Merge pull request #131 from str4d/improve-puk-errors
Intercept PIN errors and replace with PUK errors as necessary
This commit is contained in:
@@ -223,10 +223,15 @@ rec-yk-no-service-win =
|
|||||||
{" "}{$url}
|
{" "}{$url}
|
||||||
|
|
||||||
err-yk-not-found = Please insert the {-yubikey} you want to set up
|
err-yk-not-found = Please insert the {-yubikey} you want to set up
|
||||||
err-yk-wrong-pin = Invalid PIN ({$tries} tries remaining before it is blocked)
|
|
||||||
err-yk-general = Error while communicating with {-yubikey}: {$err}
|
err-yk-general = Error while communicating with {-yubikey}: {$err}
|
||||||
err-yk-general-cause = Cause: {$inner_err}
|
err-yk-general-cause = Cause: {$inner_err}
|
||||||
|
|
||||||
|
err-yk-wrong-pin = Invalid {$pin_kind} ({$tries ->
|
||||||
|
[one] {$tries} try remaining
|
||||||
|
*[other] {$tries} tries remaining
|
||||||
|
} before it is blocked)
|
||||||
|
err-yk-pin-locked = {$pin_kind} locked
|
||||||
|
|
||||||
err-ux-A = Did this not do what you expected? Could an error be more useful?
|
err-ux-A = Did this not do what you expected? Could an error be more useful?
|
||||||
err-ux-B = Tell us
|
err-ux-B = Tell us
|
||||||
# Put (len(A) - len(B) - 46) spaces here.
|
# Put (len(A) - len(B) - 46) spaces here.
|
||||||
|
|||||||
+10
-1
@@ -25,10 +25,12 @@ pub enum Error {
|
|||||||
MultipleYubiKeys,
|
MultipleYubiKeys,
|
||||||
NoEmptySlots(Serial),
|
NoEmptySlots(Serial),
|
||||||
NoMatchingSerial(Serial),
|
NoMatchingSerial(Serial),
|
||||||
|
PukLocked,
|
||||||
SlotHasNoIdentity(RetiredSlotId),
|
SlotHasNoIdentity(RetiredSlotId),
|
||||||
SlotIsNotEmpty(RetiredSlotId),
|
SlotIsNotEmpty(RetiredSlotId),
|
||||||
TimedOut,
|
TimedOut,
|
||||||
UseListForSingleSlot,
|
UseListForSingleSlot,
|
||||||
|
WrongPuk(u8),
|
||||||
YubiKey(yubikey::Error),
|
YubiKey(yubikey::Error),
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -84,6 +86,7 @@ impl fmt::Debug for Error {
|
|||||||
Error::NoMatchingSerial(serial) => {
|
Error::NoMatchingSerial(serial) => {
|
||||||
wlnfl!(f, "err-no-matching-serial", serial = serial.to_string())?
|
wlnfl!(f, "err-no-matching-serial", serial = serial.to_string())?
|
||||||
}
|
}
|
||||||
|
Error::PukLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PUK")?,
|
||||||
Error::SlotHasNoIdentity(slot) => {
|
Error::SlotHasNoIdentity(slot) => {
|
||||||
wlnfl!(f, "err-slot-has-no-identity", slot = slot_to_ui(slot))?
|
wlnfl!(f, "err-slot-has-no-identity", slot = slot_to_ui(slot))?
|
||||||
}
|
}
|
||||||
@@ -92,6 +95,9 @@ impl fmt::Debug for Error {
|
|||||||
}
|
}
|
||||||
Error::TimedOut => wlnfl!(f, "err-timed-out")?,
|
Error::TimedOut => wlnfl!(f, "err-timed-out")?,
|
||||||
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
|
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
|
||||||
|
Error::WrongPuk(tries) => {
|
||||||
|
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PUK", tries = tries)?
|
||||||
|
}
|
||||||
Error::YubiKey(e) => match e {
|
Error::YubiKey(e) => match e {
|
||||||
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
|
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
|
||||||
yubikey::Error::PcscError {
|
yubikey::Error::PcscError {
|
||||||
@@ -135,7 +141,10 @@ impl fmt::Debug for Error {
|
|||||||
wlnfl!(f, "rec-yk-no-service-pcscd", apt = apt)?;
|
wlnfl!(f, "rec-yk-no-service-pcscd", apt = apt)?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yubikey::Error::WrongPin { tries } => wlnfl!(f, "err-yk-wrong-pin", tries = tries)?,
|
yubikey::Error::PinLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PIN")?,
|
||||||
|
yubikey::Error::WrongPin { tries } => {
|
||||||
|
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PIN", tries = tries)?
|
||||||
|
}
|
||||||
e => {
|
e => {
|
||||||
wlnfl!(f, "err-yk-general", err = e.to_string())?;
|
wlnfl!(f, "err-yk-general", err = e.to_string())?;
|
||||||
use std::error::Error;
|
use std::error::Error;
|
||||||
|
|||||||
+7
-1
@@ -333,7 +333,13 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
let new_pin = new_pin.expose_secret();
|
let new_pin = new_pin.expose_secret();
|
||||||
yubikey.change_puk(current_puk.as_bytes(), new_pin.as_bytes())?;
|
yubikey
|
||||||
|
.change_puk(current_puk.as_bytes(), new_pin.as_bytes())
|
||||||
|
.map_err(|e| match e {
|
||||||
|
yubikey::Error::PinLocked => Error::PukLocked,
|
||||||
|
yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
|
||||||
|
_ => Error::YubiKey(e),
|
||||||
|
})?;
|
||||||
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user