Commit Graph

3122 Commits

Author SHA1 Message Date
Janek Bevendorff
a3dc977e58 Correctly set KDBX envelope version
Shows a warning when trying to open with a newer minor version than what is currently supported.

We always try to save with the lowest KDBX version possible for maximum compatibility.
2021-11-22 12:58:04 +01:00
Janek Bevendorff
67603ab42e Retain number of rounds when auto-upgrading KDBX version 2021-11-22 12:58:04 +01:00
Janek Bevendorff
c872e406ed Upgrade to KDBX 4 if new 4.1 features are used 2021-11-22 12:58:04 +01:00
Janek Bevendorff
835e31ac3c Implement KDBX 4.1 CustomData modification date
We keep the old merging behaviour for now, since deleting a
CustomData entry does not create DeletedObject.
2021-11-22 12:58:04 +01:00
Janek Bevendorff
390e14b2c6 Implement KDBX 4.1 extended custom icons 2021-11-22 12:58:04 +01:00
Janek Bevendorff
70e62d90db Add "Restore Entries" feature 2021-11-22 12:58:04 +01:00
Janek Bevendorff
e5822974ac Implement KDBX 4.1 group tags 2021-11-22 12:58:04 +01:00
Janek Bevendorff
cd9ef58e98 Implement KDBX 4.1 PreviousParentGroup flag 2021-11-22 12:58:04 +01:00
Janek Bevendorff
ffaeac130f Implement KDBX 4.1 PasswordQuality flag 2021-11-22 12:58:04 +01:00
ADD-SP
e5065a01c8 Fix crash while downloading favicons 2021-11-13 23:18:47 -05:00
Jonathan White
c37e2d3d69 Fix entry preview resetting when focusing out of entry view
* Fixes #7061
* This bug impacts linux only when clicking in the preview panel.
2021-11-13 23:17:30 -05:00
louib
004f2b6801 Removing QWidget dependency from src/core. 2021-11-12 07:41:30 -05:00
Jonathan White
6f5bbf7ad1
Fix database save calls in CLI due to backup path 2021-11-07 17:52:23 -05:00
Patrick Klein
84ff6a13f9
Allow specifing database backup paths. (#7035)
- Default backupFilePath is '{DB_FILENAME}.old.kdbx' to conform to existing standards
- Implement backupPathPattern tests.
- Show tooltip on how to format database backup location text field.
2021-11-07 17:41:17 -05:00
Andre Blanke
7d37f65ad0 CLI: Add commands to handle attachments
* Add commands to manipulate entry attachments from the CLI
* Closes #4462

* Add the following commands:
  attachment-export: Exports the content of an attachment to a specified file.

  attachment-import: Imports the attachment into an entry. An existing attachment with the same name may be overwritten if the -f option is specified.

  attachment-rm: Removes the named attachment from an entry.

* Add --show-attachments  to the show command
2021-11-07 17:27:16 -05:00
snipfoo
7811f10dba
Support for wordlists in user configuration directory (#6799)
This commit allows users to put alternative wordlists in a `wordlists` subdirectory below their KeePassXC directory (e.g., under Linux, `~/.config/keepassxc/wordlists`). These wordlists will then appear in the dropdown menu in the *Password Generator* widget.

In order to differentiate between lists shipped with KeePassXC and user-provided lists, the former appears with a (SYSTEM) prefix.
2021-11-04 23:02:33 -04:00
Sami Vänttinen
bb88ad6e8c
Add Microsoft Edge support for Linux (#7100) 2021-11-04 23:02:02 -04:00
Toni Spets
3b1acd0831
Auto-Type: Reimplement X11 keysym emulation (#7098)
* Fix Regression since 4d07507

* Auto-Type: Workaround X server default keymap bug

If there's a system wide configuration through xorg.conf for a default keyboard layout and it's not updated by the WM/DE at startup the Xkb extension seems to be somewhat confused with XTEST and the layout somehow defaults to US ANSI.

Reading the keyboard description and writing it back without changes works around this.
2021-11-04 23:01:47 -04:00
Patrick Sean Klein
20db504c3a Implement "Overwrite attachment" confirmation dialog. 2021-10-24 23:41:57 -04:00
Sami Vänttinen
55f2bd41aa
Modify the KeePassHTTP attribute conversion button text (#7073) 2021-10-24 22:34:30 -04:00
varjolintu
dd41f093e6 Launch KeePassXC password generator popup from the extension
* Closes #6473
2021-10-24 10:24:17 -04:00
Aetf
2a9d92faeb
FdoSecrets: reject setting refs via the API (#7043)
* FdoSecrets: add TOTP as a readonly attribute

* FdoSecrets: reject setting fields containing refs, fixes #6802

It is still possible to set refs using KPXC UI.
2021-10-24 10:22:50 -04:00
Patrick Sean Klein
c8f135aaed Resolve references of entry attributes when exporting to HTML. 2021-10-24 10:21:35 -04:00
Jonathan White
9aa30c4e72
Fix building on macOS due to PCSC
* Fixes #7072
2021-10-23 17:07:29 -04:00
Aetf
8b6d0e4b12 Fix EntryView and PreviewView to automatically update when the model changes 2021-10-16 22:51:37 -04:00
Aetf
a31c5ba006 FdoSecrets: Implement unlock before search
Fixes #6942 and fixes #4443

- Return number of deleted entries
- Fix minor memory leak
- FdoSecrets: make all prompt truly async per spec and update tests
    * the waited signal may already be emitted before calling spy.wait(),
      causing the test to fail. This commit checks the count before waiting.
    * check unlock result after waiting for signal
- FdoSecrets: implement unlockBeforeSearch option
- FdoSecrets: make search always work regardless of entry group searching settings, fixes #6942
- FdoSecrets: cleanup gracefully even if some test failed
- FdoSecrets: make it safe to call prompts concurrently
- FdoSecrets: make sure in unit test we click on the correct dialog

Note on the unit tests: objects are not deleted (due to deleteLater event not handled).
So there may be multiple AccessControlDialog. But only one of
it is visible and is the correctly one to click on.

Before this change, a random one may be clicked on, causing the
completed signal never be sent.
2021-10-16 22:50:04 -04:00
varjolintu
b6716bdfe5 Add Browser Integration to Group Edit page
Closes #1789 and closes #3998
2021-10-11 00:19:06 -04:00
varjolintu
c7cdce6e33 Support for triggering Global Auto-Type from browser extension 2021-10-10 23:41:58 -04:00
mhmdanas
be6835e42f Cleanup PCSC interface code
Fixes #7025
2021-10-09 14:41:26 -04:00
Chih-Hsuan Yen
3b3bc42e10
Fix broken browser integration since #6899 (#7030) 2021-10-09 11:22:44 -04:00
Jonathan White
f2aa32c7b0 Add direct write save option
* Closes #6335
* Modify application settings presentation to  allow for alternative saving strategies
* Transition Database::save calls to using flags to control saving behavior. Reduces boolean flags on function call.
* Made direct write save option a local setting to prevent unintentional carry over between platforms.
2021-10-09 11:12:25 -04:00
Jonathan White
484bc5dd01 Fix infinite save bug when saving fails
* Introduced in #6438, modified signal is not blocked at the Database level when emitting is blocked. This causes infinite saving to occur when Always Save After Every Change is enabled.
2021-10-09 11:12:25 -04:00
Jonathan White
d82abf0be5 Correct naming of newly generated keyx files
Fixes #6040
2021-10-03 07:32:03 -04:00
Gaurav Pruthi
6c18b10979
Place the 'Recycle Bin' at the bottom of the list when groups are sorted. (#7004)
Co-authored-by: Gaurav Pruthi <gaurav.pruthi@oracle.com>
2021-10-02 02:55:42 -04:00
osx user
2514c1d5c5 feature/AutoTypeTOTP 2021-10-02 00:04:03 -04:00
snipfoo
e660802fac
Add support for Diceware wordlists in numbered and/or PGP-signed formats (#6791)
This allows one to directly use Diceware-compatible wordlists without having to convert the file to the plain wordlist format.

The accepted formats are described in the Diceware documentation:
https://diceware.readthedocs.io/en/stable/wordlists.html
2021-10-02 00:01:04 -04:00
Aetf
60cfba8e46
FdoSecrets: Improve client executable path handling (#6915)
* Fixes #6459 

Improves the overall handling of FdoSecrets showing client executable paths to the user. It does the following:

* Check executable file existence as described in [RFC] fdosecrets: add optional confirmation to secret access (#4733)
* Show application PID and dbus address in the client list
* When the executable file is inaccessible, depending on where the client name is shown:
    * when shown inline, e.g. in notification text, where space is limited, clearly say that the path is invalid
    * when shown in auth dialog, show warning and print detailed info about the client
    * when shown in the client list, draw a warning icon

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 18:22:15 -04:00
Toni Spets
860fcfd78d SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys
Closes #4334
2021-10-01 16:25:14 -04:00
Toni Spets
c07a57d141 SSH Agent: Template reading key parts
This is a prerequisite for security key backed keys.
2021-10-01 16:25:14 -04:00
Toni Spets
6ded326de7 SSH Agent: Store raw key data as complete blobs
This is a prerequisite for security key backed keys.
2021-10-01 16:25:14 -04:00
Jonathan White
1dbec40be9 Add countdown progress bar to TOTP preview
* Close #6556
2021-10-01 15:35:42 -04:00
Gaurav Pruthi
405d3ee1ca
Add feature to sort groups using shortcut keys (#6999)
* Register Ctrl + Down to sort A->Z and Ctrl + Up to sort Z->A
2021-10-01 10:54:15 -04:00
Christoph Honal
6d1fc31e96
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC

This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.

* Split hardware key access into multiple classes to handle different methods of communicating with the keys.

* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.

* Add PC/SC interface for YubiKey challenge-response

This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.

Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.

This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.

* Remove PC/SC ATR whitelist, instead scan for AIDs

Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.

This enables the support of currently unknown or unreleased hardware.

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
Janek Bevendorff
d375ad14d7 Rename translation files 2021-09-28 15:50:27 +02:00
Joan Bruguera
e6bf8463d9 Fix unlocking multiple databases with pw-stdin when input is a pipe
This works:

```
$ keepassxc test1.kdbx test2.kdbx --pw-stdin
Database password: <manual input 1234>
Database password: <manual input 4321>
```

But this doesn't (only `test1.kdbx` is unlocked):

```
$ printf '%s\n' 1234 4321 | keepassxc test1.kdbx test2.kdbx --pw-stdin
Database password:
Database password:
```

The problem is that `Utils::setDefaultTextStreams()` is called multiple times
when unlocking multiple databases with `--pw-stdin`, which appears to break the
pipe. Simply call it once to avoid the problem.

Fixes: #5012 (as far as I can tell by simulating the script in Linux)
Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
2021-09-28 07:05:50 -04:00
osx user
486779cce7 updateViewStateSync 2021-09-28 06:40:33 -04:00
Janek Bevendorff
a46231a39a
Fix tests on macOS and update coverage config (#6945)
Simplifies coverage generation and uses llvm-cov instead of gcov if
compiler is clang.
2021-09-26 12:35:42 +02:00
jus78help
eeba485f95 Removed unnecessary characters from HEX excluded chars
The HEX button automatically unselects `selectBoxLower` therefore there is no need to also add `ghijklmnopqrstuvwxyz` in the excluded characters text field.
2021-09-21 19:05:47 -04:00
varjolintu
4c10e516c3 Add delete-entry command to Browser Integration API 2021-09-21 04:17:14 -04:00
m5w6
9aec84dee7 Add "parent directory match" priority between exact and host match 2021-09-20 23:53:31 -04:00
Benjamin K
34ed63f495 Add Apple Watch support to quick unlock
* Allow using a paired Apple Watch to authenticate to the secrets store in addition to TouchID.
* Closes #5337
2021-09-20 22:59:17 -04:00
smlu
0c6587b5b7 Add support for Microsoft Visual Studio buildchain
* Use C++17 when using MSVC compiler
* Remove unneeded header files and macros
* Removed unnecessary Yubikey cmake file
* Enhance release tool
* Updated INSTALL.md
2021-09-19 17:16:45 -04:00
Jonathan White
e6798112be
Fix shadowed variables in zxcvbn 2021-09-06 22:44:55 -04:00
Jonathan White
470129091a
Fix error in X11Funcs code 2021-09-06 22:36:56 -04:00
Jonathan White
b37dbe7dd5 Improve Yubikey USB API
* Allow for multiple vendor ID's to be checked at once. This allows for the use of one tracking index, streamlining KPXC code.
* Remove support for libusb 0.x on Linux
* Better handling of USB errors during initial key query. Output warnings to console.
2021-09-05 09:11:04 -04:00
Jonathan White
6e27dd8db5 Initial ykcore import into code base 2021-09-05 09:11:04 -04:00
Jonathan White
0450bf3487 Fix hiding main window after browser unlock request
* The main window doesn't hide properly during unlock sequence if it is in the background (ie, not minimized and not hidden to tray). This change makes sure the window hides after interaction on all platforms.
2021-08-29 16:02:40 -04:00
Allen Wild
53dcafaa58 Allow selecting any open database in unlock dialog
* Closes #2322

* Show locked databases in tabbed interface in unlock dialog for browser and auto-type workflows.

* Make the DatabaseOpenDialog window Application-Modal so that it blocks input to the main UI when the dialog is open. This reduces corner cases by avoiding the possibility of databases getting closed or unlocked
behind the open dialog.
2021-08-29 16:02:40 -04:00
Paul Colby
37d29b5e8c
Display Database created timestamp in database reports (#6876)
* Fixes #6356
2021-08-29 15:34:16 -04:00
Robin Ebert
e8f2c9d126 CLI: Replace locate command with search
* Introduce search CLI command to replace locate command. Search can provide the same functionality but in a more fine-grained fashion

* Replace use of Group::locate in code: Use EntrySearcher in clip cli command best-match option. This removes the matching against group hierarchy of an entry which is kind of nonsense as clip expects exactly one match. Matching against groups can be done using search command.

* Remove obsolete Group::locate method
2021-08-22 19:23:16 -04:00
louib
ec81d2bc3f Moving CsvParser to format/ 2021-08-22 18:30:43 -04:00
Hongmou Zhang
d2c74340a3 Add option to use both Pageant and OpenSSH agent on Windows 2021-08-22 18:30:32 -04:00
varjolintu
250cd1933c Handle tilde with custom paths 2021-08-22 18:30:18 -04:00
Jonathan White
986fa42ca8 Fix unreadable buttons in attachments widget
* Fix #6648
2021-08-22 17:09:21 -04:00
Janek Bevendorff
3a1560d2f6 Enable more convenient attachment renaming by clicking selection
Fixes #1695
2021-08-22 17:09:21 -04:00
Janek Bevendorff
93f0fef1e1 Improve and secure attachment handling (fixes #2400).
Externally opened attachments are now lifecycle-managed properly.

The temporary files are created with stricter permissions and entirely
random names (except for the file extension) to prevent meta data leakage.

When the database is closed, the files are overwritten with random
data and are also more reliably deleted than before.

Changes to the temporary files are monitored and the user is asked
if they want to save the changes back to the database (fixes #3130).

KeePassXC does not keep a lock on any of the temporary files, resolving
long-standing issues with applications such as Adobe Acrobat on Windows
(fixes #5950, fixes #5839).

Internally, attachments are copied less. The EntryAttachmentsWidget
now only references EntryAttachments instead of owning a separate copy
(which used to not be cleared properly under certain circumstances).
2021-08-22 17:09:21 -04:00
hollow-owl
af9eb6d6b1 Select entry above deleted entry
* Fix #6304 - Don't cause the list view to scroll to the top when deleting any entry in the list.
2021-08-22 17:08:29 -04:00
osx user
746276edea Enhance last used directory settings
* Use hash based storage for last used directories instead of a key/value for each type
* Explicitly declare certain operations as sensitive and follow the "Remember Last Database" setting for those.
* Introduce database backup directory location (close #6619)
2021-08-22 16:47:42 -04:00
louib
5e68cd2fa2 Abort CLI open on error 2021-08-16 01:13:51 -04:00
Julius Zint
38a60df40b Set the MIME-Type to text/plain when using wl-copy on wayland. If
unset, wl-copy will try to guess the MIME-Type based on the data.
For some reason this did not work on my machine and i was unable
to paste passwords in Firefox.
2021-08-15 22:51:17 -04:00
Stuzer05
304cb44d0d Add group clone action
Close #3796
2021-08-08 16:54:10 -04:00
Chih-Hsuan Yen
bc5d0df19e
Fix removing encrypted ASN.1 keys from ssh-agent (#6804)
Contents of id_rsa-encrypted-asn1 are from
TestOpenSSHKey::testDecryptRSAAES128CBC().

Closes #6788
2021-08-08 09:36:06 -04:00
shemeshg
089c8df01d
Add missing QFileInfo include 2021-07-16 16:19:33 +02:00
Jonathan White
9b2b861a2a Removed / Consolidated unnecessary header files 2021-07-13 22:08:33 -04:00
peter
6b14b5dc27 Optimize includes across code base 2021-07-13 22:08:33 -04:00
Jonathan White
7cb2991a13
Trim TOTP key input of whitespace prior to processing
* Fixes #6599
2021-06-11 22:49:45 -04:00
Jonathan White
6a8b070b0a
Resolve compiler warnings for unused return values
* Fixes #1932 - See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c29

Adding a negation before the function call allows the (void) syntax to work properly.
2021-06-11 22:49:39 -04:00
Janek Bevendorff
25a34a66e1 Fix compilation on macOS 2021-06-08 18:56:22 -04:00
Jonathan White
11afd73117
Correct macOS window activation from hidden state (#6575)
* Fix #6234 - properly set NSApplication activation policies when the window is hidden and shown
2021-06-01 06:19:47 -04:00
Jonathan White
33bf6eb892
Retain file creation time when saving database (#6576)
* Fix #6028
2021-05-31 22:22:50 -04:00
Xavier Valls
6acd0b25ae
Add a context menu entry to delete entries from health check reports (#6537)
* Closes #4986 - Allow deleting entries from the reports view
* Closes #4533 - Exclude & delete multiple entries in a report
* Also allow deleting selected entries using the delete key
* Introduce GuiTools namespace to collect shared GUI prompts and actions
* Add functionality to HIBP report to mirror health check report

Co-authored-by: Jonathan White <support@dmapps.us>
2021-05-31 10:40:20 -04:00
Jonathan White
44954fc0ac
Make "Always on top" a local setting 2021-05-29 12:49:23 -04:00
Xavier Valls
64cb1553d0 Add a button to reveal protected attributes in entry preview
Closes #1930
2021-05-29 12:22:50 -04:00
Aetf
81a66c439c
Properly block modified signal during Database destruction (#6438)
fixes #6393
2021-05-27 21:50:15 -04:00
Xavier Valls
66c3026cf5
Add a checkbox to health report allowing to exclude expired entries (#6534)
* Fixes #5032
2021-05-22 13:16:47 -04:00
Jonathan White
fd0bdaae80 Fix challenge-response key data after Botan
* Fix #6420
* Refactor Challenge-Response key files to be more streamlined. Added a test to confirm raw key data is accurate.
2021-05-19 22:36:30 -04:00
wundrweapon
60adcacaaa
Add command line option to lock open databases (#6511)
Closes #6126
2021-05-15 09:48:59 -04:00
Lukas Rytz
cc6f5c3226 MinimizeAfterUnlock also when unlocking through browser
The MinimizeAfterUnlock setting added in #3439 closes the main window
after unlock. However, when the unlock is triggered through
KeePassXC-Browser, a password dialog is shown on top of the main window
and the main window remains open after the unlock. This is fixed
in this commit.
2021-05-15 09:45:26 -04:00
Jonathan White
8c61a73bb0 Show search bar when toolbar is hidden or overflow
* Fix #505 - always show the search bar when the search keyboard shortcut is pressed. If the toolbar is in overflow, the toolbar will be expanded automatically and search focused. If the toolbar is hidden it will be shown and expanded if necessary. When searching is canceled or the down arrow is pressed (to select the first entry) the toolbar will be set back to it's previous configuration.
2021-05-15 09:11:38 -04:00
Xavier Valls
e1c8304c4b
Fix unreachable setting of file permissions (#6514)
Fixes #6080
2021-05-15 09:11:19 -04:00
Stefan Sundin
ee92b980bb
Set permissions of saved attachments to be private to the current user (#6363) 2021-05-12 23:20:41 -04:00
Jonathan White
17326dc3ec Auto-Type: Resolve username/password when copying to clipboard
* Fix #3882
* Add nullptr checks as well
2021-05-12 23:15:49 -04:00
Xavier Valls
64279bb881 Fix showing preview notes in an entry without notes
Fixes #6461
2021-05-08 17:35:37 -04:00
Jonathan White
8a7be101e4 CLI Improvements
* Fix #6001 - only use `--notes` in Add/Edit commands to prevent clash with password generator option `-n`.

* Fix #6119 - Send Unicode to clip command; Windows only understands UTF-16 encoding.

* Fix #6128 - `clip` command will default to clearing the clipboard after 10 seconds. To disable clearing set timeout to 0.
2021-04-25 07:38:21 -04:00
Jonathan White
be3e77d721 Cleanup CLI includes across all components
* Remove unused include files
* Move includes out of widely shared headers (reduced rebuild time)
* Consolidate code for Analyze command
2021-04-25 07:38:21 -04:00
Martin Mokrejs
dc496fd1d9 Better description text for Key File change dialog 2021-04-24 13:47:28 -04:00
Xavier Valls
01d86760e0
Allow resizing of reports table columns (#6435)
* Fix #5678

Co-authored-by: Jonathan White <support@dmapps.us>
2021-04-24 11:36:15 -04:00
Xavier Valls
7b7f52c8af
Introduce security option to enable copy on doubleclick (#6433)
* Fix #1575 - option is disabled by default
2021-04-24 11:35:01 -04:00
Jonathan White
5c709f0da3 Auto-Type: Increase max inter-type delay to 500 ms 2021-04-24 09:31:46 -04:00
Xavier Valls
c0ae130656
Add CTRL+Enter to apply password generator changes (#6414)
* Fixes #6111
2021-04-18 22:37:12 -04:00
Xavier Valls
7fe0e2629c Allow the Group column to be toggled for entry view
This allows to show/hide the group column both in normal and search
mode, finding a compromise for issue #6163
2021-04-18 22:32:24 -04:00
Toni Spets
805574cac1
Update YubiKey stub implementation for Botan (#6370)
Co-authored-by: Jonathan White <support@dmapps.us>
2021-04-09 07:56:57 -04:00
Toni Spets
31aa5e12e5 Auto-Type: PageUp/PageDown scrolling for entries
Fixes #4530
2021-04-08 20:00:40 -04:00
Toni Spets
9b8feed3ed SSH Agent: Use database location to resolve relative key file path
Closes #5225
2021-04-06 23:39:02 -04:00
Jonathan White
ed0ece304d Reorder startup sequence to display debug information early 2021-04-05 22:56:03 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Jonathan White
86ddd702fb Use application font size when setting default or monospace fonts
* Fix #6286
2021-04-03 11:29:54 -04:00
Jonathan White
871c4fffdd OPVault: Use Text instead of Name for attribute and section names
* Fix #6303 - the text attribute in 1Password contains the actual text seen in 1Password whereas the name attribute may contain a ref pointer and not a name.
2021-04-01 22:59:44 -04:00
Toni Spets
ca8abecc4b Auto-Type: Abort keystroke if modifiers held on X11
Releasing lock modifiers during Auto Type does not work reliably
on X11 and can cause some modifiers to get stuck and more precisely
layout switching can get stuck.

Instead of trying to find out what modifiers to release we can just
abort when the user is holding modifiers that may affect the typing
sequence.

Fixes #6350
2021-04-01 22:58:33 -04:00
Toni Spets
371bd2e51b
Auto-Type: Shortcuts for selection dialog (#6361)
* Shortcut to toggle search all entries
* Select first match only when we have a window match

When we default to full database search it's possible the user would select the first match without by accident.

In this case when our query is empty we don't select anything and you need to either type something or press down to select the first item.

* Added username, password, and TOTP keyboard shortcuts and a help tip

* Closes #6176

Co-authored-by: Jonathan White <support@dmapps.us>
2021-03-31 23:27:56 -04:00
Sami Vänttinen
c19efb5b19
Remove credential sorting from Browser Integration (#6353) 2021-03-31 23:14:29 -04:00
ByteHamster
439c155552
Show countdown for clipboard clearing (#6333)
* Closes #1843

Co-authored-by: Jonathan White <support@dmapps.us>
2021-03-31 23:12:59 -04:00
Toni Spets
8c9530e3ec Auto-Type: Allow actions to fail and be retried
AutoTypeActions are required to return a result object with
information if they can be retried or not. An error string is
also provided to show a user friendly message why said action did
not succeed if even after retries it keeps failing.

This is a prerequisite for waiting for modifier keys to be released
on X11.
2021-03-31 21:20:51 -04:00
Toni Spets
4d07507739 Auto-Type: Support multiple Xkb layouts
Completely rewritten XCB Auto-Type keymap system.

 - supports multiple simultaneous layouts
 - prefers current layout if it has all keysyms available
 - removed hardcoded KeySymMap
 - removed clunky custom KeySym emulation

Biggest breaking change is removing KeySym emulation for keys that
do not exist in any of the layouts currently in use. It would be
possible to make it work but if you are trying to type syms that
are not available in any of your layouts you are abusing it. It
also adds unnecessary complexity and opens up timing issues when
the keymap is modified on-the-fly. Now we are just reading it.

This also workarounds a Qt related issue where QX11Info::display()
returns a connection to X server that fails to receive updated
keymap data when client settings change. We use our own connection
now to get it working.
2021-03-26 06:16:37 -04:00
Guillaume Turchini
8b8fb9562f Allow CSV import of bare TOTP secrets
Fixes #6167
2021-03-08 21:53:51 -05:00
Chih-Hsuan Yen
e29cf8bfef Make KeePassXC start after the system tray is available on LXQt 2021-03-08 21:51:58 -05:00
mantlabs
d6b69204a6 Persist Always on Top setting 2021-03-07 11:27:28 -05:00
Jonathan White
bc08913c61 Auto-Type: Allow selection of modal dialogs on X11
* Fix #5958 - Modal dialogs do not have WM_STATE set even though they are a valid top-level window with a valid name. In this case, we need to poll for WM_TRANSIENT_FOR which returns the top level window the dialog is a child of.
2021-03-05 18:06:30 -05:00
Patrick Klein
57af7c131d Fix favicon download from URL with non-standard port.
Fixes #5001.

The favicon download URL was constructed from scheme and host only. This is fixed by simply replacing the path of the original URL with "/favicon.ico", thus keeping scheme, host, auth and port intact.

Further modification: URL's with a non-http schema are now rejected.
2021-03-01 21:42:19 -05:00
Jonathan White
6c7b04fee8
Revert zxcvbn changes from f3d88f 2021-03-01 20:57:08 -05:00
Bernhard Kirchen
4e8b00da34 Add custom icon purging and bulk deletion
This change adds a new database settings widget 
named "maintenance", using a wrench icon. This widget is designated to be the home for database related maintenance tasks. 

Initially, managing custom icons is now possible from that new tab. The feature includes bulk removing of
any number of selected custom icons and automatic purging of unused custom icons by the click of a button.

Fixes #2110
2021-02-27 08:13:05 -05:00
Jonathan White
b9ea6fd2e7 Show sort indicators on fixed width columns 2021-02-26 22:10:04 -05:00
Ojas Anand
022154462e Add entry view column for password strength
* Closes #4216

Reduced to three-tiered rating system and fixed column implementation. Hide password strength indicator in entry view if excluded from reports.

Introduce password health caching to prevent unnecessary calculations.
2021-02-26 22:10:04 -05:00
Bernhard
c9c19d043f KeeShare: Default to unsigned container unless specifically chosen
*Fix #6081 - Prevent assert and crash due to user entered data
2021-02-26 14:24:22 -05:00
Brandon Atkinson
c5a2aa0a2a Exclude additional lookalike characters (6G8B)
* Fix #6075
2021-02-25 21:36:30 -05:00
Jesse Ruth
2d66786656
Update MainWindow minimum size to enable smaller verticle space (#6149) 2021-02-24 23:11:33 -05:00
Toni Spets
46f5596e59
Initialize Application before parser arguments (#6177)
Co-authored-by: Jonathan White <support@dmapps.us>
2021-02-24 23:10:13 -05:00
Jonathan White
8d058cbd04
Additional Auto-Type improvements based on PR feedback
* Improve documentation and remove external links to keepass.info documentation
2021-02-22 07:41:23 -05:00
Jonathan White
02446af743
Auto-Type support for T-CONV, T-REPLACE-RX, and Comments
* Close #1825 - Add full support for T-CONV and T-REPLACE-RX placeholders. Exception is support for the "raw" type in T-CONV.

* Close #5333 - Allow comment syntax to be present in the Auto-Type sequence
2021-02-22 07:41:23 -05:00
Jonathan White
813ab47e29
Implement Auto-Type {PICKCHARS}
* Closes #725

Support Auto-Type {PICKCHARS} placeholder. Open a dialog that lets you pick characters of an entry's password by their position. Supports typing {TAB} in between characters to move between fields (if necessary). Also supports using arrow keys to quickly navigate around the choice grid.
2021-02-22 07:41:23 -05:00
Jonathan White
027ff9f2bf
Overhaul Auto-Type Action Handling
* Close #2603 - Add support for modifier syntax (+, ^, and %)
* Fix #2633 - Allow reference syntax {REF:...} in Auto-Type sequences
* Close #5334  - Tell the user which part of the Auto-Type sequence is invalid for easy correction
* Fix #2401 - Select the right window on macOS prior to starting Auto-Type

* Allow for nested placeholders
2021-02-21 16:33:54 -05:00
Jonathan White
d9ae449f04
Improve Auto-Type Select Dialog
Significant improvements to the Auto-Type select dialog. Reduce stale and unnecessary code paths.

* Close select dialog when databases are locked.
* Close open modal dialogs prior to showing the Auto-Type select dialog to prevent interference.
* Never perform Auto-Type on the KeePassXC window.
* Only filter match list based on Group, Title, and Username column data (ie, ignore sequence column)
* Always show the sequence column (revert feature)
* Show selection dialog if there are no matches to allow for a database search

* Close #3630 - Allow typing {USERNAME} and {PASSWORD} from selection dialog (right-click menu).
* Close #429 - Ability to search open databases for an entry from the Auto-Type selection dialog.
* Fix #5361 - Default size of selection dialog doesn't cut off matches
2021-02-21 16:33:54 -05:00
Jonathan White
7ce35f81de
Cleanup entry level Auto-Type menu
* Show the sequence that will be typed when performing the default action
* Combine default sequence action with Username / Password options
* Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
2021-02-21 16:33:54 -05:00
Jonathan White
f3d88fbd36 Address translation feedback from Transifex 2021-02-19 18:37:33 -05:00
Jonathan White
4f7460afbd Refactor Key Component Widgets for translations
* Ensure full labels are applied to buttons instead of splitting the Add/Change/Remove from the component name.
2021-02-19 18:37:33 -05:00
farnbacher
75e4329c80
use save method if new (and existing) created entry has unsaved
changes
2021-02-12 21:32:50 -05:00
Janek Bevendorff
af55d1b1b3 Use macdeployqt for all executables
Since Homebrew moved all its stuff to /opt/homebrew, our hard-coded
install_name_tool patch magic stopped working. This patch uses
macdeployqt for all executables to prevent this kind of behaviour.

Fixes #6042
2021-02-05 15:12:12 -05:00
smlu
a5094dd3ea Prevent screen capture on Windows and macOS
* Closes #5859
2021-02-05 15:10:54 -05:00
Aetf
9a8a5a0006
FdoSecrets: Major Refactor and Code Consolidation (#5747)
* Fixes #3837

* Change objects to use DBusMgr rather than separate adaptors
  - Update all DBus invokable methods to new parameter order
  - Change all usage of DBusReturn to simpler DBusResult
  - Use DBusMgr to handle path and service registration
  - Remove adaptor/*
  - Set path in DBusObject
  - Unregister service when service is destroyed
  - Restore handling of invalid QVariant in prompt complete signal
  - Clean up meta type registration
  - Move dbus related file together
  - Convert to QSharedPointer as much as possible
  - Fix mapping of the Delete method
  - Handle dbus property get all

* Add per-client states
  - Move cipher negotiation to DBusClient
  - Show list of clients instead of sessions in the settings page
  - Add settings for confirmation of accessing items
  - Fix infinite recursion when client disconnected
  - Use optional explicit DBusClient parameter instead. This makes accessing 
    the client info in an async context explicit, and thus prevent accidental 
    assertions in prompts.

* Improve User Interface
  - Add per-item access confirmation (if enabled)
  - Remove the "disable for site" button for the access control dialog
  - Improve the text on the settings page to be more consistent
  - Fix disconnect buttons in settings page not working
  - Make the unlock prompt method nonblocking

* Fix and cleanup unit tests
  - Use QTRY_COMPARE when checking signal spies, as dbus signals are threaded
  - Fixes in meta type registration and type conversion
  - Remove QStringLiteral in COMPARE macros, making diff output readable
  - Add testing for remembering auth decision
2021-02-05 15:07:59 -05:00
Jonathan White
61b85183f9
Merge branch 'master' into develop 2021-01-31 17:04:38 -05:00
Janek Bevendorff
4e90cb5818 Fix on/off icons not being redrawn on theme change 2021-01-31 20:30:58 +01:00
Janek Bevendorff
b55f419386 Fix icon alpha blending in QTableView
Some widgets such as QTableView do not call QIconEngine::pixmap(), but do
the drawing immediately through QIconEngine::paint(). This breaks alpha
blending for recolouring, since the underlying image canvas is not
necessarily transparent and also not anchored at (0, 0). This results in
a black box of the size of the icon bounding box.

Icon recolouring is now always done on a temporary QImage with
transparent background and only the finished end result is composed onto
the original canvas.

Fixes #6006
2021-01-31 20:30:58 +01:00
smlu
c7323accf2 Fix adaptive icon painting 2021-01-31 12:50:32 +01:00
Janek Bevendorff
3b30855855 Fix code formatting 2021-01-12 18:27:00 -05:00
Janek Bevendorff
86278311d2
Merge branch 'master' into develop 2021-01-12 18:24:59 +01:00
varjolintu
bbc71b3144 Show browser integration tab dynamically 2021-01-12 07:33:05 -05:00
Chih-Hsuan Yen
7078086b50 Fix autostart .desktop file
It had "Version=1.0true", which seems wrong
2021-01-11 11:26:54 -05:00
Janek Bevendorff
0a0b3a6b4f Implement empty-area drag.
Uses Qt 5.15's new QWindow::startSystemMove() to implement empty-area
drag, which allows the user to click and drag any empty area on the
menubar, toolbar, or tabbar to move the window around.
2021-01-07 22:02:43 -05:00
Janek Bevendorff
23ca46c918 Add support for version 2 XML key files.
As discussed in #4317, the next KeePass2 release will ship with
support for a new generation of XML key files which enable
hash integrity checks.

This patch adds support for reading and generating this new format.
By default, KeePass2 now uses the .keyx extension for generated
key files, which was added to KeePassXC's key generation file chooser
filter. We continue to generate hashed binary key files by default,
but the user can explicitly save the file with the new .keyx
extension to generate an XML v2 key file (currently undocumented).

When opening a database, the key file type is still determined
by content negotation, so the file extension has no impact here.

As an additional change, the legacy key file warnings have been
improved slightly to be less confusing and more helpful.
2021-01-07 22:02:43 -05:00
Janek Bevendorff
9a7b20cbfd Add dynamic theme switching on Windows 10 2021-01-07 15:22:48 +01:00