Intercept PIN errors and replace with PUK errors as necessary
Once iqlusioninc/yubikey.rs#479 is part of a `yubikey` release we can migrate to, this will mean that users get correctly notified of incorrect PUK entry, instead of being told it is an incorrect PIN issue.
This commit is contained in:
+10
-1
@@ -25,10 +25,12 @@ pub enum Error {
|
||||
MultipleYubiKeys,
|
||||
NoEmptySlots(Serial),
|
||||
NoMatchingSerial(Serial),
|
||||
PukLocked,
|
||||
SlotHasNoIdentity(RetiredSlotId),
|
||||
SlotIsNotEmpty(RetiredSlotId),
|
||||
TimedOut,
|
||||
UseListForSingleSlot,
|
||||
WrongPuk(u8),
|
||||
YubiKey(yubikey::Error),
|
||||
}
|
||||
|
||||
@@ -84,6 +86,7 @@ impl fmt::Debug for Error {
|
||||
Error::NoMatchingSerial(serial) => {
|
||||
wlnfl!(f, "err-no-matching-serial", serial = serial.to_string())?
|
||||
}
|
||||
Error::PukLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PUK")?,
|
||||
Error::SlotHasNoIdentity(slot) => {
|
||||
wlnfl!(f, "err-slot-has-no-identity", slot = slot_to_ui(slot))?
|
||||
}
|
||||
@@ -92,6 +95,9 @@ impl fmt::Debug for Error {
|
||||
}
|
||||
Error::TimedOut => wlnfl!(f, "err-timed-out")?,
|
||||
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
|
||||
Error::WrongPuk(tries) => {
|
||||
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PUK", tries = tries)?
|
||||
}
|
||||
Error::YubiKey(e) => match e {
|
||||
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
|
||||
yubikey::Error::PcscError {
|
||||
@@ -135,7 +141,10 @@ impl fmt::Debug for Error {
|
||||
wlnfl!(f, "rec-yk-no-service-pcscd", apt = apt)?;
|
||||
}
|
||||
}
|
||||
yubikey::Error::WrongPin { tries } => wlnfl!(f, "err-yk-wrong-pin", tries = tries)?,
|
||||
yubikey::Error::PinLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PIN")?,
|
||||
yubikey::Error::WrongPin { tries } => {
|
||||
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PIN", tries = tries)?
|
||||
}
|
||||
e => {
|
||||
wlnfl!(f, "err-yk-general", err = e.to_string())?;
|
||||
use std::error::Error;
|
||||
|
||||
+7
-1
@@ -333,7 +333,13 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
}
|
||||
};
|
||||
let new_pin = new_pin.expose_secret();
|
||||
yubikey.change_puk(current_puk.as_bytes(), new_pin.as_bytes())?;
|
||||
yubikey
|
||||
.change_puk(current_puk.as_bytes(), new_pin.as_bytes())
|
||||
.map_err(|e| match e {
|
||||
yubikey::Error::PinLocked => Error::PukLocked,
|
||||
yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
|
||||
_ => Error::YubiKey(e),
|
||||
})?;
|
||||
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user