Make dependency on libykpers optional.

Use --without-cr to force it. Reported by Jussi Sallinen <jussi@jus.si>.
2025-02-21 15:54:41 +01:00 · 2011-06-07 00:34:40 +02:00 · 2011-06-07 00:34:40 +02:00 · e469b630d5
commit e469b630d5
parent eb438e782c
7 changed files with 92 additions and 51 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,17 +1,28 @@
-Makefile.in
-configure
-build-aux
-m4
-autom4te.cache
-aclocal.m4
-INSTALL
 *~
 .*~
-\#*
+.deps/
+.libs/
 ChangeLog
+INSTALL
+Makefile
+Makefile.in
+\#*
+aclocal.m4
+autom4te.cache
+build-aux
 config.guess
+config.log
+config.status
 config.sub
+configure
 depcomp
 install-sh
+libtool
 ltmain.sh
 missing
+pam_yubico.la
+pam_yubico_la-pam_yubico.lo
+pam_yubico_la-util.lo
+test
+test.o
+ykpamcfg
--- a/Makefile.am
+++ b/Makefile.am
@ -44,14 +44,17 @@ DEFS = -DDEBUG_PAM -DPAM_DEBUG @DEFS@

 # The command line tools.

+if YKPERS
 bin_PROGRAMS = ykpamcfg
+endif

 ykpamcfg_SOURCES = ykpamcfg.c util.c
 ykpamcfg_LDADD = @LTLIBYKCLIENT@ @YKPERS_LIBS@ @LTLIBYUBIKEY@
 ykpamcfg_CPPFLAGS = @YKPERS_CFLAGS@

+if YKPERS
 dist_man1_MANS = ykpamcfg.1
-
+endif

 # Self tests.

--- a/5
+++ b/5
@ -1,5 +1,10 @@
 pam_yubico NEWS -- History of user-visible changes.             -*- outline -*-

+* Version 2.7 (unreleased)
+
+** Make dependency on libykpers optional.
+Use --without-cr to force it.  Reported by Jussi Sallinen <jussi@jus.si>.
+
 * Version 2.6 (released 2011-04-11)

 ** This release includes lots of patches by members of our open
--- a/configure.ac
+++ b/configure.ac
@ -26,7 +26,7 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-AC_INIT([pam_yubico], [2.6], [simon@yubico.com])
+AC_INIT([pam_yubico], [2.7], [simon@yubico.com])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([foreign])
@ -64,14 +64,24 @@ if test "$ac_cv_libykclient" != yes; then
   AC_MSG_ERROR([[Libykclient v2.4+ required, see http://code.google.com/p/yubico-c-client/]])
 fi

-AC_LIB_HAVE_LINKFLAGS(yubikey,,
-		      [#include <yubikey.h>],                                                                                                                               			  [yubikey_modhex_p("foo")])
+AC_LIB_HAVE_LINKFLAGS(yubikey,, [#include <yubikey.h>],
+                      [yubikey_modhex_p("foo")])
 if test "$ac_cv_libyubikey" != yes; then
-  AC_MSG_ERROR([libyubikey v1.5+ not found, see http://code.google.com/p/yubico-c/])
+  AC_MSG_ERROR([Libyubikey v1.5+ not found, see http://code.google.com/p/yubico-c/])
 fi

-
-PKG_CHECK_MODULES([YKPERS], [ykpers-1]);
+AC_ARG_WITH([cr],
+  [AS_HELP_STRING([--without-cr],
+    [disable support for challenge/response])],
+  [],
+  [with_cr=yes])
+if test "x$with_cr" != xno; then
+  PKG_CHECK_MODULES([YKPERS], [ykpers-1]);
+fi
+if test -n "$YKPERS_LIBS"; then
+  AC_DEFINE([HAVE_CR], [1], [Define if you have libykpers-1])
+fi
+AM_CONDITIONAL([YKPERS], [test -n "$YKPERS_LIBS"])

 AC_SUBST(PAMDIR, "\$(exec_prefix)/lib/security")
 AC_ARG_WITH(pam-dir,
--- a/pam_yubico.c
+++ b/pam_yubico.c
@ -382,6 +382,7 @@ display_error(pam_handle_t *pamh, char *message) {
  return retval;
 }

+#if HAVE_LIBYKPERS_1
 static int
 do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
 {
@ -537,6 +538,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
  return ret;
 }
 #undef USERFILE
+#endif

 static void
 parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
@ -648,7 +650,13 @@ pam_sm_authenticate (pam_handle_t * pamh,
  DBG (("get user returned: %s", user));

  if (cfg->mode == CHRESP) {
+#if HAVE_LIBYKPERS_1
    return do_challenge_response(pamh, cfg, user);
+#else
+    DBG (("no support for challenge/response"));
+    retval = PAM_AUTH_ERR;
+    goto done;
+#endif
  }

  if (cfg->try_first_pass || cfg->use_first_pass)
--- a/util.c
+++ b/util.c
@ -39,11 +39,35 @@

 #include "util.h"

-#include <ykclient.h>
-#include <ykcore.h>
-#include <ykstatus.h>
-#include <ykdef.h>
+int
+get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn)
+{
+  /* Getting file from user home directory, e.g. ~/.yubico/challenge, or
+   * from a system wide directory.
+   *
+   * Format is hex(challenge):hex(response):slot num
+   */
+  struct passwd *p;
+  char *userfile;

+  if (common_path != NULL) {
+    if (asprintf (&userfile, "%s/%s", common_path, filename) >= 0)
+      *fn = userfile;
+    return (userfile >= 0);
+  }
+
+  /* No common path provided. Construct path to user's ~/.yubico/filename */
+
+  p = getpwnam (username);
+  if (!p)
+    return 0;
+
+  if (asprintf (&userfile, "%s/.yubico/%s", p->pw_dir, filename) >= 0)
+    *fn = userfile;
+  return (userfile >= 0);
+}
+
+#if HAVE_CR
 /* Fill buf with len bytes of random data */
 int generate_random(char *buf, int len)
 {
@ -61,34 +85,6 @@ int generate_random(char *buf, int len)
 	return (res != len);
 }

-int
-get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn)
-{
-	/* Getting file from user home directory, e.g. ~/.yubico/challenge, or
-	 * from a system wide directory.
-	 *
-	 * Format is hex(challenge):hex(response):slot num
-	 */
-	struct passwd *p;
-	char *userfile;
-
-	if (common_path != NULL) {
-		if (asprintf (&userfile, "%s/%s", common_path, filename) >= 0)
-			*fn = userfile;
-		return (userfile >= 0);
-	}
-
-	/* No common path provided. Construct path to user's ~/.yubico/filename */
-
-	p = getpwnam (username);
-	if (!p)
-		return 0;
-
-	if (asprintf (&userfile, "%s/.yubico/%s", p->pw_dir, filename) >= 0)
-		*fn = userfile;
-	return (userfile >= 0);
-}
-
 int
 check_firmware_version(YK_KEY *yk, bool verbose, bool quiet)
 {
@ -307,3 +303,4 @@ write_chalresp_state(FILE *f, CR_STATE *state)
 out:
  return 0;
 }
+#endif /* HAVE_CR */
--- a/util.h
+++ b/util.h
@ -37,9 +37,7 @@
 #include <stdio.h>

 #include <ykclient.h>
-#include <ykcore.h>
-#include <ykstatus.h>
-#include <ykdef.h>
+

 #if defined(DEBUG_PAM)
 # if defined(HAVE_SECURITY__PAM_MACROS_H)
@ -54,6 +52,14 @@
 # endif /* HAVE_SECURITY__PAM_MACROS_H */
 #endif /* DEBUG_PAM */

+int get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn);
+
+#if HAVE_CR
+
+#include <ykcore.h>
+#include <ykstatus.h>
+#include <ykdef.h>
+
 /* Challenges can be 0..63 or 64 bytes long, depending on YubiKey configuration.
 * We settle for 63 bytes to have something that works with all configurations.
 */
@ -72,7 +78,6 @@ typedef struct chalresp_state CR_STATE;

 int generate_random(char *buf, int len);

-int get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn);
 int get_user_challenge_file(YK_KEY *yk, const char *chalresp_path, const char *username, char **fn);

 int load_chalresp_state(FILE *f, CR_STATE *state);
@ -85,4 +90,6 @@ int challenge_response(YK_KEY *yk, int slot,
 		       bool hmac, unsigned int flags, bool verbose,
 		       unsigned char *response, int res_size, int *res_len);

+#endif /* HAVE_CR */
+
 #endif /* __PAM_YUBICO_UTIL_H_INCLUDED__ */