Proof-of-concept for Windows Hello

desktop triggers Windows Hello Fix timeout, small refactor Tidy up names, add documentation Retrieve key credential status Retrieve pubkey Get attestation windows arm64 fixes, upgrade winio and thrift (#1858) Fix `autoupdate_managed` table value for MacOS 15 (#1862) james/remove wmi unneeded releases (#1863) Check windows service manager settings prior to setting them (#1859) Co-authored-by: Michael <60191460+lurky@users.noreply.github.com> Co-authored-by: seph <seph@kolide.co> Co-authored-by: Rebecca Mahany-Horton <rebeccamahany@gmail.com> Update function signature Move to ee
kolide · Sep 13, 2024 · 31ec463 · 31ec463
1 parent 481340e
commit 31ec463
Show file tree

Hide file tree

Showing 11 changed files with 557 additions and 55 deletions.
diff --git a/cmd/launcher/desktop.go b/cmd/launcher/desktop.go
@@ -19,6 +19,7 @@ import (
 	"github.com/kolide/launcher/ee/desktop/user/notify"
 	userserver "github.com/kolide/launcher/ee/desktop/user/server"
 	"github.com/kolide/launcher/ee/desktop/user/universallink"
+	"github.com/kolide/launcher/ee/presencedetection"
 	"github.com/kolide/launcher/pkg/authedclient"
 	"github.com/kolide/launcher/pkg/log/multislogger"
 	"github.com/kolide/launcher/pkg/rungroup"
@@ -182,6 +183,8 @@ func runDesktop(_ *multislogger.MultiSlogger, args []string) error {
 		}
 	}()
 
+	go presencedetection.WindowsHello(context.TODO(), slogger.With("component", "windows_hello"))
+
 	// blocks until shutdown called
 	m.Init()
 

diff --git a/cmd/launcher/svc_config_windows.go b/cmd/launcher/svc_config_windows.go
@@ -94,7 +94,7 @@ func checkServiceConfiguration(logger *slog.Logger, opts *launcher.Options) {
 
 	checkRestartActions(logger, launcherService)
 
-	setRecoveryActions(context.TODO(), logger, launcherService)
+	checkRecoveryActions(context.TODO(), logger, launcherService)
 }
 
 // checkDelayedAutostart checks the current value of `DelayedAutostart` (whether to wait ~2 minutes
@@ -192,9 +192,20 @@ func checkRestartActions(logger *slog.Logger, service *mgr.Service) {
 	logger.Log(context.TODO(), slog.LevelInfo, "successfully set RecoveryActionsOnNonCrashFailures flag")
 }
 
-// setRecoveryActions sets the recovery actions for the launcher service.
+// checkRecoveryActions checks if the recovery actions for the launcher service are set.
+// sets if one or more of the recovery actions are not set.
 // previously defined via wix ServicConfig Element (Util Extension) https://wixtoolset.org/docs/v3/xsd/util/serviceconfig/
-func setRecoveryActions(ctx context.Context, logger *slog.Logger, service *mgr.Service) {
+func checkRecoveryActions(ctx context.Context, logger *slog.Logger, service *mgr.Service) {
+	curRecoveryActions, err := service.RecoveryActions()
+	if err != nil {
+		logger.Log(context.TODO(), slog.LevelError,
+			"querying for current RecoveryActions",
+			"err", err,
+		)
+
+		return
+	}
+
 	recoveryActions := []mgr.RecoveryAction{
 		{
 			// first failure
@@ -213,10 +224,31 @@ func setRecoveryActions(ctx context.Context, logger *slog.Logger, service *mgr.S
 		},
 	}
 
+	// If the recovery actions are already set, we don't need to do anything
+	if recoveryActionsAreSet(curRecoveryActions, recoveryActions) {
+		return
+	}
+
 	if err := service.SetRecoveryActions(recoveryActions, 24*60*60); err != nil { // 24 hours
 		logger.Log(ctx, slog.LevelError,
 			"setting RecoveryActions",
 			"err", err,
 		)
 	}
 }
+
+// recoveryActionsAreSet checks if the current recovery actions are set to the desired recovery actions
+func recoveryActionsAreSet(curRecoveryActions, recoveryActions []mgr.RecoveryAction) bool {
+	if curRecoveryActions == nil || len(curRecoveryActions) != len(recoveryActions) {
+		return false
+	}
+	for i := range curRecoveryActions {
+		if curRecoveryActions[i].Type != recoveryActions[i].Type {
+			return false
+		}
+		if curRecoveryActions[i].Delay != recoveryActions[i].Delay {
+			return false
+		}
+	}
+	return true
+}
diff --git a/ee/presencedetection/hello_other.go b/ee/presencedetection/hello_other.go
@@ -0,0 +1,13 @@
+//go:build !windows
+// +build !windows
+
+package presencedetection
+
+import (
+	"context"
+	"log/slog"
+)
+
+func WindowsHello(_ context.Context, _ *slog.Logger) {
+	return
+}