summaryrefslogtreecommitdiff
path: root/src/shared/libfido2-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2021-05-27 22:06:25 +0200
committerLennart Poettering <lennart@poettering.net>2021-05-28 16:36:52 +0200
commit1ce8f69dbd9b6dc931defb32cb7ee0229935d176 (patch)
treedd430fcb8ec4f315c5e919283c17382ec61fecd6 /src/shared/libfido2-util.c
parentec543d18d459ad39cd34923eaeafb233e031b196 (diff)
downloadsystemd-1ce8f69dbd9b6dc931defb32cb7ee0229935d176.tar.gz
fido2: properly handle case when no PINs are specified during auth
Also, drop redundant check for has_client_pin, which can never happen, since we already filtered this case a bit further up.
Diffstat (limited to 'src/shared/libfido2-util.c')
-rw-r--r--src/shared/libfido2-util.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
index 573aef238c..3da64b549a 100644
--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -325,15 +325,15 @@ static int fido2_use_hmac_hash_specific_token(
if (FLAGS_SET(required, FIDO2ENROLL_PIN)) {
char **i;
- if (!has_client_pin)
- log_warning("Weird, device asked for client PIN, but does not advertise it as feature. Ignoring.");
-
- /* OK, we needed a pin, try with all pins in turn */
- STRV_FOREACH(i, pins) {
- r = sym_fido_dev_get_assert(d, a, *i);
- if (r != FIDO_ERR_PIN_INVALID)
- break;
- }
+ /* OK, we need a pin, try with all pins in turn */
+ if (strv_isempty(pins))
+ r = FIDO_ERR_PIN_REQUIRED;
+ else
+ STRV_FOREACH(i, pins) {
+ r = sym_fido_dev_get_assert(d, a, *i);
+ if (r != FIDO_ERR_PIN_INVALID)
+ break;
+ }
} else
r = sym_fido_dev_get_assert(d, a, NULL);
View Lorry Controller Status