docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #44 from docker/use_9a_last 

use the slots on the yubikey in the following order: 9c, 9e, 9d, 9a

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
This commit is contained in:
Diogo Mónica 2015-11-09 17:35:20 -08:00 committed by David Lawrence
parent 5aaf4fa8a5 e0c5bb7b83
commit 3cd74fce6d
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
trustmanager/yubikeystore.go
View File

@ -36,7 +36,12 @@ const (
)
// what key mode to use when generating keys
var yubikeyKeymode = KeymodeTouch | KeymodePinOnce
var (
yubikeyKeymode = KeymodeTouch | KeymodePinOnce
// order in which to prefer token locations on the yubikey.
// corresponds to: 9c, 9e, 9d, 9a
slotIDs = []int{2, 1, 3, 0}
)
// SetYubikeyKeyMode - sets the mode when generating yubikey keys.
// This is to be used for testing. It does nothing if not building with tag
@ -522,9 +527,11 @@ func getNextEmptySlot(ctx *pkcs11.Ctx, session pkcs11.SessionHandle) ([]byte, er
}
}
}
for i := 0; i < numSlots; i++ {
if !taken[i] {
return []byte{byte(i)}, nil
// iterate the token locations in our preferred order and use the first
// available one. Otherwise exit the loop and return an error.
for _, loc := range slotIDs {
if !taken[loc] {
return []byte{byte(loc)}, nil
}
}
return nil, errors.New("Yubikey has no available slots.")