From a47f6a6c0e06628eed0c2a08dc31a8923bcc37ba Mon Sep 17 00:00:00 2001 From: "naddy@openbsd.org" Date: Thu, 6 Feb 2020 22:30:54 +0000 Subject: upstream: Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e --- auth2-pubkey.c | 5 +++-- monitor.c | 7 ++++--- ssh-add.c | 8 ++++---- ssh-agent.c | 6 +++--- ssh-keygen.c | 10 +++++----- ssh-sk.c | 26 ++++++++++++-------------- ssh.c | 4 ++-- sshconnect2.c | 13 +++++++------ 8 files changed, 40 insertions(+), 39 deletions(-) diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 5b4a2cc0..815ea0f2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.99 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -231,7 +231,8 @@ userauth_pubkey(struct ssh *ssh) SSH_SK_USER_PRESENCE_REQD) == 0) { error("public key %s signature for %s%s from " "%.128s port %d rejected: user presence " - "(key touch) requirement not met ", key_s, + "(authenticator touch) requirement " + "not met ", key_s, authctxt->valid ? "" : "invalid user ", authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); diff --git a/monitor.c b/monitor.c index dc6d78d3..2ce89fe9 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1445,8 +1445,9 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) if (req_presence && (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) { error("public key %s %s signature for %s%s from %.128s " - "port %d rejected: user presence (key touch) " - "requirement not met ", sshkey_type(key), fp, + "port %d rejected: user presence " + "(authenticator touch) requirement not met ", + sshkey_type(key), fp, authctxt->valid ? "" : "invalid user ", authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); diff --git a/ssh-add.c b/ssh-add.c index f3b666c9..8057eb1f 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.151 2020/01/25 23:02:13 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -315,8 +315,8 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, if (!sshkey_is_sk(private)) skprovider = NULL; /* Don't send constraint for other keys */ else if (skprovider == NULL) { - fprintf(stderr, "Cannot load security key %s without " - "provider\n", filename); + fprintf(stderr, "Cannot load authenticator-hosted key %s " + "without provider\n", filename); goto out; } @@ -546,7 +546,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag) int r, ok = 0; char *fp; - pass = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN); + pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); if ((r = sshsk_load_resident(skprovider, NULL, pass, &keys, &nkeys)) != 0) { error("Unable to load resident keys: %s", ssh_err(r)); diff --git a/ssh-agent.c b/ssh-agent.c index 5c9a9de6..7eb6f0dc 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.254 2020/01/25 00:06:48 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.255 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -510,8 +510,8 @@ process_add_identity(SocketEntry *e) } if (sk_provider != NULL) { if (!sshkey_is_sk(k)) { - error("Cannot add provider: %s is not a security key", - sshkey_type(k)); + error("Cannot add provider: %s is not an " + "authenticator-hosted key", sshkey_type(k)); free(sk_provider); goto send; } diff --git a/ssh-keygen.c b/ssh-keygen.c index 2a64622c..a6ba6cc7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.396 2020/02/04 09:58:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2971,7 +2971,7 @@ do_download_sk(const char *skprovider, const char *device) if (skprovider == NULL) fatal("Cannot download keys without provider"); - pin = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN); + pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); if ((r = sshsk_load_resident(skprovider, device, pin, &keys, &nkeys)) != 0) { freezero(pin, strlen(pin)); @@ -3582,7 +3582,7 @@ main(int argc, char **argv) } } if (!quiet) { - printf("You may need to touch your security key " + printf("You may need to touch your authenticator " "to authorize key generation.\n"); } passphrase = NULL; @@ -3600,8 +3600,8 @@ main(int argc, char **argv) fatal("Key enrollment failed: %s", ssh_err(r)); if (passphrase != NULL) freezero(passphrase, strlen(passphrase)); - passphrase = read_passphrase("Enter PIN for security " - "key: ", RP_ALLOW_STDIN); + passphrase = read_passphrase("Enter PIN for " + "authenticator: ", RP_ALLOW_STDIN); } if (passphrase != NULL) freezero(passphrase, strlen(passphrase)); diff --git a/ssh-sk.c b/ssh-sk.c index 3e88aaff..5ff93819 100644 --- a/ssh-sk.c +++ b/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.26 2020/01/28 08:01:34 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.27 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -120,39 +120,38 @@ sshsk_open(const char *path) return ret; } if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { - error("Security key provider \"%s\" dlopen failed: %s", - path, dlerror()); + error("Provider \"%s\" dlopen failed: %s", path, dlerror()); goto fail; } if ((ret->sk_api_version = dlsym(ret->dlhandle, "sk_api_version")) == NULL) { - error("Security key provider \"%s\" dlsym(sk_api_version) " - "failed: %s", path, dlerror()); + error("Provider \"%s\" dlsym(sk_api_version) failed: %s", + path, dlerror()); goto fail; } version = ret->sk_api_version(); debug("%s: provider %s implements version 0x%08lx", __func__, ret->path, (u_long)version); if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) { - error("Security key provider \"%s\" implements unsupported " + error("Provider \"%s\" implements unsupported " "version 0x%08lx (supported: 0x%08lx)", path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR); goto fail; } if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) { - error("Security key provider %s dlsym(sk_enroll) " - "failed: %s", path, dlerror()); + error("Provider %s dlsym(sk_enroll) failed: %s", + path, dlerror()); goto fail; } if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) { - error("Security key provider \"%s\" dlsym(sk_sign) failed: %s", + error("Provider \"%s\" dlsym(sk_sign) failed: %s", path, dlerror()); goto fail; } if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle, "sk_load_resident_keys")) == NULL) { - error("Security key provider \"%s\" " - "dlsym(sk_load_resident_keys) failed: %s", path, dlerror()); + error("Provider \"%s\" dlsym(sk_load_resident_keys) " + "failed: %s", path, dlerror()); goto fail; } /* success */ @@ -219,7 +218,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) goto out; } if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) { - error("Security key returned invalid ECDSA key"); + error("Authenticator returned invalid ECDSA key"); r = SSH_ERR_KEY_INVALID_EC_VALUE; goto out; } @@ -758,8 +757,7 @@ sshsk_load_resident(const char *provider_path, const char *device, goto out; } if ((r = skp->sk_load_resident_keys(pin, opts, &rks, &nrks)) != 0) { - error("Security key provider \"%s\" returned failure %d", - provider_path, r); + error("Provider \"%s\" returned failure %d", provider_path, r); r = skerr_to_ssherr(r); goto out; } diff --git a/ssh.c b/ssh.c index 35972fe3..326ce21f 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.517 2020/01/28 07:24:15 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1376,7 +1376,7 @@ main(int ac, char **av) if (options.sk_provider != NULL && *options.sk_provider == '$' && strlen(options.sk_provider) > 1) { if ((cp = getenv(options.sk_provider + 1)) == NULL) { - debug("Security key provider %s did not resolve; " + debug("Authenticator provider %s did not resolve; " "disabling", options.sk_provider); free(options.sk_provider); options.sk_provider = NULL; diff --git a/sshconnect2.c b/sshconnect2.c index 3b84a2d5..4c4a61ba 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.319 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -613,7 +613,7 @@ format_identity(Identity *id) if ((id->key->flags & SSHKEY_FLAG_EXT) != 0) note = " token"; else if (sshkey_is_sk(id->key)) - note = " security-key"; + note = " authenticator"; } xasprintf(&ret, "%s %s%s%s%s%s%s", id->filename, @@ -1487,8 +1487,8 @@ load_identity_file(Identity *id) } if (private != NULL && sshkey_is_sk(private) && options.sk_provider == NULL) { - debug("key \"%s\" is a security key, but no " - "provider specified", id->filename); + debug("key \"%s\" is an authenticator-hosted key, " + "but no provider specified", id->filename); sshkey_free(private); private = NULL; quit = 1; @@ -1571,7 +1571,7 @@ pubkey_prepare(Authctxt *authctxt) continue; } if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { - debug("%s: ignoring security key %s as no " + debug("%s: ignoring authenticator-hosted key %s as no " "SecurityKeyProvider has been specified", __func__, options.identity_files[i]); continue; @@ -1595,7 +1595,8 @@ pubkey_prepare(Authctxt *authctxt) continue; } if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { - debug("%s: ignoring security key certificate %s as no " + debug("%s: ignoring authenticator-hosted key " + "certificate %s as no " "SecurityKeyProvider has been specified", __func__, options.identity_files[i]); continue; -- cgit v1.2.3