This new subcommand checks all passwords in the given database against a given list of SHA-1 password hashes. Such lists are available from the "Have I Been Pwned" project at https://haveibeenpwned.com/Passwords.
Note that this support offline checking only. The HIBP project also provides a web API for checking specific hash ranges; this is not currently supported.
* Fixes#3126
* Limit autocompletion to the top ten used usernames
- Load common usernames when database is opened
- Transition from QLineEdit to QComboBox for usernames
- Dropdown menu of the combobox lets user choose a common username
- Common usernames are autocompleted via inline completion
- Common usernames are sorted by frequency (first) and name (second)
* Unbreak build on FreeBSD
```
In file included from src/core/Alloc.cpp:24:
/usr/include/malloc.h:3:2: error: "<malloc.h> has been replaced by <stdlib.h>"
^
src/core/Alloc.cpp:65:28: error: use of undeclared identifier 'malloc_usable_size'
::operator delete(ptr, malloc_usable_size(ptr));
^
2 errors generated.
```
Non-standard APIs like `malloc_usable_size()` [1] are defined in
`malloc_np.h` on FreeBSD, so use it instead of `malloc.h` there.
[1] https://man.freebsd.org/jemalloc(3)
* Allow Browser HostInstaller to work on FreeBSD and other OS's
* Drop custom GNUInstallDirs cmake module and use cmake's own module
It seems to be an outdated version and cmake generally provides it
itself, so there should be no need for keepassxc to provide its own
custom version.
On FreeBSD this fixes the issue that man pages were installed into
the wrong directory, i.e., `/usr/local/share/man` vs `/usr/local/man`
as per FreeBSD's current packaging policy.
Signed-off-by: Tobias Kortkamp <tobik@FreeBSD.org>
* Pass correct entropy amount to keepassxc-browser instead of amount of bits for both password and passphrase.
* Rename json key from "login" to "entropy" (keeping "login" key for backwards compatibility).
* Also make some changes to entropy calculation methods:
- Rename PassphraseGenerator::calculateEntropy to estimateEntropy
- Rename PasswordGenerator::calculateEntropy to estimateEntropy
* Add combo menu button to apply an icon to children
- allow more options to apply icons (child groups, child entries)
- extend tests in TestGroup (applying icons for groups/entries only)
- prevent blue folder icon being set for entries (on entry creation only)
* Do not show the combo menu button for entries
* Fixes#925
* Add 'flatten' option to CLI ls command
* Add test for Group::hierarchy() and man page for ls --flatten
* Rename group sort test to align with others
* DatabaseTabWidget::newDatabase returns the created DatabaseWidget
* Emit DatabaseTabWidget::databaseOpened signal before a new tab is added
* EntrySearcher can now search attribute values including custom ones
* Add Group::applyGroupIconTo to set the group icon on the supplied entry
* Implement desktop notifications through the system tray icon
* Add DatabaseWidget::deleteEntries to delete a list of entries
* Add Aes128 in SymmetricCipher::algorithmIvSize
* Add DatabaseWidget::databaseReplaced signal
* Add a helper class to override the message box's parent (prevent bugs)
* Introduce _LAST_MODIFIED custom data entry that stores the last modified datetime of the database's custom data entries
* Merge custom data from source database to target
* Modify tests to be aware of _LAST_MODIFIED entry
To reduce residual fragments of secret data in memory after
deallocation, this patch replaces the global delete operator with a
version that zeros out previously allocated memory. It makes use of
the new C++14 sized deallocation, but provides an unsized fallback
with platform-specific size deductions.
This change is only a minor mitigation and cannot protect against
buffer reallocations by the operating system or non-C++ libraries.
Thus, we still cannot guarantee all memory to be wiped after free.
As a further improvement, this patch uses libgcrypt and libsodium
to write long-lived master key component hashes into a secure
memory area and wipe it afterwards.
The patch also fixes compiler flags not being set properly on macOS.
Use built-in facilities of Qt to traverse QLocale::uiLanguages() to find a valid "most preferred"
language, but still respect user's choice in the application settings.
Fixes#3030. Fixes#1924.
Introduce modification-based change tracking in BulkFileWatcher to
reduce emitted signals caused by file changes within the same directory.
Resolves#2895.
* Reduce initial update check notification to 500 ms to prevent inappropriately stealing focus from user
* Add build flag WITH_XC_UPDATECHECK which defaults to ON
* Update checks are resolved every 7 days instead of every time the application is started
* Better checks for beta builds; ignore snapshots
* Increase test cases
* Mark database dirty if saving fails
* Restore database file from backup if unsafe save fails between deleting database file and copying temporary file into place
* Improve error message display for opening and saving database files
* Do not automatically retry saving after failure. This prevents deletion of the backup database file and improves user awareness of issues.
* Fix#2888
* Qt has an undocumented rename implementation for QTemporaryFile that does not fallback to the copy implementation. Forcing the use of QFile::rename(...) allows for this fallback and protects against cross-device link errors.
* Fix#2877 - password is unchecked by default
* Smarter activation of key components based on contents of text entry fields
* Prevent multiple copies of the same database from opening when the canonicalFileName != fileName
* Order of previously open databases are preserved when closing the application
* The active database on closing remains active after startup
* Nested open previous databases and remember key files under the remember previously open databases setting
* Fix#1675
Adding debug info to the CLI and the general option
of the main Qt app. Also took time to:
* use `EXIT_SUCCESS`/`EXIT_FAILURE` constants
for main.cpp (this is what is used in `src/cli`);
* fixed `m_initalized` typo;
* added info on debugging mode being disabled
or not;
* regrouped Qt related stuff in the debug output.
* Fixed unending timer in BulkFileWatcher causing high CPU usage after first save
* Fix multiple SIGNAL connections found with GammaRay
* Remove horizontal scrollbar from EditWidget due to ghosting (maybe Qt bug)
The database master key settings widget does not actually
need to (re-)transform the master key, it only needs to update
the Key object on the database. Transformation can be deferred
until the Database is persisted to disk. This avoids delays
and unnecessary user interaction with challenge-response
dongles by eliminating redundant key transformations.
* Minor code quality fixes found by Codacy
* Fix unused variables when WITH_XC_NETWORKING is OFF
* Fix#2684, resolve entry references from the root group
* Fix#2697 and Fix#2699, listen specifically for
WM_QUERYENDSESSION and WM_ENDSESSION on
Windows to gracefully shutdown KeePassXC
* Cleanup proxy code and add explicit closure for
shutdown messages
Previously, extracting the XML from a database was done with the
`saveXml` attribute in the `KeePass2Reader` class.
This had several unfortunate consequences:
* The `KdbxReader` class had to import the `KdbxXmlWriter` class
in order to perform the export (bad separation of concerns);
* The CLI database unlocking logic had to be duplicated only
for the `Extract` command;
* The `xmlData` had to be stored in the `KeePass2Reader` as
a temporary result.
* Lots of `setSaveXml` functions were implemented only
to trickle down this functionality.
Also, the naming of the `saveXml` variable was not really
helpful to understand it's role.
Overall, this change will make it easier to maintain and expand
the CLI database unlocking logic (for example, adding a `--no-password`
option as requested in https://github.com/keepassxreboot/keepassxc/issues/1873)
It also opens to door to other types of extraction/exporting (for
example exporting to CSV, as requested in
https://github.com/keepassxreboot/keepassxc/issues/2572)
* otp setting is properly loaded and saved (Fix#2671)
* Removing the key from TOTP Setup clears all TOTP
settings for entry
* Santize TOTP key prior to storing in OTP format
The strings in the deprecation map are never modified in the program and
they're known at compile time. An internal resizable buffer is not
needed for these strings so we can allocate them statically.
