[openssh-commits] [openssh] 01/04: upstream: Replace "security key" with "authenticator" in program
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Feb 7 09:53:06 AEDT 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit a47f6a6c0e06628eed0c2a08dc31a8923bcc37ba
Author: naddy at openbsd.org <naddy at openbsd.org>
Date: Thu Feb 6 22:30:54 2020 +0000
upstream: Replace "security key" with "authenticator" in program
messages.
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
---
auth2-pubkey.c | 5 +++--
monitor.c | 7 ++++---
ssh-add.c | 8 ++++----
ssh-agent.c | 6 +++---
ssh-keygen.c | 10 +++++-----
ssh-sk.c | 26 ++++++++++++--------------
ssh.c | 4 ++--
sshconnect2.c | 13 +++++++------
8 files changed, 40 insertions(+), 39 deletions(-)
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 5b4a2cc0..815ea0f2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.98 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.99 2020/02/06 22:30:54 naddy Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -231,7 +231,8 @@ userauth_pubkey(struct ssh *ssh)
SSH_SK_USER_PRESENCE_REQD) == 0) {
error("public key %s signature for %s%s from "
"%.128s port %d rejected: user presence "
- "(key touch) requirement not met ", key_s,
+ "(authenticator touch) requirement "
+ "not met ", key_s,
authctxt->valid ? "" : "invalid user ",
authctxt->user, ssh_remote_ipaddr(ssh),
ssh_remote_port(ssh));
diff --git a/monitor.c b/monitor.c
index dc6d78d3..2ce89fe9 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: monitor.c,v 1.208 2020/02/06 22:30:54 naddy Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -1445,8 +1445,9 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
if (req_presence &&
(sig_details->sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0) {
error("public key %s %s signature for %s%s from %.128s "
- "port %d rejected: user presence (key touch) "
- "requirement not met ", sshkey_type(key), fp,
+ "port %d rejected: user presence "
+ "(authenticator touch) requirement not met ",
+ sshkey_type(key), fp,
authctxt->valid ? "" : "invalid user ",
authctxt->user, ssh_remote_ipaddr(ssh),
ssh_remote_port(ssh));
diff --git a/ssh-add.c b/ssh-add.c
index f3b666c9..8057eb1f 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.151 2020/01/25 23:02:13 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -315,8 +315,8 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
if (!sshkey_is_sk(private))
skprovider = NULL; /* Don't send constraint for other keys */
else if (skprovider == NULL) {
- fprintf(stderr, "Cannot load security key %s without "
- "provider\n", filename);
+ fprintf(stderr, "Cannot load authenticator-hosted key %s "
+ "without provider\n", filename);
goto out;
}
@@ -546,7 +546,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag)
int r, ok = 0;
char *fp;
- pass = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN);
+ pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
if ((r = sshsk_load_resident(skprovider, NULL, pass,
&keys, &nkeys)) != 0) {
error("Unable to load resident keys: %s", ssh_err(r));
diff --git a/ssh-agent.c b/ssh-agent.c
index 5c9a9de6..7eb6f0dc 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.254 2020/01/25 00:06:48 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.255 2020/02/06 22:30:54 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -510,8 +510,8 @@ process_add_identity(SocketEntry *e)
}
if (sk_provider != NULL) {
if (!sshkey_is_sk(k)) {
- error("Cannot add provider: %s is not a security key",
- sshkey_type(k));
+ error("Cannot add provider: %s is not an "
+ "authenticator-hosted key", sshkey_type(k));
free(sk_provider);
goto send;
}
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2a64622c..a6ba6cc7 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.396 2020/02/04 09:58:04 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.397 2020/02/06 22:30:54 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2971,7 +2971,7 @@ do_download_sk(const char *skprovider, const char *device)
if (skprovider == NULL)
fatal("Cannot download keys without provider");
- pin = read_passphrase("Enter PIN for security key: ", RP_ALLOW_STDIN);
+ pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
if ((r = sshsk_load_resident(skprovider, device, pin,
&keys, &nkeys)) != 0) {
freezero(pin, strlen(pin));
@@ -3582,7 +3582,7 @@ main(int argc, char **argv)
}
}
if (!quiet) {
- printf("You may need to touch your security key "
+ printf("You may need to touch your authenticator "
"to authorize key generation.\n");
}
passphrase = NULL;
@@ -3600,8 +3600,8 @@ main(int argc, char **argv)
fatal("Key enrollment failed: %s", ssh_err(r));
if (passphrase != NULL)
freezero(passphrase, strlen(passphrase));
- passphrase = read_passphrase("Enter PIN for security "
- "key: ", RP_ALLOW_STDIN);
+ passphrase = read_passphrase("Enter PIN for "
+ "authenticator: ", RP_ALLOW_STDIN);
}
if (passphrase != NULL)
freezero(passphrase, strlen(passphrase));
diff --git a/ssh-sk.c b/ssh-sk.c
index 3e88aaff..5ff93819 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.26 2020/01/28 08:01:34 djm Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.27 2020/02/06 22:30:54 naddy Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -120,39 +120,38 @@ sshsk_open(const char *path)
return ret;
}
if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
- error("Security key provider \"%s\" dlopen failed: %s",
- path, dlerror());
+ error("Provider \"%s\" dlopen failed: %s", path, dlerror());
goto fail;
}
if ((ret->sk_api_version = dlsym(ret->dlhandle,
"sk_api_version")) == NULL) {
- error("Security key provider \"%s\" dlsym(sk_api_version) "
- "failed: %s", path, dlerror());
+ error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
+ path, dlerror());
goto fail;
}
version = ret->sk_api_version();
debug("%s: provider %s implements version 0x%08lx", __func__,
ret->path, (u_long)version);
if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
- error("Security key provider \"%s\" implements unsupported "
+ error("Provider \"%s\" implements unsupported "
"version 0x%08lx (supported: 0x%08lx)",
path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR);
goto fail;
}
if ((ret->sk_enroll = dlsym(ret->dlhandle, "sk_enroll")) == NULL) {
- error("Security key provider %s dlsym(sk_enroll) "
- "failed: %s", path, dlerror());
+ error("Provider %s dlsym(sk_enroll) failed: %s",
+ path, dlerror());
goto fail;
}
if ((ret->sk_sign = dlsym(ret->dlhandle, "sk_sign")) == NULL) {
- error("Security key provider \"%s\" dlsym(sk_sign) failed: %s",
+ error("Provider \"%s\" dlsym(sk_sign) failed: %s",
path, dlerror());
goto fail;
}
if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle,
"sk_load_resident_keys")) == NULL) {
- error("Security key provider \"%s\" "
- "dlsym(sk_load_resident_keys) failed: %s", path, dlerror());
+ error("Provider \"%s\" dlsym(sk_load_resident_keys) "
+ "failed: %s", path, dlerror());
goto fail;
}
/* success */
@@ -219,7 +218,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
goto out;
}
if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) {
- error("Security key returned invalid ECDSA key");
+ error("Authenticator returned invalid ECDSA key");
r = SSH_ERR_KEY_INVALID_EC_VALUE;
goto out;
}
@@ -758,8 +757,7 @@ sshsk_load_resident(const char *provider_path, const char *device,
goto out;
}
if ((r = skp->sk_load_resident_keys(pin, opts, &rks, &nrks)) != 0) {
- error("Security key provider \"%s\" returned failure %d",
- provider_path, r);
+ error("Provider \"%s\" returned failure %d", provider_path, r);
r = skerr_to_ssherr(r);
goto out;
}
diff --git a/ssh.c b/ssh.c
index 35972fe3..326ce21f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.517 2020/01/28 07:24:15 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.518 2020/02/06 22:30:54 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1376,7 +1376,7 @@ main(int ac, char **av)
if (options.sk_provider != NULL && *options.sk_provider == '$' &&
strlen(options.sk_provider) > 1) {
if ((cp = getenv(options.sk_provider + 1)) == NULL) {
- debug("Security key provider %s did not resolve; "
+ debug("Authenticator provider %s did not resolve; "
"disabling", options.sk_provider);
free(options.sk_provider);
options.sk_provider = NULL;
diff --git a/sshconnect2.c b/sshconnect2.c
index 3b84a2d5..4c4a61ba 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.318 2020/01/23 10:24:30 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.319 2020/02/06 22:30:54 naddy Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -613,7 +613,7 @@ format_identity(Identity *id)
if ((id->key->flags & SSHKEY_FLAG_EXT) != 0)
note = " token";
else if (sshkey_is_sk(id->key))
- note = " security-key";
+ note = " authenticator";
}
xasprintf(&ret, "%s %s%s%s%s%s%s",
id->filename,
@@ -1487,8 +1487,8 @@ load_identity_file(Identity *id)
}
if (private != NULL && sshkey_is_sk(private) &&
options.sk_provider == NULL) {
- debug("key \"%s\" is a security key, but no "
- "provider specified", id->filename);
+ debug("key \"%s\" is an authenticator-hosted key, "
+ "but no provider specified", id->filename);
sshkey_free(private);
private = NULL;
quit = 1;
@@ -1571,7 +1571,7 @@ pubkey_prepare(Authctxt *authctxt)
continue;
}
if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
- debug("%s: ignoring security key %s as no "
+ debug("%s: ignoring authenticator-hosted key %s as no "
"SecurityKeyProvider has been specified",
__func__, options.identity_files[i]);
continue;
@@ -1595,7 +1595,8 @@ pubkey_prepare(Authctxt *authctxt)
continue;
}
if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
- debug("%s: ignoring security key certificate %s as no "
+ debug("%s: ignoring authenticator-hosted key "
+ "certificate %s as no "
"SecurityKeyProvider has been specified",
__func__, options.identity_files[i]);
continue;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list