diff --git a/client_software/0005_kwallet/create-kwallet-file.sh b/client_software/0005_kwallet/create-kwallet-file.sh new file mode 100755 index 0000000..84cd162 --- /dev/null +++ b/client_software/0005_kwallet/create-kwallet-file.sh @@ -0,0 +1,109 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: Daniel Pätzold +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# This Script +# Takes three args: WALLET_NAME, WALLET_PASSWORD, OPTIONAL_FILE_PATH +# Creates the wallet via qdbus (works without kwalletcli) +# If OPTIONAL_FILE_PATH is provided, creates the .kwl there and bind-mounts it to ~/.local/share/kwalletd5/.kwl so kwalletd5 reads/writes that file +# Avoids leaving the password exposed by using a file descriptor for qdbus where possible (note: qdbus API here still passes password argument) +#eg run: ./create-kwallet-file.sh MyWallet "MyPass" /home/user/.my_kwallet/kwallet5.kwl +# +set -euo pipefail + +WALLET_NAME="${1:-}" +WALLET_PASSWORD="${2:-}" +TARGET_PATH="${3:-}" + +if [ -z "$WALLET_NAME" ] || [ -z "$WALLET_PASSWORD" ]; then + echo "Usage: $0 [target-file-path]" + exit 2 +fi + +# Ensure kwalletd6 is running +if ! pgrep -x kwalletd6 >/dev/null 2>&1; then + nohup kwalletd6 >/dev/null 2>&1 & + sleep 1 +fi + +# Use qdbus to create the wallet +if ! command -v qdbus-qt6 >/dev/null 2>&1; then + echo "qdbus required" + exit 3 +fi + +SERVICE="org.kde.kwalletd" +PATH_DBUS="/modules/kwalletd6" +APPID="create-kwallet-script-$$" + +HANDLE=$(qdbus-qt6 "$SERVICE" "$PATH_DBUS" org.kde.KWallet.open "$APPID" 0) || true +# createWallet(walletName, password, winId) +qdbus-qt6 "$SERVICE" "$PATH_DBUS" org.kde.KWallet.createWallet "$WALLET_NAME" "$WALLET_PASSWORD" 0 + +echo "Not working until now, need to go further into things..." +exit 0 + +# Set default wallet in kwalletrc +kwallet_cfg="$HOME/.config/kwalletrc" +mkdir -p "$(dirname "$kwallet_cfg")" +# Simple write/replace of DefaultWallet in [KDE Wallet] +if ! grep -q "^\[KDE Wallet\]" "$kwallet_cfg" 2>/dev/null; then + printf "[KDE Wallet]\nDefaultWallet = %s\n" "$WALLET_NAME" >> "$kwallet_cfg" +else + if grep -q "^\[KDE Wallet\]" "$kwallet_cfg" && grep -q "^DefaultWallet" "$kwallet_cfg"; then + sed -i "s/^DefaultWallet.*/DefaultWallet = $WALLET_NAME/" "$kwallet_cfg" + else + awk -v w="$WALLET_NAME" 'BEGIN{p=1} /^\[KDE Wallet\]/{print; print "DefaultWallet = " w; p=0; next} {print}' "$kwallet_cfg" > "$kwallet_cfg.tmp" && mv "$kwallet_cfg.tmp" "$kwallet_cfg" + fi +fi + +# If a target file was given, arrange for kwalletd5 to use it +if [ -n "$TARGET_PATH" ]; then + TARGET_DIR="$(dirname "$TARGET_PATH")" + mkdir -p "$TARGET_DIR" + touch "$TARGET_PATH" + chmod 600 "$TARGET_PATH" + chown "$(id -u):$(id -g)" "$TARGET_PATH" + + KW_DIR="$HOME/.local/share/kwalletd6" + KW_FILE_NAME="$(basename "$TARGET_PATH")" + mkdir -p "$KW_DIR" + + # Stop kwalletd5 before moving / mounting + pkill kwalletd6 || true + sleep 0.5 + + # Backup existing kwallet dir + if [ -e "$KW_DIR" ] && [ ! -L "$KW_DIR" ]; then + mv "$KW_DIR" "${KW_DIR}.bak" || true + fi + mkdir -p "$KW_DIR" + + # If target is a directory path that contains a .kwl name, use that name; else use wallet name + if [[ "$KW_FILE_NAME" != *.kwl ]]; then + KW_FILE_NAME="${WALLET_NAME}.kwl" + TARGET_PATH="${TARGET_DIR}/${KW_FILE_NAME}" + touch "$TARGET_PATH" + chmod 600 "$TARGET_PATH" + fi + + # Ensure target file exists + touch "$TARGET_PATH" + chmod 600 "$TARGET_PATH" + + # Mount --bind the target file into kwalletd5 dir with the expected name + MOUNT_POINT="${KW_DIR}/${KW_FILE_NAME}" + mkdir -p "$(dirname "$MOUNT_POINT")" + # create placeholder if missing + touch "$MOUNT_POINT" + sudo mount --bind "$TARGET_PATH" "$MOUNT_POINT" + + # Restart kwalletd5 + nohup kwalletd6 & + sleep 1 +fi + +echo "Created wallet '$WALLET_NAME'." +if [ -n "$TARGET_PATH" ]; then + echo "Wallet file bound to: $TARGET_PATH" +fi diff --git a/client_software/0005_kwallet/install.sh b/client_software/0005_kwallet/install.sh new file mode 100755 index 0000000..39d9d26 --- /dev/null +++ b/client_software/0005_kwallet/install.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# SPDX-FileCopyrightText: Daniel Pätzold +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# Kwallet Setup to Secure Directory +# +# Kwallet5 will be used for storing passwords for most KDE- Applications, like for Nextcloud- Client, Talk app and many more. +# Usually Kwallet will ask for a password to have good security in your file, but this will make Logon non Interactive. +# We will setup a new walletfile into the encrypted Data-Directory and encrypt it with the IPA-Vault Password. +# +echo "Setup KWallet Password- Service." + +#Check for root +if [ "$EUID" -ne 0 ]; then + echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo." + exit 1 +fi + +#Check Token +if [ "${DAVTOKEN_USER}." == "." ]; then + echo "Error: Script cannot be executed standalone and needs a prereserved Environment. Quit." + exit 1 +fi + +#Local Vars +#SYNCCMD="$BASECMD --userid ${DAVTOKEN_USER} --apppassword ${DAVTOKEN_PASS} --localdirpath ${CLIENT_DATA_DST} --remotedirpath ${CLIENT_DATA_SRC} --serverurl https://${SERVERFQDN_NC}" +#SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" ) + + +echo "Not implemented yet, skipping." +exit 0