multiple database with --pw-stdin (#2916)

* Updated utilities to unlock KDBX with OS password manager on macOS and Linux
* Use a static stream on stdin for --pw-stdin otherwise buffer loss eliminates subsequent passwords
* Update INSTALL requirements
This commit is contained in:
Jack Thomasson 2019-04-25 08:37:13 -06:00 committed by Jonathan White
parent ba4d68c76e
commit 1cbd395d71
5 changed files with 42 additions and 12 deletions

View File

@ -26,7 +26,9 @@ The following libraries are required:
* libmicrohttpd * libmicrohttpd
* libxi, libxtst, qtx11extras (optional for auto-type on X11) * libxi, libxtst, qtx11extras (optional for auto-type on X11)
* libsodium (>= 1.0.12, optional for KeePassXC-Browser support) * libsodium (>= 1.0.12, optional for KeePassXC-Browser support)
* libargon2 * argon2
* qrencode
* yubikey ykpers (optional to support YubiKey)
Prepare the Building Environment Prepare the Building Environment
================================ ================================

View File

@ -163,7 +163,7 @@ namespace Utils
return password; return password;
} }
TextStream in(STDIN, QIODevice::ReadOnly); static TextStream in(STDIN, QIODevice::ReadOnly);
setStdinEcho(false); setStdinEcho(false);
QString line = in.readLine(); QString line = in.readLine();

View File

@ -144,8 +144,7 @@ int main(int argc, char** argv)
if (pwstdin) { if (pwstdin) {
// we always need consume a line of STDIN if --pw-stdin is set to clear out the // we always need consume a line of STDIN if --pw-stdin is set to clear out the
// buffer for native messaging, even if the specified file does not exist // buffer for native messaging, even if the specified file does not exist
static QTextStream in(stdin, QIODevice::ReadOnly); QTextStream out(stdout, QIODevice::WriteOnly);
static QTextStream out(stdout, QIODevice::WriteOnly);
out << QObject::tr("Database password: ") << flush; out << QObject::tr("Database password: ") << flush;
password = Utils::getPassword(); password = Utils::getPassword();
} }

View File

@ -1,9 +1,11 @@
#!/bin/bash #!/usr/bin/env bash
# fetch KeePass database passwords from kdewallet
### change the path to suit your installation or set KDBX_SEARCH before calling ### ### change the path to suit your installation or set KDBX_SEARCH before calling ###
: ${KDBX_SEARCH:=~/.KeePass/*.kdbx} : ${KDBX_SEARCH:=~/.KeePass/*.kdbx}
PROG="$(basename $0)" PROG="${0##*/}"
KEEPASSXC=$(which -a keepassxc | sed -e "\\,$0,d" -e 'q')
function daemon_main { function daemon_main {
# open kdewallet # open kdewallet
@ -12,16 +14,14 @@ function daemon_main {
sleep 1 sleep 1
done done
# fetch KeePass database passwords from kdewallet
declare -A DBs declare -A DBs
for DBPATH in $KDBX_SEARCH; do for DBPATH in $(ls -r $KDBX_SEARCH); do
[[ -L "$DBPATH" ]] && DBPATH=$(readlink --canonicalize "$DBPATH") DBs[$(realpath $DBPATH)]=$(qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.readPassword "$handle" "Passwords" "${DBPATH##*/}" "$PROG")
DBs[$DBPATH]=$(qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.readPassword "$handle" "Passwords" "$DBPATH" "$PROG")
done done
# launch keepassx # launch real keepassxc
IFS=$'\n\n\n' IFS=$'\n\n\n'
keepassx --pw-stdin "${!DBs[@]}" <<<"${DBs[*]}" & "$KEEPASSXC" --pw-stdin "${!DBs[@]}" <<<"${DBs[*]}" &
# done with kdewallet # done with kdewallet
qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.close "$handle" "false" "$PROG" qdbus org.kde.kwalletd5 /modules/kwalletd5 org.kde.KWallet.close "$handle" "false" "$PROG"

29
utils/keepassxc-keychain Executable file
View File

@ -0,0 +1,29 @@
#!/usr/bin/env bash
# fetch KeePass database passwords from keychain
### change the path to suit your installation or set KDBX_SEARCH before calling ###
: ${KDBX_SEARCH:=~/.KeePass/*.kdbx}
PROG="$(basename $0)"
KeePassXC=$(ls -f {/usr/local,/Applications}/KeePassXC.app/Contents/MacOS/KeePassXC 2>/dev/null | head -1)
function daemon_main {
declare -A DBs
for DBPATH in $KDBX_SEARCH; do
DBs[$(python -c "import os; print os.path.realpath('$DBPATH')")]=$(security find-generic-password -a $USER -s "${DBPATH##*/}" -w)
done
# launch keepassxc
IFS=$'\n\n\n'
$KeePassXC --pw-stdin "${!DBs[@]}" <<<"${DBs[*]}" &
}
if [[ '-d' = "$1" ]]; then
exec >&~/tmp/$PROG.log
set -vx
daemon_main
else
cd /
daemon_main </dev/null >&/dev/null &
disown
fi