aboutsummaryrefslogtreecommitdiffstats
path: root/lacme-accountd
diff options
context:
space:
mode:
Diffstat (limited to 'lacme-accountd')
-rwxr-xr-xlacme-accountd37
1 files changed, 24 insertions, 13 deletions
diff --git a/lacme-accountd b/lacme-accountd
index fbf1bcb..411538d 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -59,7 +59,7 @@ sub usage(;$$) {
}
exit $rv;
}
-usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s quiet|q debug help|h/);
+usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s fdopen=i quiet|q debug help|h/);
usage(0) if $OPTS{help};
do {
@@ -137,7 +137,10 @@ $JWK = JSON::->new->encode($JWK);
# to support the abstract namespace.) The downside is that we have to
# delete the file manually.
#
-do {
+if (defined $OPTS{fdopen}) {
+ die "Invalid file descriptor" unless $OPTS{fdopen} =~ /\A(\d+)\z/;
+ open $S, '+<&=', $1 or die "fdopen $1: $!";
+} else {
my $sockname = $OPTS{socket} // (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef);
die "Missing socket option\n" unless defined $sockname;
$sockname = $sockname =~ /\A(\p{Print}+)\z/ ? $1 : die "Invalid socket name\n"; # untaint $sockname
@@ -165,26 +168,34 @@ do {
# For each new connection, send the protocol version and the account key's
# public parameters, then sign whatever comes in
#
-$SIG{PIPE} = 'IGNORE'; # ignore broken pipes
-for (my $count = 0;; $count++) {
- accept(my $conn, $S) or do {
- next if $! == EINTR; # try again if accept(2) was interrupted by a signal
- die "accept: $!";
- };
- print STDERR "[$count]>> Accepted new connection\n" unless $OPTS{quiet};
-
+sub conn($;$) {
+ my $conn = shift;
+ my $count = shift;
$conn->printflush( "$PROTOCOL_VERSION OK", "\r\n", $JWK, "\r\n" );
# sign whatever comes in
while (defined (my $data = $conn->getline())) {
$data =~ s/\r\n\z// or die;
- print STDERR "[$count]>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet};
+ print STDERR "[$count] >>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet};
my $sig = $SIGN->($data);
$conn->printflush( encode_base64url($sig), "\r\n" );
}
+}
- print STDERR "[$count]>> Connection terminated\n" unless $OPTS{quiet};
- close $conn or warn "Can't close: $!";
+if (defined $OPTS{fdopen}) {
+ conn($S, $$);
+} else {
+ $SIG{PIPE} = 'IGNORE'; # ignore broken pipes
+ for (my $count = 0;; $count++) {
+ accept(my $conn, $S) or do {
+ next if $! == EINTR; # try again if accept(2) was interrupted by a signal
+ die "accept: $!";
+ };
+ print STDERR "[$count] >>> Accepted new connection\n" unless $OPTS{quiet};
+ conn($conn, $count);
+ print STDERR "[$count] >>> Connection terminated\n" unless $OPTS{quiet};
+ close $conn or warn "Can't close: $!";
+ }
}