goldwarden-vaultwarden-bitw.../agent/systemauth/biometrics/polkit.go

//go:build linux || freebsd

package biometrics

import (
	"github.com/amenzhinsky/go-polkit"
)

const POLICY = `<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
<policyconfig>

  <action id="com.quexten.goldwarden.accessvault">
    <description>Allow access to the vault</description>
    <message>Allows access to the vault</message>
    <defaults>
      <allow_any>auth_self</allow_any>
      <allow_inactive>auth_self</allow_inactive>
      <allow_active>auth_self</allow_active>
    </defaults>
  </action>
  <action id="com.quexten.goldwarden.usesshkey">
    <description>Use SSH Key</description>
    <message>Authenticate to use an SSH Key from your vault</message>
    <defaults>
      <allow_any>auth_self</allow_any>
      <allow_inactive>auth_self</allow_inactive>
      <allow_active>auth_self</allow_active>
    </defaults>
  </action>
  <action id="com.quexten.goldwarden.browserbiometrics">
    <description>Browser Biometrics</description>
    <message>Authenticate to allow Goldwarden to unlock your browser</message>
    <defaults>
      <allow_any>auth_self</allow_any>
      <allow_inactive>auth_self</allow_inactive>
      <allow_active>auth_self</allow_active>
    </defaults>
  </action>

</policyconfig>`

func CheckBiometrics(approvalType Approval) bool {
	if biometricsDisabled {
		return true
	}

	log.Info("Checking biometrics for %s", approvalType.String())

	authority, err := polkit.NewAuthority()
	if err != nil {
		log.Error("Failed to create polkit authority: %s", err.Error())
		return false
	}

	result, err := authority.CheckAuthorization(
		approvalType.String(),
		nil,
		uint32(polkit.AuthenticationRequiredRetained), "",
	)

	if err != nil {
		log.Error("Failed to create polkit authority: %s", err.Error())
		return false
	}

	log.Info("Biometrics result: %t", result.IsAuthorized)

	return result.IsAuthorized
}

func BiometricsWorking() bool {
	if biometricsDisabled {
		return false
	}

	authority, err := polkit.NewAuthority()
	if err != nil {
		return false
	}

	result, err := authority.EnumerateActions("en")
	if err != nil {
		return false
	}

	if len(result) == 0 {
		return false
	}

	testFor := AccessVault
	for _, action := range result {
		if Approval(action.ActionID) == testFor {
			return true
		}
	}

	return false
}
Add touchid biometrics 2023-09-12 01:22:48 +02:00			`//go:build linux \|\| freebsd`

			`package biometrics`
Add setup 2023-08-03 00:42:31 +02:00
			`import (`
			`"github.com/amenzhinsky/go-polkit"`
			`)`

			const POLICY = `<?xml version="1.0" encoding="UTF-8"?>
			`<!DOCTYPE policyconfig PUBLIC`
			`"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"`
Update polkit policy 2023-09-19 22:29:21 +02:00			`"http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">`
Add setup 2023-08-03 00:42:31 +02:00			`<policyconfig>`
Update polkit policy 2023-09-19 22:29:21 +02:00
			`<action id="com.quexten.goldwarden.accessvault">`
			`<description>Allow access to the vault</description>`
			`<message>Allows access to the vault</message>`
			`<defaults>`
			`<allow_any>auth_self</allow_any>`
			`<allow_inactive>auth_self</allow_inactive>`
			`<allow_active>auth_self</allow_active>`
			`</defaults>`
			`</action>`
			`<action id="com.quexten.goldwarden.usesshkey">`
			`<description>Use SSH Key</description>`
			`<message>Authenticate to use an SSH Key from your vault</message>`
			`<defaults>`
			`<allow_any>auth_self</allow_any>`
			`<allow_inactive>auth_self</allow_inactive>`
			`<allow_active>auth_self</allow_active>`
			`</defaults>`
			`</action>`
			`<action id="com.quexten.goldwarden.browserbiometrics">`
			`<description>Browser Biometrics</description>`
			`<message>Authenticate to allow Goldwarden to unlock your browser</message>`
			`<defaults>`
			`<allow_any>auth_self</allow_any>`
			`<allow_inactive>auth_self</allow_inactive>`
			`<allow_active>auth_self</allow_active>`
			`</defaults>`
			`</action>`

Add setup 2023-08-03 00:42:31 +02:00			</policyconfig>`

			`func CheckBiometrics(approvalType Approval) bool {`
Add touchid biometrics 2023-09-12 01:22:48 +02:00			`if biometricsDisabled {`
Login with device & virtual ipc 2023-08-21 13:52:06 +02:00			`return true`
			`}`
Add setup 2023-08-03 00:42:31 +02:00
Add more env variables 2023-08-21 18:37:34 +02:00			`log.Info("Checking biometrics for %s", approvalType.String())`

Add setup 2023-08-03 00:42:31 +02:00			`authority, err := polkit.NewAuthority()`
			`if err != nil {`
Rework systemauth 2023-09-19 21:49:56 +02:00			`log.Error("Failed to create polkit authority: %s", err.Error())`
Add setup 2023-08-03 00:42:31 +02:00			`return false`
			`}`

			`result, err := authority.CheckAuthorization(`
			`approvalType.String(),`
			`nil,`
Rework systemauth 2023-09-19 21:49:56 +02:00			`uint32(polkit.AuthenticationRequiredRetained), "",`
Add setup 2023-08-03 00:42:31 +02:00			`)`

			`if err != nil {`
Rework systemauth 2023-09-19 21:49:56 +02:00			`log.Error("Failed to create polkit authority: %s", err.Error())`
Add setup 2023-08-03 00:42:31 +02:00			`return false`
			`}`

			`log.Info("Biometrics result: %t", result.IsAuthorized)`

			`return result.IsAuthorized`
			`}`
Rework systemauth 2023-09-19 21:49:56 +02:00
			`func BiometricsWorking() bool {`
			`if biometricsDisabled {`
			`return false`
			`}`

			`authority, err := polkit.NewAuthority()`
			`if err != nil {`
			`return false`
			`}`

			`result, err := authority.EnumerateActions("en")`
			`if err != nil {`
			`return false`
			`}`

			`if len(result) == 0 {`
			`return false`
			`}`

			`testFor := AccessVault`
			`for _, action := range result {`
			`if Approval(action.ActionID) == testFor {`
			`return true`
			`}`
			`}`

			`return false`
			`}`