From owner-freebsd-stable@freebsd.org Wed Sep 5 18:34:45 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43206FF97EF for ; Wed, 5 Sep 2018 18:34:45 +0000 (UTC) (envelope-from robertames@hotmail.com) Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-oln040092004044.outbound.protection.outlook.com [40.92.4.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AEB968DC97 for ; Wed, 5 Sep 2018 18:34:44 +0000 (UTC) (envelope-from robertames@hotmail.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sGjfV+8DfNyMH51I9DS+JpSvoZN5bWaerfw8fgZj/4w=; b=ALMUiFJPpiJRp93qfZnsv9ufOSeIth4Re42qQFiGIlbYhDvCbJ8oWEJiY5SmifwVYu8guVUEmxvUElkpJngSK0U3qjHH38JwiEfcLjDlJTB6kAye6PkIvfD49rK/spsk5yBU+2IZIEsMC7He0fY6V85CqI+1ApxkjG6X0+veUa34b438NQjEKIl0jgE4AEeICvDkKLe0yLk4NbVr4eM8QGarhLlIXGbTI2dvWykqXlPFIGY0gg/D+DTbVk7vkqpaYrV3swWVUttbBNtXi1m5+2ssmkekwkSTN+EztT6XYqauGUEACyKUHUqFmlJ+J+IcWse2V/sC5sYT10IIYV66vw== Received: from CY1NAM02FT028.eop-nam02.prod.protection.outlook.com (10.152.74.58) by CY1NAM02HT125.eop-nam02.prod.protection.outlook.com (10.152.74.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1101.10; Wed, 5 Sep 2018 18:34:42 +0000 Received: from SN6PR08MB5070.namprd08.prod.outlook.com (10.152.74.53) by CY1NAM02FT028.mail.protection.outlook.com (10.152.75.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.1122.15 via Frontend Transport; Wed, 5 Sep 2018 18:34:42 +0000 Received: from SN6PR08MB5070.namprd08.prod.outlook.com ([fe80::9de:d079:285c:e85d]) by SN6PR08MB5070.namprd08.prod.outlook.com ([fe80::9de:d079:285c:e85d%2]) with mapi id 15.20.1101.016; Wed, 5 Sep 2018 18:34:42 +0000 From: Robert Ames To: "O'Connor, Daniel" CC: "freebsd-stable@freebsd.org" Subject: RE: Yubico Security Keys Thread-Topic: Yubico Security Keys Thread-Index: AQHURKMNipepzrF9Ck+3hOc4mLpvbaTg4VsAgAAcHyyAAArLAIAA+hTy Date: Wed, 5 Sep 2018 18:34:42 +0000 Message-ID: References: <1AEEDB86-DF6B-433B-A413-452F105D9A53@dons.net.au> , <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> In-Reply-To: <7DA3F074-12CF-43C4-A514-19651112EE42@dons.net.au> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:E6D2FE12C1C9933131C584FE32FAB85B3503EF844F78362913695F630CE6CD6E; UpperCasedChecksum:ABDBAF3ED02006672BA4C5A18B8DE9BF21CF4AE5662C7745E85CC63BDEC5577B; SizeAsReceived:7258; Count:47 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [+QJ4Qg6bQHGqLzj073mT5cJPqThuXIyn] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY1NAM02HT125; 6:jO+EGRPBCtMl9WyiwLf+Hlf7J/EHR4RpKrnGtAQii0XTYykXxfpbXyhv3i2OS9wQ2j6umEnu8JcTmmc9cfKptOJvhJhsw2puZvRByI1ENvI5AWxK48A9my4QpkdI4l/Q8jk2aScviG875JKky6LlWmF7bS3IkMP0CGRJ44Ch++jRfRSUcc9ATG7tLEYHXHUFwS8ePyllihnsnvKNEMFwRXgxMe6OFr+38YRonjvnPeOe3ZDquPbc+0FFz9F6SUG59K+N9sowtvJr5P9/cSC/jw4uBaKFejy/Btk3nW9yNl6P+1r/h4LVG9AjAK6KA3hh6Y5Lf7kJggHftEtVnBwNpkGDRBO9S9v6E4oaRSLnkuU6+gev5xoxUQ33bHeMM2BQcarjtimUbhNunoU+NOmr9o1ikB06vqCKrct4aOnYArZzhFvfOrhGVDInCgosDDKuNSoyoOfsFYb1PAp0PDKn0g==; 5:I2bWBM++K3z16YybEmU/OPE7ecFv+6X9+ZpklU9nwy9JBD/L8fOD+UswhJZDhAsFETyS48aAnNGQEfB1N2iKN2nsk4POiezhffOXrZ44cVEYApKD2LEXENbK9AhNJsbudwqzTFuIfqx/sDJwB5Q0GwtKygYNl1Mso0WhDc9x+JQ=; 7:V3o7EYJ0xXnA+7E9cl6JMSZKl2mF6ycj37jEe7rNaNuZN8Vqpk3fRzgZ9kTYHdfFWu78yUc25ic0PbMtO8s+8cn79wfne/gFsiAfnpwJhTfofXOEpXSMRwUWe8B76Eh0qJHylU6PnbX6ZzjAxkQGmP5+9kMZ1tUyFdxKB27RyyjwboXCz/xeYPXLqjbuu1OFXhXfCrAV1B/Kzrr5q2SBjIBbtp/QYsU4jRpcs3i0wtsAivTe8eAwrNxHjqtgWDFo x-incomingheadercount: 47 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101475)(1601125500)(1701031045); SRVR:CY1NAM02HT125; x-ms-traffictypediagnostic: CY1NAM02HT125: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(4566010)(82015058); SRVR:CY1NAM02HT125; BCL:0; PCL:0; RULEID:; SRVR:CY1NAM02HT125; x-forefront-prvs: 078693968A x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(189003)(199004)(8936002)(6246003)(87572001)(5660300001)(7116003)(305945005)(2900100001)(74316002)(229853002)(20460500001)(6436002)(68736007)(33656002)(106356001)(55016002)(82202002)(9686003)(73972006)(3480700004)(104016004)(97736004)(83332001)(81156014)(8676002)(56003)(6916009)(446003)(11346002)(15650500001)(93886005)(26005)(86362001)(53546011)(102836004)(6346003)(6506007)(4326008)(486006)(76176011)(7696005)(476003)(5250100002)(14444005)(14454004)(99286004)(25786009)(105586002)(5024004)(256004)(15852004); DIR:OUT; SFP:1901; SCL:1; SRVR:CY1NAM02HT125; H:SN6PR08MB5070.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: hotmail.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=robertames@hotmail.com; x-microsoft-antispam-message-info: 6g3YigHZbG8+cbdIjbFflV98XG3RcMrzAN/HL++g0/o8WL7WBuJm/KevmsnREiMcLMCKvFC5OGlwhsUiiTL5qTr4u6vSl6BDwqKNwEMEs9HmACxNRqjzt2SMm6X7AHq2XLxI+geldhx6ML3L/iM3Aqdy3SvDDcDWMopj5Ag+S6v/c1+4hiWPLKFSfI+/jy1ywVaHpGJ9pWsephWC7jLHpuIMXyQQbvoJTLTyQO8+TR8= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7 X-MS-Exchange-CrossTenant-Network-Message-Id: 294247f8-4cc7-4125-efd1-08d6135e3ef0 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Sep 2018 18:34:42.2397 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT125 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2018 18:34:45 -0000 On Wed, Sep 05, 2018 at 01:00:20PM +0930, O'Connor, Daniel wrote: > > On 5 Sep 2018, at 12:43, Robert Ames wrote: > >>> On 5 Sep 2018, at 08:33, Robert Ames wrote: > >>> FreeBSD sees the device: > >>> > >>> Sep 4 17:25:13 freebsd kernel: ugen1.4: at usbus1 > >>> Sep 4 17:25:13 freebsd kernel: uhid0 on uhub4 > >>> Sep 4 17:25:13 freebsd kernel: uhid0: on usbus1 > >>> > >>> So should this just work out of the box or is there something I'm > >>> missing? =20 > >> > >> Hi Robert, > >> I don't have any Yubikeys but have you tried checking the permissions = of /dev/uhid0* and /dev/ugen1.4 (which will be a symlink to usb/1.4.0) ? > >> You can chmod them for now and then if that works have a devd conf or = devfs rule which sets the permissions appropriately when the device is conn= ected. > >> > >> If permissions are the problem it would be nice to see if the error me= ssage can be improved too :) > >> > >> -- > >> Daniel O'Connor > > > > I had done a manual chmod 777 /dev/usb/1.4.0 but had overlooked /dev/uh= id0. > > Once I did a chmod 777 on that it worked. Thank you. Any suggestions = on the > > best way to add a devd conf or devfs rule for this thing? > > Add this to /etc/devfs.conf.. > [root=3D100] > add path 'uhid*' group users mode 660 > > (Assuming your user is in the 'users' group - adjust to taste, devfs(8) h= as the details) > > And this to /etc/rc.conf.. > devfs_system_ruleset=3D"root" > > Then do.. > sudo service devfs restart > > And unplug/replug the key. > > -- > Daniel O'Connor =20 Yes, that works (using /etc/devfs.rules). Thanks. I also got it to work using /etc/devd.conf =20 # Yubico Security Key attach 100 { match "vendor" "0x1050"; match "product" "0x0120"; device-name "uhid[0-9]+"; action "/usr/sbin/chown robert /dev/$device-name"; }; =20 running "usbconfig dump_device_desc" to get the vendor and product ids. I didn't have to touch /dev/ugen1.4 or /dev/usb/1.4.0. Not sure which is the more correct way to do this. But they both work. So things now work great on the Yubico demo site. Sadly I cannot get it to work in Google. Google doesn't respond when I press the gold disc during the registration process.