+local function session_retrieve(sid, allowed_users)
+ local sdat = util.ubus("session", "get", { ubus_rpc_session = sid })
+
+ if type(sdat) == "table" and
+ type(sdat.values) == "table" and
+ type(sdat.values.token) == "string" and
+ (not allowed_users or
+ util.contains(allowed_users, sdat.values.username))
+ then
+ uci:set_session_id(sid)
+ return sid, sdat.values
+ end
+
+ return nil, nil
+end
+
+local function session_setup(user, pass, allowed_users)
+ if util.contains(allowed_users, user) then
+ local login = util.ubus("session", "login", {
+ username = user,
+ password = pass,
+ timeout = tonumber(luci.config.sauth.sessiontime)
+ })
+
+ local rp = context.requestpath
+ and table.concat(context.requestpath, "/") or ""
+
+ if type(login) == "table" and
+ type(login.ubus_rpc_session) == "string"
+ then
+ util.ubus("session", "set", {
+ ubus_rpc_session = login.ubus_rpc_session,
+ values = { token = sys.uniqueid(16) }
+ })
+
+ io.stderr:write("luci: accepted login on /%s for %s from %s\n"
+ %{ rp, user, http.getenv("REMOTE_ADDR") or "?" })
+
+ return session_retrieve(login.ubus_rpc_session)
+ end
+
+ io.stderr:write("luci: failed login on /%s for %s from %s\n"
+ %{ rp, user, http.getenv("REMOTE_ADDR") or "?" })
+ end
+
+ return nil, nil
+end
+