Intercept PIN errors and replace with PUK errors as necessary
Once iqlusioninc/yubikey.rs#479 is part of a `yubikey` release we can migrate to, this will mean that users get correctly notified of incorrect PUK entry, instead of being told it is an incorrect PIN issue.
This commit is contained in:
@@ -223,10 +223,15 @@ rec-yk-no-service-win =
|
|||||||
{" "}{$url}
|
{" "}{$url}
|
||||||
|
|
||||||
err-yk-not-found = Please insert the {-yubikey} you want to set up
|
err-yk-not-found = Please insert the {-yubikey} you want to set up
|
||||||
err-yk-wrong-pin = Invalid PIN ({$tries} tries remaining before it is blocked)
|
|
||||||
err-yk-general = Error while communicating with {-yubikey}: {$err}
|
err-yk-general = Error while communicating with {-yubikey}: {$err}
|
||||||
err-yk-general-cause = Cause: {$inner_err}
|
err-yk-general-cause = Cause: {$inner_err}
|
||||||
|
|
||||||
|
err-yk-wrong-pin = Invalid {$pin_kind} ({$tries ->
|
||||||
|
[one] {$tries} try remaining
|
||||||
|
*[other] {$tries} tries remaining
|
||||||
|
} before it is blocked)
|
||||||
|
err-yk-pin-locked = {$pin_kind} locked
|
||||||
|
|
||||||
err-ux-A = Did this not do what you expected? Could an error be more useful?
|
err-ux-A = Did this not do what you expected? Could an error be more useful?
|
||||||
err-ux-B = Tell us
|
err-ux-B = Tell us
|
||||||
# Put (len(A) - len(B) - 46) spaces here.
|
# Put (len(A) - len(B) - 46) spaces here.
|
||||||
|
|||||||
+10
-1
@@ -25,10 +25,12 @@ pub enum Error {
|
|||||||
MultipleYubiKeys,
|
MultipleYubiKeys,
|
||||||
NoEmptySlots(Serial),
|
NoEmptySlots(Serial),
|
||||||
NoMatchingSerial(Serial),
|
NoMatchingSerial(Serial),
|
||||||
|
PukLocked,
|
||||||
SlotHasNoIdentity(RetiredSlotId),
|
SlotHasNoIdentity(RetiredSlotId),
|
||||||
SlotIsNotEmpty(RetiredSlotId),
|
SlotIsNotEmpty(RetiredSlotId),
|
||||||
TimedOut,
|
TimedOut,
|
||||||
UseListForSingleSlot,
|
UseListForSingleSlot,
|
||||||
|
WrongPuk(u8),
|
||||||
YubiKey(yubikey::Error),
|
YubiKey(yubikey::Error),
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -84,6 +86,7 @@ impl fmt::Debug for Error {
|
|||||||
Error::NoMatchingSerial(serial) => {
|
Error::NoMatchingSerial(serial) => {
|
||||||
wlnfl!(f, "err-no-matching-serial", serial = serial.to_string())?
|
wlnfl!(f, "err-no-matching-serial", serial = serial.to_string())?
|
||||||
}
|
}
|
||||||
|
Error::PukLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PUK")?,
|
||||||
Error::SlotHasNoIdentity(slot) => {
|
Error::SlotHasNoIdentity(slot) => {
|
||||||
wlnfl!(f, "err-slot-has-no-identity", slot = slot_to_ui(slot))?
|
wlnfl!(f, "err-slot-has-no-identity", slot = slot_to_ui(slot))?
|
||||||
}
|
}
|
||||||
@@ -92,6 +95,9 @@ impl fmt::Debug for Error {
|
|||||||
}
|
}
|
||||||
Error::TimedOut => wlnfl!(f, "err-timed-out")?,
|
Error::TimedOut => wlnfl!(f, "err-timed-out")?,
|
||||||
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
|
Error::UseListForSingleSlot => wlnfl!(f, "err-use-list-for-single")?,
|
||||||
|
Error::WrongPuk(tries) => {
|
||||||
|
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PUK", tries = tries)?
|
||||||
|
}
|
||||||
Error::YubiKey(e) => match e {
|
Error::YubiKey(e) => match e {
|
||||||
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
|
yubikey::Error::NotFound => wlnfl!(f, "err-yk-not-found")?,
|
||||||
yubikey::Error::PcscError {
|
yubikey::Error::PcscError {
|
||||||
@@ -135,7 +141,10 @@ impl fmt::Debug for Error {
|
|||||||
wlnfl!(f, "rec-yk-no-service-pcscd", apt = apt)?;
|
wlnfl!(f, "rec-yk-no-service-pcscd", apt = apt)?;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yubikey::Error::WrongPin { tries } => wlnfl!(f, "err-yk-wrong-pin", tries = tries)?,
|
yubikey::Error::PinLocked => wlnfl!(f, "err-yk-pin-locked", pin_kind = "PIN")?,
|
||||||
|
yubikey::Error::WrongPin { tries } => {
|
||||||
|
wlnfl!(f, "err-yk-wrong-pin", pin_kind = "PIN", tries = tries)?
|
||||||
|
}
|
||||||
e => {
|
e => {
|
||||||
wlnfl!(f, "err-yk-general", err = e.to_string())?;
|
wlnfl!(f, "err-yk-general", err = e.to_string())?;
|
||||||
use std::error::Error;
|
use std::error::Error;
|
||||||
|
|||||||
+7
-1
@@ -333,7 +333,13 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
let new_pin = new_pin.expose_secret();
|
let new_pin = new_pin.expose_secret();
|
||||||
yubikey.change_puk(current_puk.as_bytes(), new_pin.as_bytes())?;
|
yubikey
|
||||||
|
.change_puk(current_puk.as_bytes(), new_pin.as_bytes())
|
||||||
|
.map_err(|e| match e {
|
||||||
|
yubikey::Error::PinLocked => Error::PukLocked,
|
||||||
|
yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
|
||||||
|
_ => Error::YubiKey(e),
|
||||||
|
})?;
|
||||||
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user