fido2: drop -v
option (PIN request)
We used to pass `-v` on `gocryptfs -init` but not for mount, which seems strange by itself, but more importantly, `-v` does not work on Yubikeys. Drop `-v`. Fixes https://github.com/rfjakob/gocryptfs/issues/571
This commit is contained in:
parent
d6c8d892ff
commit
2a9d70d48f
@ -208,6 +208,9 @@ RM: 2,367
|
||||
Changelog
|
||||
---------
|
||||
|
||||
v2.1 (IN PROGRESS)
|
||||
* fido2: do not request PIN on `gocryptfs -init` ([#571](https://github.com/rfjakob/gocryptfs/issues/571))
|
||||
|
||||
v2.0.1, 2021-06-07
|
||||
* Fix symlink creation reporting the wrong size, causing git to report it as modified
|
||||
([#574](https://github.com/rfjakob/gocryptfs/issues/574))
|
||||
|
@ -19,7 +19,6 @@ type fidoCommand int
|
||||
const (
|
||||
cred fidoCommand = iota
|
||||
assert fidoCommand = iota
|
||||
assertWithPIN fidoCommand = iota
|
||||
)
|
||||
|
||||
// String pretty-prints for debug output
|
||||
@ -29,8 +28,6 @@ func (fc fidoCommand) String() string {
|
||||
return "cred"
|
||||
case assert:
|
||||
return "assert"
|
||||
case assertWithPIN:
|
||||
return "assertWithPIN"
|
||||
default:
|
||||
return fmt.Sprintf("%d", fc)
|
||||
}
|
||||
@ -45,8 +42,6 @@ func callFidoCommand(command fidoCommand, device string, stdin []string) ([]stri
|
||||
cmd = exec.Command("fido2-cred", "-M", "-h", "-v", device)
|
||||
case assert:
|
||||
cmd = exec.Command("fido2-assert", "-G", "-h", device)
|
||||
case assertWithPIN:
|
||||
cmd = exec.Command("fido2-assert", "-G", "-h", "-v", device)
|
||||
}
|
||||
tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args)
|
||||
cmd.Stderr = os.Stderr
|
||||
@ -92,16 +87,12 @@ func Secret(device string, credentialID []byte, salt []byte) (secret []byte) {
|
||||
crid := base64.StdEncoding.EncodeToString(credentialID)
|
||||
hmacsalt := base64.StdEncoding.EncodeToString(salt)
|
||||
stdin := []string{cdh, relyingPartyID, crid, hmacsalt}
|
||||
// try asserting without PIN first
|
||||
// call fido2-assert
|
||||
out, err := callFidoCommand(assert, device, stdin)
|
||||
if err != nil {
|
||||
// if that fails, let's assert with PIN
|
||||
out, err = callFidoCommand(assertWithPIN, device, stdin)
|
||||
if err != nil {
|
||||
tlog.Fatal.Println(err)
|
||||
os.Exit(exitcodes.FIDO2Error)
|
||||
}
|
||||
}
|
||||
secret, err = base64.StdEncoding.DecodeString(out[4])
|
||||
if err != nil {
|
||||
tlog.Fatal.Println(err)
|
||||
|
Loading…
Reference in New Issue
Block a user