From 42a8f9813716ed3495b6f49edea429b127eef0f0 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 18 Feb 2021 00:49:46 +0100 Subject: accountd: replace internal option --conn-fd=FD with flag --stdio. Using stdin/stdout makes it possible to tunnel the accountd connection through ssh. --- lacme | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lacme') diff --git a/lacme b/lacme index 019a5e7..3d3657f 100755 --- a/lacme +++ b/lacme @@ -504,10 +504,12 @@ sub acme_client($@) { my $pid = fork() // "fork: $!"; unless ($pid) { drop_privileges($accountd->{user}, $accountd->{group}, '/'); - set_FD_CLOEXEC($s, 0); + set_FD_CLOEXEC($s, 1); $client->close() or die "close: $!"; + open STDIN, '<&', $s or die "dup: $!"; + open STDOUT, '>&', $s or die "dup: $!"; my ($cmd, @args) = split(/\s+/, $accountd->{command}) or die "Empty accountd command\n"; - push @args, '--conn-fd='.fileno($s); + push @args, '--stdio'; push @args, '--config='.$accountd->{config} if defined $accountd->{config}; push @args, '--privkey='.$accountd->{privkey} if defined $accountd->{privkey}; push @args, '--quiet' unless lc $accountd->{quiet} eq 'no'; -- cgit v1.2.3