[openssh-commits] [openssh] 01/01: automatically enable built-in FIDO support
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Jun 24 14:21:59 AEST 2022
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 9c59e7486cc8691401228b43b96a3edbb06e0412
Author: Damien Miller <djm at mindrot.org>
Date: Fri Jun 24 14:20:43 2022 +1000
automatically enable built-in FIDO support
If libfido2 is found and usable, then enable the built-in
security key support unless --without-security-key-builtin
was requested.
ok dtucker@
---
configure.ac | 65 +++++++++++++++++++++++++++++++-----------------------------
1 file changed, 34 insertions(+), 31 deletions(-)
diff --git a/configure.ac b/configure.ac
index e7459ee1..62c098d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -54,6 +54,7 @@ AC_PATH_PROG([SH], [sh])
AC_PATH_PROG([GROFF], [groff])
AC_PATH_PROG([NROFF], [nroff awf])
AC_PATH_PROG([MANDOC], [mandoc])
+AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
AC_SUBST([TEST_SHELL], [sh])
dnl select manpage formatter to be used to build "cat" format pages.
@@ -1666,7 +1667,6 @@ AC_ARG_WITH([libedit],
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
[ if test "x$withval" != "xno" ; then
if test "x$withval" = "xyes" ; then
- AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
if test "x$PKGCONFIG" != "xno"; then
AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
if "$PKGCONFIG" libedit; then
@@ -2023,13 +2023,8 @@ AC_ARG_ENABLE([security-key],
enable_sk_internal=
AC_ARG_WITH([security-key-builtin],
[ --with-security-key-builtin include builtin U2F/FIDO support],
- [
- if test "x$withval" != "xno" ; then
- enable_sk_internal=yes
- fi
- ]
+ [ enable_sk_internal=$withval ]
)
-test "x$disable_sk" != "x" && enable_sk_internal=""
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
@@ -3218,8 +3213,7 @@ fi
AC_MSG_RESULT([$enable_sk])
# Now check for built-in security key support.
-if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
- AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
use_pkgconfig_for_libfido2=
if test "x$PKGCONFIG" != "xno"; then
AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
@@ -3237,33 +3231,43 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
LIBFIDO2="-lfido2 -lcbor"
fi
OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
+ fido2_error=
AC_CHECK_LIB([fido2], [fido_init],
- [
- AC_SUBST([LIBFIDO2])
- AC_DEFINE([ENABLE_SK_INTERNAL], [],
- [Enable for built-in U2F/FIDO support])
- enable_sk="built-in"
- ], [ AC_MSG_ERROR([no usable libfido2 found]) ],
+ [ ],
+ [ fido2_error="missing/unusable libfido2" ],
[ $OTHERLIBS ]
)
- saved_LIBS="$LIBS"
- LIBS="$LIBS $LIBFIDO2"
- AC_CHECK_FUNCS([ \
- fido_assert_set_clientdata \
- fido_cred_prot \
- fido_cred_set_prot \
- fido_cred_set_clientdata \
- fido_dev_get_touch_begin \
- fido_dev_get_touch_status \
- fido_dev_supports_cred_prot \
- ])
- LIBS="$saved_LIBS"
AC_CHECK_HEADER([fido.h], [],
- AC_MSG_ERROR([missing fido.h from libfido2]))
+ [ fido2_error="missing fido.h from libfido2" ])
AC_CHECK_HEADER([fido/credman.h], [],
- AC_MSG_ERROR([missing fido/credman.h from libfido2]),
- [#include <fido.h>]
+ [ fido2_error="missing fido/credman.h from libfido2" ],
+ [ #include <fido.h> ]
)
+ AC_MSG_CHECKING([for usable libfido2 installation])
+ if test ! -z "$fido2_error" ; then
+ AC_MSG_RESULT([$fido2_error])
+ if test "x$enable_sk_internal" = "xyes" ; then
+ AC_MSG_ERROR([No usable libfido2 library/headers found])
+ fi
+ else
+ AC_MSG_RESULT([yes])
+ AC_SUBST([LIBFIDO2])
+ AC_DEFINE([ENABLE_SK_INTERNAL], [],
+ [Enable for built-in U2F/FIDO support])
+ enable_sk="built-in"
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $LIBFIDO2"
+ AC_CHECK_FUNCS([ \
+ fido_assert_set_clientdata \
+ fido_cred_prot \
+ fido_cred_set_prot \
+ fido_cred_set_clientdata \
+ fido_dev_get_touch_begin \
+ fido_dev_get_touch_status \
+ fido_dev_supports_cred_prot \
+ ])
+ LIBS="$saved_LIBS"
+ fi
fi
AC_CHECK_FUNCS([ \
@@ -4667,7 +4671,6 @@ AC_ARG_WITH([kerberos5],
AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
KRB5_MSG="yes"
- AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
use_pkgconfig_for_krb5=
if test "x$PKGCONFIG" != "xno"; then
AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list