=== modified file 'TODO'
--- TODO	2012-05-12 19:29:05 +0000
+++ TODO	2012-05-26 22:21:17 +0000
@@ -48,8 +48,6 @@
    SetLogLevel D-Bus call
 ** TODO Implement --foreground						  :BUGS:
    [[info:standards:Option%20Table][Table of Long Options]]
-** TODO Implement --socket
-   [[info:standards:Option%20Table][Table of Long Options]]
 ** TODO [#C] DBusServiceObjectUsingSuper
 ** TODO [#B] Global enable/disable flag
 ** TODO [#B] By-client countdown on number of secrets given

=== modified file 'mandos'
--- mandos	2012-05-26 22:48:45 +0000
+++ mandos	2012-05-26 22:56:38 +0000
@@ -1899,12 +1899,42 @@
         use_ipv6:       Boolean; to use IPv6 or not
     """
     def __init__(self, server_address, RequestHandlerClass,
-                 interface=None, use_ipv6=True):
+                 interface=None, use_ipv6=True, socketfd=None):
+        """If socketfd is set, use that file descriptor instead of
+        creating a new one with socket.socket().
+        """
         self.interface = interface
         if use_ipv6:
             self.address_family = socket.AF_INET6
+        if socketfd is not None:
+            # Save the file descriptor
+            self.socketfd = socketfd
+            # Save the original socket.socket() function
+            self.socket_socket = socket.socket
+            # To implement --socket, we monkey patch socket.socket.
+            # 
+            # (When socketserver.TCPServer is a new-style class, we
+            # could make self.socket into a property instead of monkey
+            # patching socket.socket.)
+            # 
+            # Create a one-time-only replacement for socket.socket()
+            @functools.wraps(socket.socket)
+            def socket_wrapper(*args, **kwargs):
+                # Restore original function so subsequent calls are
+                # not affected.
+                socket.socket = self.socket_socket
+                del self.socket_socket
+                # This time only, return a new socket object from the
+                # saved file descriptor.
+                return socket.fromfd(self.socketfd, *args, **kwargs)
+            # Replace socket.socket() function with wrapper
+            socket.socket = socket_wrapper
+        # The socketserver.TCPServer.__init__ will call
+        # socket.socket(), which might be our replacement,
+        # socket_wrapper(), if socketfd was set.
         socketserver.TCPServer.__init__(self, server_address,
                                         RequestHandlerClass)
+    
     def server_bind(self):
         """This overrides the normal server_bind() function
         to bind to an interface if one was specified, and also NOT to
@@ -1968,7 +1998,7 @@
     """
     def __init__(self, server_address, RequestHandlerClass,
                  interface=None, use_ipv6=True, clients=None,
-                 gnutls_priority=None, use_dbus=True):
+                 gnutls_priority=None, use_dbus=True, socketfd=None):
         self.enabled = False
         self.clients = clients
         if self.clients is None:
@@ -1978,7 +2008,8 @@
         IPv6_TCPServer.__init__(self, server_address,
                                 RequestHandlerClass,
                                 interface = interface,
-                                use_ipv6 = use_ipv6)
+                                use_ipv6 = use_ipv6,
+                                socketfd = socketfd)
     def server_activate(self):
         if self.enabled:
             return socketserver.TCPServer.server_activate(self)
@@ -2165,6 +2196,9 @@
     parser.add_argument("--no-restore", action="store_false",
                         dest="restore", help="Do not restore stored"
                         " state")
+    parser.add_argument("--socket", type=int,
+                        help="Specify a file descriptor to a network"
+                        " socket to use instead of creating one")
     parser.add_argument("--statedir", metavar="DIR",
                         help="Directory to save/restore state in")
     
@@ -2187,6 +2221,7 @@
                         "use_ipv6": "True",
                         "debuglevel": "",
                         "restore": "True",
+                        "socket": "",
                         "statedir": "/var/lib/mandos"
                         }
     
@@ -2204,6 +2239,15 @@
     if server_settings["port"]:
         server_settings["port"] = server_config.getint("DEFAULT",
                                                        "port")
+    if server_settings["socket"]:
+        server_settings["socket"] = server_config.getint("DEFAULT",
+                                                         "socket")
+        # Later, stdin will, and stdout and stderr might, be dup'ed
+        # over with an opened os.devnull.  But we don't want this to
+        # happen with a supplied network socket.
+        if 0 <= server_settings["socket"] <= 2:
+            server_settings["socket"] = os.dup(server_settings
+                                               ["socket"])
     del server_config
     
     # Override the settings from the config file with command line
@@ -2211,7 +2255,7 @@
     for option in ("interface", "address", "port", "debug",
                    "priority", "servicename", "configdir",
                    "use_dbus", "use_ipv6", "debuglevel", "restore",
-                   "statedir"):
+                   "statedir", "socket"):
         value = getattr(options, option)
         if value is not None:
             server_settings[option] = value
@@ -2265,7 +2309,9 @@
                               use_ipv6=use_ipv6,
                               gnutls_priority=
                               server_settings["priority"],
-                              use_dbus=use_dbus)
+                              use_dbus=use_dbus,
+                              socketfd=(server_settings["socket"]
+                                        or None))
     if not debug:
         pidfilename = "/var/run/mandos.pid"
         try:

=== modified file 'mandos-options.xml'
--- mandos-options.xml	2012-01-01 04:02:00 +0000
+++ mandos-options.xml	2012-05-26 22:21:17 +0000
@@ -97,4 +97,10 @@
     class="directory">/var/lib/mandos</filename></quote>.
   </para>
   
+  <para id="socket">
+    If this option is used, the server will not create a new network
+    socket, but will instead use the supplied file descriptor.  By
+    default, the server will create a new network socket.
+  </para>
+  
 </section>

=== modified file 'mandos.conf.xml'
--- mandos.conf.xml	2011-12-31 23:05:34 +0000
+++ mandos.conf.xml	2012-05-26 22:21:17 +0000
@@ -3,7 +3,7 @@
 	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY CONFNAME "mandos.conf">
 <!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
-<!ENTITY TIMESTAMP "2012-01-01">
+<!ENTITY TIMESTAMP "2012-05-26">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -174,6 +174,14 @@
 	</listitem>
       </varlistentry>
       
+      <varlistentry>
+	<term><option>socket<literal> = </literal><replaceable
+	>NUMBER</replaceable></option></term>
+	<listitem>
+	  <xi:include href="mandos-options.xml" xpointer="socket"/>
+	</listitem>
+      </varlistentry>
+      
     </variablelist>
   </refsect1>
   

=== modified file 'mandos.xml'
--- mandos.xml	2012-01-15 21:01:13 +0000
+++ mandos.xml	2012-05-26 22:21:17 +0000
@@ -2,7 +2,7 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY COMMANDNAME "mandos">
-<!ENTITY TIMESTAMP "2012-01-15">
+<!ENTITY TIMESTAMP "2012-05-26">
 <!ENTITY % common SYSTEM "common.ent">
 %common;
 ]>
@@ -100,6 +100,9 @@
       <sbr/>
       <arg><option>--statedir
       <replaceable>DIRECTORY</replaceable></option></arg>
+      <sbr/>
+      <arg><option>--socket
+      <replaceable>FD</replaceable></option></arg>
     </cmdsynopsis>
     <cmdsynopsis>
       <command>&COMMANDNAME;</command>
@@ -299,6 +302,15 @@
 	  <xi:include href="mandos-options.xml" xpointer="statedir"/>
 	</listitem>
       </varlistentry>
+      
+      <varlistentry>
+	<term><option>--socket
+	<replaceable>FD</replaceable></option></term>
+	<listitem>
+	  <xi:include href="mandos-options.xml" xpointer="socket"/>
+	</listitem>
+      </varlistentry>
+      
     </variablelist>
   </refsect1>