shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

honour disable-token

Browse Source
This commit is contained in:
shimun 2020-10-13 21:25:42 +02:00
parent e5c6ca9237
commit 4b09fcb6cb
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
CHANGELOG.md Normal file
View File

9
src/cli.rs
View File

@ -33,7 +33,7 @@ fn derive_secret(
timeout: u64, timeout: u64,
pin: Option<&str>, pin: Option<&str>,
) -> Fido2LuksResult<([u8; 32], FidoCredential)> { ) -> Fido2LuksResult<([u8; 32], FidoCredential)> {
if credentials.len() == 0 { if credentials.is_empty() {
return Err(Fido2LuksError::InsufficientCredentials); return Err(Fido2LuksError::InsufficientCredentials);
} }
let timeout = Duration::from_secs(timeout); let timeout = Duration::from_secs(timeout);
@ -419,7 +419,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
let slot = if let Some(ref credentials) = credentials.ids { let slot = if let Some(ref credentials) = credentials.ids {
secret(Cow::Borrowed(&credentials.0)) secret(Cow::Borrowed(&credentials.0))
.and_then(|(secret, _cred)| luks_dev.activate(&name, &secret, luks.slot)) .and_then(|(secret, _cred)| luks_dev.activate(&name, &secret, luks.slot))
} else if luks_dev.is_luks2()? { } else if luks_dev.is_luks2()? && !luks.disable_token {
luks_dev.activate_token( luks_dev.activate_token(
&name, &name,
Box::new(|credentials: Vec<String>| { Box::new(|credentials: Vec<String>| {
@ -432,8 +432,11 @@ pub fn run_cli() -> Fido2LuksResult<()> {
}), }),
luks.slot, luks.slot,
) )
} else if luks_dev.is_luks2()? && luks.disable_token {
// disable-token is mostly cosmetic in this instance
return Err(Fido2LuksError::InsufficientCredentials);
} else { } else {
return Err(Fido2LuksError::WrongSecret); // creds or luks2 return Err(Fido2LuksError::WrongSecret);
}; };
match slot { match slot {
Err(e) => { Err(e) => {