Merge branch 'main' into feature/gtk-ui

2023-12-23 12:27:38 +01:00 · 2023-12-23 12:27:38 +01:00 · f79aac1792
parent 0717e34796 264bc4ca2e
commit f79aac1792
6 changed files with 82 additions and 5 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -25,11 +25,15 @@ jobs:
  
    - name: Build with All features
      run: go build -o goldwarden_linux_x86_64 -v .
-    - name: Build minimal featureset
+    - name: Build minimal x86_64 featureset
      run: go build -tags nofido2 -tags noautofill -o goldwarden_linux_minimal_x86_64 -v .
+    - name: Build minimal x86 featureset
+      run: GOARCH=386 go build -tags nofido2 -tags noautofill -o goldwarden_linux_x86 -v .
+    - name: Build minimal arm64 featureset
+      run: GOARCH=arm64 go build -tags nofido2 -tags noautofill -o goldwarden_linux_arm64 -v .
    - uses: AButler/upload-release-assets@v2.0
      with:
-        files: './goldwarden_linux_x86_64;./goldwarden_linux_x86_64_minimal'
+        files: './goldwarden_linux_x86_64;./goldwarden_linux_x86_64_minimal;./goldwarden_linux_x86;./goldwarden_linux_arm64'
        repo-token: ${{ secrets.GITHUB_TOKEN }}
    - name: Validate ArchLinux PKGBUILD
      uses: hapakaien/archlinux-package-action@v2
--- a/4
+++ b/4
@ -1,6 +1,6 @@
 pkgname=goldwarden
-pkgver=0.1.9
-pkgrel=2
+pkgver=0.1.10
+pkgrel=1
 pkgdesc='A feature-packed Bitwarden compatible desktop integration'
 arch=('x86_64')
 url="https://github.com/quexten/$pkgname"
--- a/agent/processsecurity/unimplemented.go
+++ b/agent/processsecurity/unimplemented.go
@ -6,3 +6,7 @@ func DisableDumpable() error {
 	// no additional dumping protection
 	return nil
 }
+
+func MonitorLocks(onlock func()) error {
+	return nil
+}
--- a/agent/processsecurity/unix.go
+++ b/agent/processsecurity/unix.go
@ -2,7 +2,58 @@

 package processsecurity

+import (
+	"fmt"
+
+	"github.com/godbus/dbus/v5"
+	"golang.org/x/sys/unix"
+)
+
 func DisableDumpable() error {
-	// return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
+	return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
+}
+
+func MonitorLocks(onlock func()) error {
+	bus, err := dbus.SessionBus()
+	if err != nil {
+		return err
+	}
+	err = bus.AddMatchSignal(dbus.WithMatchInterface("org.gnome.ScreenSaver"))
+	if err != nil {
+		return err
+	}
+	err = bus.AddMatchSignal(dbus.WithMatchMember("org.freedesktop.ScreenSaver"))
+	if err != nil {
+		return err
+	}
+
+	signals := make(chan *dbus.Signal, 10)
+	bus.Signal(signals)
+	for {
+		select {
+		case message := <-signals:
+			fmt.Println("Message:", message)
+			fmt.Println("name ", message.Name)
+			if message.Name == "org.gnome.ScreenSaver.ActiveChanged" {
+				if len(message.Body) == 0 {
+					continue
+				}
+				locked, err := message.Body[0].(bool)
+				if err || locked {
+					onlock()
+				}
+			}
+			if message.Name == "org.freedesktop.ScreenSaver.ActiveChanged" {
+				if len(message.Body) == 0 {
+					continue
+				}
+				locked, err := message.Body[0].(bool)
+				if err || locked {
+					onlock()
+				}
+			}
+		}
+	}
+
 	return nil
 }
--- a/agent/unixsocketagent.go
+++ b/agent/unixsocketagent.go
@ -163,6 +163,15 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
 	}

 	processsecurity.DisableDumpable()
+	err = processsecurity.MonitorLocks(func() {
+		cfg.Lock()
+		vault.Clear()
+		vault.Keyring.Lock()
+	})
+	if err != nil {
+		log.Warn("Could not monitor screensaver: %s", err.Error())
+	}
+
 	if !runtimeConfig.WebsocketDisabled {
 		go bitwarden.RunWebsocketDaemon(ctx, vault, &cfg)
 	}
--- a/agent/virtualagent.go
+++ b/agent/virtualagent.go
@ -126,6 +126,15 @@ func StartVirtualAgent(runtimeConfig config.RuntimeConfig) (chan []byte, chan []
 		}
 	}
 	processsecurity.DisableDumpable()
+	err = processsecurity.MonitorLocks(func() {
+		cfg.Lock()
+		vault.Clear()
+		vault.Keyring.Lock()
+	})
+	if err != nil {
+		log.Warn("Could not monitor screensaver: %s", err.Error())
+	}
+
 	go func() {
 		for {
 			time.Sleep(TokenRefreshInterval)