mirror of
https://github.com/systemd/systemd
synced 2026-03-17 18:44:46 +01:00
Compare commits
No commits in common. "d65c5d04f9c6d6c943e67e677161caed782fe7a7" and "f7e31e9dfd5a3f383c872e8a9062ef3cd4d34d95" have entirely different histories.
d65c5d04f9
...
f7e31e9dfd
@ -165,6 +165,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
return r;
|
return r;
|
||||||
|
|
||||||
SET_FLAG(arg_fido2_lock_with, FIDO2ENROLL_PIN, lock_with_pin);
|
SET_FLAG(arg_fido2_lock_with, FIDO2ENROLL_PIN, lock_with_pin);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -176,6 +177,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
return r;
|
return r;
|
||||||
|
|
||||||
SET_FLAG(arg_fido2_lock_with, FIDO2ENROLL_UP, lock_with_up);
|
SET_FLAG(arg_fido2_lock_with, FIDO2ENROLL_UP, lock_with_up);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -187,6 +189,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
return r;
|
return r;
|
||||||
|
|
||||||
SET_FLAG(arg_fido2_lock_with, FIDO2ENROLL_UV, lock_with_uv);
|
SET_FLAG(arg_fido2_lock_with, FIDO2ENROLL_UV, lock_with_uv);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -307,9 +307,7 @@ static int fido2_use_hmac_hash_specific_token(
|
|||||||
sym_fido_strerr(r));
|
sym_fido_strerr(r));
|
||||||
|
|
||||||
if (FLAGS_SET(required, FIDO2ENROLL_UP))
|
if (FLAGS_SET(required, FIDO2ENROLL_UP))
|
||||||
log_notice("%s%sPlease confirm presence on security token to unlock.",
|
log_info("User presence required to unlock.");
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
|
||||||
emoji_enabled() ? " " : "");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (has_uv && !FLAGS_SET(required, FIDO2ENROLL_UV_OMIT)) {
|
if (has_uv && !FLAGS_SET(required, FIDO2ENROLL_UV_OMIT)) {
|
||||||
@ -321,9 +319,7 @@ static int fido2_use_hmac_hash_specific_token(
|
|||||||
sym_fido_strerr(r));
|
sym_fido_strerr(r));
|
||||||
|
|
||||||
if (FLAGS_SET(required, FIDO2ENROLL_UV))
|
if (FLAGS_SET(required, FIDO2ENROLL_UV))
|
||||||
log_notice("%s%sPlease verify user on security token to unlock.",
|
log_info("User verification required to unlock.");
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
|
||||||
emoji_enabled() ? " " : "");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
@ -355,16 +351,14 @@ static int fido2_use_hmac_hash_specific_token(
|
|||||||
|
|
||||||
if (!has_up)
|
if (!has_up)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
"Token asks for user presence test but doesn't advertise 'up' feature.");
|
"Token asks for user presence check but doesn't advertise 'up' feature.");
|
||||||
|
|
||||||
if (FLAGS_SET(required, FIDO2ENROLL_UP))
|
if (FLAGS_SET(required, FIDO2ENROLL_UP))
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
"Token asks for user presence test but was already enabled.");
|
"Token asks for user presence check but was already enabled.");
|
||||||
|
|
||||||
if (FLAGS_SET(required, FIDO2ENROLL_UP_IF_NEEDED)) {
|
if (FLAGS_SET(required, FIDO2ENROLL_UP_IF_NEEDED)) {
|
||||||
log_notice("%s%sPlease confirm presence on security to unlock.",
|
log_info("User presence required to unlock.");
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
|
||||||
emoji_enabled() ? " " : "");
|
|
||||||
retry_with_up = true;
|
retry_with_up = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -375,9 +369,7 @@ static int fido2_use_hmac_hash_specific_token(
|
|||||||
* it gracefully (also see below.) */
|
* it gracefully (also see below.) */
|
||||||
|
|
||||||
if (has_up && (required & (FIDO2ENROLL_UP|FIDO2ENROLL_UP_IF_NEEDED)) == FIDO2ENROLL_UP_IF_NEEDED) {
|
if (has_up && (required & (FIDO2ENROLL_UP|FIDO2ENROLL_UP_IF_NEEDED)) == FIDO2ENROLL_UP_IF_NEEDED) {
|
||||||
log_notice("%s%sGot unsupported option error when when user presence test is turned off. Trying with user presence test turned on.",
|
log_notice("Got unsupported option error when when user presence test is turned off. Trying with user presence test turned on.");
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
|
||||||
emoji_enabled() ? " " : "");
|
|
||||||
retry_with_up = true;
|
retry_with_up = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -629,7 +621,7 @@ int fido2_generate_hmac_hash(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!has_uv && FLAGS_SET(lock_with, FIDO2ENROLL_UV)) {
|
if (!has_uv && FLAGS_SET(lock_with, FIDO2ENROLL_UV)) {
|
||||||
log_notice("Locking with user verification test requested, but FIDO2 device %s does not support it, disabling.", device);
|
log_notice("Locking with user verification requested, but FIDO2 device %s does not support it, disabling.", device);
|
||||||
lock_with &= ~FIDO2ENROLL_UV;
|
lock_with &= ~FIDO2ENROLL_UV;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -686,10 +678,9 @@ int fido2_generate_hmac_hash(
|
|||||||
|
|
||||||
log_info("Initializing FIDO2 credential on security token.");
|
log_info("Initializing FIDO2 credential on security token.");
|
||||||
|
|
||||||
if (has_uv || has_up)
|
log_notice("%s%s(Hint: This might require verification of user presence on security token.)",
|
||||||
log_notice("%s%s(Hint: This might require confirmation of user presence on security token.)",
|
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
emoji_enabled() ? " " : "");
|
||||||
emoji_enabled() ? " " : "");
|
|
||||||
|
|
||||||
r = sym_fido_dev_make_cred(d, c, NULL);
|
r = sym_fido_dev_make_cred(d, c, NULL);
|
||||||
if (r == FIDO_ERR_PIN_REQUIRED) {
|
if (r == FIDO_ERR_PIN_REQUIRED) {
|
||||||
@ -709,7 +700,7 @@ int fido2_generate_hmac_hash(
|
|||||||
r = FIDO_ERR_PIN_INVALID;
|
r = FIDO_ERR_PIN_INVALID;
|
||||||
STRV_FOREACH(i, pin) {
|
STRV_FOREACH(i, pin) {
|
||||||
if (isempty(*i)) {
|
if (isempty(*i)) {
|
||||||
log_notice("PIN may not be empty.");
|
log_info("PIN may not be empty.");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -823,17 +814,13 @@ int fido2_generate_hmac_hash(
|
|||||||
|
|
||||||
if (!has_up)
|
if (!has_up)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
"Token asks for user presence test but doesn't advertise 'up' feature.");
|
"Token asks for user presence check but doesn't advertise 'up' feature.");
|
||||||
|
|
||||||
if (FLAGS_SET(lock_with, FIDO2ENROLL_UP))
|
if (FLAGS_SET(lock_with, FIDO2ENROLL_UP))
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
"Token asks for user presence test but was already enabled.");
|
"Token asks for user presence check but was already enabled.");
|
||||||
|
|
||||||
log_notice("%s%sLocking without user presence test requested, but FIDO2 device %s requires it, enabling.",
|
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
|
||||||
emoji_enabled() ? " " : "",
|
|
||||||
device);
|
|
||||||
|
|
||||||
|
log_notice("Locking without user presence test requested, but FIDO2 device %s requires it, enabling.", device);
|
||||||
retry_with_up = true;
|
retry_with_up = true;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -845,9 +832,7 @@ int fido2_generate_hmac_hash(
|
|||||||
* slightly more defensively. */
|
* slightly more defensively. */
|
||||||
|
|
||||||
if (has_up && !FLAGS_SET(lock_with, FIDO2ENROLL_UP)) {
|
if (has_up && !FLAGS_SET(lock_with, FIDO2ENROLL_UP)) {
|
||||||
log_notice("%s%sGot unsupported option error when when user presence test is turned off. Trying with user presence test turned on.",
|
log_notice("Got unsupported option error when when user presence test is turned off. Trying with user presence test turned on.");
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
|
||||||
emoji_enabled() ? " " : "");
|
|
||||||
retry_with_up = true;
|
retry_with_up = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user