bwpass: Correct pinentry prompt text

bwpass: Use XDG_RUNTIME_DIR if available
For additional protection of the Bitwarden session ID file, it will now be stored in the directory specified by the `XDG_RUNTIME_DIR` environment variable. On most systems, this is a tmpfs filesystem owned and only accessible by the current user.
2019-09-18 08:19:40 -05:00 · 2019-09-18 08:19:40 -05:00
1 changed files with 19 additions and 11 deletions
--- a/src/bwpass.py
+++ b/src/bwpass.py
@ -25,6 +25,7 @@ XDG_CACHE_HOME = os.environ.get(
    'XDG_CACHE_HOME',
    os.path.expanduser('~/.cache'),
 )
+XDG_RUNTIME_DIR = os.environ.get('XDG_RUNTIME_DIR')

 BITWARDENCLI_APPDATA_DIR = os.environ.get(
    'BITWARDENCLI_APPDATA_DIR',
@ -94,7 +95,7 @@ class Pinentry:
                    putline(f'SETDESC {self.description}')
                    getline()
                if self.prompt:
-                    putline(f'SETTITLE {self.title}')
+                    putline(f'SETPROMPT {self.prompt}')
                    getline()
                putline('GETPIN')
                d = getline()
@ -125,6 +126,21 @@ class Vault:
        with open(self.cache, 'w') as f:
            json.dump(self.items, f)

+    @property
+    def _bw_session_file(self) -> str:
+        uid = os.getuid()
+        if XDG_RUNTIME_DIR:
+            try:
+                st = os.stat(XDG_RUNTIME_DIR)
+            except FileNotFoundError:
+                pass
+            else:
+                if st.st_uid == uid:
+                    return os.path.join(XDG_RUNTIME_DIR, '.bw_session')
+                else:
+                    return os.path.join(XDG_RUNTIME_DIR, f'.bw_session-{uid}')
+        return os.path.join(tempfile.gettempdir(), f'.bw_session-{uid}')
+
    @classmethod
    def load(cls) -> 'Vault':
        self = cls()
@ -172,11 +188,7 @@ class Vault:
            self.items = json.load(f)

    def lock(self) -> None:
-        uid = os.getuid()
-        fn = os.path.join(
-            tempfile.gettempdir(),
-            f'.bw_session-{uid}',
-        )
+        fn = self._bw_session_file
        try:
            os.unlink(fn)
        except FileNotFoundError:
@ -184,11 +196,7 @@ class Vault:
        self.session_id = None

    def unlock(self) -> None:
-        uid = os.getuid()
-        fn = os.path.join(
-            tempfile.gettempdir(),
-            f'.bw_session-{uid}',
-        )
+        fn = self._bw_session_file
        try:
            with open(fn) as f:
                log.debug('Loading session ID from %s', fn)