Make dependency on libykpers optional.

Use --without-cr to force it.  Reported by Jussi Sallinen <jussi@jus.si>.

.gitignore

@@ -1,17 +1,28 @@
-Makefile.in
-configure
-build-aux
-m4
-autom4te.cache
-aclocal.m4
-INSTALL
 *~
 .*~
-\#*
+.deps/
+.libs/
 ChangeLog
+INSTALL
+Makefile
+Makefile.in
+\#*
+aclocal.m4
+autom4te.cache
+build-aux
 config.guess
+config.log
+config.status
 config.sub
+configure
 depcomp
 install-sh
+libtool
 ltmain.sh
 missing
+pam_yubico.la
+pam_yubico_la-pam_yubico.lo
+pam_yubico_la-util.lo
+test
+test.o
+ykpamcfg

Makefile.am

@@ -44,14 +44,17 @@ DEFS = -DDEBUG_PAM -DPAM_DEBUG @DEFS@
 
 # The command line tools.
 
+if YKPERS
 bin_PROGRAMS = ykpamcfg
+endif
 
 ykpamcfg_SOURCES = ykpamcfg.c util.c
 ykpamcfg_LDADD = @LTLIBYKCLIENT@ @YKPERS_LIBS@ @LTLIBYUBIKEY@
 ykpamcfg_CPPFLAGS = @YKPERS_CFLAGS@
 
+if YKPERS
 dist_man1_MANS = ykpamcfg.1
-
+endif
 
 # Self tests.
 

NEWS

@@ -1,5 +1,10 @@
 pam_yubico NEWS -- History of user-visible changes.             -*- outline -*-
 
+* Version 2.7 (unreleased)
+
+** Make dependency on libykpers optional.
+Use --without-cr to force it.  Reported by Jussi Sallinen <jussi@jus.si>.
+
 * Version 2.6 (released 2011-04-11)
 
 ** This release includes lots of patches by members of our open

configure.ac

@@ -26,7 +26,7 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-AC_INIT([pam_yubico], [2.6], [simon@yubico.com])
+AC_INIT([pam_yubico], [2.7], [simon@yubico.com])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([foreign])
@@ -64,14 +64,24 @@ if test "$ac_cv_libykclient" != yes; then
    AC_MSG_ERROR([[Libykclient v2.4+ required, see http://code.google.com/p/yubico-c-client/]])
 fi
 
-AC_LIB_HAVE_LINKFLAGS(yubikey,,
+AC_LIB_HAVE_LINKFLAGS(yubikey,, [#include <yubikey.h>],
-		      [#include <yubikey.h>],                                                                                                                               			  [yubikey_modhex_p("foo")])
+                      [yubikey_modhex_p("foo")])
 if test "$ac_cv_libyubikey" != yes; then
-  AC_MSG_ERROR([libyubikey v1.5+ not found, see http://code.google.com/p/yubico-c/])
+  AC_MSG_ERROR([Libyubikey v1.5+ not found, see http://code.google.com/p/yubico-c/])
 fi
 
-
+AC_ARG_WITH([cr],
-PKG_CHECK_MODULES([YKPERS], [ykpers-1]);
+  [AS_HELP_STRING([--without-cr],
+    [disable support for challenge/response])],
+  [],
+  [with_cr=yes])
+if test "x$with_cr" != xno; then
+  PKG_CHECK_MODULES([YKPERS], [ykpers-1]);
+fi
+if test -n "$YKPERS_LIBS"; then
+  AC_DEFINE([HAVE_CR], [1], [Define if you have libykpers-1])
+fi
+AM_CONDITIONAL([YKPERS], [test -n "$YKPERS_LIBS"])
 
 AC_SUBST(PAMDIR, "\$(exec_prefix)/lib/security")
 AC_ARG_WITH(pam-dir,

pam_yubico.c

@@ -382,6 +382,7 @@ display_error(pam_handle_t *pamh, char *message) {
   return retval;
 }
 
+#if HAVE_LIBYKPERS_1
 static int
 do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
 {
@@ -537,6 +538,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   return ret;
 }
 #undef USERFILE
+#endif
 
 static void
 parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
@@ -648,7 +650,13 @@ pam_sm_authenticate (pam_handle_t * pamh,
   DBG (("get user returned: %s", user));
 
   if (cfg->mode == CHRESP) {
+#if HAVE_LIBYKPERS_1
     return do_challenge_response(pamh, cfg, user);
+#else
+    DBG (("no support for challenge/response"));
+    retval = PAM_AUTH_ERR;
+    goto done;
+#endif
   }
 
   if (cfg->try_first_pass || cfg->use_first_pass)

util.c

@@ -39,11 +39,35 @@
 
 #include "util.h"
 
-#include <ykclient.h>
+int
-#include <ykcore.h>
+get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn)
-#include <ykstatus.h>
+{
-#include <ykdef.h>
+  /* Getting file from user home directory, e.g. ~/.yubico/challenge, or
+   * from a system wide directory.
+   *
+   * Format is hex(challenge):hex(response):slot num
+   */
+  struct passwd *p;
+  char *userfile;
 
+  if (common_path != NULL) {
+    if (asprintf (&userfile, "%s/%s", common_path, filename) >= 0)
+      *fn = userfile;
+    return (userfile >= 0);
+  }
+
+  /* No common path provided. Construct path to user's ~/.yubico/filename */
+
+  p = getpwnam (username);
+  if (!p)
+    return 0;
+
+  if (asprintf (&userfile, "%s/.yubico/%s", p->pw_dir, filename) >= 0)
+    *fn = userfile;
+  return (userfile >= 0);
+}
+
+#if HAVE_CR
 /* Fill buf with len bytes of random data */
 int generate_random(char *buf, int len)
 {
@@ -61,34 +85,6 @@ int generate_random(char *buf, int len)
 	return (res != len);
 }
 
-int
-get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn)
-{
-	/* Getting file from user home directory, e.g. ~/.yubico/challenge, or
-	 * from a system wide directory.
-	 *
-	 * Format is hex(challenge):hex(response):slot num
-	 */
-	struct passwd *p;
-	char *userfile;
-
-	if (common_path != NULL) {
-		if (asprintf (&userfile, "%s/%s", common_path, filename) >= 0)
-			*fn = userfile;
-		return (userfile >= 0);
-	}
-
-	/* No common path provided. Construct path to user's ~/.yubico/filename */
-
-	p = getpwnam (username);
-	if (!p)
-		return 0;
-
-	if (asprintf (&userfile, "%s/.yubico/%s", p->pw_dir, filename) >= 0)
-		*fn = userfile;
-	return (userfile >= 0);
-}
-
 int
 check_firmware_version(YK_KEY *yk, bool verbose, bool quiet)
 {
@@ -307,3 +303,4 @@ write_chalresp_state(FILE *f, CR_STATE *state)
  out:
   return 0;
 }
+#endif /* HAVE_CR */

util.h

@@ -37,9 +37,7 @@
 #include <stdio.h>
 
 #include <ykclient.h>
-#include <ykcore.h>
+
-#include <ykstatus.h>
-#include <ykdef.h>
 
 #if defined(DEBUG_PAM)
 # if defined(HAVE_SECURITY__PAM_MACROS_H)
@@ -54,6 +52,14 @@
 # endif /* HAVE_SECURITY__PAM_MACROS_H */
 #endif /* DEBUG_PAM */
 
+int get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn);
+
+#if HAVE_CR
+
+#include <ykcore.h>
+#include <ykstatus.h>
+#include <ykdef.h>
+
 /* Challenges can be 0..63 or 64 bytes long, depending on YubiKey configuration.
  * We settle for 63 bytes to have something that works with all configurations.
  */
@@ -72,7 +78,6 @@ typedef struct chalresp_state CR_STATE;
 
 int generate_random(char *buf, int len);
 
-int get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn);
 int get_user_challenge_file(YK_KEY *yk, const char *chalresp_path, const char *username, char **fn);
 
 int load_chalresp_state(FILE *f, CR_STATE *state);
@@ -85,4 +90,6 @@ int challenge_response(YK_KEY *yk, int slot,
 		       bool hmac, unsigned int flags, bool verbose,
 		       unsigned char *response, int res_size, int *res_len);
 
+#endif /* HAVE_CR */
+
 #endif /* __PAM_YUBICO_UTIL_H_INCLUDED__ */