aboutsummaryrefslogtreecommitdiffstats
path: root/lacme-accountd
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-18 00:49:46 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-18 00:56:40 +0100
commit42a8f9813716ed3495b6f49edea429b127eef0f0 (patch)
tree616e5c25b1f16d661f842d96f059680668006c6d /lacme-accountd
parentd72df441f86f759bf143df745ff13fd9b90597bf (diff)
accountd: replace internal option --conn-fd=FD with flag --stdio.
Using stdin/stdout makes it possible to tunnel the accountd connection through ssh.
Diffstat (limited to 'lacme-accountd')
-rwxr-xr-xlacme-accountd27
1 files changed, 11 insertions, 16 deletions
diff --git a/lacme-accountd b/lacme-accountd
index c00530f..7b9b1ff 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -60,7 +60,7 @@ sub usage(;$$) {
}
exit $rv;
}
-usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s conn-fd=i quiet|q debug help|h/);
+usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s stdio quiet|q debug help|h/);
usage(0) if $OPTS{help};
do {
@@ -137,11 +137,7 @@ my $JWK_STR = JSON::->new->encode($JWK);
# to support the abstract namespace.) The downside is that we have to
# delete the file manually.
#
-if (defined $OPTS{'conn-fd'}) {
- die "Invalid file descriptor" unless $OPTS{'conn-fd'} =~ /\A(\d+)\z/;
- # untaint and fdopen(3) our end of the socket pair
- open ($S, '+<&=', $1+0) or die "fdopen($1): $!";
-} else {
+unless (defined $OPTS{stdio}) {
my $sockname = $OPTS{socket} // (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef);
die "Missing socket option\n" unless defined $sockname;
$sockname = $sockname =~ /\A(\p{Print}+)\z/ ? $1 : die "Invalid socket name\n"; # untaint $sockname
@@ -169,22 +165,21 @@ if (defined $OPTS{'conn-fd'}) {
# For each new connection, send the protocol version and the account key's
# public parameters, then sign whatever comes in
#
-sub conn($;$) {
- my $conn = shift;
- my $count = shift;
- $conn->printflush( "$PROTOCOL_VERSION OK", "\r\n", $JWK_STR, "\r\n" ) or warn "print: $!";
+sub conn($$;$) {
+ my ($in, $out, $id) = @_;
+ $out->printflush( "$PROTOCOL_VERSION OK", "\r\n", $JWK_STR, "\r\n" ) or warn "print: $!";
# sign whatever comes in
- while (defined (my $data = $conn->getline())) {
+ while (defined (my $data = $in->getline())) {
$data =~ s/\r\n\z// or die;
- print STDERR "[$count] >>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet};
+ print STDERR "[$id] >>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet};
my $sig = $SIGN->($data);
- $conn->printflush( encode_base64url($sig), "\r\n" ) or warn "print: $!";
+ $out->printflush( encode_base64url($sig), "\r\n" ) or warn "print: $!";
}
}
-if (defined $OPTS{'conn-fd'}) {
- conn($S, $$);
+if (defined $OPTS{stdio}) {
+ conn(\*STDIN, \*STDOUT, $$);
} else {
$SIG{PIPE} = 'IGNORE'; # ignore broken pipes
for (my $count = 0;; $count++) {
@@ -193,7 +188,7 @@ if (defined $OPTS{'conn-fd'}) {
die "accept: $!";
};
print STDERR "[$count] >>> Accepted new connection\n" unless $OPTS{quiet};
- conn($conn, $count);
+ conn($conn, $conn, $count);
print STDERR "[$count] >>> Connection terminated\n" unless $OPTS{quiet};
$conn->close() or warn "close: $!";
}