], [ AC_MSG_ERROR([no usable libfido2 found]) ],
[ $OTHERLIBS ]
)
- AC_CHECK_LIB([fido2], [fido_cred_set_prot], [],
- [ AC_MSG_ERROR([libfido2 missing fido_cred_set_prot; please use libfido2 >= 1.4.0]) ],
- )
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $LIBFIDO2"
+ AC_CHECK_FUNCS([ \
+ fido_cred_set_prot \
+ fido_dev_get_touch_status \
+ fido_dev_supports_cred_prot \
+ ])
+ LIBS="$saved_LIBS"
AC_CHECK_HEADER([fido.h], [],
AC_MSG_ERROR([missing fido.h from libfido2]))
AC_CHECK_HEADER([fido/credman.h], [],
#include <fido.h>
#include <fido/credman.h>
+/* backwards compat for libfido2 */
+#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
+#define fido_dev_supports_cred_prot(x) (0)
+#endif
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_BEGIN
+#define fido_dev_get_touch_begin(x) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
+#define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
+
#ifndef SK_STANDALONE
# include "log.h"
# include "xmalloc.h"
size_t skvcnt, idx;
int touch, ms_remain;
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
+ skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
+ return NULL;
+#endif
+
if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
skdebug(__func__, "sk_openv failed");
return NULL;
goto out;
}
if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) {
+#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
+ skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0");
+ ret = SSH_SK_ERR_UNSUPPORTED;
+ goto out;
+#endif
if (!fido_dev_supports_cred_prot(sk->dev)) {
skdebug(__func__, "%s does not support credprot, "
"refusing to create unprotected "
projects / thirdparty / openssh-portable.git / commitdiff
