I have the following rules in /etc/udev/rules.d/90-yubikey.rules:
Code:
ACTION=="remove", ENV{ID_VENDOR}=="Yubico", RUN+="/usr/local/bin/ykgone"
ACTION=="add", ENV{ID_VENDOR}=="Yubico", RUN+="/usr/local/bin/ykhere"
The "remove" rule works great, but the "add" rule is causing problems. With the "add" rule in place, inserting the yubikey causes /usr/local/bin/ykhere to be executed many times a second, the LED on the yubikey to flash at about the same rate, and the yubikey to stop responding to button presses with an OTP token key sequence (but the OTP loss may be because /usr/local/bin/ykhere is generating so many HMAC-SHA1 challenges.)
How can I modify the "add" line so that /usr/local/bin/ykhere is only run once when the key is inserted, and the OTP button works as usual the rest of the time
This is on lubuntu 12.10, with packages yubikey-personalization 1.7.0-1, libyubikey0 1.8-1. yubikey firmware version 2.3.3.
The script /usr/local/bin/ykhere is
Code:
#!/bin/bash
if [ -n "$(lsusb | grep Yubikey)" ] ; then
/bin/su coventry -c /usr/local/bin/unlock
fi
And /usr/local/bin/unlock is
#!/bin/bash
Code:
if [ "`~/bin/chalresp.py `" == "OK" ]; then
pkill xscreensaver
fi
And finally, this is chalresp.py:
Code:
#!/usr/bin/python
import subprocess, os, re
recpath = os.path.expanduser('~/.ykchalresp')
chal, resp = open(recpath).read().strip().split()
def make_resp(chal):
return subprocess.check_output(['ykchalresp', '-2', '-H', chal]
).strip()
tresp = make_resp(chal)
if tresp == resp:
# Challenge succeeded; make a new challenge for next time
nresp = make_resp(tresp)
print >> open(recpath, 'w'), tresp, nresp
print 'OK'
exit(0)
else:
print 'Failed'
exit(1)
I can "fix" the problem by putting a "sleep 20" after "pkill xscreensaver" in /usr/local/bin/unlock and a "service udev restart" after calling /usr/local/bin/unlock in /usr/local/bin/ykhere. But that's kind of a horrendous abuse.
Login
FAQ
Search
