summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCorinna Vinschen <vinschen@redhat.com>2022-02-15 11:28:08 +0100
committerDamien Miller <djm@mindrot.org>2022-08-05 06:42:10 +0200
commit242c044ab111a37aad3b0775727c36a4c5f0102c (patch)
treebcd9a206862f9e5d5545409f3c7180304432e058
parentcompat code for fido_dev_is_winhello() (diff)
downloadopenssh-242c044ab111a37aad3b0775727c36a4c5f0102c.tar.xz
openssh-242c044ab111a37aad3b0775727c36a4c5f0102c.zip
check_sk_options: add temporary WinHello workaround
Up to libfido 1.10.0, WinHello advertises "clientPin" rather than "uv" capability. This is fixed in 1.11.0. For the time being, workaround it here. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
-rw-r--r--sk-usbhid.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/sk-usbhid.c b/sk-usbhid.c
index dfe88789a..06bf0e85c 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -450,6 +450,15 @@ check_sk_options(fido_dev_t *dev, const char *opt, int *ret)
skdebug(__func__, "device is not fido2");
return 0;
}
+ /*
+ * Workaround required up to libfido2 1.10.0. As soon as 1.11.0
+ * is released and updated in the Cygwin release, we can drop this.
+ */
+ if (fido_dev_is_winhello(dev) && strcmp (opt, "uv") == 0) {
+ skdebug(__func__, "device is winhello");
+ *ret = 1;
+ return 0;
+ }
if ((info = fido_cbor_info_new()) == NULL) {
skdebug(__func__, "fido_cbor_info_new failed");
return -1;