mirror of
https://github.com/quexten/goldwarden.git
synced 2024-08-17 07:00:37 +03:00
Attempt to fix osx build
This commit is contained in:
Bernd Schoolmann
parent
f79dba0e54
commit
ab9aaf2fe1
@ -7,108 +7,19 @@
|
||||
package pinentry
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/keybase/go-keychain"
|
||||
)
|
||||
|
||||
const (
|
||||
// pinentryServiceName is the service name that pinentry uses
|
||||
// when storing into the Keychain.
|
||||
pinentryServiceName = "GnuPG"
|
||||
// accountNameByteLength is how many random bytes to use to
|
||||
// generate the account name. 32 bytes of randomness is more
|
||||
// than enough to make the account name unpredictable.
|
||||
accountNameByteLength = 32
|
||||
)
|
||||
|
||||
type pinentrySecretStoreInfo string
|
||||
|
||||
func (pi *pinentryInstance) useSecretStore(useSecretStore bool) (pinentrySecretStoreInfo, error) {
|
||||
if !useSecretStore {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// Make account name unpredictable to make it infeasible for
|
||||
// an attacker to guess (and thus sniff the passphrase). See
|
||||
// https://github.com/keybase/client/issues/484#issuecomment-114313867
|
||||
// .
|
||||
var accountNameBytes [accountNameByteLength]byte
|
||||
n, err := rand.Read(accountNameBytes[:])
|
||||
if n != accountNameByteLength {
|
||||
return "", fmt.Errorf("Unexpected random byte count %d", n)
|
||||
}
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
accountName := "keybase-" + hex.EncodeToString(accountNameBytes[:])
|
||||
|
||||
// This will cause a "Save in Keychain" checkbox to appear in
|
||||
// the pinentry dialog. If checked, pinentry will then save
|
||||
// the entered passphrase into the keychain with the service
|
||||
// name "GnuPG" and the account name equal to the passed-in
|
||||
// cache-id option value.
|
||||
pi.Set("OPTION", "cache-id "+accountName, &err)
|
||||
if err != nil {
|
||||
// It's possible that the pinentry being used doesn't support
|
||||
// this option. So just return instead of causing a fatal
|
||||
// error.
|
||||
pi.parent.log.Debug("| Error setting pinentry cache-id OPTION: %s", err)
|
||||
pi.parent.log.Debug("| Not using secret store as a result.")
|
||||
return "", nil
|
||||
}
|
||||
return pinentrySecretStoreInfo(accountName), err
|
||||
// unimplemented
|
||||
return false
|
||||
}
|
||||
|
||||
func (pi *pinentryInstance) shouldStoreSecret(info pinentrySecretStoreInfo) bool {
|
||||
if len(info) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
// We just want to know when the user did check the "Save in
|
||||
// Keychain" checkbox, so remove whatever pinentry put into
|
||||
// the keychain, and infer the state of the checkbox from the
|
||||
// error (since there will be no error if an entry was found
|
||||
// and deleted).
|
||||
//
|
||||
// This is a bit of a hack -- this may cause a dialog to pop
|
||||
// up saying that the client wants to access the user's
|
||||
// keychain. But this will do for now until we write our own
|
||||
// pinentry.
|
||||
query := keychain.NewItem()
|
||||
query.SetSecClass(keychain.SecClassGenericPassword)
|
||||
query.SetService(pinentryServiceName)
|
||||
query.SetAccount(string(info))
|
||||
query.SetMatchLimit(keychain.MatchLimitOne)
|
||||
|
||||
// We need to query and delete by item reference because the
|
||||
// OSX keychain API only allows us to delete unowned items
|
||||
// this way.
|
||||
query.SetReturnRef(true)
|
||||
ref, err := keychain.QueryItemRef(query)
|
||||
if err != nil {
|
||||
// Default to false if there was an error.
|
||||
return false
|
||||
}
|
||||
if ref == nil {
|
||||
// If not found, return false.
|
||||
return false
|
||||
}
|
||||
|
||||
defer keychain.Release(ref)
|
||||
|
||||
err = keychain.DeleteItemRef(ref)
|
||||
if err != nil {
|
||||
// Default to false if there was an error deleting.
|
||||
return false
|
||||
}
|
||||
|
||||
// Entry was found and deleted.
|
||||
return true
|
||||
// unimplemted
|
||||
return false
|
||||
}
|
||||
|
||||
func HasWindows() bool {
|
||||
|
||||
1
go.mod
1
go.mod
@ -12,7 +12,6 @@ require (
|
||||
github.com/gorilla/websocket v1.5.1
|
||||
github.com/icza/gox v0.0.0-20230924165045-adcb03233bb5
|
||||
github.com/keybase/client/go v0.0.0-20240202160538-668db6be75e4
|
||||
github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6
|
||||
github.com/lox/go-touchid v0.0.0-20170712105233-619cc8e578d0
|
||||
github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a
|
||||
github.com/mitchellh/go-ps v1.0.0
|
||||
|
||||
2
go.sum
2
go.sum
@ -43,8 +43,6 @@ github.com/keybase/go-framed-msgpack-rpc v0.0.0-20230103225103-1f052922b096 h1:r
|
||||
github.com/keybase/go-framed-msgpack-rpc v0.0.0-20230103225103-1f052922b096/go.mod h1:XO67nMjltHJ8OsBWnFiDU1F67wR+rtJB21NXtb1TKyA=
|
||||
github.com/keybase/go-jsonw v0.0.0-20200325173637-df90f282c233 h1:zLk+cB/0ShMCBcgBOXYgellLZiZahXFicJleKyrlqiM=
|
||||
github.com/keybase/go-jsonw v0.0.0-20200325173637-df90f282c233/go.mod h1:lofKQwj13L0/7ji5VYaY0257JDlQE2BRRf+rI2Vk1rU=
|
||||
github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs=
|
||||
github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw=
|
||||
github.com/keybase/go-logging v0.0.0-20231213204715-4b3ff33ba5b6 h1:H4IvZdHXpeK963LgCMbTcEviEal4891UGf2iOqOGL94=
|
||||
github.com/keybase/go-logging v0.0.0-20231213204715-4b3ff33ba5b6/go.mod h1:0yOEB+QF1Ega1Cr7oMKb3yUAc3C9/eg6fBHB5HLP7AA=
|
||||
github.com/keybase/msgpackzip v0.0.0-20221220225959-4abf538d2b9c h1:PRG2AXSelSy7MiDI+PwJR2QSqI1N3OybRUutsMiHtpo=
|
||||
|
||||
Loading…
Reference in New Issue
Block a user