Add setup

2024-09-11 11:15:41 +03:00 · 2023-08-03 00:42:31 +02:00 · 2023-08-03 00:42:31 +02:00 · 89baf20daa
commit 89baf20daa
parent e61ce2e9e4
4 changed files with 220 additions and 45 deletions
--- a/agent/systemauth/biometrics.go
+++ b/agent/systemauth/biometrics.go
@ -1,45 +0,0 @@
-package systemauth
-
-import (
-	"github.com/LlamaNite/llamalog"
-	"github.com/amenzhinsky/go-polkit"
-)
-
-var log = llamalog.NewLogger("Goldwarden", "Systemauth")
-
-type Approval string
-
-const (
-	AccessCredential  Approval = "com.quexten.goldwarden.accesscredential"
-	ChangePin         Approval = "com.quexten.goldwarden.changepin"
-	SSHKey            Approval = "com.quexten.goldwarden.usesshkey"
-	ModifyVault       Approval = "com.quexten.goldwarden.modifyvault"
-	BrowserBiometrics Approval = "com.quexten.goldwarden.browserbiometrics"
-)
-
-func (a Approval) String() string {
-	return string(a)
-}
-
-func CheckBiometrics(approvalType Approval) bool {
-	log.Info("Checking biometrics for %s", approvalType.String())
-
-	authority, err := polkit.NewAuthority()
-	if err != nil {
-		return false
-	}
-
-	result, err := authority.CheckAuthorization(
-		approvalType.String(),
-		nil,
-		polkit.CheckAuthorizationAllowUserInteraction, "",
-	)
-
-	if err != nil {
-		return false
-	}
-
-	log.Info("Biometrics result: %t", result.IsAuthorized)
-
-	return result.IsAuthorized
-}
--- a/agent/systemauth/polkitbiometrics.go
+++ b/agent/systemauth/polkitbiometrics.go
@ -0,0 +1,98 @@
+package systemauth
+
+import (
+	"github.com/LlamaNite/llamalog"
+	"github.com/amenzhinsky/go-polkit"
+)
+
+var log = llamalog.NewLogger("Goldwarden", "Systemauth")
+
+type Approval string
+
+const (
+	AccessCredential  Approval = "com.quexten.goldwarden.accesscredential"
+	ChangePin         Approval = "com.quexten.goldwarden.changepin"
+	SSHKey            Approval = "com.quexten.goldwarden.usesshkey"
+	ModifyVault       Approval = "com.quexten.goldwarden.modifyvault"
+	BrowserBiometrics Approval = "com.quexten.goldwarden.browserbiometrics"
+)
+
+const POLICY = `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+    <action id="com.quexten.goldwarden.accesscredential">
+      <description>Allow Credential Access</description>
+      <message>Authenticate to allow access to a single credential</message>
+      <defaults>
+        <allow_any>auth_self</allow_any>
+        <allow_inactive>auth_self</allow_inactive>
+        <allow_active>auth_self</allow_active>
+      </defaults>
+    </action>
+    <action id="com.quexten.goldwarden.changepin">
+      <description>Approve Pin Change</description>
+      <message>Authenticate to change your Goldwarden PIN.</message>
+      <defaults>
+        <allow_any>auth_self</allow_any>
+        <allow_inactive>auth_self</allow_inactive>
+        <allow_active>auth_self</allow_active>
+      </defaults>
+    </action>
+    <action id="com.quexten.goldwarden.usesshkey">
+      <description>Use Bitwarden SSH Key</description>
+      <message>Authenticate to use an SSH Key from your vault</message>
+      <defaults>
+        <allow_any>auth_self</allow_any>
+        <allow_inactive>auth_self</allow_inactive>
+        <allow_active>auth_self</allow_active>
+      </defaults>
+    </action>
+    <action id="com.quexten.goldwarden.modifyvault">
+      <description>Modify Bitwarden Vault</description>
+      <message>Authenticate to allow modification of your Bitvarden vault in Goldwarden</message>
+      <defaults>
+        <allow_any>auth_self</allow_any>
+        <allow_inactive>auth_self</allow_inactive>
+        <allow_active>auth_self</allow_active>
+      </defaults>
+    </action>
+    <action id="com.quexten.goldwarden.browserbiometrics">
+      <description>Browser Biometrics</description>
+      <message>Authenticate to allow Goldwarden to unlock your browser.</message>
+      <defaults>
+        <allow_any>auth_self</allow_any>
+        <allow_inactive>auth_self</allow_inactive>
+        <allow_active>auth_self</allow_active>
+      </defaults>
+    </action>
+</policyconfig>`
+
+func (a Approval) String() string {
+	return string(a)
+}
+
+func CheckBiometrics(approvalType Approval) bool {
+	log.Info("Checking biometrics for %s", approvalType.String())
+
+	authority, err := polkit.NewAuthority()
+	if err != nil {
+		return false
+	}
+
+	result, err := authority.CheckAuthorization(
+		approvalType.String(),
+		nil,
+		polkit.CheckAuthorizationAllowUserInteraction, "",
+	)
+
+	if err != nil {
+		return false
+	}
+
+	log.Info("Biometrics result: %t", result.IsAuthorized)
+
+	return result.IsAuthorized
+}
--- a/browserbiometrics/main.go
+++ b/browserbiometrics/main.go
@ -31,6 +31,19 @@ func Main() {
 	readLoop()
 }

+func DetectAndInstallBrowsers() error {
+	var err error
+	err = detectAndInstallBrowsers(".config")
+	if err != nil {
+		return err
+	}
+	err = detectAndInstallBrowsers(".mozilla")
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func detectAndInstallBrowsers(startPath string) error {
 	home := os.Getenv("HOME")
 	err := filepath.Walk(home+"/"+startPath, func(path string, info os.FileInfo, err error) error {
--- a/cmd/setup.go
+++ b/cmd/setup.go
@ -0,0 +1,109 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/quexten/goldwarden/agent/systemauth"
+	"github.com/quexten/goldwarden/browserbiometrics"
+	"github.com/spf13/cobra"
+)
+
+func setupPolkit() {
+	file, err := os.OpenFile("/tmp/goldwarden-policy", os.O_CREATE, 0644)
+	if err != nil {
+		panic(err)
+	}
+	file.WriteString(systemauth.POLICY)
+	file.Close()
+
+	command := exec.Command("pkexec", "mv", "/tmp/goldwarden-policy", "/usr/share/polkit-1/actions/com.quexten.goldwarden.policy")
+	err = command.Run()
+	if err != nil {
+		panic(err)
+	}
+
+	os.Remove("/tmp/goldwarden-policy")
+}
+
+var polkitCmd = &cobra.Command{
+	Use:   "polkit",
+	Short: "Sets up polkit",
+	Long:  "Sets up polkit",
+	Run: func(cmd *cobra.Command, args []string) {
+		setupPolkit()
+	},
+}
+
+const SYSTEMD_SERVICE = `[Unit]
+Description="Goldwarden daemon"
+
+[Service]
+ExecStart=BINARY_PATH daemonize
+
+[Install]
+WantedBy=default.target`
+
+func setupSystemd() {
+	file, err := os.OpenFile("/tmp/goldwarden.service", os.O_CREATE, 0644)
+	if err != nil {
+		panic(err)
+	}
+
+	path, err := os.Executable()
+	if err != nil {
+		panic(err)
+	}
+
+	file.WriteString(strings.ReplaceAll(SYSTEMD_SERVICE, "BINARY_PATH", path))
+	file.Close()
+
+	command := exec.Command("pkexec", "mv", "/tmp/goldwarden.service", "/etc/systemd/system/goldwarden.service")
+	err = command.Run()
+	if err != nil {
+		panic(err)
+	}
+
+	os.Remove("/tmp/goldwarden.service")
+}
+
+var systemdCmd = &cobra.Command{
+	Use:   "systemd",
+	Short: "Sets up systemd autostart",
+	Long:  "Sets up systemd autostart",
+	Run: func(cmd *cobra.Command, args []string) {
+		setupSystemd()
+	},
+}
+
+var browserbiometricsCmd = &cobra.Command{
+	Use:   "browserbiometrics",
+	Short: "Sets up browser biometrics",
+	Long:  "Sets up browser biometrics",
+	Run: func(cmd *cobra.Command, args []string) {
+		err := browserbiometrics.DetectAndInstallBrowsers()
+		if err != nil {
+			fmt.Println("Error: " + err.Error())
+		} else {
+			fmt.Println("Done.")
+		}
+	},
+}
+
+var setupCmd = &cobra.Command{
+	Use:   "setup",
+	Short: "Sets up Goldwarden integrations",
+	Long:  "Sets up Goldwarden integrations",
+	Run: func(cmd *cobra.Command, args []string) {
+		cmd.Help()
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(setupCmd)
+	setupCmd.AddCommand(polkitCmd)
+	setupCmd.AddCommand(systemdCmd)
+	setupCmd.AddCommand(browserbiometricsCmd)
+}