summaryrefslogtreecommitdiff
path: root/p11-kit
diff options
context:
space:
mode:
Diffstat (limited to 'p11-kit')
-rw-r--r--p11-kit/Makefile.am22
-rw-r--r--p11-kit/p11-kit-server.service.in15
-rw-r--r--p11-kit/p11-kit-server.socket11
-rw-r--r--p11-kit/server.c33
4 files changed, 72 insertions, 9 deletions
diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am
index 155ef3b..6b9a8a9 100644
--- a/p11-kit/Makefile.am
+++ b/p11-kit/Makefile.am
@@ -253,8 +253,30 @@ p11_kit_server_LDADD = \
libp11-tool.la \
libp11-common.la \
libp11-kit.la \
+ $(LIBSYSTEMD_LIBS) \
$(NULL)
+p11_kit_server_CFLAGS = \
+ $(COMMON_CFLAGS) \
+ $(LIBSYSTEMD_CFLAGS) \
+ $(NULL)
+
+if WITH_SYSTEMD
+p11-kit/p11-kit-server.service: p11-kit/p11-kit-server.service.in
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ sed 's|@bindir[@]|$(bindir)|g' $< > $@-t && \
+ mv -f $@-t $@
+
+CLEANFILES += p11-kit/p11-kit-server.service
+
+systemduserunit_DATA = \
+ p11-kit/p11-kit-server.socket \
+ p11-kit/p11-kit-server.service \
+ $(NULL)
+endif
+
+EXTRA_DIST += p11-kit/p11-kit-server.socket p11-kit/p11-kit-server.service.in
+
# Tests ----------------------------------------------------------------
p11_kit_LIBS = \
diff --git a/p11-kit/p11-kit-server.service.in b/p11-kit/p11-kit-server.service.in
new file mode 100644
index 0000000..975111e
--- /dev/null
+++ b/p11-kit/p11-kit-server.service.in
@@ -0,0 +1,15 @@
+[Unit]
+Description=p11-kit server
+Documentation=man:p11-kit(8)
+
+Requires=p11-kit-server.socket
+
+[Service]
+Type=simple
+StandardError=journal
+ExecStart=@bindir@/p11-kit server -f -n %t/p11-kit/pkcs11 pkcs11:
+Restart=on-failure
+
+[Install]
+Also=p11-kit-server.socket
+WantedBy=default.target
diff --git a/p11-kit/p11-kit-server.socket b/p11-kit/p11-kit-server.socket
new file mode 100644
index 0000000..31a3d4c
--- /dev/null
+++ b/p11-kit/p11-kit-server.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=p11-kit server
+
+[Socket]
+Priority=6
+Backlog=5
+ListenStream=%t/p11-kit/pkcs11
+SocketMode=0600
+
+[Install]
+WantedBy=sockets.target
diff --git a/p11-kit/server.c b/p11-kit/server.c
index e64890c..0c0092b 100644
--- a/p11-kit/server.c
+++ b/p11-kit/server.c
@@ -62,6 +62,10 @@
#include <sys/wait.h>
#include <unistd.h>
+#ifdef WITH_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
#ifdef HAVE_SIGHANDLER_T
#define SIGHANDLER_T sighandler_t
#elif HAVE_SIG_T
@@ -273,10 +277,16 @@ create_socket (const char *address,
umask (066);
rc = bind (sd, (struct sockaddr *)&sa, SUN_LEN (&sa));
if (rc == -1) {
- p11_message_err (errno, "could not create socket %s", socket_file);
+ p11_message_err (errno, "could not bind socket %s", socket_file);
return -1;
}
+ rc = listen (sd, 1024);
+ if (rc == -1) {
+ p11_message_err (errno, "could not listen to socket %s", socket_file);
+ return 1;
+ }
+
if (uid != -1 && gid != -1) {
rc = chown (socket_file, uid, gid);
if (rc == -1) {
@@ -356,7 +366,7 @@ server_loop (Server *server,
bool foreground,
struct timespec *timeout)
{
- int ret = 1, rc;
+ int ret;
int cfd;
pid_t pid;
socklen_t sa_len;
@@ -377,10 +387,6 @@ server_loop (Server *server,
ocsignal (SIGTERM, handle_term);
ocsignal (SIGINT, handle_term);
- server->socket = create_socket (server->socket_name, server->uid, server->gid);
- if (server->socket == -1)
- return 1;
-
/* run as daemon */
if (!foreground) {
pid = fork ();
@@ -403,10 +409,19 @@ server_loop (Server *server,
}
}
- rc = listen (server->socket, 1024);
- if (rc == -1) {
- p11_message_err (errno, "could not listen to socket %s", server->socket_name);
+#ifdef WITH_SYSTEMD
+ ret = sd_listen_fds (0);
+ if (ret > 1) {
+ p11_message ("too many file descriptors received");
return 1;
+ } else if (ret == 1) {
+ server->socket = SD_LISTEN_FDS_START + 0;
+ } else
+#endif
+ {
+ server->socket = create_socket (server->socket_name, server->uid, server->gid);
+ if (server->socket == -1)
+ return 1;
}
sigprocmask (SIG_BLOCK, &blockset, NULL);
generated by cgit v1.1 at 2025-01-13 22:20:59 +0000