goldwarden/agent/actions/getclicredentials.go

package actions

import (
	"fmt"

	"github.com/quexten/goldwarden/agent/config"
	"github.com/quexten/goldwarden/agent/sockets"
	"github.com/quexten/goldwarden/agent/systemauth/biometrics"
	"github.com/quexten/goldwarden/agent/systemauth/pinentry"
	"github.com/quexten/goldwarden/agent/vault"
	"github.com/quexten/goldwarden/ipc"
)

func handleGetCliCredentials(request ipc.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response ipc.IPCMessage, err error) {
	req := request.ParsedPayload().(ipc.GetCLICredentialsRequest)

	if approved, err := pinentry.GetApproval("Approve Credential Access", fmt.Sprintf("%s on %s>%s>%s is trying to access credentials for %s", ctx.UserName, ctx.GrandParentProcessName, ctx.ParentProcessName, ctx.ProcessName, req.ApplicationName)); err != nil || !approved {
		response, err = ipc.IPCMessageFromPayload(ipc.ActionResponse{
			Success: false,
			Message: "not approved",
		})
		if err != nil {
			return ipc.IPCMessage{}, err
		}
		return response, nil
	}

	env, found := vault.GetEnvCredentialForExecutable(req.ApplicationName)
	if !found {
		response, err = ipc.IPCMessageFromPayload(ipc.ActionResponse{
			Success: false,
			Message: "no credentials found for " + req.ApplicationName,
		})
		if err != nil {
			return ipc.IPCMessage{}, err
		}
		return response, nil
	}

	response, err = ipc.IPCMessageFromPayload(ipc.GetCLICredentialsResponse{
		Env: env,
	})

	return
}

func init() {
	AgentActionsRegistry.Register(ipc.IPCMessageTypeGetCLICredentialsRequest, ensureEverything(biometrics.AccessCredential, handleGetCliCredentials))
}
Initial commit 2023-07-17 04:23:26 +03:00			`package actions`

			`import (`
			`"fmt"`

			`"github.com/quexten/goldwarden/agent/config"`
			`"github.com/quexten/goldwarden/agent/sockets"`
Add touchid biometrics 2023-09-12 02:22:48 +03:00			`"github.com/quexten/goldwarden/agent/systemauth/biometrics"`
Refactor platform abstractions 2023-09-12 03:54:46 +03:00			`"github.com/quexten/goldwarden/agent/systemauth/pinentry"`
Initial commit 2023-07-17 04:23:26 +03:00			`"github.com/quexten/goldwarden/agent/vault"`
			`"github.com/quexten/goldwarden/ipc"`
			`)`

Introduce session cache 2023-09-12 19:56:35 +03:00			`func handleGetCliCredentials(request ipc.IPCMessage, cfg config.Config, vault vault.Vault, ctx *sockets.CallingContext) (response ipc.IPCMessage, err error) {`
Initial commit 2023-07-17 04:23:26 +03:00			`req := request.ParsedPayload().(ipc.GetCLICredentialsRequest)`

Refactor platform abstractions 2023-09-12 03:54:46 +03:00			`if approved, err := pinentry.GetApproval("Approve Credential Access", fmt.Sprintf("%s on %s>%s>%s is trying to access credentials for %s", ctx.UserName, ctx.GrandParentProcessName, ctx.ParentProcessName, ctx.ProcessName, req.ApplicationName)); err != nil \|\| !approved {`
Initial commit 2023-07-17 04:23:26 +03:00			`response, err = ipc.IPCMessageFromPayload(ipc.ActionResponse{`
			`Success: false,`
			`Message: "not approved",`
			`})`
			`if err != nil {`
Introduce session cache 2023-09-12 19:56:35 +03:00			`return ipc.IPCMessage{}, err`
Initial commit 2023-07-17 04:23:26 +03:00			`}`
			`return response, nil`
			`}`

			`env, found := vault.GetEnvCredentialForExecutable(req.ApplicationName)`
			`if !found {`
			`response, err = ipc.IPCMessageFromPayload(ipc.ActionResponse{`
			`Success: false,`
			`Message: "no credentials found for " + req.ApplicationName,`
			`})`
			`if err != nil {`
Introduce session cache 2023-09-12 19:56:35 +03:00			`return ipc.IPCMessage{}, err`
Initial commit 2023-07-17 04:23:26 +03:00			`}`
			`return response, nil`
			`}`

			`response, err = ipc.IPCMessageFromPayload(ipc.GetCLICredentialsResponse{`
			`Env: env,`
			`})`

			`return`
			`}`

			`func init() {`
Add touchid biometrics 2023-09-12 02:22:48 +03:00			`AgentActionsRegistry.Register(ipc.IPCMessageTypeGetCLICredentialsRequest, ensureEverything(biometrics.AccessCredential, handleGetCliCredentials))`
Initial commit 2023-07-17 04:23:26 +03:00			`}`