URL: https://github.com/SSSD/sssd/pull/433 Title: #433: PAM: Multiple certificates on a Smartcard
fidencio commented: """ So, I've just done some tests here and seems that we can just drop "authtok: check for NULL in sss_authtok_get_type()" patch, as long as we add the following fixup to the "p11_child: use options to select certificate for authentication" patch. ``` [ffidenci@pessoa x86_64]$ cat 0001-fixup-p11_child-use-options-to-select-certificate-fo.patch From 0d2ef9ac950d3539fa1ef0044790799d900f6a21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]> Date: Fri, 10 Nov 2017 14:04:15 +0100 Subject: [PATCH] fixup! p11_child: use options to select certificate for authentication --- src/responder/pam/pamsrv_p11.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index 7f7b02b0d..27aeb9833 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -428,10 +428,9 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx, extra_args[arg_c++] = "--verify"; } - if (pd->authtok != NULL - && (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_SC_PIN - || sss_authtok_get_type(pd->authtok) == - SSS_AUTHTOK_TYPE_SC_KEYPAD)) { + if (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_SC_PIN + || sss_authtok_get_type(pd->authtok) == + SSS_AUTHTOK_TYPE_SC_KEYPAD) { ret = sss_authtok_get_sc(pd->authtok, NULL, NULL, &token_name, NULL, &module_name, NULL, &key_id, NULL); -- 2.13.6 ``` """ See the full comment at https://github.com/SSSD/sssd/pull/433#issuecomment-343471275
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
