Support custom hardware key prompt #47273
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gzdunek
added
no-changelog
gzdunek
commented
Oct 7, 2024
Joerger
reviewed
Oct 9, 2024
Joerger
approved these changes
Oct 9, 2024
nklaassen
approved these changes
Oct 10, 2024
gzdunek
force-pushed
the
gzdunek/custom-hardware-key-prompt
branch
from
c6e2be0
to
b884781
Compare
mvbrock
pushed a commit
that referenced
this pull request
Oct 16, 2024
* Allow passing custom prompt to YubiKey * Handle `prompt.Touch` cancellation * Pass `HardwareKeyPrompt` through all the layers * Add an empty `HardwareKeyPromptConstructor` to Connect * Remove `ParsePrivateKeyWithCustomPrompt` * Add missing godoc * Fix teleterm tests * Include `cliprompt.go` only for `go:build piv && !pivtest` * Lint and test fixes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds an ability to pass a custom hardware key prompt to functions that talk to YubiKey.
tshnow uses acliPrompt; Teleport Connect will have its own prompt, shown as a modal in the app.The prompt interface is defined in
yubikey_common.go. I extracted four methods fromyubikey.go:AskPIN,Touch,ChangePINandConformSlotOverwrite. When the prompt message is generated dynamically (like inConformSlotOverwrite) it can be passed to the method. Otherwise, the implementer has to provide the message.Converting most of the prompts to work with the new interface was fairly straightforward. The only significant change is
ChangePIN. Previously, it set PUK directly after prompting for it, now I have to gather all data upfront (PIN & PUK), and then call the yubkiey functions.Because of that, I check on the implementer side if the provided PUK is empty or default, ask for it, and then set
PINAndPUK.PUKChangedflag so that I know if the PUK on the key should be changed.