multiple database with --pw-stdin (#2916)

* Updated utilities to unlock KDBX with OS password manager on macOS and Linux
* Use a static stream on stdin for --pw-stdin otherwise buffer loss eliminates subsequent passwords
* Update INSTALL requirements

INSTALL.md

@@ -26,7 +26,9 @@ The following libraries are required:
 * libmicrohttpd
 * libxi, libxtst, qtx11extras (optional for auto-type on X11)
 * libsodium (>= 1.0.12, optional for KeePassXC-Browser support)
-* libargon2
+* argon2
+* qrencode
+* yubikey ykpers (optional to support YubiKey)
 
 Prepare the Building Environment
 ================================

src/cli/Utils.cpp

@@ -163,7 +163,7 @@ namespace Utils
             return password;
         }
 
-        TextStream in(STDIN, QIODevice::ReadOnly);
+        static TextStream in(STDIN, QIODevice::ReadOnly);
 
         setStdinEcho(false);
         QString line = in.readLine();

src/main.cpp

@@ -144,8 +144,7 @@ int main(int argc, char** argv)
         if (pwstdin) {
             // we always need consume a line of STDIN if --pw-stdin is set to clear out the
             // buffer for native messaging, even if the specified file does not exist
-            static QTextStream in(stdin, QIODevice::ReadOnly);
+            QTextStream out(stdout, QIODevice::WriteOnly);
-            static QTextStream out(stdout, QIODevice::WriteOnly);
             out << QObject::tr("Database password: ") << flush;
             password = Utils::getPassword();
         }

utils/keepassxc-kdewallet

@@ -1,9 +1,11 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# fetch KeePass database passwords from kdewallet
 
 ### change the path to suit your installation or set KDBX_SEARCH before calling ###
 : ${KDBX_SEARCH:=~/.KeePass/*.kdbx}
 
-PROG="$(basename $0)"
+PROG="${0##*/}"
+KEEPASSXC=$(which -a keepassxc | sed -e "\\,$0,d" -e 'q')
 
 function daemon_main {
   # open kdewallet
@@ -12,16 +14,14 @@ function daemon_main {
     sleep 1
   done
 
-  # fetch KeePass database passwords from kdewallet
   declare -A DBs
-  for DBPATH in $KDBX_SEARCH; do
+  for DBPATH in $(ls -r $KDBX_SEARCH); do
-    [[ -L "$DBPATH" ]] && DBPATH=$(readlink --canonicalize "$DBPATH")
+    DBs[$(realpath $DBPATH)]=$(qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.readPassword "$handle" "Passwords" "${DBPATH##*/}" "$PROG")
-    DBs[$DBPATH]=$(qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.readPassword "$handle" "Passwords" "$DBPATH" "$PROG")
   done
 
-  # launch keepassx
+  # launch real keepassxc
   IFS=$'\n\n\n'
-  keepassx --pw-stdin "${!DBs[@]}" <<<"${DBs[*]}" &
+  "$KEEPASSXC" --pw-stdin "${!DBs[@]}" <<<"${DBs[*]}" &
 
   # done with kdewallet
   qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.close "$handle" "false" "$PROG"

utils/keepassxc-keychain

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# fetch KeePass database passwords from keychain
+
+### change the path to suit your installation or set KDBX_SEARCH before calling ###
+: ${KDBX_SEARCH:=~/.KeePass/*.kdbx}
+
+PROG="$(basename $0)"
+KeePassXC=$(ls -f {/usr/local,/Applications}/KeePassXC.app/Contents/MacOS/KeePassXC 2>/dev/null | head -1)
+
+function daemon_main {
+  declare -A DBs
+  for DBPATH in $KDBX_SEARCH; do
+    DBs[$(python -c  "import os; print os.path.realpath('$DBPATH')")]=$(security find-generic-password -a $USER -s "${DBPATH##*/}" -w)
+  done
+
+  # launch keepassxc
+  IFS=$'\n\n\n'
+  $KeePassXC --pw-stdin "${!DBs[@]}" <<<"${DBs[*]}" &
+}
+
+if [[ '-d' = "$1" ]]; then
+  exec >&~/tmp/$PROG.log
+  set -vx
+  daemon_main
+else
+  cd /
+  daemon_main </dev/null >&/dev/null &
+  disown
+fi