blob: a07b8edd5845ef2406654785d7f3ed7d3e8c808c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
lpc = require("lpc")
ipcmsg = require("cmsgpack")
ipcmsg.encode = ipcmsg.pack
ipcmsg.decode = ipcmsg.unpack
socket = require("socket")
socket.unix = require("socket.unix")
local modules_path = "./modules"
local privsep = {}
function privsep.call_privileged(mod, func, sectoken, args)
local c = assert(socket.unix())
assert(c:connect("/var/run/privsep/root.sock"))
local req = { mod = mod, func = func, args = args, sectoken = sectoken }
c:send(ipcmsg.encode(req))
local retmsg, errmsg = c:receive("*a")
if retmsg then
local data = ipcmsg.decode(retmsg)
return unpack(data.result or {})
end
return nil
end
function privsep.wrap(modname, sessionid)
local mod = dofile(modules_path.."/"..modname..".lua")
local f = {}
for k,v in pairs(mod) do
f[k] = function(...)
return privsep.call_privileged(modname, k, sessionid, {...})
end
end
return f
end
return privsep
|