goldwarden/agent/systemauth/polkitbiometrics.go

103 lines
3.2 KiB
Go
Raw Normal View History

2023-08-03 01:42:31 +03:00
package systemauth
import (
"github.com/amenzhinsky/go-polkit"
2023-08-21 19:37:34 +03:00
"github.com/quexten/goldwarden/logging"
2023-08-03 01:42:31 +03:00
)
2023-08-21 19:37:34 +03:00
var log = logging.GetLogger("Goldwarden", "Systemauth")
2023-08-03 01:42:31 +03:00
type Approval string
const (
AccessCredential Approval = "com.quexten.goldwarden.accesscredential"
ChangePin Approval = "com.quexten.goldwarden.changepin"
SSHKey Approval = "com.quexten.goldwarden.usesshkey"
ModifyVault Approval = "com.quexten.goldwarden.modifyvault"
BrowserBiometrics Approval = "com.quexten.goldwarden.browserbiometrics"
)
const POLICY = `<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
<policyconfig>
<action id="com.quexten.goldwarden.accesscredential">
<description>Allow Credential Access</description>
<message>Authenticate to allow access to a single credential</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.changepin">
<description>Approve Pin Change</description>
<message>Authenticate to change your Goldwarden PIN.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.usesshkey">
<description>Use Bitwarden SSH Key</description>
<message>Authenticate to use an SSH Key from your vault</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.modifyvault">
<description>Modify Bitwarden Vault</description>
<message>Authenticate to allow modification of your Bitvarden vault in Goldwarden</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
<action id="com.quexten.goldwarden.browserbiometrics">
<description>Browser Biometrics</description>
<message>Authenticate to allow Goldwarden to unlock your browser.</message>
<defaults>
<allow_any>auth_self</allow_any>
<allow_inactive>auth_self</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
</action>
</policyconfig>`
func (a Approval) String() string {
return string(a)
}
func CheckBiometrics(approvalType Approval) bool {
2023-08-21 19:37:34 +03:00
if systemAuthDisabled {
2023-08-21 14:52:06 +03:00
return true
}
2023-08-03 01:42:31 +03:00
2023-08-21 19:37:34 +03:00
log.Info("Checking biometrics for %s", approvalType.String())
2023-08-03 01:42:31 +03:00
authority, err := polkit.NewAuthority()
if err != nil {
return false
}
result, err := authority.CheckAuthorization(
approvalType.String(),
nil,
polkit.CheckAuthorizationAllowUserInteraction, "",
)
if err != nil {
return false
}
log.Info("Biometrics result: %t", result.IsAuthorized)
return result.IsAuthorized
}