tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 08:14:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

tweak back-compat for older libfido2

Browse Source
This commit is contained in:
Damien Miller 2020-08-27 20:01:52 +10:00
parent d6f45cdde0
commit ce178be0d9
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@ -3183,6 +3183,7 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
saved_LIBS="$LIBS" saved_LIBS="$LIBS"
LIBS="$LIBS $LIBFIDO2" LIBS="$LIBS $LIBFIDO2"
AC_CHECK_FUNCS([ \ AC_CHECK_FUNCS([ \
fido_cred_prot \
fido_cred_set_prot \ fido_cred_set_prot \
fido_dev_get_touch_status \ fido_dev_get_touch_status \
fido_dev_supports_cred_prot \ fido_dev_supports_cred_prot \

26
sk-usbhid.c
View File

@ -42,6 +42,12 @@
#include <fido/credman.h> #include <fido/credman.h>
/* backwards compat for libfido2 */ /* backwards compat for libfido2 */
#ifndef HAVE_FIDO_CRED_PROD
#define fido_cred_prot(x) (0)
#endif
#ifndef HAVE_FIDO_CRED_SET_PROT
#define fido_cred_set_prot(x, y) (FIDO_ERR_UNSUPPORTED_OPTION)
#endif
#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT #ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
#define fido_dev_supports_cred_prot(x) (0) #define fido_dev_supports_cred_prot(x) (0)
#endif #endif
@ -51,6 +57,12 @@
#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
#define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION) #define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION)
#endif #endif
#ifndef FIDO_CRED_PROT_UV_REQUIRED
#define FIDO_CRED_PROT_UV_REQUIRED 0
#endif
#ifndef FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID
#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0
#endif
#ifndef SK_STANDALONE #ifndef SK_STANDALONE
# include "log.h" # include "log.h"
@ -395,11 +407,6 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs)
size_t skvcnt, idx; size_t skvcnt, idx;
int touch, ms_remain; int touch, ms_remain;
#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
return NULL;
#endif
if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) { if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
skdebug(__func__, "sk_openv failed"); skdebug(__func__, "sk_openv failed");
return NULL; return NULL;
@ -413,6 +420,11 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs)
} }
goto out; goto out;
} }
#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
goto out;
#endif
if (sk_touch_begin(skv, skvcnt) == -1) { if (sk_touch_begin(skv, skvcnt) == -1) {
skdebug(__func__, "sk_touch_begin failed"); skdebug(__func__, "sk_touch_begin failed");
goto out; goto out;
@ -728,10 +740,12 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
goto out; goto out;
} }
if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) { if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) {
#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT #if !defined(HAVE_FIDO_DEV_SUPPORTS_CRED_PROT) || \
!defined(HAVE_FIDO_CRED_SET_PROT)
skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0"); skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0");
ret = SSH_SK_ERR_UNSUPPORTED; ret = SSH_SK_ERR_UNSUPPORTED;
goto out; goto out;
credprot = 0; (void)credprot; /* avoid warning */
#endif #endif
if (!fido_dev_supports_cred_prot(sk->dev)) { if (!fido_dev_supports_cred_prot(sk->dev)) {
skdebug(__func__, "%s does not support credprot, " skdebug(__func__, "%s does not support credprot, "