From b76fb49ad9eb7dd9da6f4568975e8ee99f3ba35f Mon Sep 17 00:00:00 2001
From: Maxim Burgerhout <maxim@wzzrd.com>
Date: Fri, 12 Oct 2012 14:25:23 +0200
Subject: [PATCH] Fix support for setting ACL through udev

Needs recent udev (>= 188) that has ID_SECURITY_TOKEN in 70-uaccess.rules /
70-udev-acl.rules.

No longer uses the deprecated udev-acl tool for setting ACL's on the
/dev/input/event* files created by the Yubikey.
---
 69-yubikey.rules | 10 ++++++++++
 Makefile.am      |  2 +-
 configure.ac     | 18 ++++++++++++++++--
 3 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 69-yubikey.rules

diff --git a/69-yubikey.rules b/69-yubikey.rules
new file mode 100644
index 0000000..c13cd88
--- /dev/null
+++ b/69-yubikey.rules
@@ -0,0 +1,10 @@
+ACTION!="add|change", GOTO="yubico_end"
+
+# Udev rules for letting the console user access the Yubikey USB
+# device node, needed for challenge/response to work correctly.
+
+# Yubico Yubikey II
+ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010", \
+    ENV{ID_SECURITY_TOKEN}="1"
+
+LABEL="yubico_end"
diff --git a/Makefile.am b/Makefile.am
index c43c040..a6e9ece 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -83,7 +83,7 @@ EXTRA_DIST += ykpers4win.mk
 
 udevrulesdir=@udevrulesdir@
 dist_udevrules_DATA = \
-        70-yubikey.rules
+        @udevrulesfile@
 
 # Release
 
diff --git a/configure.ac b/configure.ac
index aa87a23..192b4ea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -126,10 +126,23 @@ AM_CONDITIONAL([BACKEND_OSX], test x$with_backend = xosx)
 AM_CONDITIONAL([BACKEND_WINDOWS], test x$with_backend = xwindows)
 
 AC_ARG_WITH([udevrulesdir],
-  AS_HELP_STRING([--with-udevrulesdir=DIR], [Directory for udev rules]),
+  AS_HELP_STRING([--with-udevrulesdir=DIR], [Install udev rules into this directory]),
   [], [])
 AC_SUBST([udevrulesdir], [$with_udevrulesdir])
 
+# It would be more clear to wrap this in AC_MSG_CHECKING and AC_MSG_RESULT, but
+# this works too. If udevrulesdir is set, check for udev >= 188, which should
+# have the ID_SECURITY_TOKEN tag in 70-uaccess.rules / 70-udev-acl-rules. If
+# a recent enough udev is not found, fall back to using the old
+# 70-yubikey.rules file.
+if test -n "$udevrulesdir"; then
+    PKG_CHECK_MODULES([UDEV], [udev >= 188],
+        udevrulesfile=69-yubikey.rules,
+        udevrulesfile=70-yubikey.rules,
+    )
+    AC_SUBST([udevrulesfile], [$udevrulesfile])
+fi
+
 gl_LD_VERSION_SCRIPT
 gl_VALGRIND_TESTS
 
@@ -178,5 +191,6 @@ AC_MSG_NOTICE([summary of build options:
   Compiler:         ${CC}
   Library types:    Shared=${enable_shared}, Static=${enable_static}
   USB backend:      ${with_backend}
-  udev rules:       ${with_udevrulesdir:-N/A}
+  udev rules dir:   ${with_udevrulesdir:-N/A}
+  udev rules file:  ${udevrulesfile:-N/A}
 ])
-- 
2.39.5