Prevent changing the default PIN to itself
Closes str4d/age-plugin-yubikey#120.
This commit is contained in:
@@ -11,6 +11,8 @@ to 0.3.0 are beta releases.
|
|||||||
- When `age-plugin-yubikey` assists the user in changing their PIN from the
|
- When `age-plugin-yubikey` assists the user in changing their PIN from the
|
||||||
default PIN, it no longer tells the user that PINs shorter than 6 characters
|
default PIN, it no longer tells the user that PINs shorter than 6 characters
|
||||||
are allowed, and instead loops until the user enters a PIN of valid length.
|
are allowed, and instead loops until the user enters a PIN of valid length.
|
||||||
|
It also now prevents the user from setting their PIN to the default PIN, to
|
||||||
|
avoid creating a cycle.
|
||||||
- More kinds of SmartCard readers are ignored when they have no SmartCard
|
- More kinds of SmartCard readers are ignored when they have no SmartCard
|
||||||
inserted.
|
inserted.
|
||||||
|
|
||||||
|
|||||||
@@ -135,6 +135,7 @@ mgr-enter-current-puk = Enter current PUK (default is {$default_puk})
|
|||||||
mgr-choose-new-pin = Choose a new PIN/PUK
|
mgr-choose-new-pin = Choose a new PIN/PUK
|
||||||
mgr-repeat-new-pin = Repeat the PIN/PUK
|
mgr-repeat-new-pin = Repeat the PIN/PUK
|
||||||
mgr-pin-mismatch = PINs don't match
|
mgr-pin-mismatch = PINs don't match
|
||||||
|
mgr-nope-default-pin = You entered the default PIN again. You need to change it.
|
||||||
|
|
||||||
mgr-changing-mgmt-key =
|
mgr-changing-mgmt-key =
|
||||||
✨ Your {-yubikey} is using the default management key.
|
✨ Your {-yubikey} is using the default management key.
|
||||||
|
|||||||
+8
-1
@@ -284,7 +284,8 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
|||||||
let current_puk = Password::new()
|
let current_puk = Password::new()
|
||||||
.with_prompt(fl!("mgr-enter-current-puk", default_puk = DEFAULT_PUK))
|
.with_prompt(fl!("mgr-enter-current-puk", default_puk = DEFAULT_PUK))
|
||||||
.interact()?;
|
.interact()?;
|
||||||
let new_pin = request_pin(
|
let new_pin = loop {
|
||||||
|
let pin = request_pin(
|
||||||
|prev_error| {
|
|prev_error| {
|
||||||
if let Some(err) = prev_error {
|
if let Some(err) = prev_error {
|
||||||
eprintln!("{}", err);
|
eprintln!("{}", err);
|
||||||
@@ -298,6 +299,12 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
|||||||
yubikey.serial(),
|
yubikey.serial(),
|
||||||
)?
|
)?
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
if pin.expose_secret() == DEFAULT_PIN {
|
||||||
|
eprintln!("{}", fl!("mgr-nope-default-pin"));
|
||||||
|
} else {
|
||||||
|
break pin;
|
||||||
|
}
|
||||||
|
};
|
||||||
let new_pin = new_pin.expose_secret();
|
let new_pin = new_pin.expose_secret();
|
||||||
yubikey.change_puk(current_puk.as_bytes(), new_pin.as_bytes())?;
|
yubikey.change_puk(current_puk.as_bytes(), new_pin.as_bytes())?;
|
||||||
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
||||||
|
|||||||
Reference in New Issue
Block a user