From 27788fd4a399642eddbdb1934ccaa13f7fd00124 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 1 Dec 2016 00:16:18 +0100
Subject: Make lacme able to spawn lacme-accountd.

---
 lacme-accountd | 37 ++++++++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 13 deletions(-)

(limited to 'lacme-accountd')

diff --git a/lacme-accountd b/lacme-accountd
index fbf1bcb..411538d 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -59,7 +59,7 @@ sub usage(;$$) {
     }
     exit $rv;
 }
-usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s quiet|q debug help|h/);
+usage(1) unless GetOptions(\%OPTS, qw/config=s privkey=s socket=s fdopen=i quiet|q debug help|h/);
 usage(0) if $OPTS{help};
 
 do {
@@ -137,7 +137,10 @@ $JWK = JSON::->new->encode($JWK);
 # to support the abstract namespace.)  The downside is that we have to
 # delete the file manually.
 #
-do {
+if (defined $OPTS{fdopen}) {
+    die "Invalid file descriptor" unless $OPTS{fdopen} =~ /\A(\d+)\z/;
+    open $S, '+<&=', $1 or die "fdopen $1: $!";
+} else {
     my $sockname = $OPTS{socket} // (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef);
     die "Missing socket option\n" unless defined $sockname;
     $sockname = $sockname =~ /\A(\p{Print}+)\z/ ? $1 : die "Invalid socket name\n"; # untaint $sockname
@@ -165,26 +168,34 @@ do {
 # For each new connection, send the protocol version and the account key's
 # public parameters, then sign whatever comes in
 #
-$SIG{PIPE} = 'IGNORE'; # ignore broken pipes
-for (my $count = 0;; $count++) {
-    accept(my $conn, $S) or do {
-        next if $! == EINTR; # try again if accept(2) was interrupted by a signal
-        die "accept: $!";
-    };
-    print STDERR "[$count]>> Accepted new connection\n" unless $OPTS{quiet};
-
+sub conn($;$) {
+    my $conn = shift;
+    my $count = shift;
     $conn->printflush( "$PROTOCOL_VERSION OK", "\r\n", $JWK, "\r\n" );
 
     # sign whatever comes in
     while (defined (my $data = $conn->getline())) {
         $data =~ s/\r\n\z// or die;
-        print STDERR "[$count]>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet};
+        print STDERR "[$count] >>> Issuing SHA-256 signature for: $data\n" unless $OPTS{quiet};
         my $sig = $SIGN->($data);
         $conn->printflush( encode_base64url($sig), "\r\n" );
     }
+}
 
-    print STDERR "[$count]>> Connection terminated\n" unless $OPTS{quiet};
-    close $conn or warn "Can't close: $!";
+if (defined $OPTS{fdopen}) {
+    conn($S, $$);
+} else {
+    $SIG{PIPE} = 'IGNORE'; # ignore broken pipes
+    for (my $count = 0;; $count++) {
+        accept(my $conn, $S) or do {
+            next if $! == EINTR; # try again if accept(2) was interrupted by a signal
+            die "accept: $!";
+        };
+        print STDERR "[$count] >>> Accepted new connection\n" unless $OPTS{quiet};
+        conn($conn, $count);
+        print STDERR "[$count] >>> Connection terminated\n" unless $OPTS{quiet};
+        close $conn or warn "Can't close: $!";
+    }
 }
 
 
-- 
cgit v1.2.3