goldwarden-vaultwarden-bitw.../agent/processsecurity/unix.go

//go:build linux || freebsd

package processsecurity

import (
	"time"

	"github.com/godbus/dbus/v5"
	"github.com/quexten/goldwarden/agent/processsecurity/isdelve"
	"golang.org/x/sys/unix"
)

const IDLE_TIME = 60 * 15

func DisableDumpable() error {
	if isdelve.Enabled {
		return nil
	} else {
		return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
	}
}

func MonitorLocks(onlock func()) error {
	bus, err := dbus.SessionBus()
	if err != nil {
		return err
	}
	err = bus.AddMatchSignal(dbus.WithMatchInterface("org.gnome.ScreenSaver"))
	if err != nil {
		return err
	}
	err = bus.AddMatchSignal(dbus.WithMatchInterface("org.freedesktop.ScreenSaver"))
	if err != nil {
		return err
	}

	signals := make(chan *dbus.Signal, 10)
	bus.Signal(signals)
	for {
		message := <-signals
		if message.Name == "org.gnome.ScreenSaver.ActiveChanged" {
			if len(message.Body) == 0 {
				continue
			}
			locked, err := message.Body[0].(bool)
			if err || locked {
				onlock()
			}
		}
		if message.Name == "org.freedesktop.ScreenSaver.ActiveChanged" {
			if len(message.Body) == 0 {
				continue
			}
			locked, err := message.Body[0].(bool)
			if err || locked {
				onlock()
			}
		}
	}
}

func MonitorIdle(onidle func()) error {
	bus, err := dbus.SessionBus()
	if err != nil {
		return err
	}

	var wasidle = false
	for {
		var res int64
		err = bus.Object("org.gnome.Mutter.IdleMonitor", "/org/gnome/Mutter/IdleMonitor/Core").Call("org.gnome.Mutter.IdleMonitor.GetIdletime", 0).Store(&res)
		if err != nil {
			return err
		}
		secondsIdle := res / 1000
		if secondsIdle > IDLE_TIME {
			if !wasidle {
				wasidle = true
				onidle()
			}
		} else {
			wasidle = false
		}

		time.Sleep(1 * time.Second)
	}
}
Move processsecurity into submodule 2023-08-24 03:22:03 +02:00			`//go:build linux \|\| freebsd`

			`package processsecurity`

Add lock on screensaver 2023-12-23 08:37:17 +01:00			`import (`
Add idle monitor 2023-12-28 01:04:46 +01:00			`"time"`
Add lock on screensaver 2023-12-23 08:37:17 +01:00
			`"github.com/godbus/dbus/v5"`
Disable prctl dumpable protection under delve debugging 2024-02-12 03:28:56 +01:00			`"github.com/quexten/goldwarden/agent/processsecurity/isdelve"`
Re-enable dumping prevention 2023-12-28 13:42:54 +01:00			`"golang.org/x/sys/unix"`
Add lock on screensaver 2023-12-23 08:37:17 +01:00			`)`
Move processsecurity into submodule 2023-08-24 03:22:03 +02:00
Implement pincache 2024-02-09 20:48:44 +01:00			`const IDLE_TIME = 60 * 15`

Move processsecurity into submodule 2023-08-24 03:22:03 +02:00			`func DisableDumpable() error {`
Disable prctl dumpable protection under delve debugging 2024-02-12 03:28:56 +01:00			`if isdelve.Enabled {`
			`return nil`
			`} else {`
			`return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)`
			`}`
Move processsecurity into submodule 2023-08-24 03:22:03 +02:00			`}`
Add lock on screensaver 2023-12-23 08:37:17 +01:00
			`func MonitorLocks(onlock func()) error {`
			`bus, err := dbus.SessionBus()`
			`if err != nil {`
			`return err`
			`}`
			`err = bus.AddMatchSignal(dbus.WithMatchInterface("org.gnome.ScreenSaver"))`
			`if err != nil {`
			`return err`
			`}`
Add idle monitor 2023-12-28 01:04:46 +01:00			`err = bus.AddMatchSignal(dbus.WithMatchInterface("org.freedesktop.ScreenSaver"))`
Add lock on screensaver 2023-12-23 08:37:17 +01:00			`if err != nil {`
			`return err`
			`}`

			`signals := make(chan *dbus.Signal, 10)`
			`bus.Signal(signals)`
			`for {`
Fix whole bunch of lints 2024-03-03 01:38:11 +01:00			`message := <-signals`
			`if message.Name == "org.gnome.ScreenSaver.ActiveChanged" {`
			`if len(message.Body) == 0 {`
			`continue`
Add lock on screensaver 2023-12-23 08:37:17 +01:00			`}`
Fix whole bunch of lints 2024-03-03 01:38:11 +01:00			`locked, err := message.Body[0].(bool)`
			`if err \|\| locked {`
			`onlock()`
			`}`
			`}`
			`if message.Name == "org.freedesktop.ScreenSaver.ActiveChanged" {`
			`if len(message.Body) == 0 {`
			`continue`
			`}`
			`locked, err := message.Body[0].(bool)`
			`if err \|\| locked {`
			`onlock()`
Add lock on screensaver 2023-12-23 08:37:17 +01:00			`}`
			`}`
			`}`
			`}`
Add idle monitor 2023-12-28 01:04:46 +01:00
			`func MonitorIdle(onidle func()) error {`
			`bus, err := dbus.SessionBus()`
			`if err != nil {`
			`return err`
			`}`

			`var wasidle = false`
			`for {`
			`var res int64`
			`err = bus.Object("org.gnome.Mutter.IdleMonitor", "/org/gnome/Mutter/IdleMonitor/Core").Call("org.gnome.Mutter.IdleMonitor.GetIdletime", 0).Store(&res)`
			`if err != nil {`
			`return err`
			`}`
			`secondsIdle := res / 1000`
Implement pincache 2024-02-09 20:48:44 +01:00			`if secondsIdle > IDLE_TIME {`
Add idle monitor 2023-12-28 01:04:46 +01:00			`if !wasidle {`
			`wasidle = true`
			`onidle()`
			`}`
			`} else {`
			`wasidle = false`
			`}`

			`time.Sleep(1 * time.Second)`
			`}`
			`}`