distinguish between cached and uncached creds

p2p and multicast creds are not cached the same way that s3 and webdav
creds are. The difference is that p2p and multicast obtain the creds
themselves, as part of a process like pairing. So they're storing the
only extant copy of the creds. In s3 and webdav etc the creds are
provided by the cloud storage provider.

This is a fine difference, but I do think it's a reasonable difference.
If the user wants to prevent s3 and webdav etc creds from being stored
unencrypted on disk, they won't feel the same about p2p auth tokens
used for tor, or a multicast encryption key, or for that matter their
local ssh private key.

This commit was sponsored by Fernando Jimenez on Patreon.

Command/Multicast.hs

@@ -232,7 +232,7 @@ uftpKey = do
 	u <- getUUID
 	return $ KeyContainer $ "annex-" ++ fromUUID u
 #else
-uftpKey = KeyFile <$> cacheCredsFile "multicast"
+uftpKey = KeyFile <$> credsFile "multicast"
 #endif
 
 -- uftp needs a unique UID for each client and server, which 

Creds.hs

@@ -13,9 +13,9 @@ module Creds (
 	getRemoteCredPairFor,
 	warnMissingCredPairFor,
 	getEnvCredPair,
-	writeCacheCreds,
-	readCacheCreds,
-	cacheCredsFile,
+	writeCreds,
+	readCreds,
+	credsFile,
 	removeCreds,
 	includeCredsInfo,
 ) where
@@ -141,32 +141,32 @@ getEnvCredPair storage = liftM2 (,)
 
 writeCacheCredPair :: CredPair -> CredPairStorage -> Annex ()
 writeCacheCredPair credpair storage =
-	writeCacheCreds (encodeCredPair credpair) (credPairFile storage)
+	writeCreds (encodeCredPair credpair) (credPairFile storage)
+
+readCacheCredPair :: CredPairStorage -> Annex (Maybe CredPair)
+readCacheCredPair storage = maybe Nothing decodeCredPair
+	<$> readCreds (credPairFile storage)
+
+existsCacheCredPair :: CredPairStorage -> Annex Bool
+existsCacheCredPair storage = 
+	liftIO . doesFileExist =<< credsFile (credPairFile storage)
 
 {- Stores the creds in a file inside gitAnnexCredsDir that only the user
  - can read. -}
-writeCacheCreds :: Creds -> FilePath -> Annex ()
-writeCacheCreds creds file = do
+writeCreds :: Creds -> FilePath -> Annex ()
+writeCreds creds file = do
 	d <- fromRepo gitAnnexCredsDir
 	createAnnexDirectory d
 	liftIO $ writeFileProtected (d </> file) creds
 
-readCacheCredPair :: CredPairStorage -> Annex (Maybe CredPair)
-readCacheCredPair storage = maybe Nothing decodeCredPair
-	<$> readCacheCreds (credPairFile storage)
+readCreds :: FilePath -> Annex (Maybe Creds)
+readCreds f = liftIO . catchMaybeIO . readFileStrict =<< credsFile f
 
-readCacheCreds :: FilePath -> Annex (Maybe Creds)
-readCacheCreds f = liftIO . catchMaybeIO . readFileStrict =<< cacheCredsFile f
-
-cacheCredsFile :: FilePath -> Annex FilePath
-cacheCredsFile basefile = do
+credsFile :: FilePath -> Annex FilePath
+credsFile basefile = do
 	d <- fromRepo gitAnnexCredsDir
 	return $ d </> basefile
 
-existsCacheCredPair :: CredPairStorage -> Annex Bool
-existsCacheCredPair storage = 
-	liftIO . doesFileExist =<< cacheCredsFile (credPairFile storage)
-
 encodeCredPair :: CredPair -> Creds
 encodeCredPair (l, p) = unlines [l, p]
 

P2P/Address.hs

@@ -65,7 +65,7 @@ repoP2PAddress _ = Nothing
 -- | Load known P2P addresses for this repository.
 loadP2PAddresses :: Annex [P2PAddress]
 loadP2PAddresses = mapMaybe unformatP2PAddress . maybe [] lines
-	<$> readCacheCreds p2pAddressCredsFile
+	<$> readCreds p2pAddressCredsFile
 
 -- | Store a new P2P address for this repository.
 storeP2PAddress :: P2PAddress -> Annex ()
@@ -74,9 +74,9 @@ storeP2PAddress addr = do
 	unless (addr `elem` addrs) $ do
 		let s = unlines $ map formatP2PAddress (addr:addrs)
 		let tmpnam = p2pAddressCredsFile ++ ".new"
-		writeCacheCreds s tmpnam
-		tmpf <- cacheCredsFile tmpnam
-		destf <- cacheCredsFile p2pAddressCredsFile
+		writeCreds s tmpnam
+		tmpf <- credsFile tmpnam
+		destf <- credsFile p2pAddressCredsFile
 		-- This may be run by root, so make the creds file
 		-- and directory have the same owner and group as
 		-- the git repository directory has.

P2P/Auth.hs

@@ -25,7 +25,7 @@ loadP2PAuthTokens' = mapMaybe toAuthToken
         . map T.pack
         . lines
         . fromMaybe []
-        <$> readCacheCreds p2pAuthCredsFile
+        <$> readCreds p2pAuthCredsFile
 
 -- | Stores an AuthToken, making it be accepted by this repository.
 storeP2PAuthToken :: AuthToken -> Annex ()
@@ -33,7 +33,7 @@ storeP2PAuthToken t = do
 	ts <- loadP2PAuthTokens'
 	unless (t `elem` ts) $ do
 		let d = unlines $ map (T.unpack . fromAuthToken) (t:ts)
-		writeCacheCreds d p2pAuthCredsFile
+		writeCreds d p2pAuthCredsFile
 
 p2pAuthCredsFile :: FilePath
 p2pAuthCredsFile = "p2pauth"
@@ -45,7 +45,7 @@ p2pAuthCredsFile = "p2pauth"
 loadP2PRemoteAuthToken :: P2PAddress -> Annex (Maybe AuthToken)
 loadP2PRemoteAuthToken addr = maybe Nothing mk <$> getM id
 	[ liftIO $ getEnv "GIT_ANNEX_P2P_AUTHTOKEN"
-	, readCacheCreds (addressCredsFile addr)
+	, readCreds (addressCredsFile addr)
 	]
   where
 	mk = toAuthToken . T.pack . takeWhile (/= '\n')
@@ -53,9 +53,9 @@ loadP2PRemoteAuthToken addr = maybe Nothing mk <$> getM id
 p2pAuthTokenEnv :: String
 p2pAuthTokenEnv = "GIT_ANNEX_P2P_AUTHTOKEN"
 
--- | Stores the AuthToken o use when connecting with a given P2P address.
+-- | Stores the AuthToken to use when connecting with a given P2P address.
 storeP2PRemoteAuthToken :: P2PAddress -> AuthToken -> Annex ()
-storeP2PRemoteAuthToken addr t = writeCacheCreds
+storeP2PRemoteAuthToken addr t = writeCreds
 	(T.unpack $ fromAuthToken t)
 	(addressCredsFile addr)