diff options
author | Damien Miller <djm@mindrot.org> | 2022-06-24 06:20:43 +0200 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-06-24 06:20:43 +0200 |
commit | 9c59e7486cc8691401228b43b96a3edbb06e0412 (patch) | |
tree | 0c3de96da8b25c8b9c1ed6f977ed748652134889 /configure.ac | |
parent | fix possible NULL deref when built without FIDO (diff) | |
download | openssh-9c59e7486cc8691401228b43b96a3edbb06e0412.tar.xz openssh-9c59e7486cc8691401228b43b96a3edbb06e0412.zip |
automatically enable built-in FIDO support
If libfido2 is found and usable, then enable the built-in
security key support unless --without-security-key-builtin
was requested.
ok dtucker@
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 65 |
1 files changed, 34 insertions, 31 deletions
diff --git a/configure.ac b/configure.ac index e7459ee1a..62c098d6d 100644 --- a/configure.ac +++ b/configure.ac @@ -54,6 +54,7 @@ AC_PATH_PROG([SH], [sh]) AC_PATH_PROG([GROFF], [groff]) AC_PATH_PROG([NROFF], [nroff awf]) AC_PATH_PROG([MANDOC], [mandoc]) +AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) AC_SUBST([TEST_SHELL], [sh]) dnl select manpage formatter to be used to build "cat" format pages. @@ -1666,7 +1667,6 @@ AC_ARG_WITH([libedit], [ --with-libedit[[=PATH]] Enable libedit support for sftp], [ if test "x$withval" != "xno" ; then if test "x$withval" = "xyes" ; then - AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) if test "x$PKGCONFIG" != "xno"; then AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) if "$PKGCONFIG" libedit; then @@ -2023,13 +2023,8 @@ AC_ARG_ENABLE([security-key], enable_sk_internal= AC_ARG_WITH([security-key-builtin], [ --with-security-key-builtin include builtin U2F/FIDO support], - [ - if test "x$withval" != "xno" ; then - enable_sk_internal=yes - fi - ] + [ enable_sk_internal=$withval ] ) -test "x$disable_sk" != "x" && enable_sk_internal="" AC_SEARCH_LIBS([dlopen], [dl]) AC_CHECK_FUNCS([dlopen]) @@ -3218,8 +3213,7 @@ fi AC_MSG_RESULT([$enable_sk]) # Now check for built-in security key support. -if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then - AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) +if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then use_pkgconfig_for_libfido2= if test "x$PKGCONFIG" != "xno"; then AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) @@ -3237,33 +3231,43 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then LIBFIDO2="-lfido2 -lcbor" fi OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` + fido2_error= AC_CHECK_LIB([fido2], [fido_init], - [ - AC_SUBST([LIBFIDO2]) - AC_DEFINE([ENABLE_SK_INTERNAL], [], - [Enable for built-in U2F/FIDO support]) - enable_sk="built-in" - ], [ AC_MSG_ERROR([no usable libfido2 found]) ], + [ ], + [ fido2_error="missing/unusable libfido2" ], [ $OTHERLIBS ] ) - saved_LIBS="$LIBS" - LIBS="$LIBS $LIBFIDO2" - AC_CHECK_FUNCS([ \ - fido_assert_set_clientdata \ - fido_cred_prot \ - fido_cred_set_prot \ - fido_cred_set_clientdata \ - fido_dev_get_touch_begin \ - fido_dev_get_touch_status \ - fido_dev_supports_cred_prot \ - ]) - LIBS="$saved_LIBS" AC_CHECK_HEADER([fido.h], [], - AC_MSG_ERROR([missing fido.h from libfido2])) + [ fido2_error="missing fido.h from libfido2" ]) AC_CHECK_HEADER([fido/credman.h], [], - AC_MSG_ERROR([missing fido/credman.h from libfido2]), - [#include <fido.h>] + [ fido2_error="missing fido/credman.h from libfido2" ], + [ #include <fido.h> ] ) + AC_MSG_CHECKING([for usable libfido2 installation]) + if test ! -z "$fido2_error" ; then + AC_MSG_RESULT([$fido2_error]) + if test "x$enable_sk_internal" = "xyes" ; then + AC_MSG_ERROR([No usable libfido2 library/headers found]) + fi + else + AC_MSG_RESULT([yes]) + AC_SUBST([LIBFIDO2]) + AC_DEFINE([ENABLE_SK_INTERNAL], [], + [Enable for built-in U2F/FIDO support]) + enable_sk="built-in" + saved_LIBS="$LIBS" + LIBS="$LIBS $LIBFIDO2" + AC_CHECK_FUNCS([ \ + fido_assert_set_clientdata \ + fido_cred_prot \ + fido_cred_set_prot \ + fido_cred_set_clientdata \ + fido_dev_get_touch_begin \ + fido_dev_get_touch_status \ + fido_dev_supports_cred_prot \ + ]) + LIBS="$saved_LIBS" + fi fi AC_CHECK_FUNCS([ \ @@ -4667,7 +4671,6 @@ AC_ARG_WITH([kerberos5], AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) KRB5_MSG="yes" - AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) use_pkgconfig_for_krb5= if test "x$PKGCONFIG" != "xno"; then AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) |