server: Enable socket activation through systemd

This enables socket activation of "p11-kit server" through systemd.
The feature provided is essentially the same as commit
a4fb2bb5 (reverted), but implemented with "p11-kit server" and
libsystemd API instead of wrapping "p11-kit remote" in the unit file.

Note that, while it exposes all tokens through the socket, it doesn't
increase attack surface beyond the PKCS#11 binary interface provided
by p11-kit-proxy.so, because the service is per-user.

1 files changed, 23 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index bd6ece0..a04ae43 100644
--- a/configure.ac
+++ b/configure.ac
@@ -545,6 +545,28 @@ AC_DEFINE_UNQUOTED(EXEEXT, ["$EXEEXT"], [File extension for executables])
 privatedir='${libexecdir}/p11-kit'
 AC_SUBST(privatedir)
 
+# --------------------------------------------------------------------
+# systemd
+
+AC_ARG_WITH([systemd],
+            AS_HELP_STRING([--without-systemd],
+                           [Disable systemd socket activation]))
+
+AS_IF([test "$with_systemd" != "no"], [
+	PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd], [],
+		[with_systemd=no])
+
+	PKG_CHECK_VAR([systemduserunitdir], [systemd], [systemduserunitdir], [],
+		[with_systemd=no])
+
+	AS_IF([test "$with_systemd" != "no"], [
+		with_systemd=yes
+		AC_DEFINE_UNQUOTED(WITH_SYSTEMD, 1, [Build with systemd socket activation])
+	])
+])
+
+AM_CONDITIONAL(WITH_SYSTEMD, [test "$with_systemd" = "yes"])
+
 AC_CONFIG_FILES([Makefile
 	doc/Makefile
 	doc/manual/Makefile
@@ -576,6 +598,7 @@ AC_MSG_NOTICE([build options:
     With libtasn1 dependency:        $with_libtasn1
     With libffi:                     $with_libffi
     With hash implementation:        $with_hash_impl
+    With systemd:                    $with_systemd
 
     Build trust module:              $enable_trust_module
     Trust module paths:              $trust_status