lockbox

password manager
Log | Files | Refs | README | LICENSE
commit ace5f39f084a23a247add2343e9d907db896a2e6
parent 962527b6327614b2e16bb90bb07c7d858c8faadb
Author: Sean Enck <sean@ttypty.com>
Date:   Tue, 26 Oct 2021 18:51:16 -0400

socket is not super useful/good idea

Diffstat:

Mcmd/lb/main.go | 4----


Minternal/encdec.go | 37-------------------------------------


Dinternal/socket.go | 183-------------------------------------------------------------------------------


3 files changed, 0 insertions(+), 224 deletions(-)

diff --git a/cmd/lb/main.go b/cmd/lb/main.go
@@ -53,10 +53,6 @@ func main() {
 			}
 			fmt.Println(f)
 		}
-	case "credential-server", "credential-client":
-		if err := internal.SocketHandler(command == "credential-server"); err != nil {
-			stock.Die("credential handler failed", err)
-		}
 	case "version":
 		fmt.Printf("version: %s\n", version)
 	case "insert":
diff --git a/internal/encdec.go b/internal/encdec.go
@@ -19,8 +19,6 @@ const (
 	padLength   = 256
 	// PlainKeyMode is plaintext based key resolution.
 	PlainKeyMode = "plaintext"
-	// LockboxKeyMode is a lockbox-based daemon key resolution.
-	LockboxKeyMode = "lockbox"
 	// CommandKeyMode will run an external command to get the key (from stdout).
 	CommandKeyMode = "command"
 )
@@ -75,41 +73,6 @@ func getKey(keyMode, name string) ([]byte, error) {
 			return nil, err
 		}
 		data = b
-	case LockboxKeyMode:
-		exe, err := os.Executable()
-		if err != nil {
-			return nil, err
-		}
-		cmd := exec.Command(exe, "credential-client")
-		stdin, err := cmd.StdinPipe()
-		if err != nil {
-			return nil, err
-		}
-		defer func() {
-			termEcho(true)
-		}()
-
-		var stdinErr error
-		go func() {
-			defer stdin.Close()
-			termEcho(false)
-			input, err := Stdin(true)
-			if err != nil {
-				stdinErr = err
-				return
-			}
-			if _, err := io.WriteString(stdin, input); err != nil {
-				stdinErr = err
-			}
-		}()
-		b, err := cmd.Output()
-		if err != nil {
-			return nil, err
-		}
-		if stdinErr != nil {
-			return nil, stdinErr
-		}
-		data = b
 	case PlainKeyMode:
 		data = []byte(name)
 	default:
diff --git a/internal/socket.go b/internal/socket.go
@@ -1,183 +0,0 @@
-package internal
-
-import (
-	"bytes"
-	"fmt"
-	"io/fs"
-	"net"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"voidedtech.com/stock"
-)
-
-const (
-	getCommand  = "get:"
-	setCommand  = "set:"
-	respCommand = "res:"
-)
-
-var (
-	credential []byte
-	lock       = &sync.Mutex{}
-	stored     time.Time
-)
-
-func readConn(conn net.Conn) (string, error) {
-	buf := make([]byte, 512)
-	if _, err := conn.Read(buf); err != nil {
-		return "", err
-	}
-	b := bytes.Trim(buf, "\x00")
-	return strings.TrimSpace(string(b)), nil
-}
-
-func purge(duration time.Duration) {
-	for {
-		lock.Lock()
-		if credential != nil {
-			now := time.Now().Add(duration)
-			if stored.Before(now) {
-				credential = nil
-				stored = time.Now()
-			}
-		}
-		lock.Unlock()
-		time.Sleep(5 * time.Second)
-	}
-}
-
-// SocketHandler handles the daemon socket for lockbox key resolution.
-func SocketHandler(isHost bool) error {
-	path := os.Getenv("LOCKBOX_SOCKET")
-	if path == "" {
-		h := os.Getenv("HOME")
-		if h == "" {
-			return stock.NewBasicError("unable to get HOME")
-		}
-		path = filepath.Join(h, ".lb", "lockbox.sock")
-	}
-	if isHost {
-		caching := 1440
-		if keep := os.Getenv("LOCKBOX_CCACHE"); keep != "" {
-			i, err := strconv.Atoi(keep)
-			if err != nil {
-				return err
-			}
-			caching = i
-		}
-		if caching != 0 {
-			if caching > 0 {
-				caching *= -1
-			}
-			keepFor := time.Duration(caching) * time.Minute
-			go purge(keepFor)
-		}
-		dir := filepath.Dir(path)
-		if !stock.PathExists(dir) {
-			if err := os.MkdirAll(dir, 0700); err != nil {
-				return err
-			}
-		}
-		stats, err := os.Stat(dir)
-		if err != nil {
-			return err
-		}
-		if stats.Mode() != fs.ModeDir|0700 {
-			return stock.NewBasicError("invalid permissions on lb socket directory, too open")
-		}
-		if stock.PathExists(path) {
-			if err := os.Remove(path); err != nil {
-				return err
-			}
-		}
-		l, err := net.Listen("unix", path)
-		if err != nil {
-			return err
-		}
-		defer l.Close()
-		for {
-			conn, err := l.Accept()
-			if err != nil {
-				stock.LogError("unable to accept connection", err)
-				continue
-			}
-			cmd, err := readConn(conn)
-			if err != nil {
-				stock.LogError("failed to read command", err)
-				conn.Close()
-				continue
-			}
-			lock.Lock()
-			if strings.HasPrefix(cmd, getCommand) {
-				write := []byte(respCommand)
-				if credential != nil {
-					write = append(write, credential...)
-				}
-				_, err := conn.Write(write)
-				if err != nil {
-					stock.LogError("failed to write credential to connection", err)
-				}
-			} else {
-				if strings.HasPrefix(cmd, setCommand) {
-					text := strings.Replace(cmd, setCommand, "", 1)
-					credential = []byte(text)
-					stored = time.Now()
-					if _, err := conn.Write([]byte(respCommand)); err != nil {
-						stock.LogError("failed to write empty set response", err)
-					}
-				} else {
-					stock.LogError("unknown command", nil)
-				}
-			}
-			lock.Unlock()
-			conn.Close()
-		}
-	}
-
-	c, err := net.Dial("unix", path)
-	if err != nil {
-		return err
-	}
-	_, err = c.Write([]byte(getCommand))
-	if err != nil {
-		c.Close()
-		return err
-	}
-	data, err := readConn(c)
-	c.Close()
-	if err != nil {
-		return err
-	}
-	if data == respCommand {
-		isPipe := IsInputFromPipe()
-		if !isPipe {
-			termEcho(false)
-		}
-		input, err := Stdin(true)
-		if !isPipe {
-			termEcho(true)
-		}
-		if err != nil {
-			return err
-		}
-		setting := []byte(setCommand)
-		setting = append(setting, input...)
-		c, err := net.Dial("unix", path)
-		if err != nil {
-			return err
-		}
-		if _, err := c.Write(setting); err != nil {
-			return err
-		}
-		data = input
-	} else {
-		data = strings.Replace(data, respCommand, "", 1)
-	}
-	fmt.Println(data)
-	return nil
-}