diff options
author | Daniel Mueller <deso@posteo.net> | 2019-05-26 22:11:36 -0700 |
---|---|---|
committer | Daniel Mueller <deso@posteo.net> | 2019-05-27 08:32:06 -0700 |
commit | a57449dcd2abe1fa5dae195470fccc9a9a398e04 (patch) | |
tree | 673118362b069678539c501acf3dc521591cdff7 /nitrocli/src/pinentry.rs | |
parent | c01bbbf186cd88f9e1b3c3eda0459635bed209b4 (diff) | |
download | nitrocli-a57449dcd2abe1fa5dae195470fccc9a9a398e04.tar.gz nitrocli-a57449dcd2abe1fa5dae195470fccc9a9a398e04.tar.bz2 |
Allow for disabling of secret caching
So far we have cached secrets in gpg-agent(1) whenever that made sense
to do (i.e., for the two PINs in most contexts but not for passwords).
While there is reason to believe that such caching is desired by the
majority of users, not everybody has a use for it.
To give users an opportunity to opt out of such caching, this change
introduces a new environment variable, NITROCLI_NO_CACHE, that, when
present in the environment, instructs the program to bypass the cache
for all operations that require a secret and to instead inquire such
secrets each time they are needed.
Diffstat (limited to 'nitrocli/src/pinentry.rs')
-rw-r--r-- | nitrocli/src/pinentry.rs | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs index 7bba6b9..d8a77d4 100644 --- a/nitrocli/src/pinentry.rs +++ b/nitrocli/src/pinentry.rs @@ -22,6 +22,7 @@ use std::fmt; use std::process; use std::str; +use crate::args; use crate::error::Error; type CowStr = borrow::Cow<'static, str>; @@ -223,19 +224,27 @@ where /// Inquire a secret from the user. /// /// This function inquires a secret from the user or returns a cached -/// entry, if available. If an error message is set, it is displayed in +/// entry, if available (and if caching is not disabled for the given +/// execution context). If an error message is set, it is displayed in /// the entry dialog. The mode describes the context of the pinentry /// dialog. It is used to choose an appropriate description and to /// decide whether a quality bar is shown in the dialog. -pub fn inquire<E>(entry: &E, mode: Mode, error_msg: Option<&str>) -> crate::Result<String> +pub fn inquire<E>( + ctx: &mut args::ExecCtx<'_>, + entry: &E, + mode: Mode, + error_msg: Option<&str>, +) -> crate::Result<String> where E: SecretEntry, { let cache_id = entry .cache_id() + .and_then(|id| if ctx.no_cache { None } else { Some(id) }) // "X" is a sentinel value indicating that no caching is desired. .unwrap_or_else(|| "X".into()) .into(); + let error_msg = error_msg .map(|msg| msg.replace(" ", "+")) .unwrap_or_else(|| String::from("+")); @@ -272,16 +281,16 @@ where } } -pub fn choose<E>(entry: &E) -> crate::Result<String> +pub fn choose<E>(ctx: &mut args::ExecCtx<'_>, entry: &E) -> crate::Result<String> where E: SecretEntry, { clear(entry)?; - let chosen = inquire(entry, Mode::Choose, None)?; + let chosen = inquire(ctx, entry, Mode::Choose, None)?; clear(entry)?; check(entry, &chosen)?; - let confirmed = inquire(entry, Mode::Confirm, None)?; + let confirmed = inquire(ctx, entry, Mode::Confirm, None)?; clear(entry)?; if chosen != confirmed { |