summaryrefslogtreecommitdiffstats
path: root/configure.ac
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2022-06-24 06:20:43 +0200
committerDamien Miller <djm@mindrot.org>2022-06-24 06:20:43 +0200
commit9c59e7486cc8691401228b43b96a3edbb06e0412 (patch)
tree0c3de96da8b25c8b9c1ed6f977ed748652134889 /configure.ac
parentfix possible NULL deref when built without FIDO (diff)
downloadopenssh-9c59e7486cc8691401228b43b96a3edbb06e0412.tar.xz
openssh-9c59e7486cc8691401228b43b96a3edbb06e0412.zip
automatically enable built-in FIDO support
If libfido2 is found and usable, then enable the built-in security key support unless --without-security-key-builtin was requested. ok dtucker@
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac65
1 files changed, 34 insertions, 31 deletions
diff --git a/configure.ac b/configure.ac
index e7459ee1a..62c098d6d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -54,6 +54,7 @@ AC_PATH_PROG([SH], [sh])
AC_PATH_PROG([GROFF], [groff])
AC_PATH_PROG([NROFF], [nroff awf])
AC_PATH_PROG([MANDOC], [mandoc])
+AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
AC_SUBST([TEST_SHELL], [sh])
dnl select manpage formatter to be used to build "cat" format pages.
@@ -1666,7 +1667,6 @@ AC_ARG_WITH([libedit],
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
[ if test "x$withval" != "xno" ; then
if test "x$withval" = "xyes" ; then
- AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
if test "x$PKGCONFIG" != "xno"; then
AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
if "$PKGCONFIG" libedit; then
@@ -2023,13 +2023,8 @@ AC_ARG_ENABLE([security-key],
enable_sk_internal=
AC_ARG_WITH([security-key-builtin],
[ --with-security-key-builtin include builtin U2F/FIDO support],
- [
- if test "x$withval" != "xno" ; then
- enable_sk_internal=yes
- fi
- ]
+ [ enable_sk_internal=$withval ]
)
-test "x$disable_sk" != "x" && enable_sk_internal=""
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
@@ -3218,8 +3213,7 @@ fi
AC_MSG_RESULT([$enable_sk])
# Now check for built-in security key support.
-if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
- AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
use_pkgconfig_for_libfido2=
if test "x$PKGCONFIG" != "xno"; then
AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
@@ -3237,33 +3231,43 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
LIBFIDO2="-lfido2 -lcbor"
fi
OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
+ fido2_error=
AC_CHECK_LIB([fido2], [fido_init],
- [
- AC_SUBST([LIBFIDO2])
- AC_DEFINE([ENABLE_SK_INTERNAL], [],
- [Enable for built-in U2F/FIDO support])
- enable_sk="built-in"
- ], [ AC_MSG_ERROR([no usable libfido2 found]) ],
+ [ ],
+ [ fido2_error="missing/unusable libfido2" ],
[ $OTHERLIBS ]
)
- saved_LIBS="$LIBS"
- LIBS="$LIBS $LIBFIDO2"
- AC_CHECK_FUNCS([ \
- fido_assert_set_clientdata \
- fido_cred_prot \
- fido_cred_set_prot \
- fido_cred_set_clientdata \
- fido_dev_get_touch_begin \
- fido_dev_get_touch_status \
- fido_dev_supports_cred_prot \
- ])
- LIBS="$saved_LIBS"
AC_CHECK_HEADER([fido.h], [],
- AC_MSG_ERROR([missing fido.h from libfido2]))
+ [ fido2_error="missing fido.h from libfido2" ])
AC_CHECK_HEADER([fido/credman.h], [],
- AC_MSG_ERROR([missing fido/credman.h from libfido2]),
- [#include <fido.h>]
+ [ fido2_error="missing fido/credman.h from libfido2" ],
+ [ #include <fido.h> ]
)
+ AC_MSG_CHECKING([for usable libfido2 installation])
+ if test ! -z "$fido2_error" ; then
+ AC_MSG_RESULT([$fido2_error])
+ if test "x$enable_sk_internal" = "xyes" ; then
+ AC_MSG_ERROR([No usable libfido2 library/headers found])
+ fi
+ else
+ AC_MSG_RESULT([yes])
+ AC_SUBST([LIBFIDO2])
+ AC_DEFINE([ENABLE_SK_INTERNAL], [],
+ [Enable for built-in U2F/FIDO support])
+ enable_sk="built-in"
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $LIBFIDO2"
+ AC_CHECK_FUNCS([ \
+ fido_assert_set_clientdata \
+ fido_cred_prot \
+ fido_cred_set_prot \
+ fido_cred_set_clientdata \
+ fido_dev_get_touch_begin \
+ fido_dev_get_touch_status \
+ fido_dev_supports_cred_prot \
+ ])
+ LIBS="$saved_LIBS"
+ fi
fi
AC_CHECK_FUNCS([ \
@@ -4667,7 +4671,6 @@ AC_ARG_WITH([kerberos5],
AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
KRB5_MSG="yes"
- AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
use_pkgconfig_for_krb5=
if test "x$PKGCONFIG" != "xno"; then
AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])