From 944407621f313c15f6cfd53267da1ddbdaceec9f Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 28 Jun 2017 17:19:46 +0200
Subject: webserver: allow listening to multiple addresses.

(Useful when dual-stack IPv4/IPv6 is not supported.)  Also, change the
default to listen to a UNIX-domain socket </var/run/lacme.socket>.

Moreover temporary iptables rules are no longer installed.  Hosts
without a public HTTP daemon listening on port 80 need to set the
'listen' option to [::] and/or 0.0.0.0, and possibly set the 'iptables'
option to Yes.
---
 webserver | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

(limited to 'webserver')

diff --git a/webserver b/webserver
index e97fe00..7914762 100755
--- a/webserver
+++ b/webserver
@@ -38,12 +38,9 @@ use warnings;
 # not a problem since FD can be bound as root prior to the execve(2).
 
 use Errno 'EINTR';
-use Socket qw/AF_INET AF_INET6/;
+use Socket qw/AF_UNIX AF_INET AF_INET6/;
 
 # Untaint and fdopen(3) the listening socket
-# TODO: we could even take multiple file descriptors and select(2)
-# between them; this could be useful to listen on two sockets, one for
-# INET and one for INET6
 (shift @ARGV // die) =~ /\A(\d+)\z/ or die;
 open my $S, '+<&=', $1 or die "fdopen $1: $!";
 my $ROOT = '/.well-known/acme-challenge';
@@ -57,13 +54,22 @@ sub info($$$) {
 
     # get a string representation of the peer's address
     my $fam = Socket::sockaddr_family($sockaddr);
-    my (undef, $ip) =
-        $fam == AF_INET  ? Socket::unpack_sockaddr_in($sockaddr)  :
-        $fam == AF_INET6 ? Socket::unpack_sockaddr_in6($sockaddr) :
-        die;
-    my $addr = Socket::inet_ntop($fam, $ip);
+    my $peer;
 
-    print STDERR $msg." from [$addr]".(defined $req ? ": $req" : "")."\n";
+    if ($fam == AF_UNIX) {
+        $peer = Socket::unpack_sockaddr_un($sockaddr);
+    } else {
+        my (undef, $ip) =
+            $fam == AF_INET  ? Socket::unpack_sockaddr_in($sockaddr)  :
+            $fam == AF_INET6 ? Socket::unpack_sockaddr_in6($sockaddr) :
+            die;
+        $peer = Socket::inet_ntop($fam, $ip);
+    }
+
+    $msg .= " from [$peer]" if defined $peer and $peer ne '';
+    $msg .= ": $req"        if defined $req;
+
+    print STDERR $msg, "\n";
 }
 
 while (1) {
-- 
cgit v1.2.3