Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403)
This plugin implements the Secret Storage specification version 0.2.
While running KeePassXC, it acts as a Secret Service server, registered
on DBus, so clients like seahorse, python-secretstorage, or other
implementations can connect and access the exposed database in KeePassXC.
Squashed commits:
- Initial code
- Add SessionAdaptor and fix build
- The skeletons for all dbus objects are in place
- Implement collection creation and deletion
- Emit collectionChanged signal
- Implement app-wise settings page
- Implement error message on GUI
- Implement settings
- Fix uuid to dbus path
- Implement app level settings
- Add freedesktop logo
- Implement database settings page
- Change database settings to a treeview
- Move all settings read/write to one place
- Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets
- Fix selected group can not be saved if the user hasn't click on the item
- Show selected group per database in app settings
- Disable editing of various readonly widgets
- Remove unused warning about non exposed database
- Fix method signature on dbus adaptors
- Fix type derived from DBusObject not recognized as QDBusContext
- Resolve a few TODOs around error handling
- Remove const when passing DBus exposed objects
- Move dismiss to PromptBase
- Implement per collection locking/unlocking
- Fix const correctness on Item::setSecret
- Implement SecretService::getSecrets
- Rework the signal connections around collections.
- Remove generateId from DBusObject
- Per spec, use encoded label as DBus object path for collections
- Fix some corner cases around collection name changes
- Implement alias
- Fix wrong alias dbus path
- Implement encryption per spec
- Cleanup SessionCipher
- Implement searchItems for SecretService
- Use Tools::uuidToHex
- Implement Item attributes and delete
- Implement createItem
- Always check if the database is unlocked before perform any operation
- Add missing ReadAlias/SetAlias on service
- Reorganize and fix OpenSession always returning empty output
- Overhaul error handling
- Make sure default alias is always present
- Remove collection aliases early in doDelete
- Handles all content types, fix setProperties not working
- Fix sometimes there is an extraneous leading zero when converting from MPI
- Fix session encryption negotiation
- Do not expose recycle bin
- Protect against the methods not called from DBus
- Also emit collectionChanged signal when lock state changes
- Show notification when entry secret is requested
- Add a README file
- Actually close session when client disconnects
- Gracefully return alternative label when collection is locked
- Reorganize, rename secretservice to fdosecrets
- Fix issues reported by clazy
- Unify UI strings and fix icon
- Implement a setting to skip confirmation when deleting entries from DBus
- Remove some unused debugging log
- Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter.
- Simplify GcryptMPI using std::unique_ptr and add unit test
- Format code in fdosecrets
- Move DBusReturnImpl to details namespace
- Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted
- Make sure Collection::searchItems works, whether it's locked or not
- Fix FdoSecrets::Collection becomes empty after a database reload
- Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2019 Aetf <aetf@unlimitedcodeworks.xyz>
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 2 or (at your option)
|
|
|
|
* version 3 of the License.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "TestFdoSecrets.h"
|
|
|
|
|
2019-11-01 16:42:00 -04:00
|
|
|
#include "core/EntrySearcher.h"
|
2021-07-11 22:10:29 -04:00
|
|
|
#include "core/Group.h"
|
2021-04-04 08:56:00 -04:00
|
|
|
#include "crypto/Random.h"
|
2019-11-01 16:42:00 -04:00
|
|
|
#include "fdosecrets/objects/Collection.h"
|
2019-11-18 06:57:04 +00:00
|
|
|
#include "fdosecrets/objects/SessionCipher.h"
|
Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403)
This plugin implements the Secret Storage specification version 0.2.
While running KeePassXC, it acts as a Secret Service server, registered
on DBus, so clients like seahorse, python-secretstorage, or other
implementations can connect and access the exposed database in KeePassXC.
Squashed commits:
- Initial code
- Add SessionAdaptor and fix build
- The skeletons for all dbus objects are in place
- Implement collection creation and deletion
- Emit collectionChanged signal
- Implement app-wise settings page
- Implement error message on GUI
- Implement settings
- Fix uuid to dbus path
- Implement app level settings
- Add freedesktop logo
- Implement database settings page
- Change database settings to a treeview
- Move all settings read/write to one place
- Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets
- Fix selected group can not be saved if the user hasn't click on the item
- Show selected group per database in app settings
- Disable editing of various readonly widgets
- Remove unused warning about non exposed database
- Fix method signature on dbus adaptors
- Fix type derived from DBusObject not recognized as QDBusContext
- Resolve a few TODOs around error handling
- Remove const when passing DBus exposed objects
- Move dismiss to PromptBase
- Implement per collection locking/unlocking
- Fix const correctness on Item::setSecret
- Implement SecretService::getSecrets
- Rework the signal connections around collections.
- Remove generateId from DBusObject
- Per spec, use encoded label as DBus object path for collections
- Fix some corner cases around collection name changes
- Implement alias
- Fix wrong alias dbus path
- Implement encryption per spec
- Cleanup SessionCipher
- Implement searchItems for SecretService
- Use Tools::uuidToHex
- Implement Item attributes and delete
- Implement createItem
- Always check if the database is unlocked before perform any operation
- Add missing ReadAlias/SetAlias on service
- Reorganize and fix OpenSession always returning empty output
- Overhaul error handling
- Make sure default alias is always present
- Remove collection aliases early in doDelete
- Handles all content types, fix setProperties not working
- Fix sometimes there is an extraneous leading zero when converting from MPI
- Fix session encryption negotiation
- Do not expose recycle bin
- Protect against the methods not called from DBus
- Also emit collectionChanged signal when lock state changes
- Show notification when entry secret is requested
- Add a README file
- Actually close session when client disconnects
- Gracefully return alternative label when collection is locked
- Reorganize, rename secretservice to fdosecrets
- Fix issues reported by clazy
- Unify UI strings and fix icon
- Implement a setting to skip confirmation when deleting entries from DBus
- Remove some unused debugging log
- Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter.
- Simplify GcryptMPI using std::unique_ptr and add unit test
- Format code in fdosecrets
- Move DBusReturnImpl to details namespace
- Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted
- Make sure Collection::searchItems works, whether it's locked or not
- Fix FdoSecrets::Collection becomes empty after a database reload
- Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
|
|
|
|
2021-07-11 22:10:29 -04:00
|
|
|
#include <QTest>
|
|
|
|
|
Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403)
This plugin implements the Secret Storage specification version 0.2.
While running KeePassXC, it acts as a Secret Service server, registered
on DBus, so clients like seahorse, python-secretstorage, or other
implementations can connect and access the exposed database in KeePassXC.
Squashed commits:
- Initial code
- Add SessionAdaptor and fix build
- The skeletons for all dbus objects are in place
- Implement collection creation and deletion
- Emit collectionChanged signal
- Implement app-wise settings page
- Implement error message on GUI
- Implement settings
- Fix uuid to dbus path
- Implement app level settings
- Add freedesktop logo
- Implement database settings page
- Change database settings to a treeview
- Move all settings read/write to one place
- Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets
- Fix selected group can not be saved if the user hasn't click on the item
- Show selected group per database in app settings
- Disable editing of various readonly widgets
- Remove unused warning about non exposed database
- Fix method signature on dbus adaptors
- Fix type derived from DBusObject not recognized as QDBusContext
- Resolve a few TODOs around error handling
- Remove const when passing DBus exposed objects
- Move dismiss to PromptBase
- Implement per collection locking/unlocking
- Fix const correctness on Item::setSecret
- Implement SecretService::getSecrets
- Rework the signal connections around collections.
- Remove generateId from DBusObject
- Per spec, use encoded label as DBus object path for collections
- Fix some corner cases around collection name changes
- Implement alias
- Fix wrong alias dbus path
- Implement encryption per spec
- Cleanup SessionCipher
- Implement searchItems for SecretService
- Use Tools::uuidToHex
- Implement Item attributes and delete
- Implement createItem
- Always check if the database is unlocked before perform any operation
- Add missing ReadAlias/SetAlias on service
- Reorganize and fix OpenSession always returning empty output
- Overhaul error handling
- Make sure default alias is always present
- Remove collection aliases early in doDelete
- Handles all content types, fix setProperties not working
- Fix sometimes there is an extraneous leading zero when converting from MPI
- Fix session encryption negotiation
- Do not expose recycle bin
- Protect against the methods not called from DBus
- Also emit collectionChanged signal when lock state changes
- Show notification when entry secret is requested
- Add a README file
- Actually close session when client disconnects
- Gracefully return alternative label when collection is locked
- Reorganize, rename secretservice to fdosecrets
- Fix issues reported by clazy
- Unify UI strings and fix icon
- Implement a setting to skip confirmation when deleting entries from DBus
- Remove some unused debugging log
- Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter.
- Simplify GcryptMPI using std::unique_ptr and add unit test
- Format code in fdosecrets
- Move DBusReturnImpl to details namespace
- Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted
- Make sure Collection::searchItems works, whether it's locked or not
- Fix FdoSecrets::Collection becomes empty after a database reload
- Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
|
|
|
QTEST_GUILESS_MAIN(TestFdoSecrets)
|
|
|
|
|
|
|
|
void TestFdoSecrets::testDhIetf1024Sha256Aes128CbcPkcs7()
|
|
|
|
{
|
2021-04-04 08:56:00 -04:00
|
|
|
FdoSecrets::DhIetf1024Sha256Aes128CbcPkcs7 cipher(randomGen()->randomArray(128));
|
|
|
|
QVERIFY(cipher.isValid());
|
Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403)
This plugin implements the Secret Storage specification version 0.2.
While running KeePassXC, it acts as a Secret Service server, registered
on DBus, so clients like seahorse, python-secretstorage, or other
implementations can connect and access the exposed database in KeePassXC.
Squashed commits:
- Initial code
- Add SessionAdaptor and fix build
- The skeletons for all dbus objects are in place
- Implement collection creation and deletion
- Emit collectionChanged signal
- Implement app-wise settings page
- Implement error message on GUI
- Implement settings
- Fix uuid to dbus path
- Implement app level settings
- Add freedesktop logo
- Implement database settings page
- Change database settings to a treeview
- Move all settings read/write to one place
- Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets
- Fix selected group can not be saved if the user hasn't click on the item
- Show selected group per database in app settings
- Disable editing of various readonly widgets
- Remove unused warning about non exposed database
- Fix method signature on dbus adaptors
- Fix type derived from DBusObject not recognized as QDBusContext
- Resolve a few TODOs around error handling
- Remove const when passing DBus exposed objects
- Move dismiss to PromptBase
- Implement per collection locking/unlocking
- Fix const correctness on Item::setSecret
- Implement SecretService::getSecrets
- Rework the signal connections around collections.
- Remove generateId from DBusObject
- Per spec, use encoded label as DBus object path for collections
- Fix some corner cases around collection name changes
- Implement alias
- Fix wrong alias dbus path
- Implement encryption per spec
- Cleanup SessionCipher
- Implement searchItems for SecretService
- Use Tools::uuidToHex
- Implement Item attributes and delete
- Implement createItem
- Always check if the database is unlocked before perform any operation
- Add missing ReadAlias/SetAlias on service
- Reorganize and fix OpenSession always returning empty output
- Overhaul error handling
- Make sure default alias is always present
- Remove collection aliases early in doDelete
- Handles all content types, fix setProperties not working
- Fix sometimes there is an extraneous leading zero when converting from MPI
- Fix session encryption negotiation
- Do not expose recycle bin
- Protect against the methods not called from DBus
- Also emit collectionChanged signal when lock state changes
- Show notification when entry secret is requested
- Add a README file
- Actually close session when client disconnects
- Gracefully return alternative label when collection is locked
- Reorganize, rename secretservice to fdosecrets
- Fix issues reported by clazy
- Unify UI strings and fix icon
- Implement a setting to skip confirmation when deleting entries from DBus
- Remove some unused debugging log
- Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter.
- Simplify GcryptMPI using std::unique_ptr and add unit test
- Format code in fdosecrets
- Move DBusReturnImpl to details namespace
- Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted
- Make sure Collection::searchItems works, whether it's locked or not
- Fix FdoSecrets::Collection becomes empty after a database reload
- Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
|
|
|
}
|
2019-11-01 16:42:00 -04:00
|
|
|
|
|
|
|
void TestFdoSecrets::testCrazyAttributeKey()
|
|
|
|
{
|
|
|
|
using FdoSecrets::Collection;
|
2019-11-18 06:57:04 +00:00
|
|
|
using FdoSecrets::Item;
|
2019-11-01 16:42:00 -04:00
|
|
|
|
|
|
|
const QScopedPointer<Group> root(new Group());
|
|
|
|
const QScopedPointer<Entry> e1(new Entry());
|
|
|
|
e1->setGroup(root.data());
|
|
|
|
|
|
|
|
const QString key = "_a:bc&-+'-e%12df_d";
|
|
|
|
const QString value = "value";
|
|
|
|
e1->attributes()->set(key, value);
|
|
|
|
|
|
|
|
// search for custom entries
|
|
|
|
const auto term = Collection::attributeToTerm(key, value);
|
|
|
|
const auto res = EntrySearcher().search({term}, root.data());
|
|
|
|
QCOMPARE(res.count(), 1);
|
|
|
|
}
|
2019-12-17 16:34:07 -05:00
|
|
|
|
|
|
|
void TestFdoSecrets::testSpecialCharsInAttributeValue()
|
|
|
|
{
|
|
|
|
using FdoSecrets::Collection;
|
|
|
|
using FdoSecrets::Item;
|
|
|
|
|
|
|
|
const QScopedPointer<Group> root(new Group());
|
|
|
|
QScopedPointer<Entry> e1(new Entry());
|
|
|
|
e1->setGroup(root.data());
|
|
|
|
|
|
|
|
e1->setTitle("titleA");
|
|
|
|
e1->attributes()->set("testAttribute", "OAuth::[test.name@gmail.com]");
|
|
|
|
|
|
|
|
QScopedPointer<Entry> e2(new Entry());
|
|
|
|
e2->setGroup(root.data());
|
|
|
|
e2->setTitle("titleB");
|
|
|
|
e2->attributes()->set("testAttribute", "Abc:*+.-");
|
|
|
|
|
2023-01-29 09:38:44 -05:00
|
|
|
// search for custom entries via programmatic API
|
2019-12-17 16:34:07 -05:00
|
|
|
{
|
|
|
|
const auto term = Collection::attributeToTerm("testAttribute", "OAuth::[test.name@gmail.com]");
|
|
|
|
const auto res = EntrySearcher().search({term}, root.data());
|
|
|
|
QCOMPARE(res.count(), 1);
|
|
|
|
QCOMPARE(res[0]->title(), QStringLiteral("titleA"));
|
|
|
|
}
|
|
|
|
{
|
|
|
|
const auto term = Collection::attributeToTerm("testAttribute", "Abc:*+.-");
|
|
|
|
const auto res = EntrySearcher().search({term}, root.data());
|
|
|
|
QCOMPARE(res.count(), 1);
|
|
|
|
QCOMPARE(res[0]->title(), QStringLiteral("titleB"));
|
|
|
|
}
|
2022-05-21 16:21:33 +02:00
|
|
|
{
|
|
|
|
const auto term = Collection::attributeToTerm("testAttribute", "v|");
|
|
|
|
const auto res = EntrySearcher().search({term}, root.data());
|
|
|
|
QCOMPARE(res.count(), 0);
|
|
|
|
}
|
2019-12-17 16:34:07 -05:00
|
|
|
}
|
2021-02-05 15:07:59 -05:00
|
|
|
|
|
|
|
void TestFdoSecrets::testDBusPathParse()
|
|
|
|
{
|
|
|
|
using FdoSecrets::DBusMgr;
|
|
|
|
using PathType = FdoSecrets::DBusMgr::PathType;
|
|
|
|
|
|
|
|
auto parsed = DBusMgr::parsePath(QStringLiteral("/org/freedesktop/secrets"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Service);
|
|
|
|
|
|
|
|
parsed = DBusMgr::parsePath(QStringLiteral("/org/freedesktop/secrets/collection/xxx"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Collection);
|
|
|
|
QCOMPARE(parsed.id, QStringLiteral("xxx"));
|
|
|
|
|
|
|
|
parsed = DBusMgr::parsePath(QStringLiteral("/org/freedesktop/secrets/collection/xxx/yyy"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Item);
|
|
|
|
QCOMPARE(parsed.id, QStringLiteral("yyy"));
|
|
|
|
QCOMPARE(parsed.parentId, QStringLiteral("xxx"));
|
|
|
|
|
|
|
|
parsed = DBusMgr::parsePath(QStringLiteral("/org/freedesktop/secrets/aliases/xxx"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Aliases);
|
|
|
|
QCOMPARE(parsed.id, QStringLiteral("xxx"));
|
|
|
|
|
|
|
|
parsed = DBusMgr::parsePath(QStringLiteral("/org/freedesktop/secrets/session/xxx"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Session);
|
|
|
|
QCOMPARE(parsed.id, QStringLiteral("xxx"));
|
|
|
|
|
|
|
|
parsed = DBusMgr::parsePath(QStringLiteral("/org/freedesktop/secrets/prompt/xxx"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Prompt);
|
|
|
|
QCOMPARE(parsed.id, QStringLiteral("xxx"));
|
|
|
|
|
|
|
|
parsed = DBusMgr::parsePath(QStringLiteral("/org/freedesktop/other/prompt/xxx"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Unknown);
|
|
|
|
|
|
|
|
parsed = DBusMgr::parsePath(QStringLiteral("/org"));
|
|
|
|
QCOMPARE(parsed.type, PathType::Unknown);
|
|
|
|
}
|