diff --git a/README.md b/README.md index 99c2a09..0397365 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,20 @@ # pgplockd A logind locker using PGP -## Proposal +### Proposal This program should be runnable as a systemd user service to periodically query the user's PGP key and lock the screen if the key is locked. +## Current Status +* journald is being used for logging +* connection to logind is being made +* user's ~/.pgplockd file can be read for PGP Fingerprint +* current session is being found +* timeout loop can lock session using logind\ + +## To Do +* Implement an actual check for unlock status +* Random message generator? + ## Workflow * User logs in * pgplockd starts diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..6d27c8b --- /dev/null +++ b/go.mod @@ -0,0 +1,5 @@ +module github.com/Rudi9719/pgplockd + +go 1.16 + +require github.com/coreos/go-systemd/v22 v22.1.0 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..178f1c4 --- /dev/null +++ b/go.sum @@ -0,0 +1,4 @@ +github.com/coreos/go-systemd/v22 v22.1.0 h1:kq/SbG2BCKLkDKkjQf5OWwKWUKj1lgs3lFI4PxnR5lg= +github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= +github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME= +github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= diff --git a/main.go b/main.go new file mode 100644 index 0000000..203879a --- /dev/null +++ b/main.go @@ -0,0 +1,72 @@ +package main + +import ( + "fmt" + "io/ioutil" + "os/user" + "time" + + "github.com/coreos/go-systemd/v22/journal" + "github.com/coreos/go-systemd/v22/login1" +) + +var ( + conn login1.Conn + sess login1.Session + keyID string + unlock = false +) + +func main() { + if !journal.Enabled() { + return + } + journal.Print(journal.PriAlert, "Starting pamlockd") + setUp() + go timeOutLoop() + + fmt.Printf("%+v\n%+v\n", sess, keyID) + +} + +func timeOutLoop() { + //TODO: Implement an actual check for unlock status + for { + time.Sleep(30 * time.Second) + if !unlock { + journal.Print(journal.PriInfo, "Timeout reached waiting for unlock. Locking session!") + conn.LockSession(sess.ID) + } + time.Sleep(5 * time.Minute) + } +} + +func setUp() { + journal.Print(journal.PriInfo, "Opening new connection to logind.") + conn, err := login1.New() + if err != nil { + journal.Print(journal.PriCrit, "Unable to open login1 connection: %+v\n", err) + return + } + journal.Print(journal.PriInfo, "Getting current user.") + usr, err := user.Current() + if err != nil { + journal.Print(journal.PriCrit, "Unable to determine current user: %+v\n", err) + return + } + + journal.Print(journal.PriInfo, "Getting current session from Active Sessions.") + dop, err := conn.GetActiveSession() + sessions, err := conn.ListSessions() + for _, v := range sessions { + if v.Path == dop { + sess = v + } + } + content, err := ioutil.ReadFile(fmt.Sprintf("%+v/.pgplockd", usr.HomeDir)) + if err != nil { + journal.Print(journal.PriCrit, "Unable to read ~/.pgplockd config: %+v\n", err) + return + } + keyID = string(content) +} diff --git a/pgplockd b/pgplockd new file mode 100755 index 0000000..593a5c0 Binary files /dev/null and b/pgplockd differ