vaultwarden
/
goldwarden-vaultwarden-bitwarden-client
mirror of https://github.com/quexten/goldwarden.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add lock on screensaver

This commit is contained in:
Bernd Schoolmann 2023-12-23 08:37:17 +01:00
parent 55b3383fb9
commit c0367b2c75
No known key found for this signature in database
4 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/processsecurity/unimplemented.go
View File

@ -6,3 +6,7 @@ func DisableDumpable() error {
// no additional dumping protection // no additional dumping protection
return nil return nil
} }
func MonitorLocks(onlock func) error {
return nil
}

52
agent/processsecurity/unix.go
View File

@ -2,8 +2,58 @@
package processsecurity package processsecurity
import "golang.org/x/sys/unix" import (
"fmt"
"github.com/godbus/dbus/v5"
"golang.org/x/sys/unix"
)
func DisableDumpable() error { func DisableDumpable() error {
return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0) return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
} }
func MonitorLocks(onlock func()) error {
bus, err := dbus.SessionBus()
if err != nil {
return err
}
err = bus.AddMatchSignal(dbus.WithMatchInterface("org.gnome.ScreenSaver"))
if err != nil {
return err
}
err = bus.AddMatchSignal(dbus.WithMatchMember("org.freedesktop.ScreenSaver"))
if err != nil {
return err
}
signals := make(chan *dbus.Signal, 10)
bus.Signal(signals)
for {
select {
case message := <-signals:
fmt.Println("Message:", message)
fmt.Println("name ", message.Name)
if message.Name == "org.gnome.ScreenSaver.ActiveChanged" {
if len(message.Body) == 0 {
continue
}
locked, err := message.Body[0].(bool)
if err || locked {
onlock()
}
}
if message.Name == "org.freedesktop.ScreenSaver.ActiveChanged" {
if len(message.Body) == 0 {
continue
}
locked, err := message.Body[0].(bool)
if err || locked {
onlock()
}
}
}
}
return nil
}

9
agent/unixsocketagent.go
View File

@ -153,6 +153,15 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
} }
processsecurity.DisableDumpable() processsecurity.DisableDumpable()
err = processsecurity.MonitorLocks(func() {
cfg.Lock()
vault.Clear()
vault.Keyring.Lock()
})
if err != nil {
log.Warn("Could not monitor screensaver: %s", err.Error())
}
if !runtimeConfig.WebsocketDisabled { if !runtimeConfig.WebsocketDisabled {
go bitwarden.RunWebsocketDaemon(ctx, vault, &cfg) go bitwarden.RunWebsocketDaemon(ctx, vault, &cfg)
} }

9
agent/virtualagent.go
View File

@ -116,6 +116,15 @@ func StartVirtualAgent(runtimeConfig config.RuntimeConfig) (chan []byte, chan []
} }
} }
processsecurity.DisableDumpable() processsecurity.DisableDumpable()
err = processsecurity.MonitorLocks(func() {
cfg.Lock()
vault.Clear()
vault.Keyring.Lock()
})
if err != nil {
log.Warn("Could not monitor screensaver: %s", err.Error())
}
go func() { go func() {
for { for {
time.Sleep(TokenRefreshInterval) time.Sleep(TokenRefreshInterval)