1 files changed, 12 insertions, 12 deletions

diff --git a/src/pws.rs b/src/pws.rs
index 371de6e..a5b9d33 100644
--- a/src/pws.rs
+++ b/src/pws.rs
@@ -18,8 +18,7 @@ pub const SLOT_COUNT: u8 = 16;
 /// The password safe stores a tuple consisting of a name, a login and a password on a slot.  The
 /// number of available slots is [`SLOT_COUNT`][].  The slots are addressed starting with zero.  To
 /// retrieve a password safe from a Nitrokey device, use the [`get_password_safe`][] method from
-/// the [`GetPasswordSafe`][] trait.  Note that the device must live at least as long as the
-/// password safe.
+/// the [`GetPasswordSafe`][] trait.
 ///
 /// Once the password safe has been unlocked, it can be accessed without a password.  Therefore it
 /// is mandatory to call [`lock`][] on the corresponding device after the password store is used.
@@ -58,21 +57,17 @@ pub const SLOT_COUNT: u8 = 16;
 /// [`GetPasswordSafe`]: trait.GetPasswordSafe.html
 #[derive(Debug)]
 pub struct PasswordSafe<'a> {
-    _device: &'a dyn Device,
+    device: &'a mut dyn Device,
 }
 
 /// Provides access to a [`PasswordSafe`][].
 ///
-/// The device that implements this trait must always live at least as long as a password safe
-/// retrieved from it.
-///
 /// [`PasswordSafe`]: struct.PasswordSafe.html
 pub trait GetPasswordSafe {
     /// Enables and returns the password safe.
     ///
-    /// The underlying device must always live at least as long as a password safe retrieved from
-    /// it.  It is mandatory to lock the underlying device using [`lock`][] after the password safe
-    /// has been used.  Otherwise, other applications can access the password store without
+    /// It is mandatory to lock the underlying device using [`lock`][] after the password safe has
+    /// been used.  Otherwise, other applications can access the password store without
     /// authentication.
     ///
     /// If this method returns an `AesDecryptionFailed` (Nitrokey Pro) or `Unknown` (Nitrokey
@@ -121,12 +116,17 @@ pub trait GetPasswordSafe {
 }
 
 fn get_password_safe<'a>(
-    device: &'a dyn Device,
+    device: &'a mut dyn Device,
     user_pin: &str,
 ) -> Result<PasswordSafe<'a>, Error> {
     let user_pin_string = get_cstring(user_pin)?;
-    get_command_result(unsafe { nitrokey_sys::NK_enable_password_safe(user_pin_string.as_ptr()) })
-        .map(|_| PasswordSafe { _device: device })
+    let result = get_command_result(unsafe {
+        nitrokey_sys::NK_enable_password_safe(user_pin_string.as_ptr())
+    });
+    match result {
+        Ok(()) => Ok(PasswordSafe { device }),
+        Err(err) => Err(err),
+    }
 }
 
 fn get_pws_result(s: String) -> Result<String, Error> {