openssh bugs - Mar 2020 - [Bug 3130] New: [PATCH] Readable return codes for pkcs11 identities

https://bugzilla.mindrot.org/show_bug.cgi?id=3130

            Bug ID: 3130
           Summary: [PATCH] Readable return codes for pkcs11 identities
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mindrot at hoffman-andrews.com

Created attachment 3360
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3360&action=edit
Patch to provide readable return codes for pkcs11 identities

Right now, if I typo my PIN for a PKCS#11 token, I get the inscrutable
message:

$ ssh -I /path/to/module user at example.com
Enter PIN for 'SSH key':
C_Login failed: 160

I'd prefer to receive a more useful message:

Login to PKCS#11 token failed: Incorrect PIN

I've attached a patch that adds specific handling for three common
error cases: Incorrect PIN, PIN too long or too short, and PIN locked.
I've also tweaked the fallback error case to indicate that it is a
PKCS#11-specific error. Hope this is useful!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3130

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Blocks|                            |3117
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Thanks - I've committed a slightly tweaked version of your patch. It
will be in OpenSSH 8.3


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3117
[Bug 3117] Tracking bug for 8.3 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3130

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.