1 files changed, 39 insertions, 17 deletions

diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua
index dd00f63c37..a004d0dd92 100644
--- a/modules/rpc/luasrc/controller/rpc.lua
+++ b/modules/rpc/luasrc/controller/rpc.lua
@@ -15,30 +15,52 @@ $Id$
 module("luci.controller.rpc", package.seeall)
 
 function index()
-	local authenticator = function(validator)
-		require "luci.jsonrpc"
-		require "luci.http"
-		luci.http.setfilehandler()
-		
-		local loginstat
-		
-		local server = {}
-		server.login = function(...)
-			loginstat = validator(...)
-			return loginstat
+	local function authenticator(validator, accs)
+		local args = luci.dispatcher.context.args
+		if args and #args > 0 then
+			local user = luci.sauth.read(args[1])
+			if user and luci.util.contains(accs, user) then
+				return user
+			end
 		end
-		
-		luci.http.prepare_content("application/json")
-		luci.http.write(luci.jsonrpc.handle(server, luci.http.content()))
-		
-		return loginstat
+		luci.http.status(403, "Forbidden")
 	end
 	
 	uci = entry({"rpc", "uci"}, call("rpc_uci"))
 	uci.sysauth = "root"
 	uci.sysauth_authenticator = authenticator
+	uci.leaf = true
+	
+	uci = entry({"rpc", "auth"}, call("rpc_auth"))
+end
+
+function rpc_auth()
+	require "luci.jsonrpc"
+	require "luci.sauth"
+	
+	luci.http.setfilehandler()
+	
+	local loginstat
+	
+	local server = {}
+	server.login = function(user, pass)
+		local sid
+		
+		if luci.sys.user.checkpasswd(user, pass) then
+			sid = luci.sys.uniqueid(16)
+			luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
+			luci.sauth.write(sid, user)
+		end
+		
+		return sid
+	end
+	
+	luci.http.prepare_content("application/json")
+	luci.http.write(luci.jsonrpc.handle(server, luci.http.content()))
+	
+	return loginstat
 end
 
 function rpc_uci()
-	luci.http.write("HELLO THAR!")
+	
 end
\ No newline at end of file