mirror of
https://github.com/quexten/goldwarden.git
synced 2024-10-27 03:33:14 +03:00
Compare commits
6 Commits
9c840f3edc
...
f6c501f0d2
Author | SHA1 | Date | |
---|---|---|---|
|
f6c501f0d2 | ||
|
87e13098a0 | ||
|
7e4d5a4b76 | ||
|
873c4fb799 | ||
|
11ad8c4f48 | ||
|
a94d8f052b |
@ -129,6 +129,8 @@ func handleListLoginsRequest(request messages.IPCMessage, cfg *config.Config, va
|
||||
actionsLog.Warn("Could not decrypt login:" + err.Error())
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
decryptedName = []byte{}
|
||||
}
|
||||
|
||||
if !login.Login.Username.IsNull() {
|
||||
@ -137,6 +139,8 @@ func handleListLoginsRequest(request messages.IPCMessage, cfg *config.Config, va
|
||||
actionsLog.Warn("Could not decrypt login:" + err.Error())
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
decryptedUsername = []byte{}
|
||||
}
|
||||
|
||||
if !login.Login.Password.IsNull() {
|
||||
@ -145,6 +149,8 @@ func handleListLoginsRequest(request messages.IPCMessage, cfg *config.Config, va
|
||||
actionsLog.Warn("Could not decrypt login:" + err.Error())
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
decryptedPassword = []byte{}
|
||||
}
|
||||
|
||||
if !login.Login.Totp.IsNull() {
|
||||
@ -153,6 +159,8 @@ func handleListLoginsRequest(request messages.IPCMessage, cfg *config.Config, va
|
||||
actionsLog.Warn("Could not decrypt login:" + err.Error())
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
decryptedTotp = []byte{}
|
||||
}
|
||||
|
||||
if !login.Login.URI.IsNull() {
|
||||
@ -161,6 +169,8 @@ func handleListLoginsRequest(request messages.IPCMessage, cfg *config.Config, va
|
||||
actionsLog.Warn("Could not decrypt login:" + err.Error())
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
decryptedURL = []byte{}
|
||||
}
|
||||
|
||||
decryptedLoginCiphers = append(decryptedLoginCiphers, messages.DecryptedLoginCipher{
|
||||
|
@ -130,14 +130,23 @@ func (vaultAgent vaultAgent) Sign(key ssh.PublicKey, data []byte) (*ssh.Signatur
|
||||
message = fmt.Sprintf(requestTemplate, vaultAgent.context.UserName, sshKey.Name)
|
||||
}
|
||||
|
||||
if approved, err := pinentry.GetApproval("SSH Key Signing Request", message); err != nil || !approved {
|
||||
log.Info("Sign Request for key: %s denied", sshKey.Name)
|
||||
return nil, errors.New("Approval not given")
|
||||
}
|
||||
// todo refactor
|
||||
if !systemauth.GetSSHSession(vaultAgent.context) {
|
||||
if approved, err := pinentry.GetApproval("SSH Key Signing Request", message); err != nil || !approved {
|
||||
log.Info("Sign Request for key: %s denied", sshKey.Name)
|
||||
return nil, errors.New("Approval not given")
|
||||
}
|
||||
|
||||
if permission, err := systemauth.GetPermission(systemauth.SSHKey, vaultAgent.context, vaultAgent.config); err != nil || !permission {
|
||||
log.Info("Sign Request for key: %s denied", key.Marshal())
|
||||
return nil, errors.New("Biometrics not checked")
|
||||
if !systemauth.VerifyPinSession(vaultAgent.context) {
|
||||
if permission, err := systemauth.GetPermission(systemauth.SSHKey, vaultAgent.context, vaultAgent.config); err != nil || !permission {
|
||||
log.Info("Sign Request for key: %s denied", key.Marshal())
|
||||
return nil, errors.New("Biometrics not checked")
|
||||
}
|
||||
}
|
||||
|
||||
systemauth.CreateSSHSession(vaultAgent.context)
|
||||
} else {
|
||||
log.Info("Using cached session approval")
|
||||
}
|
||||
|
||||
var rand = rand.Reader
|
||||
|
@ -22,7 +22,7 @@ type SessionType string
|
||||
const (
|
||||
AccessVault SessionType = "com.quexten.goldwarden.accessvault"
|
||||
SSHKey SessionType = "com.quexten.goldwarden.usesshkey"
|
||||
Pin SessionType = "com.quexten.goldwarden.pin" // this counts as all other permissions
|
||||
Pin SessionType = "com.quexten.goldwarden.pin"
|
||||
)
|
||||
|
||||
var sessionStore = SessionStore{
|
||||
@ -55,7 +55,7 @@ func (s *SessionStore) CreateSession(pid int, parentpid int, grandparentpid int,
|
||||
|
||||
func (s *SessionStore) verifySession(ctx sockets.CallingContext, sessionType SessionType) bool {
|
||||
for _, session := range s.Store {
|
||||
if session.ParentPid == ctx.ParentProcessPid && session.GrandParentPid == ctx.GrandParentProcessPid && (session.sessionType == sessionType || session.sessionType == Pin) {
|
||||
if session.ParentPid == ctx.ParentProcessPid && session.GrandParentPid == ctx.GrandParentProcessPid && session.sessionType == sessionType {
|
||||
if session.Expires.After(time.Now()) {
|
||||
return true
|
||||
}
|
||||
@ -136,3 +136,15 @@ func CreatePinSession(ctx sockets.CallingContext, ttl time.Duration) Session {
|
||||
func VerifyPinSession(ctx sockets.CallingContext) bool {
|
||||
return sessionStore.verifySession(ctx, Pin)
|
||||
}
|
||||
|
||||
func CreateSSHSession(ctx sockets.CallingContext) Session {
|
||||
return sessionStore.CreateSession(ctx.ProcessPid, ctx.ParentProcessPid, ctx.GrandParentProcessPid, SSHKey, SSHTTL)
|
||||
}
|
||||
|
||||
func GetSSHSession(ctx sockets.CallingContext) bool {
|
||||
return sessionStore.verifySession(ctx, SSHKey)
|
||||
}
|
||||
|
||||
func WipeSessions() {
|
||||
sessionStore.Store = []Session{}
|
||||
}
|
||||
|
@ -375,6 +375,7 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
||||
cfg.Lock()
|
||||
vault.Clear()
|
||||
vault.Keyring.Lock()
|
||||
systemauth.WipeSessions()
|
||||
})
|
||||
if err != nil {
|
||||
log.Warn("Could not monitor screensaver: %s", err.Error())
|
||||
@ -385,6 +386,7 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
||||
cfg.Lock()
|
||||
vault.Clear()
|
||||
vault.Keyring.Lock()
|
||||
systemauth.WipeSessions()
|
||||
})
|
||||
if err != nil {
|
||||
log.Warn("Could not monitor idle: %s", err.Error())
|
||||
|
1
gui/__init__.py
Normal file
1
gui/__init__.py
Normal file
@ -0,0 +1 @@
|
||||
|
@ -1,6 +1,7 @@
|
||||
import gi
|
||||
gi.require_version('Gtk', '4.0')
|
||||
gi.require_version('Adw', '1')
|
||||
gi.require_version('Notify', '0.7')
|
||||
import gc
|
||||
import time
|
||||
from gi.repository import Gtk, Adw, GLib, Notify, Gdk
|
||||
@ -161,4 +162,4 @@ class MainWindow(Gtk.ApplicationWindow):
|
||||
self.set_title("Goldwarden Quick Access")
|
||||
|
||||
app = MyApp(application_id="com.quexten.Goldwarden.autofill-menu")
|
||||
app.run(sys.argv)
|
||||
app.run(sys.argv)
|
||||
|
Loading…
Reference in New Issue
Block a user