From 6f029e744abc0f6d4cfe756d7e6b771be1be3999 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Sun, 6 Sep 2020 23:44:18 +0200 Subject: Fail if multiple matching devices are attached Previously, we just applied our filter (if any) to all attached Nitrokey devices and selected the first match when connection to a Nitrokey device. This may lead to unexpected behavior if multiple devices are attached. This patch changes the find_device function to return an error if multiple matching devices are found. --- CHANGELOG.md | 3 +++ doc/nitrocli.1 | 13 +++++++++---- doc/nitrocli.1.pdf | Bin 40791 -> 40972 bytes src/commands.rs | 7 +++++++ 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a73f3d0..3b96ecf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,9 @@ Unreleased - Added `envy` dependency in version `0.4.2` - Added `merge` dependency in version `0.1.0` - Added `directories` dependency in version `3.0.1` +- Reworked connection handling for multiple attached Nitrokey devices: + - Fail if multiple attached devices match the filter options (or no filter + options are set) 0.3.4 diff --git a/doc/nitrocli.1 b/doc/nitrocli.1 index 74cc2d9..680af3b 100644 --- a/doc/nitrocli.1 +++ b/doc/nitrocli.1 @@ -1,4 +1,4 @@ -.TH NITROCLI 1 2020-09-01 +.TH NITROCLI 1 2020-09-07 .SH NAME nitrocli \- access Nitrokey devices .SH SYNOPSIS @@ -10,12 +10,17 @@ nitrocli \- access Nitrokey devices It supports the Nitrokey Pro and the Nitrokey Storage. It can be used to access the encrypted volume, the one-time password generator, and the password safe. +.SS Device selection +Per default, \fBnitrocli\fR connects to any attached Nitrokey device. +You can use the \fB\-\-model\fR option to select the device to connect to. +\fBnitrocli\fR fails if more than one attached Nitrokey device matches +this filter or if multiple Nitrokey devices are attached and this option +is not set. .SH OPTIONS .TP \fB\-m\fR, \fB\-\-model pro\fR|\fBstorage\fR -Restrict connections to the given device model. -If this option is not set, nitrocli will connect to any connected Nitrokey Pro -or Nitrokey Storage device. +Restrict connections to the given device model, see the Device selection +section. .TP \fB\-\-no\-cache\fR If this option is set, nitrocli will not cache any inquired secrets using diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdf index 0646c84..015f379 100644 Binary files a/doc/nitrocli.1.pdf and b/doc/nitrocli.1.pdf differ diff --git a/src/commands.rs b/src/commands.rs index ac3d020..883110a 100644 --- a/src/commands.rs +++ b/src/commands.rs @@ -61,6 +61,13 @@ fn find_device(config: &config::Config) -> anyhow::Result let device = iter .next() .with_context(|| format!("Nitrokey device not found{}", format_filter(config)))?; + + anyhow::ensure!( + iter.next().is_none(), + "Multiple Nitrokey devices found{}. Use the --model and --serial-number options to \ + select one", + format_filter(config) + ); Ok(device) } -- cgit v1.2.3