Skip to content

Commit

Permalink
Merge pull request #19 from quexten/feature/screensaver-lock
Browse files Browse the repository at this point in the history 
Add lock on screensaver
  • Loading branch information
@quexten
quexten authored Dec 23, 2023
2 parents 4934c52 + d93bbfd commit 264bc4c
Show file tree
Hide file tree
Showing 4 changed files with 73 additions and 1 deletion.
4 changes: 4 additions & 0 deletions agent/processsecurity/unimplemented.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,7 @@ func DisableDumpable() error {
// no additional dumping protection
return nil
}

func MonitorLocks(onlock func()) error {
return nil
}
52 changes: 51 additions & 1 deletion agent/processsecurity/unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,58 @@

package processsecurity

import "golang.org/x/sys/unix"
import (
"fmt"

"github.com/godbus/dbus/v5"
"golang.org/x/sys/unix"
)

func DisableDumpable() error {
return unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
}

func MonitorLocks(onlock func()) error {
bus, err := dbus.SessionBus()
if err != nil {
return err
}
err = bus.AddMatchSignal(dbus.WithMatchInterface("org.gnome.ScreenSaver"))
if err != nil {
return err
}
err = bus.AddMatchSignal(dbus.WithMatchMember("org.freedesktop.ScreenSaver"))
if err != nil {
return err
}

signals := make(chan *dbus.Signal, 10)
bus.Signal(signals)
for {
select {
case message := <-signals:
fmt.Println("Message:", message)
fmt.Println("name ", message.Name)
if message.Name == "org.gnome.ScreenSaver.ActiveChanged" {
if len(message.Body) == 0 {
continue
}
locked, err := message.Body[0].(bool)
if err || locked {
onlock()
}
}
if message.Name == "org.freedesktop.ScreenSaver.ActiveChanged" {
if len(message.Body) == 0 {
continue
}
locked, err := message.Body[0].(bool)
if err || locked {
onlock()
}
}
}
}

return nil
}
9 changes: 9 additions & 0 deletions agent/unixsocketagent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,15 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
}

processsecurity.DisableDumpable()
err = processsecurity.MonitorLocks(func() {
cfg.Lock()
vault.Clear()
vault.Keyring.Lock()
})
if err != nil {
log.Warn("Could not monitor screensaver: %s", err.Error())
}

if !runtimeConfig.WebsocketDisabled {
go bitwarden.RunWebsocketDaemon(ctx, vault, &cfg)
}
Expand Down
9 changes: 9 additions & 0 deletions agent/virtualagent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,15 @@ func StartVirtualAgent(runtimeConfig config.RuntimeConfig) (chan []byte, chan []
}
}
processsecurity.DisableDumpable()
err = processsecurity.MonitorLocks(func() {
cfg.Lock()
vault.Clear()
vault.Keyring.Lock()
})
if err != nil {
log.Warn("Could not monitor screensaver: %s", err.Error())
}

go func() {
for {
time.Sleep(TokenRefreshInterval)
Expand Down

0 comments on commit 264bc4c

Please sign in to comment.