Fixes#3365
Add prompt to delete the recycle bin when disabling it. If the user chooses not to delete it, the recycle bin will be suffixed with "(old)" and the icon changed to the default group icon.
Also moved recycle bin creation within the database class where it belongs.
The CLI now contains an "import" command that creates a new database from the specified XML export. The new database is in kdbx 4 format, and does not currently accept a keyfile in database creation.
This change is required to create new databases from XML backups.
Fixes#2458
* Fix#3407
* Read-only files now disable auto-save and show as modified correctly. This allows the GUI to prompt to "save-as" instead of silently discarding changes when the read-only database is locked or closed.
* Fixes#3126
* Limit autocompletion to the top ten used usernames
- Load common usernames when database is opened
- Transition from QLineEdit to QComboBox for usernames
- Dropdown menu of the combobox lets user choose a common username
- Common usernames are autocompleted via inline completion
- Common usernames are sorted by frequency (first) and name (second)
* Mark database dirty if saving fails
* Restore database file from backup if unsafe save fails between deleting database file and copying temporary file into place
* Improve error message display for opening and saving database files
* Do not automatically retry saving after failure. This prevents deletion of the backup database file and improves user awareness of issues.
* Fix#2888
* Qt has an undocumented rename implementation for QTemporaryFile that does not fallback to the copy implementation. Forcing the use of QFile::rename(...) allows for this fallback and protects against cross-device link errors.
* Fix#2877 - password is unchecked by default
* Smarter activation of key components based on contents of text entry fields
* Prevent multiple copies of the same database from opening when the canonicalFileName != fileName
The database master key settings widget does not actually
need to (re-)transform the master key, it only needs to update
the Key object on the database. Transformation can be deferred
until the Database is persisted to disk. This avoids delays
and unnecessary user interaction with challenge-response
dongles by eliminating redundant key transformations.
Previously, extracting the XML from a database was done with the
`saveXml` attribute in the `KeePass2Reader` class.
This had several unfortunate consequences:
* The `KdbxReader` class had to import the `KdbxXmlWriter` class
in order to perform the export (bad separation of concerns);
* The CLI database unlocking logic had to be duplicated only
for the `Extract` command;
* The `xmlData` had to be stored in the `KeePass2Reader` as
a temporary result.
* Lots of `setSaveXml` functions were implemented only
to trickle down this functionality.
Also, the naming of the `saveXml` variable was not really
helpful to understand it's role.
Overall, this change will make it easier to maintain and expand
the CLI database unlocking logic (for example, adding a `--no-password`
option as requested in https://github.com/keepassxreboot/keepassxc/issues/1873)
It also opens to door to other types of extraction/exporting (for
example exporting to CSV, as requested in
https://github.com/keepassxreboot/keepassxc/issues/2572)
Many lines were not conformant with the project's formatting rules.
This patch should fix all formatting and whitespace issues in the code
base.
A clang-format directive was put around the connect() calls containing
SIGNALs and SLOTs whose signatures would be denormalized because of the
formatting rules.
The Database, DatabaseWidget, and DatabaseTabWidget classes share many responsibilities in inconsistent ways resulting in impenetrable and unmaintainable code and a diverse set of bugs and architecture restrictions. This patch reworks the architecture, responsibilities of, and dependencies between these classes.
The core changes are:
* Move loading and saving logic from widgets into the Database class
* Get rid of the DatabaseManagerStruct and move all the information contained in it into the Database
* Let database objects keep track of modifications and dirty/clean state instead of handing this to external widgets
* Move GUI interactions for loading and saving from the DatabaseTabWidget into the DatabaseWidget (resolves#2494 as a side-effect)
* Heavily clean up DatabaseTabWidget and degrade it to a slightly glorified QTabWidget
* Use QSharedPointers for all Database objects
* Remove the modifiedImmediate signal and replace it with a markAsModified() method
* Implement proper tabName() method instead of reading back titles from GUI widgets (resolves#1389 and its duplicates #2146#855)
* Fix unwanted AES-KDF downgrade if database uses Argon2 and has CustomData
* Improve code
This patch is also the first major step towards solving issues #476 and #2322.
This patch aims at reducing the number of copies for obejcts that could
be referenced rather than copied, because they're not modified during
the computation.
The CLI module was lacking unit test coverage and showed some severe
coding style violations, which this patch addresses.
In addition, all uses of qCritical() with untranslatble raw char*
sequences were removed in favor of proper locale strings. These are
written to STDERR through QTextStreams and support output
redirection for testing purposes. With this change, error messages don't
depend on the global Qt logging settings and targets anymore and go
directly to the terminal or into a file if needed.
This patch also fixes a bug discovered during unit test development,
where the extract command would just dump the raw XML contents without
decrypting embedded Salsa20-protected values first, making the XML
export mostly useless, since passwords are scrambled.
Lastly, all CLI commands received a dedicated -h/--help option.
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
* Create history-based merging that keeps older data in history instead of discarding or deleting it
* Extract merge logic into the Merger class
* Allows special merge behavior
* Improve handling of deletion and changes on groups
* Enable basic change tracking while merging
* Prevent unintended timestamp changes while merging
* Handle differences in timestamp precision
* Introduce comparison operators to allow for more sophisticated comparisons (ignore special properties, ...)
* Introduce Clock class to handle datetime across the app
Merge Strategies:
* Default (use inherited/fallback method)
* Duplicate (duplicate conflicting nodes, apply all deletions)
* KeepLocal (use local values, but apply all deletions)
* KeepRemote (use remote values, but apply all deletions)
* KeepNewer (merge history only)
* Synchronize (merge history, newest value stays on top, apply all deletions)
This patch implements a new database wizard to guide users through the process
of setting up a new database and choosing sane encryption settings.
It also reimplements the master key settings to be more
user-friendly. Users can now add, change, or remove individual composite
key components instead of having to set all components at once. This
avoids confusion about a password being reset if the user only wants to
add a key file.
With these changes comes a major refactor of how database composite keys and key
components are handled. Copying of keys is prohibited and each key
exists only once in memory and is referenced via shared pointers. GUI
components for changing individual keys are encapsulated into separate
classes to be more reusable. The password edit and generator widgets
have also been refactored to be more reusable.
* User is prompted to disable safe saves after three failed attempts
* Completely retooled basic settings to group settings logically
* Added setting for "atomic saves"
* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF
Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.
* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken
* core: database: make UUID searching case-insensitive
4c4d8a5e848c ("Implement search for reference placeholder based on
fields other than ID") changed the semantics of searching-by-reference
in KeePassXC. Unforuntately it contained a bug where it implicitly
became case-sensitive to UUIDs, which broke existing databases that used
references (especially since the default reference format uses a
different case to the UUID used while searching).
The tests didn't catch this because ->toHex() preserves the case that it
was provided, they have been updated to check that UUIDs are case
insensitive.
* cli: show: resolve references in output
Previously, `keepassxc-cli show` would not resolve references. This
would make it quite hard to script around its output (since there's not
interface to resolve references manually either). Fix this by using
resolveMultiplePlaceholders as with all other users of ->password() and
related entry fields.
Fixes: keepassxreboot/keepassxc#1260
* tests: entry: add tests for ref-cloned entries
This ensures that the most "intuitive" current usage of references
(through the clone feature of the GUI) remains self-consistent and
always produces the correct results. In addition, explicitly test that
case insensitivity works as expected. These should avoid similar
regressions in reference handling in the future.
* http: resolve references in AccessControlDialog
The access control dialog previously would not show the "real" username
or "real" title when asking for permission to give access to entries.
Fix this by resolving it, as we do in many other places.
Fixes: keepassxreboot/keepassxc#1269
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
