keepassxc/src/core/Database.cpp

553 lines
14 KiB
C++
Raw Normal View History

2010-08-07 09:10:44 -04:00
/*
* Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
2017-06-09 17:40:36 -04:00
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
2010-08-07 09:10:44 -04:00
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 2 or (at your option)
* version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "Database.h"
#include <QFile>
#include <QTemporaryFile>
#include <QTextStream>
#include <QTimer>
#include <QXmlStreamReader>
2010-08-07 09:10:44 -04:00
#include "cli/Utils.h"
2011-07-08 07:57:02 -04:00
#include "core/Group.h"
#include "core/Metadata.h"
#include "crypto/kdf/AesKdf.h"
#include "format/KeePass2.h"
2017-03-12 13:47:05 -04:00
#include "format/KeePass2Reader.h"
2017-06-14 19:50:19 -04:00
#include "format/KeePass2Writer.h"
#include "keys/PasswordKey.h"
#include "keys/FileKey.h"
2010-08-07 09:10:44 -04:00
QHash<Uuid, Database*> Database::m_uuidMap;
2010-08-13 12:08:06 -04:00
Database::Database()
2012-04-23 13:44:43 -04:00
: m_metadata(new Metadata(this))
2012-06-24 11:53:01 -04:00
, m_timer(new QTimer(this))
, m_emitModified(false)
, m_uuid(Uuid::random())
2010-08-07 09:10:44 -04:00
{
2013-11-22 04:28:11 -05:00
m_data.cipher = KeePass2::CIPHER_AES;
m_data.compressionAlgo = CompressionGZip;
// instantiate default AES-KDF with legacy KDBX3 flag set
// KDBX4+ will re-initialize the KDF using parameters read from the KDBX file
m_data.kdf = QSharedPointer<AesKdf>::create(true);
m_data.kdf->randomizeSeed();
2013-11-22 04:28:11 -05:00
m_data.hasKey = false;
setRootGroup(new Group());
rootGroup()->setUuid(Uuid::random());
2012-06-24 11:53:01 -04:00
m_timer->setSingleShot(true);
m_uuidMap.insert(m_uuid, this);
2012-06-24 11:53:01 -04:00
connect(m_metadata, SIGNAL(modified()), this, SIGNAL(modifiedImmediate()));
connect(m_metadata, SIGNAL(nameTextChanged()), this, SIGNAL(nameTextChanged()));
2012-06-24 11:53:01 -04:00
connect(this, SIGNAL(modifiedImmediate()), this, SLOT(startModifiedTimer()));
connect(m_timer, SIGNAL(timeout()), SIGNAL(modified()));
2010-08-07 09:10:44 -04:00
}
Database::~Database()
{
m_uuidMap.remove(m_uuid);
}
Group* Database::rootGroup()
{
return m_rootGroup;
}
2010-08-15 09:03:47 -04:00
const Group* Database::rootGroup() const
{
return m_rootGroup;
}
void Database::setRootGroup(Group* group)
{
Q_ASSERT(group);
2011-07-08 07:57:02 -04:00
m_rootGroup = group;
m_rootGroup->setParent(this);
}
Metadata* Database::metadata()
{
return m_metadata;
}
2010-09-19 15:22:24 -04:00
const Metadata* Database::metadata() const
{
2010-09-19 15:22:24 -04:00
return m_metadata;
}
Entry* Database::resolveEntry(const Uuid& uuid)
{
return findEntryRecursive(uuid, m_rootGroup);
}
Entry* Database::resolveEntry(const QString& text, EntryReferenceType referenceType)
{
return findEntryRecursive(text, referenceType, m_rootGroup);
}
Entry* Database::findEntryRecursive(const Uuid& uuid, Group* group)
{
const QList<Entry*> entryList = group->entries();
for (Entry* entry : entryList) {
2012-04-18 18:25:57 -04:00
if (entry->uuid() == uuid) {
return entry;
2012-04-18 18:25:57 -04:00
}
}
const QList<Group*> children = group->children();
for (Group* child : children) {
Entry* result = findEntryRecursive(uuid, child);
2012-04-18 18:25:57 -04:00
if (result) {
return result;
2012-04-18 18:25:57 -04:00
}
}
2015-07-24 12:28:12 -04:00
return nullptr;
}
Entry* Database::findEntryRecursive(const QString& text, EntryReferenceType referenceType, Group* group)
{
Q_ASSERT_X(referenceType != EntryReferenceType::Unknown, "Database::findEntryRecursive",
"Can't search entry with \"referenceType\" parameter equal to \"Unknown\"");
bool found = false;
const QList<Entry*> entryList = group->entries();
for (Entry* entry : entryList) {
switch (referenceType) {
case EntryReferenceType::Unknown:
return nullptr;
case EntryReferenceType::Title:
found = entry->title() == text;
break;
case EntryReferenceType::UserName:
found = entry->username() == text;
break;
case EntryReferenceType::Password:
found = entry->password() == text;
break;
case EntryReferenceType::Url:
found = entry->url() == text;
break;
case EntryReferenceType::Notes:
found = entry->notes() == text;
break;
case EntryReferenceType::Uuid:
keepassxc-cli show: resolve references in output (#1280) * core: database: make UUID searching case-insensitive 4c4d8a5e848c ("Implement search for reference placeholder based on fields other than ID") changed the semantics of searching-by-reference in KeePassXC. Unforuntately it contained a bug where it implicitly became case-sensitive to UUIDs, which broke existing databases that used references (especially since the default reference format uses a different case to the UUID used while searching). The tests didn't catch this because ->toHex() preserves the case that it was provided, they have been updated to check that UUIDs are case insensitive. * cli: show: resolve references in output Previously, `keepassxc-cli show` would not resolve references. This would make it quite hard to script around its output (since there's not interface to resolve references manually either). Fix this by using resolveMultiplePlaceholders as with all other users of ->password() and related entry fields. Fixes: keepassxreboot/keepassxc#1260 * tests: entry: add tests for ref-cloned entries This ensures that the most "intuitive" current usage of references (through the clone feature of the GUI) remains self-consistent and always produces the correct results. In addition, explicitly test that case insensitivity works as expected. These should avoid similar regressions in reference handling in the future. * http: resolve references in AccessControlDialog The access control dialog previously would not show the "real" username or "real" title when asking for permission to give access to entries. Fix this by resolving it, as we do in many other places. Fixes: keepassxreboot/keepassxc#1269 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2017-12-17 10:44:12 -05:00
found = entry->uuid() == Uuid::fromHex(text);
break;
case EntryReferenceType::CustomAttributes:
found = entry->attributes()->containsValue(text);
break;
}
if (found) {
return entry;
}
}
const QList<Group*> children = group->children();
for (Group* child : children) {
Entry* result = findEntryRecursive(text, referenceType, child);
if (result) {
return result;
}
}
return nullptr;
}
Group* Database::resolveGroup(const Uuid& uuid)
{
return findGroupRecursive(uuid, m_rootGroup);
}
Group* Database::findGroupRecursive(const Uuid& uuid, Group* group)
{
2012-04-18 18:25:57 -04:00
if (group->uuid() == uuid) {
return group;
2012-04-18 18:25:57 -04:00
}
const QList<Group*> children = group->children();
for (Group* child : children) {
Group* result = findGroupRecursive(uuid, child);
2012-04-18 18:25:57 -04:00
if (result) {
2010-09-13 17:16:28 -04:00
return result;
2012-04-18 18:25:57 -04:00
}
}
2015-07-24 12:28:12 -04:00
return nullptr;
}
QList<DeletedObject> Database::deletedObjects()
{
return m_deletedObjects;
}
void Database::addDeletedObject(const DeletedObject& delObj)
{
Q_ASSERT(delObj.deletionTime.timeSpec() == Qt::UTC);
m_deletedObjects.append(delObj);
}
void Database::addDeletedObject(const Uuid& uuid)
{
DeletedObject delObj;
2015-07-22 17:48:08 -04:00
delObj.deletionTime = QDateTime::currentDateTimeUtc();
delObj.uuid = uuid;
addDeletedObject(delObj);
}
Uuid Database::cipher() const
{
2013-11-22 04:28:11 -05:00
return m_data.cipher;
}
Database::CompressionAlgorithm Database::compressionAlgo() const
{
2013-11-22 04:28:11 -05:00
return m_data.compressionAlgo;
}
QByteArray Database::transformedMasterKey() const
{
2013-11-22 04:28:11 -05:00
return m_data.transformedMasterKey;
}
QByteArray Database::challengeResponseKey() const
{
return m_data.challengeResponseKey;
}
bool Database::challengeMasterSeed(const QByteArray& masterSeed)
{
m_data.masterSeed = masterSeed;
return m_data.key.challenge(masterSeed, m_data.challengeResponseKey);
}
void Database::setCipher(const Uuid& cipher)
{
Q_ASSERT(!cipher.isNull());
2013-11-22 04:28:11 -05:00
m_data.cipher = cipher;
}
void Database::setCompressionAlgo(Database::CompressionAlgorithm algo)
{
Q_ASSERT(static_cast<quint32>(algo) <= CompressionAlgorithmMax);
2013-11-22 04:28:11 -05:00
m_data.compressionAlgo = algo;
}
/**
* Set and transform a new encryption key.
*
* @param key key to set and transform
* @param updateChangedTime true to update database change time
* @param updateTransformSalt true to update the transform salt
* @return true on success
*/
bool Database::setKey(const CompositeKey& key, bool updateChangedTime, bool updateTransformSalt)
{
if (updateTransformSalt) {
m_data.kdf->randomizeSeed();
Q_ASSERT(!m_data.kdf->seed().isEmpty());
}
QByteArray oldTransformedMasterKey = m_data.transformedMasterKey;
QByteArray transformedMasterKey;
if (!key.transform(*m_data.kdf, transformedMasterKey)) {
return false;
}
2013-11-22 04:28:11 -05:00
m_data.key = key;
m_data.transformedMasterKey = transformedMasterKey;
2013-11-22 04:28:11 -05:00
m_data.hasKey = true;
2012-04-11 09:57:11 -04:00
if (updateChangedTime) {
2015-07-22 17:48:08 -04:00
m_metadata->setMasterKeyChanged(QDateTime::currentDateTimeUtc());
2012-04-11 09:57:11 -04:00
}
if (oldTransformedMasterKey != m_data.transformedMasterKey) {
emit modifiedImmediate();
}
return true;
}
bool Database::hasKey() const
{
2013-11-22 04:28:11 -05:00
return m_data.hasKey;
}
bool Database::verifyKey(const CompositeKey& key) const
{
Q_ASSERT(hasKey());
if (!m_data.challengeResponseKey.isEmpty()) {
QByteArray result;
if (!key.challenge(m_data.masterSeed, result)) {
// challenge failed, (YubiKey?) removed?
return false;
}
if (m_data.challengeResponseKey != result) {
// wrong response from challenged device(s)
return false;
}
}
2013-11-22 04:28:11 -05:00
return (m_data.key.rawKey() == key.rawKey());
}
2012-04-21 13:06:28 -04:00
void Database::createRecycleBin()
{
Group* recycleBin = Group::createRecycleBin();
2012-04-21 13:06:28 -04:00
recycleBin->setParent(rootGroup());
m_metadata->setRecycleBin(recycleBin);
}
void Database::recycleEntry(Entry* entry)
{
if (m_metadata->recycleBinEnabled()) {
if (!m_metadata->recycleBin()) {
2012-04-21 13:06:28 -04:00
createRecycleBin();
}
entry->setGroup(metadata()->recycleBin());
2017-06-15 10:31:14 -04:00
} else {
delete entry;
}
}
2012-04-21 13:06:28 -04:00
void Database::recycleGroup(Group* group)
{
2017-06-15 10:31:14 -04:00
if (m_metadata->recycleBinEnabled()) {
2012-04-21 13:06:28 -04:00
if (!m_metadata->recycleBin()) {
createRecycleBin();
}
group->setParent(metadata()->recycleBin());
2017-06-15 10:31:14 -04:00
} else {
2012-04-21 13:06:28 -04:00
delete group;
2017-06-15 10:31:14 -04:00
}
2012-06-24 11:53:01 -04:00
}
2017-04-21 10:33:06 -04:00
void Database::emptyRecycleBin()
{
if (m_metadata->recycleBinEnabled() && m_metadata->recycleBin()) {
// destroying direct entries of the recycle bin
QList<Entry*> subEntries = m_metadata->recycleBin()->entries();
for (Entry* entry : subEntries) {
delete entry;
}
// destroying direct subgroups of the recycle bin
QList<Group*> subGroups = m_metadata->recycleBin()->children();
for (Group* group : subGroups) {
delete group;
}
}
}
void Database::merge(const Database* other)
{
m_rootGroup->merge(other->rootGroup());
for (Uuid customIconId : other->metadata()->customIcons().keys()) {
QImage customIcon = other->metadata()->customIcon(customIconId);
if (!this->metadata()->containsCustomIcon(customIconId)) {
qDebug("Adding custom icon %s to database.", qPrintable(customIconId.toHex()));
this->metadata()->addCustomIcon(customIconId, customIcon);
}
}
emit modified();
}
2012-06-24 11:53:01 -04:00
void Database::setEmitModified(bool value)
{
if (m_emitModified && !value) {
m_timer->stop();
2012-04-21 13:06:28 -04:00
}
2012-06-24 11:53:01 -04:00
m_emitModified = value;
2012-04-21 13:06:28 -04:00
}
2013-11-22 04:28:11 -05:00
Uuid Database::uuid()
{
return m_uuid;
}
Database* Database::databaseByUuid(const Uuid& uuid)
{
return m_uuidMap.value(uuid, 0);
}
2012-06-24 11:53:01 -04:00
void Database::startModifiedTimer()
{
if (!m_emitModified) {
return;
}
if (m_timer->isActive()) {
m_timer->stop();
}
m_timer->start(150);
}
2017-05-19 14:04:11 -04:00
const CompositeKey& Database::key() const
{
return m_data.key;
}
2017-03-12 13:47:05 -04:00
Database* Database::openDatabaseFile(QString fileName, CompositeKey key)
{
QFile dbFile(fileName);
if (!dbFile.exists()) {
qCritical("File %s does not exist.", qPrintable(fileName));
return nullptr;
}
if (!dbFile.open(QIODevice::ReadOnly)) {
qCritical("Unable to open file %s.", qPrintable(fileName));
return nullptr;
}
KeePass2Reader reader;
Database* db = reader.readDatabase(&dbFile, key);
if (reader.hasError()) {
qCritical("Error while parsing the database: %s", qPrintable(reader.errorString()));
return nullptr;
}
return db;
}
Database* Database::unlockFromStdin(QString databaseFilename, QString keyFilename)
{
CompositeKey compositeKey;
QTextStream outputTextStream(stdout);
QTextStream errorTextStream(stderr);
outputTextStream << QObject::tr("Insert password to unlock %1: ").arg(databaseFilename);
outputTextStream.flush();
QString line = Utils::getPassword();
PasswordKey passwordKey;
passwordKey.setPassword(line);
compositeKey.addKey(passwordKey);
if (!keyFilename.isEmpty()) {
FileKey fileKey;
QString errorMessage;
if (!fileKey.load(keyFilename, &errorMessage)) {
2017-09-24 05:45:58 -04:00
errorTextStream << QObject::tr("Failed to load key file %1 : %2").arg(keyFilename, errorMessage);
errorTextStream << endl;
return nullptr;
}
compositeKey.addKey(fileKey);
}
return Database::openDatabaseFile(databaseFilename, compositeKey);
}
2017-06-14 19:50:19 -04:00
/**
* Save the database to a file.
*
* This function uses QTemporaryFile instead of QSaveFile due to a bug
* in Qt (https://bugreports.qt.io/browse/QTBUG-57299) that may prevent
* the QSaveFile from renaming itself when using DropBox, Drive, or OneDrive.
*
* The risk in using QTemporaryFile is that the rename function is not atomic
* and may result in loss of data if there is a crash or power loss at the
* wrong moment.
*
* @param filePath Absolute path of the file to save
* @param keepOld Rename the original database file instead of deleting
* @return error string, if any
*/
QString Database::saveToFile(QString filePath, bool keepOld)
2017-06-14 19:50:19 -04:00
{
KeePass2Writer writer;
QTemporaryFile saveFile;
if (saveFile.open()) {
2017-06-14 19:50:19 -04:00
// write the database to the file
setEmitModified(false);
2017-06-14 19:50:19 -04:00
writer.writeDatabase(&saveFile, this);
setEmitModified(true);
2017-06-14 19:50:19 -04:00
if (writer.hasError()) {
// the writer failed
2017-06-14 19:50:19 -04:00
return writer.errorString();
}
saveFile.close(); // flush to disk
if (keepOld) {
QFile::remove(filePath + ".old");
QFile::rename(filePath, filePath + ".old");
}
QFile::remove(filePath);
if (saveFile.rename(filePath)) {
2017-06-14 19:50:19 -04:00
// successfully saved database file
saveFile.setAutoRemove(false);
return {};
2017-06-14 19:50:19 -04:00
}
}
return saveFile.errorString();
2017-06-14 19:50:19 -04:00
}
QSharedPointer<Kdf> Database::kdf() const
{
return m_data.kdf;
}
void Database::setKdf(QSharedPointer<Kdf> kdf)
{
m_data.kdf = std::move(kdf);
}
void Database::setPublicCustomData(QByteArray data) {
m_data.publicCustomData = data;
}
QByteArray Database::publicCustomData() const {
return m_data.publicCustomData;
}
bool Database::changeKdf(QSharedPointer<Kdf> kdf)
{
kdf->randomizeSeed();
QByteArray transformedMasterKey;
if (!m_data.key.transform(*kdf, transformedMasterKey)) {
return false;
}
setKdf(kdf);
m_data.transformedMasterKey = transformedMasterKey;
emit modifiedImmediate();
return true;
}