From a57449dcd2abe1fa5dae195470fccc9a9a398e04 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Sun, 26 May 2019 22:11:36 -0700 Subject: Allow for disabling of secret caching So far we have cached secrets in gpg-agent(1) whenever that made sense to do (i.e., for the two PINs in most contexts but not for passwords). While there is reason to believe that such caching is desired by the majority of users, not everybody has a use for it. To give users an opportunity to opt out of such caching, this change introduces a new environment variable, NITROCLI_NO_CACHE, that, when present in the environment, instructs the program to bypass the cache for all operations that require a secret and to instead inquire such secrets each time they are needed. --- nitrocli/src/pinentry.rs | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'nitrocli/src/pinentry.rs') diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs index 7bba6b9..d8a77d4 100644 --- a/nitrocli/src/pinentry.rs +++ b/nitrocli/src/pinentry.rs @@ -22,6 +22,7 @@ use std::fmt; use std::process; use std::str; +use crate::args; use crate::error::Error; type CowStr = borrow::Cow<'static, str>; @@ -223,19 +224,27 @@ where /// Inquire a secret from the user. /// /// This function inquires a secret from the user or returns a cached -/// entry, if available. If an error message is set, it is displayed in +/// entry, if available (and if caching is not disabled for the given +/// execution context). If an error message is set, it is displayed in /// the entry dialog. The mode describes the context of the pinentry /// dialog. It is used to choose an appropriate description and to /// decide whether a quality bar is shown in the dialog. -pub fn inquire(entry: &E, mode: Mode, error_msg: Option<&str>) -> crate::Result +pub fn inquire( + ctx: &mut args::ExecCtx<'_>, + entry: &E, + mode: Mode, + error_msg: Option<&str>, +) -> crate::Result where E: SecretEntry, { let cache_id = entry .cache_id() + .and_then(|id| if ctx.no_cache { None } else { Some(id) }) // "X" is a sentinel value indicating that no caching is desired. .unwrap_or_else(|| "X".into()) .into(); + let error_msg = error_msg .map(|msg| msg.replace(" ", "+")) .unwrap_or_else(|| String::from("+")); @@ -272,16 +281,16 @@ where } } -pub fn choose(entry: &E) -> crate::Result +pub fn choose(ctx: &mut args::ExecCtx<'_>, entry: &E) -> crate::Result where E: SecretEntry, { clear(entry)?; - let chosen = inquire(entry, Mode::Choose, None)?; + let chosen = inquire(ctx, entry, Mode::Choose, None)?; clear(entry)?; check(entry, &chosen)?; - let confirmed = inquire(entry, Mode::Confirm, None)?; + let confirmed = inquire(ctx, entry, Mode::Confirm, None)?; clear(entry)?; if chosen != confirmed { -- cgit v1.2.1