diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-05-27 22:59:18 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-05-28 16:36:51 +0200 |
commit | ec543d18d459ad39cd34923eaeafb233e031b196 (patch) | |
tree | e21b935d83313875d71516677af90a2f5917e939 /src/shared/libfido2-util.c | |
parent | cryptenroll: handle FIDO2 tokens gracefully that lack requested features (diff) | |
download | systemd-ec543d18d459ad39cd34923eaeafb233e031b196.tar.xz systemd-ec543d18d459ad39cd34923eaeafb233e031b196.zip |
fido2: make misadvertised clientPin feature fatal
We need really need to trust the feature set, since we are about to set
it in stone storing the result in JSON, hence react a bit more allergic
about token that misadvertise the feature.
Note that I added this to be defensive, I am not aware any token that
actually misadvertises this. hence it should be safe to make this fatal,
and should this not work we can always revisit things.
Diffstat (limited to '')
-rw-r--r-- | src/shared/libfido2-util.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c index 4a901cd38c..573aef238c 100644 --- a/src/shared/libfido2-util.c +++ b/src/shared/libfido2-util.c @@ -606,13 +606,15 @@ int fido2_generate_hmac_hash( r = sym_fido_dev_make_cred(d, c, NULL); if (r == FIDO_ERR_PIN_REQUIRED) { + + if (!has_client_pin) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Token asks for PIN but doesn't advertise 'clientPin' feature."); + for (;;) { _cleanup_(strv_free_erasep) char **pin = NULL; char **i; - if (!has_client_pin) - log_warning("Weird, device asked for client PIN, but does not advertise it as feature. Ignoring."); - r = ask_password_auto("Please enter security token PIN:", askpw_icon_name, NULL, "fido2-pin", "fido2-pin", USEC_INFINITY, 0, &pin); if (r < 0) return log_error_errno(r, "Failed to acquire user PIN: %m"); |