")
return nil
end
return unpack(result)
end
function privsep.wrap(modname, sessionid)
local mod = dofile(modules_path.."/"..modname..".lua")
local f = {}
for k,v in pairs(mod) do
f[k] = function(...)
return privsep.call_privileged(modname, k, sessionid, {...})
end
end
return f
end
return privsep
|