add tries, and timeout
This commit is contained in:
parent
f114554dd7
commit
302625f2fb
3 changed files with 29 additions and 13 deletions
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
|
buildInputs = with pkgs; [ openssl tpm2-tss ];
|
||||||
nativeBuildInputs = with pkgs; [
|
nativeBuildInputs = with pkgs; [
|
||||||
llvmPackages.libclang
|
llvmPackages.libclang
|
||||||
llvmPackages.libcxxClang
|
llvmPackages.libcxxClang
|
||||||
|
@ -26,7 +27,6 @@
|
||||||
pkg-config
|
pkg-config
|
||||||
];
|
];
|
||||||
LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib";
|
LIBCLANG_PATH = "${pkgs.llvmPackages.libclang.lib}/lib";
|
||||||
buildInputs = with pkgs; [ openssl tpm2-tss ];
|
|
||||||
|
|
||||||
preBuild = ''
|
preBuild = ''
|
||||||
export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \
|
export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \
|
||||||
|
@ -53,7 +53,7 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
devShell = pkgs.mkShell {
|
devShells.default = pkgs.mkShell {
|
||||||
shellHook = "${packages.default.preBuild}";
|
shellHook = "${packages.default.preBuild}";
|
||||||
inherit (packages.default) nativeBuildInputs buildInputs LIBCLANG_PATH;
|
inherit (packages.default) nativeBuildInputs buildInputs LIBCLANG_PATH;
|
||||||
};
|
};
|
||||||
|
|
25
src/main.rs
25
src/main.rs
|
@ -8,6 +8,8 @@ use std::io::{Read, Write};
|
||||||
use std::os::unix::net::UnixStream;
|
use std::os::unix::net::UnixStream;
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
use std::process::exit;
|
use std::process::exit;
|
||||||
|
use std::thread::sleep;
|
||||||
|
use std::time::Duration;
|
||||||
use tpm::tpm_objects::TPM2Config;
|
use tpm::tpm_objects::TPM2Config;
|
||||||
|
|
||||||
fn get_control_socket() -> Option<PathBuf> {
|
fn get_control_socket() -> Option<PathBuf> {
|
||||||
|
@ -25,6 +27,7 @@ fn get_control_socket() -> Option<PathBuf> {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Copy)]
|
#[derive(Debug, Clone, Copy)]
|
||||||
|
#[allow(dead_code)]
|
||||||
enum ControlOp {
|
enum ControlOp {
|
||||||
Initialize = 0,
|
Initialize = 0,
|
||||||
Unlock = 1,
|
Unlock = 1,
|
||||||
|
@ -52,6 +55,7 @@ impl ControlResult {
|
||||||
match num {
|
match num {
|
||||||
0 => Some(Self::Ok),
|
0 => Some(Self::Ok),
|
||||||
1 => Some(Self::Denied),
|
1 => Some(Self::Denied),
|
||||||
|
2 => Some(Self::Failed),
|
||||||
3 => Some(Self::NoDaemon),
|
3 => Some(Self::NoDaemon),
|
||||||
_ => None,
|
_ => None,
|
||||||
}
|
}
|
||||||
|
@ -122,7 +126,14 @@ struct Cli {
|
||||||
#[derive(Subcommand)]
|
#[derive(Subcommand)]
|
||||||
enum Commands {
|
enum Commands {
|
||||||
/// Unlock gnome keyring using encrypted password stored in tpm
|
/// Unlock gnome keyring using encrypted password stored in tpm
|
||||||
Unlock,
|
Unlock {
|
||||||
|
#[arg(default_value_t = 5)]
|
||||||
|
tries: usize,
|
||||||
|
|
||||||
|
// timeout in seconds
|
||||||
|
#[arg(default_value_t = 1)]
|
||||||
|
timeout: u64,
|
||||||
|
},
|
||||||
/// Enroll a password into the tpm to use when unlocking
|
/// Enroll a password into the tpm to use when unlocking
|
||||||
Enroll,
|
Enroll,
|
||||||
}
|
}
|
||||||
|
@ -137,15 +148,21 @@ fn main() -> color_eyre::Result<()> {
|
||||||
.ok_or_else(|| eyre!("Token path not found"))?;
|
.ok_or_else(|| eyre!("Token path not found"))?;
|
||||||
|
|
||||||
match cli.command {
|
match cli.command {
|
||||||
Commands::Unlock => {
|
Commands::Unlock { tries, timeout } => {
|
||||||
if token_path.exists() {
|
if token_path.exists() {
|
||||||
let token = read_to_string(token_path)?;
|
let token = read_to_string(token_path)?;
|
||||||
|
|
||||||
|
for _ in 0..tries {
|
||||||
let password =
|
let password =
|
||||||
tpm::perform_decrypt(token.as_bytes()).map_err(|err| eyre!("{err:?}"))?;
|
tpm::perform_decrypt(token.as_bytes()).map_err(|err| eyre!("{err:?}"))?;
|
||||||
let res = unlock_keyring(password.as_slice())?;
|
let res = unlock_keyring(password.as_slice())?;
|
||||||
if res != ControlResult::Ok {
|
if res == ControlResult::Ok {
|
||||||
|
break;
|
||||||
|
} else {
|
||||||
eprintln!("Failed to unlock keyring: {res:?}");
|
eprintln!("Failed to unlock keyring: {res:?}");
|
||||||
exit(2);
|
}
|
||||||
|
|
||||||
|
sleep(Duration::from_secs(timeout));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
bail!("password token file not found")
|
bail!("password token file not found")
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
// Copyright 2020 Patrick Uiterwijk
|
// Adapted from https://github.com/fedora-iot/clevis-pin-tpm2/
|
||||||
//
|
// by Patrick Uiterwijk under the MIT License
|
||||||
// Licensed under the MIT license
|
|
||||||
|
|
||||||
use std::convert::{TryFrom, TryInto};
|
use std::convert::{TryFrom, TryInto};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue