summaryrefslogtreecommitdiffstats
path: root/src/shared/libfido2-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2021-05-27 22:59:18 +0200
committerLennart Poettering <lennart@poettering.net>2021-05-28 16:36:51 +0200
commitec543d18d459ad39cd34923eaeafb233e031b196 (patch)
treee21b935d83313875d71516677af90a2f5917e939 /src/shared/libfido2-util.c
parentcryptenroll: handle FIDO2 tokens gracefully that lack requested features (diff)
downloadsystemd-ec543d18d459ad39cd34923eaeafb233e031b196.tar.xz
systemd-ec543d18d459ad39cd34923eaeafb233e031b196.zip
fido2: make misadvertised clientPin feature fatal
We need really need to trust the feature set, since we are about to set it in stone storing the result in JSON, hence react a bit more allergic about token that misadvertise the feature. Note that I added this to be defensive, I am not aware any token that actually misadvertises this. hence it should be safe to make this fatal, and should this not work we can always revisit things.
Diffstat (limited to '')
-rw-r--r--src/shared/libfido2-util.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
index 4a901cd38c..573aef238c 100644
--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -606,13 +606,15 @@ int fido2_generate_hmac_hash(
r = sym_fido_dev_make_cred(d, c, NULL);
if (r == FIDO_ERR_PIN_REQUIRED) {
+
+ if (!has_client_pin)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "Token asks for PIN but doesn't advertise 'clientPin' feature.");
+
for (;;) {
_cleanup_(strv_free_erasep) char **pin = NULL;
char **i;
- if (!has_client_pin)
- log_warning("Weird, device asked for client PIN, but does not advertise it as feature. Ignoring.");
-
r = ask_password_auto("Please enter security token PIN:", askpw_icon_name, NULL, "fido2-pin", "fido2-pin", USEC_INFINITY, 0, &pin);
if (r < 0)
return log_error_errno(r, "Failed to acquire user PIN: %m");