+static int read_command(int fd, char **result)
+{
+ int ret;
+ char buf[4096];
+ char *command = NULL;
+
+ for (;;) {
+ size_t numbytes;
+ char *p;
+
+ ret = recv_buffer(fd, buf, sizeof(buf));
+ if (ret < 0)
+ goto out;
+ if (!ret)
+ break;
+ numbytes = ret;
+ ret = -E_COMMAND_SYNTAX;
+ if (command && numbytes + strlen(command) > MAX_COMMAND_LEN) /* DOS */
+ goto out;
+ command = para_strcat(command, buf);
+ p = strstr(command, EOC_MSG);
+ if (p) {
+ *p = '\0';
+ break;
+ }
+ }
+ ret = command? 1 : -E_COMMAND_SYNTAX;
+out:
+ if (ret < 0)
+ free(command);
+ else
+ *result = command;
+ return ret;
+
+}
+
+/**
+ * Perform user authentication and execute a command.
+ *
+ * \param fd The file descriptor to send output to.
+ * \param peername Identifies the connecting peer.
+ *
+ * Whenever para_server accepts an incoming tcp connection on
+ * the port it listens on, it forks and the resulting child
+ * calls this function.
+ *
+ * An RSA-based challenge/response is used to authenticate
+ * the peer. It that authentication succeeds, a random RC4
+ * session key is generated and sent back to the peer,
+ * encrypted with its RSA public key. From this point on,
+ * all transfers are crypted with this session key.
+ *
+ * Next it is checked if the peer supplied a valid server command or a command
+ * for the audio file selector. If yes, and if the user has sufficient
+ * permissions to execute that command, the function calls the corresponding
+ * command handler which does argument checking and further processing.
+ *
+ * In order to cope with a DOS attacks, a timeout is set up
+ * which terminates the function if the connection was not
+ * authenticated when the timeout expires.
+ *
+ * \sa alarm(2), rc4(3), crypt.c, crypt.h
+ */
+__noreturn void handle_connect(int fd, const char *peername)