diff options
| author | Robin Krahl <robin.krahl@ireas.org> | 2018-12-23 01:44:22 +0100 | 
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2018-12-24 17:51:36 -0800 | 
| commit | 20b7c24247cd273ad519c8dcadc705a6d486f39b (patch) | |
| tree | 304830e8ff26afd8c1ba7beb2a0968c9b1ca5f08 | |
| parent | e0a7aa80c5c2b049538d9d333e9ce919a4a56dce (diff) | |
| download | nitrocli-20b7c24247cd273ad519c8dcadc705a6d486f39b.tar.gz nitrocli-20b7c24247cd273ad519c8dcadc705a6d486f39b.tar.bz2 | |
Implement user and admin authentication
This patch implements authentication with the user or admin PIN.  This
is a preparation for the `otp get` and `otp set` commands which require
user and admin access to the Nitrokey.
| -rw-r--r-- | nitrocli/src/commands.rs | 46 | 
1 files changed, 46 insertions, 0 deletions
| diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index b3e71a1..9761728 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -19,6 +19,8 @@  use std::result; +use nitrokey::Device; +  use crate::error::Error;  use crate::pinentry;  use crate::Result; @@ -34,6 +36,50 @@ fn get_storage_device() -> Result<nitrokey::Storage> {      .or_else(|_| Err(Error::Error("Nitrokey device not found".to_string())))  } +/// Authenticate the given device using the given PIN type and operation. +/// +/// If an error occurs, the error message `msg` is used. +fn authenticate<D, A, F>( +  device: D, +  pin_type: pinentry::PinType, +  msg: &'static str, +  op: F, +) -> Result<A> +where +  D: Device, +  F: Fn(D, &str) -> result::Result<A, (D, nitrokey::CommandError)>, +{ +  try_with_passphrase_and_data(pin_type, msg, device, op).map_err(|(_device, err)| err) +} + +/// Authenticate the given device with the user PIN. +#[allow(unused)] +fn authenticate_user<T>(device: T) -> Result<nitrokey::User<T>> +where +  T: Device, +{ +  authenticate( +    device, +    pinentry::PinType::User, +    "Could not authenticate as user", +    |device, passphrase| device.authenticate_user(passphrase), +  ) +} + +/// Authenticate the given device with the admin PIN. +#[allow(unused)] +fn authenticate_admin<T>(device: T) -> Result<nitrokey::Admin<T>> +where +  T: Device, +{ +  authenticate( +    device, +    pinentry::PinType::Admin, +    "Could not authenticate as admin", +    |device, passphrase| device.authenticate_admin(passphrase), +  ) +} +  /// Return a string representation of the given volume status.  fn get_volume_status(status: &nitrokey::VolumeStatus) -> &'static str {    if status.active { | 
