Skip to content

fix: don't cache an incorrect PIV PIN #54614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 10, 2025
Merged

fix: don't cache an incorrect PIV PIN #54614

merged 3 commits into from
May 10, 2025

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented May 7, 2025
edited
Loading

Follow up to #53976 to prevent an incorrect PIN from being cached by verifying the PIN against the YubiKey first.

Changelog: Fix an issue with PIV PIN caching where a PIN that is incorrect would be cached.

Note: Once go-piv/piv-go#174 gets merged and released, I can take care of the TODO about the redundant PIN verification taking place.

@github-actions github-actions bot requested review from avatus and flyinghermit May 7, 2025 21:31
@Joerger Joerger requested review from rosstimothy and zmb3 May 7, 2025 23:26
@Joerger Joerger mentioned this pull request May 8, 2025
Open
@Joerger Joerger added this pull request to the merge queue May 8, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks May 8, 2025
@Joerger Joerger added this pull request to the merge queue May 8, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks May 8, 2025
@Joerger Joerger added this pull request to the merge queue May 9, 2025
Merged via the queue into master with commit 8b0a848 May 10, 2025
44 checks passed
@Joerger Joerger deleted the joerger/dont-cache-wrong-pin branch May 10, 2025 00:18
@backport-bot-workflows
Copy link
Contributor

@Joerger See the table below for backport results.

Branch Result
branch/v16 Failed
branch/v17 Failed

Joerger added a commit that referenced this pull request May 10, 2025
@Joerger
fix: don't cache an incorrect PIV PIN (#54614)
ccefc45 
* Verify PIV PIN before we cache it; Fix lint for pincache.go with build tag.

* Add local test for PIN caching in the YubiKey service.

* Minor fixes.
@Joerger Joerger mentioned this pull request May 10, 2025
Merged
Joerger added a commit that referenced this pull request May 10, 2025
@Joerger
fix: don't cache an incorrect PIV PIN (#54614)
7f474a2 
* Verify PIV PIN before we cache it; Fix lint for pincache.go with build tag.

* Add local test for PIN caching in the YubiKey service.

* Minor fixes.
@Joerger Joerger mentioned this pull request May 10, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request May 12, 2025
@Joerger
fix: don't cache an incorrect PIV PIN (#54614) (#54697)
8000e73 
* Verify PIV PIN before we cache it; Fix lint for pincache.go with build tag.

* Add local test for PIN caching in the YubiKey service.

* Minor fixes.
Joerger added a commit that referenced this pull request May 12, 2025
@Joerger
fix: don't cache an incorrect PIV PIN (#54614)
cfc694f 
* Verify PIV PIN before we cache it; Fix lint for pincache.go with build tag.

* Add local test for PIN caching in the YubiKey service.

* Minor fixes.
github-merge-queue bot pushed a commit that referenced this pull request May 12, 2025
@Joerger
fix: don't cache an incorrect PIV PIN (#54614) (#54698)
c88bd23 
* Verify PIV PIN before we cache it; Fix lint for pincache.go with build tag.

* Add local test for PIN caching in the YubiKey service.

* Minor fixes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avatus avatus avatus approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
backport/branch/v16 backport/branch/v17 size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Joerger @avatus @rosstimothy