diff options
| author | Jesse Luehrs <doy@tozt.net> | 2021-10-27 22:56:09 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2021-10-27 22:56:09 -0400 |
| commit | cc389962fdd1c7eca9d328b794c95f8d5536944c (patch) | |
| tree | feb0939ab58a672b0364a8a3bf1ccd7b7e1766bd | |
| parent | 3fa5908401237b643c69f84bbf4c69e1ca3e2484 (diff) | |
| download | rbw-cc389962fdd1c7eca9d328b794c95f8d5536944c.tar.gz rbw-cc389962fdd1c7eca9d328b794c95f8d5536944c.zip | |
don't grab the keyboard when entering the api key
unlike the vault password, it's pretty unlikely that someone will be
entering the api key by hand, so make copy/paste more reasonable
| -rw-r--r-- | src/bin/rbw-agent/actions.rs | 5 | ||||
| -rw-r--r-- | src/pinentry.rs | 10 |
2 files changed, 12 insertions, 3 deletions
diff --git a/src/bin/rbw-agent/actions.rs b/src/bin/rbw-agent/actions.rs index 8039618..1cc71c3 100644 --- a/src/bin/rbw-agent/actions.rs +++ b/src/bin/rbw-agent/actions.rs @@ -36,6 +36,7 @@ pub async fn register( &format!("Log in to {}", host), err.as_deref(), tty, + false, ) .await .context("failed to read client_id from pinentry")?; @@ -45,6 +46,7 @@ pub async fn register( &format!("Log in to {}", host), err.as_deref(), tty, + false, ) .await .context("failed to read client_secret from pinentry")?; @@ -114,6 +116,7 @@ pub async fn login( &format!("Log in to {}", host), err.as_deref(), tty, + true, ) .await .context("failed to read password from pinentry")?; @@ -218,6 +221,7 @@ async fn two_factor( "Enter the 6 digit verification code from your authenticator app.", err.as_deref(), tty, + true, ) .await .context("failed to read code from pinentry")?; @@ -372,6 +376,7 @@ pub async fn unlock( "Unlock the local database", err.as_deref(), tty, + true, ) .await .context("failed to read password from pinentry")?; diff --git a/src/pinentry.rs b/src/pinentry.rs index d62d4b2..b4d2bb0 100644 --- a/src/pinentry.rs +++ b/src/pinentry.rs @@ -8,15 +8,19 @@ pub async fn getpin( desc: &str, err: Option<&str>, tty: Option<&str>, + grab: bool, ) -> Result<crate::locked::Password> { let mut opts = tokio::process::Command::new(pinentry); opts.stdin(std::process::Stdio::piped()) .stdout(std::process::Stdio::piped()); + let mut args = vec!["-o", "0"]; if let Some(tty) = tty { - opts.args(&["-T", tty, "-o", "0"]); - } else { - opts.args(&["-o", "0"]); + args.extend(&["-T", tty]); } + if !grab { + args.push("-g"); + } + opts.args(args); let mut child = opts.spawn().map_err(|source| Error::Spawn { source })?; // unwrap is safe because we specified stdin as piped in the command opts // above |