Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v16] Support hardware keys prompts in Connect #49701

Merged
merged 4 commits into from
Dec 4, 2024
Merged

[v16] Support hardware keys prompts in Connect #49701

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f59f5e5
Support hardware keys prompts in Connect (#47652)
gzdunek Oct 23, 2024
a131419
Update generated proto files
gzdunek Dec 3, 2024
f621d3e
Merge branch 'branch/v16' into gzdunek/backport-47652-v16
gzdunek Dec 4, 2024
9d5b483
Regenerate proto file
gzdunek Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion api/utils/keys/cliprompt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,11 @@ import (

type cliPrompt struct{}

func (c *cliPrompt) AskPIN(ctx context.Context, message string) (string, error) {
func (c *cliPrompt) AskPIN(ctx context.Context, requirement PINPromptRequirement) (string, error) {
message := "Enter your YubiKey PIV PIN"
if requirement == PINOptional {
message = "Enter your YubiKey PIV PIN [blank to use default PIN]"
}
password, err := prompt.Password(ctx, os.Stderr, prompt.Stdin(), message)
return password, trace.Wrap(err)
}
Expand Down
4 changes: 2 additions & 2 deletions api/utils/keys/yubikey.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,7 @@ func (y *YubiKeyPrivateKey) sign(ctx context.Context, rand io.Reader, digest []b
defer touchPromptDelayTimer.Reset(signTouchPromptDelay)
}
}
pass, err := y.prompt.AskPIN(ctx, "Enter your YubiKey PIV PIN")
pass, err := y.prompt.AskPIN(ctx, PINRequired)
return pass, trace.Wrap(err)
}

Expand Down Expand Up @@ -662,7 +662,7 @@ func (y *YubiKey) SetPIN(oldPin, newPin string) error {
// If the user provides the default PIN, they will be prompted to set a
// non-default PIN and PUK before continuing.
func (y *YubiKey) checkOrSetPIN(ctx context.Context) error {
pin, err := y.prompt.AskPIN(ctx, "Enter your YubiKey PIV PIN [blank to use default PIN]")
pin, err := y.prompt.AskPIN(ctx, PINOptional)
if err != nil {
return trace.Wrap(err)
}
Expand Down
13 changes: 12 additions & 1 deletion api/utils/keys/yubikey_common.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ import (
// HardwareKeyPrompt provides methods to interact with a YubiKey hardware key.
type HardwareKeyPrompt interface {
// AskPIN prompts the user for a PIN.
AskPIN(ctx context.Context, message string) (string, error)
// The requirement tells if the PIN is required or optional.
AskPIN(ctx context.Context, requirement PINPromptRequirement) (string, error)
// Touch prompts the user to touch the hardware key.
Touch(ctx context.Context) error
// ChangePIN asks for a new PIN.
Expand All @@ -35,6 +36,16 @@ type HardwareKeyPrompt interface {
ConfirmSlotOverwrite(ctx context.Context, message string) (bool, error)
}

// PINPromptRequirement specifies whether a PIN is required.
type PINPromptRequirement int

const (
// PINOptional allows the user to proceed without entering a PIN.
PINOptional PINPromptRequirement = iota
// PINRequired enforces that a PIN must be entered to proceed.
PINRequired
)

// PINAndPUK describes a response returned from HardwareKeyPrompt.ChangePIN.
type PINAndPUK struct {
// New PIN set by the user.
Expand Down
Loading
Loading