From d72df441f86f759bf143df745ff13fd9b90597bf Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 17 Feb 2021 23:53:31 +0100
Subject: Split client/webserver/accountd commands on whitespace.

This doesn't change the default behavior.
---
 Changelog         |  2 ++
 config/lacme.conf |  6 +++---
 lacme             | 25 ++++++++++++++-----------
 lacme.8.md        | 20 +++++++++++++++-----
 4 files changed, 34 insertions(+), 19 deletions(-)

diff --git a/Changelog b/Changelog
index 0f9b6ca..68a1f83 100644
--- a/Changelog
+++ b/Changelog
@@ -22,6 +22,8 @@ lacme (0.7.1) upstream;
  * Breaking change: lacme(8) resp. lacme-accountd(1) no longer consider
    ./lacme.conf resp. ./lacme-accountd.conf as default location for the
    configuration file.
+ * The client, webserver, and accountd commands are now split on
+   whitespace.  This doesn't change the default behavior.
  + Improve nginx/apache2 snippets for direct serving of challenge files
    (with the new 'challenge-directory' logic symlinks can be disabled).
  + Split Nginx and Apapche2 static configuration snippets into seperate
diff --git a/config/lacme.conf b/config/lacme.conf
index 4c7dc86..3faed2b 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -29,7 +29,7 @@
 #
 #group = @@lacme_client_group@@
 
-# Path to the ACME client executable.
+# ACME client command.
 #
 #command = @@libexecdir@@/lacme/client
 
@@ -83,7 +83,7 @@
 #
 #group = @@lacme_www_group@@
 
-# Path to the ACME webserver executable.
+# ACME webserver command.
 #
 #command = @@libexecdir@@/lacme/webserver
 
@@ -110,7 +110,7 @@
 #
 #group =
 
-# Path to the lacme-accountd(1) executable.
+# lacme-accountd(1) command.
 #
 #command = @@bindir@@/lacme-accountd
 
diff --git a/lacme b/lacme
index d2d8840..019a5e7 100755
--- a/lacme
+++ b/lacme
@@ -379,7 +379,8 @@ sub spawn_webserver() {
             $ENV{DEBUG} = $OPTS{debug} // 0;
             # use execve(2) rather than a Perl pseudo-process to ensure that
             # the child doesn't have access to the parent's memory
-            exec $conf->{command}, fileno($sock) or die;
+            my ($cmd, @args) = split(/\s+/, $conf->{command}) or die "Empty webserver command\n";
+            exec { $cmd } $cmd, @args, fileno($sock) or die;
         }
 
         print STDERR "[$$] Forking ACME webserver bound to $p, child PID $pid\n" if $OPTS{debug};
@@ -505,12 +506,13 @@ sub acme_client($@) {
             drop_privileges($accountd->{user}, $accountd->{group}, '/');
             set_FD_CLOEXEC($s, 0);
             $client->close() or die "close: $!";
-            my @cmd = ($accountd->{command}, '--conn-fd='.fileno($s));
-            push @cmd, '--config='.$accountd->{config}   if defined $accountd->{config};
-            push @cmd, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey};
-            push @cmd, '--quiet' unless lc $accountd->{quiet} eq 'no';
-            push @cmd, '--debug' if $OPTS{debug};
-            exec { $cmd[0] } @cmd or die;
+            my ($cmd, @args) = split(/\s+/, $accountd->{command}) or die "Empty accountd command\n";
+            push @args, '--conn-fd='.fileno($s);
+            push @args, '--config='.$accountd->{config}   if defined $accountd->{config};
+            push @args, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey};
+            push @args, '--quiet' unless lc $accountd->{quiet} eq 'no';
+            push @args, '--debug' if $OPTS{debug};
+            exec { $cmd } $cmd, @args or die;
         }
         print STDERR "[$$] Forking lacme-accountd, child PID $pid\n" if $OPTS{debug};
         $s->close() or die "close: $!";
@@ -546,6 +548,7 @@ sub acme_client($@) {
 
     # use execve(2) rather than a Perl pseudo-process to ensure that the
     # child doesn't have access to the parent's memory
+    my ($cmd, @args2) = split(/\s+/, $conf->{command}) or die "Empty client command\n";
     my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno
     set_FD_CLOEXEC($client, 1);
     my $rv = spawn({in => $args->{in}, out => $args->{out}, child => sub() {
@@ -553,7 +556,7 @@ sub acme_client($@) {
         set_FD_CLOEXEC($_, 0) foreach ($CONFFILE, $client);
         seek($CONFFILE, SEEK_SET, 0) or die "seek: $!";
         $ENV{DEBUG} = $OPTS{debug} // 0;
-    }}, $conf->{command}, $COMMAND, @fileno, @args);
+    }}, $cmd, @args2, $COMMAND, @fileno, @args);
 
     if (defined $cleanup) {
         @CLEANUP = grep { $_ ne $cleanup } @CLEANUP;
@@ -564,7 +567,7 @@ sub acme_client($@) {
 
 sub spawn($@) {
     my $args = shift;
-    my @exec = @_;
+    my ($cmd, @args) = @_;
 
     # create communication pipes if needed
     my ($in_rd, $in_wd, $out_rd, $out_wd);
@@ -593,7 +596,7 @@ sub spawn($@) {
         } elsif (fileno(STDOUT) != fileno($args->{out})) {
             open STDOUT, '>&', $args->{out} or die "dup: $!";
         }
-        exec { $exec[0] } @exec or die;
+        exec { $cmd } $cmd, @args or die;
     }
     push @CLEANUP, sub() {
         kill 15 => $pid;
@@ -601,7 +604,7 @@ sub spawn($@) {
     };
 
     # parent
-    print STDERR "[$$] Forking $exec[0], child PID $pid\n" if $OPTS{debug};
+    print STDERR "[$$] Forking $cmd, child PID $pid\n" if $OPTS{debug};
     if (defined $args->{in}) {
         $in_rd->close() or die "close: $!";
         $in_wd->print($args->{in});
diff --git a/lacme.8.md b/lacme.8.md
index bc711ed..69870c4 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -183,7 +183,10 @@ of [ACME] commands and dialogues with the remote [ACME] server).
 
 *command*
 
-:   Path to the [ACME] client executable.
+:   The [ACME] client command.  It is split on whitespace, with the
+    first item being the command to execute, the second its first
+    argument etc.  (Note that `lacme` might append more arguments when
+    executing the command internally.)
     Default: `@@libexecdir@@/lacme/client`.
 
 *server*
@@ -262,9 +265,13 @@ served during certificate issuance.
 
 *command*
 
-:   Path to the [ACME] webserver executable.  A separate process is
-    spawned for each address to *listen* on.  (In particular no
-    webserver process is forked when the *listen* option is empty.)
+:   The [ACME] webserver command.  It is split on whitespace, with the
+    first item being the command to execute, the second its first
+    argument etc.  (Note that `lacme` might append more arguments when
+    executing the command internally.)
+    A separate process is spawned for each address to *listen* on.  (In
+    particular no webserver process is forked when the *listen* option
+    is empty.)
     Default: `@@libexecdir@@/lacme/webserver`.
 
 *iptables*
@@ -297,7 +304,10 @@ UNIX-domain socket.
 
 *command*
 
-:   Path to the [`lacme-accountd`(1)] executable.
+:   The [`lacme-accountd`(1)] command.  It is split on whitespace, with
+    the first item being the command to execute, the second its first
+    argument etc.  (Note that `lacme` appends more arguments when
+    executing the command internally.)
     Default: `@@bindir@@/lacme-accountd`.
 
 *config*
-- 
cgit v1.2.3