Remove NK_lock_device call from PasswordSafe::drop

When enabled, the password safe can be used without authentication.  The
lock device can be used to lock the password safe.  Currently,
PasswordSafe::drop calls this command to make sure that other
applications cannot access the password safe without authentication.

On the Nitrokey Storage, locking the device may also disable the
encrypted or hidden volume.  As using the password safe should not have
side effects on the storage volumes, this patch removes the call to the
lock device command from the Drop implementation.  Instead, the user
should call this method after making sure that it does not have side
effects.

A feature request for a command that only locks the password safe
without side effects is submitted to the Nitrokey Storage firmware
repository:
	https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65

1 files changed, 4 insertions, 0 deletions

diff --git a/src/tests/pws.rs b/src/tests/pws.rs
index d6125a9..02e33cd 100644
--- a/src/tests/pws.rs
+++ b/src/tests/pws.rs
@@ -1,3 +1,4 @@
+use device::Device;
 use nitrokey_sys;
 use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};
 use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
@@ -36,6 +37,9 @@ fn drop() {
         assert_eq!(Ok(String::from("name")), result);
     }
     let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) });
+    assert_eq!(Ok(String::from("name")), result);
+    device.lock();
+    let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) });
     assert_eq!(Err(CommandError::NotAuthorized), result);
 }