Add overwrite option to pws set command

This patch adds the --overwrite option to the pws set command and changes the default behavior to refuse overwriting programmed slots.
d-e-s-o · robinkrahl · Apr 17, 2021 · Apr 17, 2021 · 8a6d7fb08bd0cfdb3219e62a433387f09f49a528
commit 8a6d7fb08bd0cfdb3219e62a433387f09f49a528
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,8 @@ Unreleased
 - Bumped `nitrokey` dependency to `0.9.0`
 - Added the `--only-aes-key` option to the `reset` command to build a new AES
  key without performing a factory reset
+- Added the `--overwrite` option to `pws set` and changed the default behavior
+ to not overwrite programmed slots
 
 
 0.4.0

diff --git a/doc/nitrocli.1 b/doc/nitrocli.1
@@ -273,11 +273,15 @@ The fields are printed together with a label.
 Use the \fB\-\-quiet\fR option to suppress the labels and to only output the
 values stored in the PWS slot.
 .TP
-\fBnitrocli pws set \fIslot name login password\fR
+\fBnitrocli pws set \fR[\fB\-o\fR|\fB\-\-overwrite\fR] \
+\fIslot name login password\fR
 Set the content of a PWS slot.
 \fIslot\fR is the number of the slot to write.
 \fIname\fR, \fIlogin\fR, and \fIpassword\fR represent the data to write to the
 slot.
+Per default, this command refuses to overwrite programmed slots.
+Set the \fB\-\-overwrite\fR option or use the \fBpws update\fR command if you
+want to overwrite a slot.
 .TP
 \fBnitrocli pws clear \fIslot\fR
 Delete the data stored in a PWS slot.

diff --git a/src/args.rs b/src/args.rs
@@ -396,7 +396,7 @@ Command! {PwsCommand, [
  },
  /// Writes a password safe slot
  Set(PwsSetArgs) => |ctx, args: PwsSetArgs| {
- crate::commands::pws_set(ctx, args.slot, &args.name, &args.login, &args.password)
+ crate::commands::pws_set(ctx, args.slot, &args.name, &args.login, &args.password, args.overwrite)
  },
  /// Prints the status of the password safe slots
  Status(PwsStatusArgs) => |ctx, args: PwsStatusArgs| crate::commands::pws_status(ctx, args.all),
@@ -428,6 +428,9 @@ pub struct PwsGetArgs {
 
 #[derive(Debug, PartialEq, structopt::StructOpt)]
 pub struct PwsSetArgs {
+ /// Overwrite the slot if it is currently programmed
+ #[structopt(short, long)]
+ pub overwrite: bool,
  /// The PWS slot to write
  pub slot: u8,
  /// The name to store on the slot

diff --git a/src/commands.rs b/src/commands.rs
@@ -1038,8 +1038,21 @@ pub fn pws_set(
  name: &str,
  login: &str,
  password: &str,
+ overwrite: bool,
 ) -> anyhow::Result<()> {
  with_password_safe(ctx, |_ctx, mut pws| {
+ if !overwrite {
+ match pws.get_slot(slot) {
+ Ok(_) => anyhow::bail!(
+ "The PWS slot is already programmed. Set the --overwrite flag or use the update \
+ command if you want to overwrite the slot data."
+ ),
+ Err(nitrokey::Error::CommandError(nitrokey::CommandError::SlotNotProgrammed)) => {}
+ Err(err) => {
+ return Err(anyhow::Error::new(err).context("Failed to query password safe slot"));
+ }
+ }
+ }
  pws
  .write_slot(slot, name, login, password)
  .context("Failed to write PWS slot")