Don't re-request a cached PIN for identities with PIN policy "once"
This commit is contained in:
+4
-4
@@ -592,13 +592,13 @@ impl Connection {
|
|||||||
metadata => metadata,
|
metadata => metadata,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
if let Some(PinPolicy::Never) = self.cached_metadata.as_ref().and_then(|m| m.pin_policy) {
|
match self.cached_metadata.as_ref().and_then(|m| m.pin_policy) {
|
||||||
return Ok(Ok(()));
|
Some(PinPolicy::Never) => return Ok(Ok(())),
|
||||||
|
Some(PinPolicy::Once) if self.yubikey.verify_pin(&[]).is_ok() => return Ok(Ok(())),
|
||||||
|
_ => (),
|
||||||
}
|
}
|
||||||
|
|
||||||
// The policy requires a PIN, so request it.
|
// The policy requires a PIN, so request it.
|
||||||
// Note that we can't distinguish between PinPolicy::Once and PinPolicy::Always
|
|
||||||
// because this plugin is ephemeral, so we always request the PIN.
|
|
||||||
let enter_pin_msg = fl!(
|
let enter_pin_msg = fl!(
|
||||||
"plugin-enter-pin",
|
"plugin-enter-pin",
|
||||||
yubikey_serial = self.yubikey.serial().to_string(),
|
yubikey_serial = self.yubikey.serial().to_string(),
|
||||||
|
|||||||
Reference in New Issue
Block a user