Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p11-kit commands: Add --login option #587

Merged
merged 4 commits into from
Oct 6, 2023
Merged

p11-kit commands: Add --login option #587

merged 4 commits into from
Oct 6, 2023

Conversation

ueno
Copy link
Member

@ueno ueno commented Oct 6, 2023

Previously, those tools determined whether a login is necessary by
checking the presence of "pin-value" query attribute in the URI. It
was too implicit and against modern security practice. This instead
asks users to specify --login option and if no "pin-value" is given,
it tries to read a PIN from the terminal.

Fixes: #570

@coveralls
Copy link

coveralls commented Oct 6, 2023
edited
Loading

Coverage Status

coverage: 69.342% (-0.1%) from 69.476% when pulling 812cab2 on ueno:wip/dueno/login into 6052329 on p11-glue:master.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 6, 2023
View reviewed changes
p11-kit/list-profiles.c
@@ -60,20 +65,20 @@
char *argv[]);

static int
list_profiles (const char *token_str)
list_profiles (const char *token_str,

Check warning

Code scanning / CodeQL

Poorly documented large function Warning

Poorly documented function: fewer than 2% comments for a function of 112 lines.
@ueno ueno force-pushed the wip/dueno/login branch 8 times, most recently from 332f780 to 9507f67 Compare October 6, 2023 03:42
@ueno ueno requested a review from ZoltanFridrich October 6, 2023 03:42
@ueno
iter: Plumb PIN retrieval through pin-source
5735431 
This make P11KitIter use the P11KitPin interface to retrieve PIN if
the "pin-source" attribute is available in the matching URI.

Signed-off-by: Daiki Ueno <[email protected]>
@ueno ueno force-pushed the wip/dueno/login branch from 9507f67 to ab06965 Compare October 6, 2023 03:51
ZoltanFridrich
ZoltanFridrich requested changes Oct 6, 2023
View reviewed changes
Copy link
Contributor

@ZoltanFridrich ZoltanFridrich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks nice. I didn't see any problems. Just a few nits and questions.

p11-kit/add-profile.c Outdated Show resolved Hide resolved
p11-kit/delete-profile.c Outdated Show resolved Hide resolved
p11-kit/delete-profile.c Outdated Show resolved Hide resolved
common/compat.h Outdated Show resolved Hide resolved
p11-kit/add-profile.c Outdated Show resolved Hide resolved
@ueno ueno force-pushed the wip/dueno/login branch from ab06965 to 89ceb9c Compare October 6, 2023 08:56
@ZoltanFridrich
Copy link
Contributor

does this also resolve #564?

ueno added 3 commits October 6, 2023 17:58
@ueno
p11-kit commands: Stop calling C_Login manually
35366e1 
This is now done in P11KitIter as needed.

Signed-off-by: Daiki Ueno <[email protected]>
@ueno
p11-kit: Support PIN prompting from tty
25c9343 
This adds support for prompting PIN on the terminal, through the
readpassphrase function borrowed from libbsd.

Signed-off-by: Daiki Ueno <[email protected]>
@ueno
p11-kit commands: Add --login option
812cab2 
Previously those tools determined whether a login is necessary by
checking the presence of "pin-value" query attribute in the URI.  It
was too implicit and against modern security practice.  This instead
asks users to specify --login option and if no "pin-value" is given,
it tries to read a PIN from the terminal.

Signed-off-by: Daiki Ueno <[email protected]>
ZoltanFridrich
ZoltanFridrich approved these changes Oct 6, 2023
View reviewed changes
Copy link
Contributor

@ZoltanFridrich ZoltanFridrich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ueno ueno force-pushed the wip/dueno/login branch from 89ceb9c to 812cab2 Compare October 6, 2023 08:59
@ZoltanFridrich ZoltanFridrich merged commit e5f0be3 into p11-glue:master Oct 6, 2023
14 checks passed
@ZoltanFridrich ZoltanFridrich added this to the 0.25.1 milestone Oct 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ZoltanFridrich ZoltanFridrich ZoltanFridrich approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.25.1
Development

Successfully merging this pull request may close these issues.

p11-kit list-objects should support interactive prompts for PIN
3 participants
@ueno @coveralls @ZoltanFridrich