diff options
Diffstat (limited to 'lacme-accountd')
| -rwxr-xr-x | lacme-accountd | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/lacme-accountd b/lacme-accountd index fbf1bcb..411538d 100755 --- a/lacme-accountd +++ b/lacme-accountd @@ -59,7 +59,7 @@ sub usage(;$$) { } exit $rv; } -usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s quiet|q debug help|h/); +usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s fdopen=i quiet|q debug help|h/); usage(0) if $OPTS{help}; do { @@ -137,7 +137,10 @@ $JWK = JSON::->new->encode($JWK); # to support the abstract namespace.) The downside is that we have to # delete the file manually. # -do { +if (defined $OPTS{fdopen}) { + die "Invalid file descriptor" unless $OPTS{fdopen} =~ /\A(\d+)\z/; + open $S, '+<&=', $1 or die "fdopen $1: $!"; +} else { my $sockname = $OPTS{socket} // (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef); die "Missing socket option\n" unless defined $sockname; $sockname = $sockname =~ /\A(\p{Print}+)\z/ ? $1 : die "Invalid socket name\n"; # untaint $sockname @@ -165,26 +168,34 @@ do { # For each new connection, send the protocol version and the account key's # public parameters, then sign whatever comes in # -$SIG{PIPE} = 'IGNORE'; # ignore broken pipes -for (my $count = 0;; $count++) { - accept(my $conn, $S) or do { - next if $! == EINTR; # try again if accept(2) was interrupted by a signal - die "accept: $!"; - }; - print STDERR "[$count]>> Accepted new connection\n" unless $OPTS{quiet}; - +sub conn($;$) { + my $conn = shift; + my $count = shift; $conn->printflush( "$PROTOCOL_VERSION OK", "\r\n", $JWK, "\r\n" ); # sign whatever comes in while (defined (my $data = $conn->getline())) { $data =~ s/\r\n\z// or die; - print STDERR "[$count]>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet}; + print STDERR "[$count] >>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet}; my $sig = $SIGN->($data); $conn->printflush( encode_base64url($sig), "\r\n" ); } +} - print STDERR "[$count]>> Connection terminated\n" unless $OPTS{quiet}; - close $conn or warn "Can't close: $!"; +if (defined $OPTS{fdopen}) { + conn($S, $$); +} else { + $SIG{PIPE} = 'IGNORE'; # ignore broken pipes + for (my $count = 0;; $count++) { + accept(my $conn, $S) or do { + next if $! == EINTR; # try again if accept(2) was interrupted by a signal + die "accept: $!"; + }; + print STDERR "[$count] >>> Accepted new connection\n" unless $OPTS{quiet}; + conn($conn, $count); + print STDERR "[$count] >>> Connection terminated\n" unless $OPTS{quiet}; + close $conn or warn "Can't close: $!"; + } } |