b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #182379 from stigtsp/fix/pam-u2f-cue

Browse source 
nixos/security/pam: fix u2f options leakage
This commit is contained in:
Stig 2022-07-26 03:19:01 +02:00 committed by GitHub
parent a2609639f7 d07f3037e2
commit 550aaf8c96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/security/pam.nix
View file

@ -482,10 +482,10 @@ let
(let p11 = config.security.pam.p11; in optionalString cfg.p11Auth ''
auth ${p11.control} ${pkgs.pam_p11}/lib/security/pam_p11.so ${pkgs.opensc}/lib/opensc-pkcs11.so
'') +
(let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth ''
(let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth (''
auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ''
+ ''${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"} ${optionalString (u2f.appId != null) "appid=${u2f.appId}"} ${optionalString (u2f.origin != null) "origin=${u2f.origin}"}
'') +
'')) +
optionalString cfg.usbAuth ''
auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so
'' +