Spawn goldwarden daemon automatically on boot; fix biometrics

agent/sockets/callingcontext.go

@@ -3,6 +3,7 @@ package sockets
 import (
 	"net"
 	"os/user"
+	"time"
 
 	gops "github.com/mitchellh/go-ps"
 	"inet.af/peercred"
@@ -20,11 +21,26 @@ type CallingContext struct {
 
 func GetCallingContext(connection net.Conn) CallingContext {
 	creds, err := peercred.Get(connection)
+	errorContext := CallingContext{
+		UserName:               "unknown user",
+		ProcessName:            "unknown process",
+		ParentProcessName:      "unknown parent",
+		GrandParentProcessName: "unknown grandparent",
+		ProcessPid:             time.Now().UTC().Nanosecond(),
+		ParentProcessPid:       time.Now().UTC().Nanosecond(),
+		GrandParentProcessPid:  time.Now().UTC().Nanosecond(),
+	}
 	if err != nil {
-		panic(err)
+		return errorContext
 	}
 	pid, _ := creds.PID()
 	process, err := gops.FindProcess(pid)
+	if err != nil {
+		return errorContext
+	}
+	if process == nil {
+		return errorContext
+	}
 
 	// git is epheremal and spawns ssh-keygen and ssh so we need to anchor to git
 	if process.Executable() == "ssh-keygen" || process.Executable() == "ssh" {
@@ -38,22 +54,22 @@ func GetCallingContext(connection net.Conn) CallingContext {
 	uid, _ := creds.UserID()
 	ppid := process.PPid()
 	if err != nil {
-		panic(err)
+		return errorContext
 	}
 
 	parentProcess, err := gops.FindProcess(ppid)
 	if err != nil {
-		panic(err)
+		return errorContext
 	}
 
 	parentParentProcess, err := gops.FindProcess(parentProcess.PPid())
 	if err != nil {
-		panic(err)
+		return errorContext
 	}
 
 	username, err := user.LookupId(uid)
 	if err != nil {
-		panic(err)
+		return errorContext
 	}
 
 	return CallingContext{

agent/systemauth/biometrics/polkit.go

@@ -78,15 +78,18 @@ func BiometricsWorking() bool {
 
 	authority, err := polkit.NewAuthority()
 	if err != nil {
+		log.Warn("Failed to create polkit authority: %s", err.Error())
 		return false
 	}
 
 	result, err := authority.EnumerateActions("en")
 	if err != nil {
+		log.Warn("Failed to enumerate polkit actions: %s", err.Error())
 		return false
 	}
 
 	if len(result) == 0 {
+		log.Warn("No polkit actions found")
 		return false
 	}
 

agent/systemauth/systemauth.go

@@ -87,6 +87,7 @@ func GetPermission(sessionType SessionType, ctx sockets.CallingContext, config *
 				return false, nil
 			}
 		} else {
+			log.Warn("Biometrics is not available, asking for pin")
 			pin, err := pinentry.GetPassword("Enter PIN", "Biometrics is not available. Enter your pin to authorize this action. "+message)
 			if err != nil {
 				return false, err

com.quexten.Goldwarden.yml

@@ -8,9 +8,12 @@ finish-args:
   - --share=network
   - --socket=wayland
   - --socket=fallback-x11
-  - --filesystem=home
+  - --device=dri
-  # todo remove this
+  # - --filesystem=home
+  - --filesystem=host
+  # polkit & locking.. should filter this later on
   - --socket=session-bus
+  - --socket=system-bus
 modules:
   - name: goldwarden
     buildsystem: simple

ui/goldwarden.py

@@ -107,3 +107,23 @@ def autotype(username, password):
     result = subprocess.run(restic_cmd.split(), capture_output=True, text=True, env=env)
     if result.returncode != 0:
         raise Exception("Failed to initialize repository, err", result.stderr)
+
+def is_daemon_running():
+    restic_cmd = f"{BINARY_PATH} vault status"
+    result = subprocess.run(restic_cmd.split(), capture_output=True, text=True)
+    if result.returncode != 0:
+        return False
+    daemon_not_running = ("daemon running?" in result.stderr or "daemon running" in result.stderr)
+    return not daemon_not_running
+
+def run_daemon():
+    restic_cmd = f"{BINARY_PATH} daemonize"
+    # print while running
+    result = subprocess.Popen(restic_cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+    if result.returncode != 0:
+        print("Failed err", result.stderr)
+    for line in result.stdout:
+        print(line.decode("utf-8"))
+    result.wait()
+    print("quitting goldwarden daemon")
+    return result.returncode

ui/main.py

@@ -4,6 +4,8 @@ import subprocess
 from tendo import singleton
 import monitors.dbus_autofill_monitor
 import sys
+import goldwarden
+from threading import Thread
 
 try:
     subprocess.Popen(["python3", "/app/bin/background.py"], start_new_session=True)
@@ -21,6 +23,19 @@ try:
 except:
     exit()
 
+def run_daemon():
+    # todo: do a proper check
+    time.sleep(20)
+    if not goldwarden.is_daemon_running():
+        goldwarden.run_daemon()
+
+if not goldwarden.is_daemon_running():
+    print("daemon not running.. autostarting")
+    daemonThread = Thread(target=run_daemon)
+    daemonThread.start()
+
+print("starting autofill monitor")
+
 def on_autofill():
     subprocess.Popen(["python3", "/app/bin/autofill.py"], start_new_session=True)
 monitors.dbus_autofill_monitor.on_autofill = on_autofill

ui/settings.py

@@ -123,6 +123,7 @@ class SettingsWinvdow(Gtk.ApplicationWindow):
         def update_labels():
             pin_set = goldwarden.is_pin_enabled()
             status = goldwarden.get_vault_status()
+            if status != None:
                 locked = status["locked"]
                 self.login_button.set_sensitive(pin_set and not locked)
                 self.set_pin_button.set_sensitive(not pin_set or not locked)
@@ -131,6 +132,10 @@ class SettingsWinvdow(Gtk.ApplicationWindow):
                 self.notes_row.set_subtitle(str(status["noteEntries"]))
                 self.unlock_button.set_sensitive(True)
                 self.unlock_button.set_label("Unlock" if locked else "Lock")
+            else:
+                is_daemon_running = goldwarden.is_daemon_running()
+                if not is_daemon_running:
+                    self.status_row.set_subtitle("Daemon not running")
             GLib.timeout_add(1000, update_labels)
 
         GLib.timeout_add(1000, update_labels)