Merge pull request #131 from str4d/improve-puk-errors

Intercept PIN errors and replace with PUK errors as necessary
This commit is contained in:
str4d
2023-02-16 18:33:05 +00:00
committed by GitHub
3 changed files with 23 additions and 3 deletions
+6 -1
View File
@@ -223,10 +223,15 @@ rec-yk-no-service-win =
{" "}{$url} {" "}{$url}
err-yk-not-found = Please insert the {-yubikey} you want to set up err-yk-not-found = Please insert the {-yubikey} you want to set up
err-yk-wrong-pin = Invalid PIN ({$tries} tries remaining before it is blocked)
err-yk-general = Error while communicating with {-yubikey}: {$err} err-yk-general = Error while communicating with {-yubikey}: {$err}
err-yk-general-cause = Cause: {$inner_err} err-yk-general-cause = Cause: {$inner_err}
err-yk-wrong-pin = Invalid {$pin_kind} ({$tries ->
[one] {$tries} try remaining
*[other] {$tries} tries remaining
} before it is blocked)
err-yk-pin-locked = {$pin_kind} locked
err-ux-A = Did this not do what you expected? Could an error be more useful? err-ux-A = Did this not do what you expected? Could an error be more useful?
err-ux-B = Tell us err-ux-B = Tell us
# Put (len(A) - len(B) - 46) spaces here. # Put (len(A) - len(B) - 46) spaces here.
+10 -1
View File
@@ -25,10 +25,12 @@ pub enum Error {
MultipleYubiKeys, MultipleYubiKeys,
NoEmptySlots(Serial), NoEmptySlots(Serial),
NoMatchingSerial(Serial), NoMatchingSerial(Serial),
PukLocked,
SlotHasNoIdentity(RetiredSlotId), SlotHasNoIdentity(RetiredSlotId),
SlotIsNotEmpty(RetiredSlotId), SlotIsNotEmpty(RetiredSlotId),
TimedOut, TimedOut,
UseListForSingleSlot, UseListForSingleSlot,
WrongPuk(u8),
YubiKey(yubikey::Error), YubiKey(yubikey::Error),
} }
@@ -84,6 +86,7 @@ impl fmt::Debug for Error {
Error::NoMatchingSerial(serial) => { Error::NoMatchingSerial(serial) => {
wlnfl!(f, "err-no-matching-serial", serial = serial.to_string())? wlnfl!(f, "err-no-matching-serial", serial = serial.to_string())?
} }
Error::PukLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PUK")?,
Error::SlotHasNoIdentity(slot) => { Error::SlotHasNoIdentity(slot) => {
wlnfl!(f, "err-slot-has-no-identity", slot = slot_to_ui(slot))? wlnfl!(f, "err-slot-has-no-identity", slot = slot_to_ui(slot))?
} }
@@ -92,6 +95,9 @@ impl fmt::Debug for Error {
} }
Error::TimedOut => wlnfl!(f, "err-timed-out")?, Error::TimedOut => wlnfl!(f, "err-timed-out")?,
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?, Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
Error::WrongPuk(tries) => {
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PUK", tries = tries)?
}
Error::YubiKey(e) => match e { Error::YubiKey(e) => match e {
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?, yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
yubikey::Error::PcscError { yubikey::Error::PcscError {
@@ -135,7 +141,10 @@ impl fmt::Debug for Error {
wlnfl!(f, "rec-yk-no-service-pcscd", apt = apt)?; wlnfl!(f, "rec-yk-no-service-pcscd", apt = apt)?;
} }
} }
yubikey::Error::WrongPin { tries } => wlnfl!(f, "err-yk-wrong-pin", tries = tries)?, yubikey::Error::PinLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PIN")?,
yubikey::Error::WrongPin { tries } => {
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PIN", tries = tries)?
}
e => { e => {
wlnfl!(f, "err-yk-general", err = e.to_string())?; wlnfl!(f, "err-yk-general", err = e.to_string())?;
use std::error::Error; use std::error::Error;
+7 -1
View File
@@ -333,7 +333,13 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
} }
}; };
let new_pin = new_pin.expose_secret(); let new_pin = new_pin.expose_secret();
yubikey.change_puk(current_puk.as_bytes(), new_pin.as_bytes())?; yubikey
.change_puk(current_puk.as_bytes(), new_pin.as_bytes())
.map_err(|e| match e {
yubikey::Error::PinLocked => Error::PukLocked,
yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
_ => Error::YubiKey(e),
})?;
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?; yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
} }