add support for choosing a serial

Author: akerl

cmd/profiles_rotate.go

@@ -11,6 +11,7 @@ import (
 func init() {
 	profilesCmd.AddCommand(profilesRotateCmd)
 	profilesRotateCmd.Flags().BoolP("yubikey", "y", false, "Store MFA on yubikey")
+	profilesRotateCmd.Flags().String("serial", "", "Yubikey serial to use")
 }
 
 var profilesRotateCmd = &cobra.Command{
@@ -30,10 +31,15 @@ func profilesRotateRunner(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	serial, err := cmd.Flags().GetString("serial")
+	if err != nil {
+		return err
+	}
+
 	var mfaPrompt creds.MfaPrompt
 	if useYubikey {
 		mfaPrompt = &creds.MultiMfaPrompt{Backends: []creds.MfaPrompt{
-			yubikey.NewPrompt(),
+			yubikey.NewPromptWithSerial(serial),
 			&creds.DefaultMfaPrompt{},
 		}}
 	} else {

cmd/travel.go

@@ -24,6 +24,7 @@ func init() {
 	travelCmd.Flags().String("profile", "", "Choose source profile to use")
 	travelCmd.Flags().StringP("prompt", "p", "", "Choose prompt to use")
 	travelCmd.Flags().BoolP("yubikey", "y", false, "Use Yubikey for MFA")
+	travelCmd.Flags().String("serial", "", "Yubikey serial to use")
 	travelCmd.Flags().String("service", "", "Service path for console URL")
 }
 
@@ -56,6 +57,11 @@ func travelRunner(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	serial, err := cmd.Flags().GetString("serial")
+	if err != nil {
+		return err
+	}
+
 	servicePath, err := flags.GetString("service")
 	if err != nil {
 		return err
@@ -79,7 +85,7 @@ func travelRunner(cmd *cobra.Command, args []string) error {
 	opts := travel.DefaultTraverseOptions()
 	if useYubikey {
 		opts.MfaPrompt = &creds.MultiMfaPrompt{Backends: []creds.MfaPrompt{
-			yubikey.NewPrompt(),
+			yubikey.NewPromptWithSerial(serial),
 			&creds.DefaultMfaPrompt{},
 		}}
 	}

cmd/xargs.go

@@ -26,6 +26,7 @@ func init() {
 	xargsCmd.Flags().String("profile", "", "Choose source profile to use")
 	xargsCmd.Flags().StringP("prompt", "p", "", "Choose prompt to use")
 	xargsCmd.Flags().BoolP("yubikey", "y", false, "Use Yubikey for MFA")
+	xargsCmd.Flags().String("serial", "", "Yubikey serial to use")
 	xargsCmd.Flags().StringP("command", "c", "", "Command to execute")
 	xargsCmd.Flags().Bool("skipconfirm", false, "Skip confirmation prompt")
 }
@@ -59,6 +60,11 @@ func xargsRunner(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	serial, err := cmd.Flags().GetString("serial")
+	if err != nil {
+		return err
+	}
+
 	commandStr, err := flags.GetString("command")
 	if err != nil {
 		return err
@@ -85,7 +91,7 @@ func xargsRunner(cmd *cobra.Command, args []string) error {
 	opts := travel.DefaultTraverseOptions()
 	if useYubikey {
 		opts.MfaPrompt = &creds.MultiMfaPrompt{Backends: []creds.MfaPrompt{
-			yubikey.NewPrompt(),
+			yubikey.NewPromptWithSerial(serial),
 			&creds.DefaultMfaPrompt{},
 		}}
 	}

go.mod

@@ -4,6 +4,8 @@ go 1.18
 
 replace github.com/ktr0731/go-fuzzyfinder => github.com/akerl/go-fuzzyfinder v0.1.2-0.20200507171954-7f19dd52209e
 
+replace github.com/yawn/ykoath => github.com/akerl/ykoath v0.0.0-20230103063257-aefeeb4a3d6e
+
 require (
 	github.com/99designs/keyring v1.2.1
 	github.com/BurntSushi/locker v0.0.0-20171006230638-a6e239ea1c69

go.sum

@@ -19,6 +19,8 @@ github.com/akerl/speculate/v2 v2.6.2 h1:kj8z+2DScnqRiCBpvFgXvpvHH+u5pr1yV963tPvf
 github.com/akerl/speculate/v2 v2.6.2/go.mod h1:rDf7gUb/C3KFXqFzT/E2wFxW9u5e3mKJpkAL783wctg=
 github.com/akerl/timber/v2 v2.0.1 h1:hY4VCOJns7KsxwxP/ifSt3Rz9GZCfKewapaimObnA2E=
 github.com/akerl/timber/v2 v2.0.1/go.mod h1:jBjRGI2CWuvbZlrZkp1JO/X51pMlbg72NFy+Vnd59oI=
+github.com/akerl/ykoath v0.0.0-20230103063257-aefeeb4a3d6e h1:WpPMCdrKJvy5u4hX6rFGa+Ugy0mbTSBHYW8+gfRAX4Q=
+github.com/akerl/ykoath v0.0.0-20230103063257-aefeeb4a3d6e/go.mod h1:dcXMmLrvt6WFkySkG2k8ZEqxiTbu/TWSI4+/Cb54+Lg=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -178,8 +180,6 @@ github.com/vbauerster/mpb/v4 v4.12.2 h1:TsBs1nWRYF0m8cUH13pxNhOUqY6yKcOr2PeSYxp2
 github.com/vbauerster/mpb/v4 v4.12.2/go.mod h1:LVRGvMch8T4HQO3eg2pFPsACH9kO/O6fT/7vhGje3QE=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yawn/ykoath v1.0.4 h1:kGYMr7um0mmLl/lnpgeH7+waQL9WyncsamMsVT/KWbQ=
-github.com/yawn/ykoath v1.0.4/go.mod h1:dcXMmLrvt6WFkySkG2k8ZEqxiTbu/TWSI4+/Cb54+Lg=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=

yubikey/main.go

@@ -63,12 +63,22 @@ func homeDir() (string, error) {
 // Prompt defines a yubikey prompt object
 type Prompt struct {
 	mapping map[string]string
+	serial  string
 }
 
 // NewPrompt populates the yubikey mapping from a dotfile, if it exists
 func NewPrompt() *Prompt {
+	return NewPromptWithSerial("")
+}
+
+// NewPromptWithSerial creates a new prompt with a specific serial
+func NewPromptWithSerial(serial string) *Prompt {
 	logger.InfoMsg("creating new yubikey prompt object")
 	p := Prompt{}
+	if serial != "" {
+		logger.InfoMsgf("setting yubikey serial to %s", serial)
+		p.serial = serial
+	}
 	file, err := mappingFile()
 	if err != nil {
 		logger.InfoMsgf("failed to load mapping file: %s", err)
@@ -205,7 +215,7 @@ func (p *Prompt) otpCode(name string) (string, error) {
 
 func (p *Prompt) getDevice() (*ykoath.OATH, error) {
 	logger.InfoMsg("creating new yubikey oath device")
-	oath, err := ykoath.New()
+	oath, err := ykoath.NewFromSerial(p.serial)
 	if err != nil {
 		return nil, err
 	}