diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-05-27 22:06:25 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-05-28 16:36:52 +0200 |
commit | 1ce8f69dbd9b6dc931defb32cb7ee0229935d176 (patch) | |
tree | dd430fcb8ec4f315c5e919283c17382ec61fecd6 /src/shared/libfido2-util.c | |
parent | ec543d18d459ad39cd34923eaeafb233e031b196 (diff) | |
download | systemd-1ce8f69dbd9b6dc931defb32cb7ee0229935d176.tar.gz |
fido2: properly handle case when no PINs are specified during auth
Also, drop redundant check for has_client_pin, which can never happen,
since we already filtered this case a bit further up.
Diffstat (limited to 'src/shared/libfido2-util.c')
-rw-r--r-- | src/shared/libfido2-util.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c index 573aef238c..3da64b549a 100644 --- a/src/shared/libfido2-util.c +++ b/src/shared/libfido2-util.c @@ -325,15 +325,15 @@ static int fido2_use_hmac_hash_specific_token( if (FLAGS_SET(required, FIDO2ENROLL_PIN)) { char **i; - if (!has_client_pin) - log_warning("Weird, device asked for client PIN, but does not advertise it as feature. Ignoring."); - - /* OK, we needed a pin, try with all pins in turn */ - STRV_FOREACH(i, pins) { - r = sym_fido_dev_get_assert(d, a, *i); - if (r != FIDO_ERR_PIN_INVALID) - break; - } + /* OK, we need a pin, try with all pins in turn */ + if (strv_isempty(pins)) + r = FIDO_ERR_PIN_REQUIRED; + else + STRV_FOREACH(i, pins) { + r = sym_fido_dev_get_assert(d, a, *i); + if (r != FIDO_ERR_PIN_INVALID) + break; + } } else r = sym_fido_dev_get_assert(d, a, NULL); |