fido2: properly handle case when no PINs are specified during auth

author Lennart Poettering <lennart@poettering.net>

Thu, 27 May 2021 20:06:25 +0000 (22:06 +0200)

committer Lennart Poettering <lennart@poettering.net>

Fri, 28 May 2021 14:36:52 +0000 (16:36 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 27 May 2021 20:06:25 +0000 (22:06 +0200)
committer Lennart Poettering <lennart@poettering.net>
Fri, 28 May 2021 14:36:52 +0000 (16:36 +0200)
diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c

index 573aef238cd24b995099fb1c28a4c2614bf9ff92..3da64b549a5b0a022b58b3f2c4115bc0b95e20e4 100644 (file)
--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -325,15 +325,15 @@ static int fido2_use_hmac_hash_specific_token(
          if (FLAGS_SET(required, FIDO2ENROLL_PIN)) {
                  char **i;
  
-                if (!has_client_pin)
-                        log_warning("Weird, device asked for client PIN, but does not advertise it as feature. Ignoring.");
-
-                /* OK, we needed a pin, try with all pins in turn */
-                STRV_FOREACH(i, pins) {
-                        r = sym_fido_dev_get_assert(d, a, *i);
-                        if (r != FIDO_ERR_PIN_INVALID)
-                                break;
-                }
+                /* OK, we need a pin, try with all pins in turn */
+                if (strv_isempty(pins))
+                        r = FIDO_ERR_PIN_REQUIRED;
+                else
+                        STRV_FOREACH(i, pins) {
+                                r = sym_fido_dev_get_assert(d, a, *i);
+                                if (r != FIDO_ERR_PIN_INVALID)
+                                        break;
+                        }
          } else
                  r = sym_fido_dev_get_assert(d, a, NULL);
author	Lennart Poettering <lennart@poettering.net>
	Thu, 27 May 2021 20:06:25 +0000 (22:06 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 28 May 2021 14:36:52 +0000 (16:36 +0200)