Add setup

This commit is contained in:
Bernd Schoolmann 2023-08-03 00:42:31 +02:00
parent e61ce2e9e4
commit 89baf20daa
No known key found for this signature in database
4 changed files with 220 additions and 45 deletions

View File

@ -1,45 +0,0 @@
package systemauth
import (
"github.com/LlamaNite/llamalog"
"github.com/amenzhinsky/go-polkit"
)
var log = llamalog.NewLogger("Goldwarden", "Systemauth")
type Approval string
const (
AccessCredential Approval = "com.quexten.goldwarden.accesscredential"
ChangePin Approval = "com.quexten.goldwarden.changepin"
SSHKey Approval = "com.quexten.goldwarden.usesshkey"
ModifyVault Approval = "com.quexten.goldwarden.modifyvault"
BrowserBiometrics Approval = "com.quexten.goldwarden.browserbiometrics"
)
func (a Approval) String() string {
return string(a)
}
func CheckBiometrics(approvalType Approval) bool {
log.Info("Checking biometrics for %s", approvalType.String())
authority, err := polkit.NewAuthority()
if err != nil {
return false
}
result, err := authority.CheckAuthorization(
approvalType.String(),
nil,
polkit.CheckAuthorizationAllowUserInteraction, "",
)
if err != nil {
return false
}
log.Info("Biometrics result: %t", result.IsAuthorized)
return result.IsAuthorized
}

View File

@ -0,0 +1,98 @@
package systemauth
import (
"github.com/LlamaNite/llamalog"
"github.com/amenzhinsky/go-polkit"
)
var log = llamalog.NewLogger("Goldwarden", "Systemauth")
type Approval string
const (
AccessCredential Approval = "com.quexten.goldwarden.accesscredential"
ChangePin Approval = "com.quexten.goldwarden.changepin"
SSHKey Approval = "com.quexten.goldwarden.usesshkey"
ModifyVault Approval = "com.quexten.goldwarden.modifyvault"
BrowserBiometrics Approval = "com.quexten.goldwarden.browserbiometrics"
)
const POLICY = `<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<action id="com.quexten.goldwarden.accesscredential">
<description>Allow Credential Access</description>
<message>Authenticate to allow access to a single credential</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.changepin">
<description>Approve Pin Change</description>
<message>Authenticate to change your Goldwarden PIN.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.usesshkey">
<description>Use Bitwarden SSH Key</description>
<message>Authenticate to use an SSH Key from your vault</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.modifyvault">
<description>Modify Bitwarden Vault</description>
<message>Authenticate to allow modification of your Bitvarden vault in Goldwarden</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.browserbiometrics">
<description>Browser Biometrics</description>
<message>Authenticate to allow Goldwarden to unlock your browser.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
</policyconfig>`
func (a Approval) String() string {
return string(a)
}
func CheckBiometrics(approvalType Approval) bool {
log.Info("Checking biometrics for %s", approvalType.String())
authority, err := polkit.NewAuthority()
if err != nil {
return false
}
result, err := authority.CheckAuthorization(
approvalType.String(),
nil,
polkit.CheckAuthorizationAllowUserInteraction, "",
)
if err != nil {
return false
}
log.Info("Biometrics result: %t", result.IsAuthorized)
return result.IsAuthorized
}

View File

@ -31,6 +31,19 @@ func Main() {
readLoop()
}
func DetectAndInstallBrowsers() error {
var err error
err = detectAndInstallBrowsers(".config")
if err != nil {
return err
}
err = detectAndInstallBrowsers(".mozilla")
if err != nil {
return err
}
return nil
}
func detectAndInstallBrowsers(startPath string) error {
home := os.Getenv("HOME")
err := filepath.Walk(home+"/"+startPath, func(path string, info os.FileInfo, err error) error {

109
cmd/setup.go Normal file
View File

@ -0,0 +1,109 @@
package cmd
import (
"fmt"
"os"
"os/exec"
"strings"
"github.com/quexten/goldwarden/agent/systemauth"
"github.com/quexten/goldwarden/browserbiometrics"
"github.com/spf13/cobra"
)
func setupPolkit() {
file, err := os.OpenFile("/tmp/goldwarden-policy", os.O_CREATE, 0644)
if err != nil {
panic(err)
}
file.WriteString(systemauth.POLICY)
file.Close()
command := exec.Command("pkexec", "mv", "/tmp/goldwarden-policy", "/usr/share/polkit-1/actions/com.quexten.goldwarden.policy")
err = command.Run()
if err != nil {
panic(err)
}
os.Remove("/tmp/goldwarden-policy")
}
var polkitCmd = &cobra.Command{
Use: "polkit",
Short: "Sets up polkit",
Long: "Sets up polkit",
Run: func(cmd *cobra.Command, args []string) {
setupPolkit()
},
}
const SYSTEMD_SERVICE = `[Unit]
Description="Goldwarden daemon"
[Service]
ExecStart=BINARY_PATH daemonize
[Install]
WantedBy=default.target`
func setupSystemd() {
file, err := os.OpenFile("/tmp/goldwarden.service", os.O_CREATE, 0644)
if err != nil {
panic(err)
}
path, err := os.Executable()
if err != nil {
panic(err)
}
file.WriteString(strings.ReplaceAll(SYSTEMD_SERVICE, "BINARY_PATH", path))
file.Close()
command := exec.Command("pkexec", "mv", "/tmp/goldwarden.service", "/etc/systemd/system/goldwarden.service")
err = command.Run()
if err != nil {
panic(err)
}
os.Remove("/tmp/goldwarden.service")
}
var systemdCmd = &cobra.Command{
Use: "systemd",
Short: "Sets up systemd autostart",
Long: "Sets up systemd autostart",
Run: func(cmd *cobra.Command, args []string) {
setupSystemd()
},
}
var browserbiometricsCmd = &cobra.Command{
Use: "browserbiometrics",
Short: "Sets up browser biometrics",
Long: "Sets up browser biometrics",
Run: func(cmd *cobra.Command, args []string) {
err := browserbiometrics.DetectAndInstallBrowsers()
if err != nil {
fmt.Println("Error: " + err.Error())
} else {
fmt.Println("Done.")
}
},
}
var setupCmd = &cobra.Command{
Use: "setup",
Short: "Sets up Goldwarden integrations",
Long: "Sets up Goldwarden integrations",
Run: func(cmd *cobra.Command, args []string) {
cmd.Help()
},
}
func init() {
rootCmd.AddCommand(setupCmd)
setupCmd.AddCommand(polkitCmd)
setupCmd.AddCommand(systemdCmd)
setupCmd.AddCommand(browserbiometricsCmd)
}