sergey/fido2-manage
1
0
Fork 0
mirror of https://github.com/token2/fido2-manage.git synced 2026-04-09 02:35:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update credman.c

Browse Source
This commit is contained in:
Token2
2025-08-27 11:44:48 +02:00
committed by GitHub
parent fe26347134
commit 5e475bab18
1 changed files with 290 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
tools/credman.c
View File

@@ -3,6 +3,8 @@
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
* Updated by Token2 Sarl - Accommodating command line PIN and skipping fingerprint verification
*/
#include <fido.h>
@@ -23,20 +25,27 @@ credman_get_metadata(fido_dev_t *dev, const char *path)
{
fido_credman_metadata_t *metadata = NULL;
char *pin = NULL;
int r, ok = 1;
int r = FIDO_ERR_INTERNAL, ok = 1;
if ((metadata = fido_credman_metadata_new()) == NULL) {
warnx("fido_credman_metadata_new");
goto out;
}
if ((r = fido_credman_get_dev_metadata(dev, metadata,
NULL)) != FIDO_OK && should_retry_with_pin(dev, r)) {
if ((pin = get_pin(path)) == NULL)
if (global_pin == NULL) {
r = fido_credman_get_dev_metadata(dev, metadata, NULL);
if (r != FIDO_OK && should_retry_with_pin(dev, r)) {
pin = get_pin(path);
if (pin == NULL)
goto out;
r = fido_credman_get_dev_metadata(dev, metadata, pin);
freezero(pin, PINBUF_LEN);
pin = NULL;
}
} else {
r = fido_credman_get_dev_metadata(dev, metadata, global_pin);
}
if (r != FIDO_OK) {
warnx("fido_credman_get_dev_metadata: %s", fido_strerr(r));
goto out;
@@ -79,25 +88,33 @@ credman_list_rp(const char *path)
fido_credman_rp_t *rp = NULL;
fido_dev_t *dev = NULL;
char *pin = NULL;
int r, ok = 1;
int r = FIDO_ERR_INTERNAL, ok = 1;
dev = open_dev(path);
if ((rp = fido_credman_rp_new()) == NULL) {
warnx("fido_credman_rp_new");
goto out;
}
if ((r = fido_credman_get_dev_rp(dev, rp, NULL)) != FIDO_OK &&
should_retry_with_pin(dev, r)) {
if ((pin = get_pin(path)) == NULL)
if (global_pin == NULL) {
r = fido_credman_get_dev_rp(dev, rp, NULL);
if (r != FIDO_OK && should_retry_with_pin(dev, r)) {
pin = get_pin(path);
if (pin == NULL)
goto out;
r = fido_credman_get_dev_rp(dev, rp, pin);
freezero(pin, PINBUF_LEN);
pin = NULL;
}
} else {
r = fido_credman_get_dev_rp(dev, rp, global_pin);
}
if (r != FIDO_OK) {
warnx("fido_credman_get_dev_rp: %s", fido_strerr(r));
goto out;
}
for (size_t i = 0; i < fido_credman_rp_count(rp); i++)
if (print_rp(rp, i) < 0)
goto out;
@@ -124,6 +141,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
warnx("fido_credman_rk");
return -1;
}
if (base64_encode(fido_cred_id_ptr(cred), fido_cred_id_len(cred),
&id) < 0 || base64_encode(fido_cred_user_id_ptr(cred),
fido_cred_user_id_len(cred), &user_id) < 0) {
@@ -134,13 +152,9 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
type = cose_string(fido_cred_type(cred));
prot = prot_string(fido_cred_prot(cred));
/* commenting out the original code, was not giving the user login name, only display name */
/*printf("%02u: %s %s %s %s %s %s\n", (unsigned)idx, id, fido_cred_display_name(cred), user_id, type, port); */
printf("%02u: %s %s %s %s %s %s \n", (unsigned)idx, id, fido_cred_display_name(cred), fido_cred_user_name(cred), user_id, type, prot);
printf("%02u: %s %s %s %s %s %s\n",
(unsigned)idx, id, fido_cred_display_name(cred),
fido_cred_user_name(cred), user_id, type, prot);
free(user_id);
free(id);
@@ -154,25 +168,33 @@ credman_list_rk(const char *path, const char *rp_id)
fido_dev_t *dev = NULL;
fido_credman_rk_t *rk = NULL;
char *pin = NULL;
int r, ok = 1;
int r = FIDO_ERR_INTERNAL, ok = 1;
dev = open_dev(path);
if ((rk = fido_credman_rk_new()) == NULL) {
warnx("fido_credman_rk_new");
goto out;
}
if ((r = fido_credman_get_dev_rk(dev, rp_id, rk, NULL)) != FIDO_OK &&
should_retry_with_pin(dev, r)) {
if ((pin = get_pin(path)) == NULL)
if (global_pin == NULL) {
r = fido_credman_get_dev_rk(dev, rp_id, rk, NULL);
if (r != FIDO_OK && should_retry_with_pin(dev, r)) {
pin = get_pin(path);
if (pin == NULL)
goto out;
r = fido_credman_get_dev_rk(dev, rp_id, rk, pin);
freezero(pin, PINBUF_LEN);
pin = NULL;
}
} else {
r = fido_credman_get_dev_rk(dev, rp_id, rk, global_pin);
}
if (r != FIDO_OK) {
warnx("fido_credman_get_dev_rk: %s", fido_strerr(r));
goto out;
}
for (size_t i = 0; i < fido_credman_rk_count(rk); i++)
if (print_rk(rk, i) < 0)
goto out;
@@ -195,24 +217,32 @@ credman_print_rk(fido_dev_t *dev, const char *path, const char *rp_id,
char *pin = NULL;
void *cred_id_ptr = NULL;
size_t cred_id_len = 0;
int r, ok = 1;
int r = FIDO_ERR_INTERNAL, ok = 1;
if ((rk = fido_credman_rk_new()) == NULL) {
warnx("fido_credman_rk_new");
goto out;
}
if (base64_decode(cred_id, &cred_id_ptr, &cred_id_len) < 0) {
warnx("base64_decode");
goto out;
}
if ((r = fido_credman_get_dev_rk(dev, rp_id, rk, NULL)) != FIDO_OK &&
should_retry_with_pin(dev, r)) {
if ((pin = get_pin(path)) == NULL)
if (global_pin == NULL) {
r = fido_credman_get_dev_rk(dev, rp_id, rk, NULL);
if (r != FIDO_OK && should_retry_with_pin(dev, r)) {
pin = get_pin(path);
if (pin == NULL)
goto out;
r = fido_credman_get_dev_rk(dev, rp_id, rk, pin);
freezero(pin, PINBUF_LEN);
pin = NULL;
}
} else {
r = fido_credman_get_dev_rk(dev, rp_id, rk, global_pin);
}
if (r != FIDO_OK) {
warnx("fido_credman_get_dev_rk: %s", fido_strerr(r));
goto out;
@@ -249,21 +279,28 @@ credman_delete_rk(const char *path, const char *id)
char *pin = NULL;
void *id_ptr = NULL;
size_t id_len = 0;
int r, ok = 1;
int r = FIDO_ERR_INTERNAL, ok = 1;
dev = open_dev(path);
if (base64_decode(id, &id_ptr, &id_len) < 0) {
warnx("base64_decode");
goto out;
}
if ((r = fido_credman_del_dev_rk(dev, id_ptr, id_len,
NULL)) != FIDO_OK && should_retry_with_pin(dev, r)) {
if ((pin = get_pin(path)) == NULL)
if (global_pin == NULL) {
r = fido_credman_del_dev_rk(dev, id_ptr, id_len, NULL);
if (r != FIDO_OK && should_retry_with_pin(dev, r)) {
pin = get_pin(path);
if (pin == NULL)
goto out;
r = fido_credman_del_dev_rk(dev, id_ptr, id_len, pin);
freezero(pin, PINBUF_LEN);
pin = NULL;
}
} else {
r = fido_credman_del_dev_rk(dev, id_ptr, id_len, global_pin);
}
if (r != FIDO_OK) {
warnx("fido_credman_del_dev_rk: %s", fido_strerr(r));
goto out;
@@ -289,7 +326,7 @@ credman_update_rk(const char *path, const char *user_id, const char *cred_id,
void *cred_id_ptr = NULL;
size_t user_id_len = 0;
size_t cred_id_len = 0;
int r, ok = 1;
int r = FIDO_ERR_INTERNAL, ok = 1;
dev = open_dev(path);
if (base64_decode(user_id, &user_id_ptr, &user_id_len) < 0 ||
@@ -297,27 +334,39 @@ credman_update_rk(const char *path, const char *user_id, const char *cred_id,
warnx("base64_decode");
goto out;
}
if ((cred = fido_cred_new()) == NULL) {
warnx("fido_cred_new");
goto out;
}
if ((r = fido_cred_set_id(cred, cred_id_ptr, cred_id_len)) != FIDO_OK) {
r = fido_cred_set_id(cred, cred_id_ptr, cred_id_len);
if (r != FIDO_OK) {
warnx("fido_cred_set_id: %s", fido_strerr(r));
goto out;
}
if ((r = fido_cred_set_user(cred, user_id_ptr, user_id_len, name,
display_name, NULL)) != FIDO_OK) {
r = fido_cred_set_user(cred, user_id_ptr, user_id_len, name,
display_name, NULL);
if (r != FIDO_OK) {
warnx("fido_cred_set_user: %s", fido_strerr(r));
goto out;
}
if ((r = fido_credman_set_dev_rk(dev, cred, NULL)) != FIDO_OK &&
should_retry_with_pin(dev, r)) {
if ((pin = get_pin(path)) == NULL)
if (global_pin == NULL) {
r = fido_credman_set_dev_rk(dev, cred, NULL);
if (r != FIDO_OK && should_retry_with_pin(dev, r)) {
pin = get_pin(path);
if (pin == NULL)
goto out;
r = fido_credman_set_dev_rk(dev, cred, pin);
freezero(pin, PINBUF_LEN);
pin = NULL;
}
} else {
r = fido_credman_set_dev_rk(dev, cred, global_pin);
}
if (r != FIDO_OK) {
warnx("fido_credman_set_dev_rk: %s", fido_strerr(r));
goto out;