diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2020-02-06 22:30:55 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2020-02-06 22:30:55 +0000 |
| commit | 91de7dd1c542389e14ecbb3153519e1e24e1db72 (patch) | |
| tree | 5842eb16e53a27552c0fd7ed635d86a804d0101d | |
| parent | a87dd4114afd1646335f7b749fe2e9f5347e0eb2 (diff) | |
Replace "security key" with "authenticator" in program messages.
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
| -rw-r--r-- | usr.bin/ssh/auth2-pubkey.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/monitor.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-sk.c | 26 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 13 |
8 files changed, 40 insertions, 39 deletions
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index b79c53dc0de..c9f6c73ba50 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.99 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -228,7 +228,8 @@ userauth_pubkey(struct ssh *ssh) SSH_SK_USER_PRESENCE_REQD) == 0) { error("public key %s signature for %s%s from " "%.128s port %d rejected: user presence " - "(key touch) requirement not met ", key_s, + "(authenticator touch) requirement " + "not met ", key_s, authctxt->valid ? "" : "invalid user ", authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index bf9d35b1ed1..b0a4a5e53d1 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1201,8 +1201,9 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) if (req_presence && (sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) { error("public key %s %s signature for %s%s from %.128s " - "port %d rejected: user presence (key touch) " - "requirement not met ", sshkey_type(key), fp, + "port %d rejected: user presence " + "(authenticator touch) requirement not met ", + sshkey_type(key), fp, authctxt->valid ? "" : "invalid user ", authctxt->user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index 641b6cf2faf..6631aedb027 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.151 2020/01/25 23:02:13 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -308,8 +308,8 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag, if (!sshkey_is_sk(private)) skprovider = NULL; /* Don't send constraint for other keys */ else if (skprovider == NULL) { - fprintf(stderr, "Cannot load security key %s without " - "provider\n", filename); + fprintf(stderr, "Cannot load authenticator-hosted key %s " + "without provider\n", filename); goto out; } @@ -539,7 +539,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag) int r, ok = 0; char *fp; - pass = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN); + pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); if ((r = sshsk_load_resident(skprovider, NULL, pass, &keys, &nkeys)) != 0) { error("Unable to load resident keys: %s", ssh_err(r)); diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 5d31edb8ea5..3e0bc1dec83 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.254 2020/01/25 00:06:48 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.255 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -496,8 +496,8 @@ process_add_identity(SocketEntry *e) } if (sk_provider != NULL) { if (!sshkey_is_sk(k)) { - error("Cannot add provider: %s is not a security key", - sshkey_type(k)); + error("Cannot add provider: %s is not an " + "authenticator-hosted key", sshkey_type(k)); free(sk_provider); goto send; } diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index ac43c73bff9..73a96d62733 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.396 2020/02/04 09:58:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2949,7 +2949,7 @@ do_download_sk(const char *skprovider, const char *device) if (skprovider == NULL) fatal("Cannot download keys without provider"); - pin = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN); + pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); if ((r = sshsk_load_resident(skprovider, device, pin, &keys, &nkeys)) != 0) { freezero(pin, strlen(pin)); @@ -3557,7 +3557,7 @@ main(int argc, char **argv) } } if (!quiet) { - printf("You may need to touch your security key " + printf("You may need to touch your authenticator " "to authorize key generation.\n"); } passphrase = NULL; @@ -3575,8 +3575,8 @@ main(int argc, char **argv) fatal("Key enrollment failed: %s", ssh_err(r)); if (passphrase != NULL) freezero(passphrase, strlen(passphrase)); - passphrase = read_passphrase("Enter PIN for security " - "key: ", RP_ALLOW_STDIN); + passphrase = read_passphrase("Enter PIN for " + "authenticator: ", RP_ALLOW_STDIN); } if (passphrase != NULL) freezero(passphrase, strlen(passphrase)); diff --git a/usr.bin/ssh/ssh-sk.c b/usr.bin/ssh/ssh-sk.c index 3d47ab19959..0cc6afa5282 100644 --- a/usr.bin/ssh/ssh-sk.c +++ b/usr.bin/ssh/ssh-sk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk.c,v 1.26 2020/01/28 08:01:34 djm Exp $ */ +/* $OpenBSD: ssh-sk.c,v 1.27 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -110,39 +110,38 @@ sshsk_open(const char *path) return ret; } if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { - error("Security key provider \"%s\" dlopen failed: %s", - path, dlerror()); + error("Provider \"%s\" dlopen failed: %s", path, dlerror()); goto fail; } if ((ret->sk_api_version = dlsym(ret->dlhandle, "sk_api_version")) == NULL) { - error("Security key provider \"%s\" dlsym(sk_api_version) " - "failed: %s", path, dlerror()); + error("Provider \"%s\" dlsym(sk_api_version) failed: %s", + path, dlerror()); goto fail; } version = ret->sk_api_version(); debug("%s: provider %s implements version 0x%08lx", __func__, ret->path, (u_long)version); if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) { - error("Security key provider \"%s\" implements unsupported " + error("Provider \"%s\" implements unsupported " "version 0x%08lx (supported: 0x%08lx)", path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR); goto fail; } if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) { - error("Security key provider %s dlsym(sk_enroll) " - "failed: %s", path, dlerror()); + error("Provider %s dlsym(sk_enroll) failed: %s", + path, dlerror()); goto fail; } if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) { - error("Security key provider \"%s\" dlsym(sk_sign) failed: %s", + error("Provider \"%s\" dlsym(sk_sign) failed: %s", path, dlerror()); goto fail; } if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle, "sk_load_resident_keys")) == NULL) { - error("Security key provider \"%s\" " - "dlsym(sk_load_resident_keys) failed: %s", path, dlerror()); + error("Provider \"%s\" dlsym(sk_load_resident_keys) " + "failed: %s", path, dlerror()); goto fail; } /* success */ @@ -209,7 +208,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) goto out; } if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) { - error("Security key returned invalid ECDSA key"); + error("Authenticator returned invalid ECDSA key"); r = SSH_ERR_KEY_INVALID_EC_VALUE; goto out; } @@ -748,8 +747,7 @@ sshsk_load_resident(const char *provider_path, const char *device, goto out; } if ((r = skp->sk_load_resident_keys(pin, opts, &rks, &nrks)) != 0) { - error("Security key provider \"%s\" returned failure %d", - provider_path, r); + error("Provider \"%s\" returned failure %d", provider_path, r); r = skerr_to_ssherr(r); goto out; } diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 314b3c5f29c..7ef7122fdd9 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.517 2020/01/28 07:24:15 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1355,7 +1355,7 @@ main(int ac, char **av) if (options.sk_provider != NULL && *options.sk_provider == '$' && strlen(options.sk_provider) > 1) { if ((cp = getenv(options.sk_provider + 1)) == NULL) { - debug("Security key provider %s did not resolve; " + debug("Authenticator provider %s did not resolve; " "disabling", options.sk_provider); free(options.sk_provider); options.sk_provider = NULL; diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 93ac1ac44cf..b712fb36461 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.319 2020/02/06 22:30:54 naddy Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -606,7 +606,7 @@ format_identity(Identity *id) if ((id->key->flags & SSHKEY_FLAG_EXT) != 0) note = " token"; else if (sshkey_is_sk(id->key)) - note = " security-key"; + note = " authenticator"; } xasprintf(&ret, "%s %s%s%s%s%s%s", id->filename, @@ -1480,8 +1480,8 @@ load_identity_file(Identity *id) } if (private != NULL && sshkey_is_sk(private) && options.sk_provider == NULL) { - debug("key \"%s\" is a security key, but no " - "provider specified", id->filename); + debug("key \"%s\" is an authenticator-hosted key, " + "but no provider specified", id->filename); sshkey_free(private); private = NULL; quit = 1; @@ -1564,7 +1564,7 @@ pubkey_prepare(Authctxt *authctxt) continue; } if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { - debug("%s: ignoring security key %s as no " + debug("%s: ignoring authenticator-hosted key %s as no " "SecurityKeyProvider has been specified", __func__, options.identity_files[i]); continue; @@ -1588,7 +1588,8 @@ pubkey_prepare(Authctxt *authctxt) continue; } if (key && sshkey_is_sk(key) && options.sk_provider == NULL) { - debug("%s: ignoring security key certificate %s as no " + debug("%s: ignoring authenticator-hosted key " + "certificate %s as no " "SecurityKeyProvider has been specified", __func__, options.identity_files[i]); continue; |