+ const char *response_message = NULL;
+ struct rlimit rlim; /* for disabling core dump */
+
+ switch(tr_gss_handle_connection(conn_fd,
+ "trustidentity", tids->hostname, /* acceptor name */
+ tids->auth_handler, tids->cookie, /* auth callback and cookie */
+ tids_req_cb, tids /* req callback and cookie */
+ )) {
+ case TR_GSS_SUCCESS:
+ response_message = TIDS_SUCCESS_MESSAGE;
+ break;
+
+ case TR_GSS_ERROR:
+ default:
+ response_message = TIDS_ERROR_MESSAGE;
+ break;
+ }
+
+ if (0 != result_fd) {
+ /* write strlen + 1 to include the null termination */
+ if (write(result_fd, response_message, strlen(response_message) + 1) < 0)
+ tr_err("tids_accept: child process unable to write to pipe");
+ }
+
+ close(result_fd);
+ close(conn_fd);
+
+ /* This ought to be an exit(0), but log4shib does not play well with fork() due to
+ * threading issues. To ensure we do not get stuck in the exit handler, we will
+ * abort. First disable core dump for this subprocess (the main process will still
+ * dump core if the environment allows). */
+ rlim.rlim_cur = 0; /* max core size of 0 */
+ rlim.rlim_max = 0; /* prevent the core size limit from being raised later */
+ setrlimit(RLIMIT_CORE, &rlim);
+ abort(); /* exit hard */
+}
+
+/* Accept and process a connection on a port opened with tids_get_listener() */
+int tids_accept(TIDS_INSTANCE *tids, int listen)
+{
+ int conn=-1;
+ int pid=-1;
+ int pipe_fd[2];
+ struct tid_process tp = {0};
+
+ if (0 > (conn = tr_sock_accept(listen))) {
+ tr_err("tids_accept: Error accepting connection");
+ return 1;
+ }
+
+ if (0 > pipe(pipe_fd)) {
+ perror("Error on pipe()");
+ return 1;
+ }
+ /* pipe_fd[0] is for reading, pipe_fd[1] is for writing */
+
+ if (0 > (pid = fork())) {
+ perror("Error on fork()");
+ return 1;
+ }
+
+ if (pid == 0) {
+ /* Only the child process gets here */
+ close(pipe_fd[0]); /* close the read end of the pipe, the child only writes */
+ close(listen); /* close the child process's handle on the listen port */
+
+ tids_handle_proc(tids, conn, pipe_fd[1]); /* never returns */
+ }
+
+ /* Only the parent process gets here */
+ close(pipe_fd[1]); /* close the write end of the pipe, the parent only listens */
+ close(conn); /* connection belongs to the child, so close parent's handle */
+
+ /* remember the PID of our child process */
+ tr_info("tids_accept: Spawned TID process %d to handle incoming connection.", pid);
+ tp.pid = pid;
+ tp.read_fd = pipe_fd[0];
+ g_array_append_val(tids->pids, tp);
+
+ /* clean up any processes that have completed */
+ tids_sweep_procs(tids);
+ return 0;