Commit Graph

193 Commits

Author SHA1 Message Date
Jonathan White
ad61d71c6e CLI: Add missing parameters to add/edit commands
This adds the `-c` parameter to the password generator when adding/editing entries via the CLI.
2022-03-28 22:08:01 -04:00
alcroito
ab153a24ec Run macdeployqt only once at install time
Instead of running macdeployqt once for each extra helper binary and
plugin (plus the main run for the application itself), collect all the
binaries that should be processed and run macdeloyqt only once after
all the binaries have been installed.

This also moves the main app macdeployqt call from a POST_BUILD step
to an install(CODE) step, making increment rebuilds of the app faster.

To ensure that macdeployqt is called after all the binaries are
installed, a new post_install subdirectory is needed to
circumvent CMake's limitation regarding the default order of
installation.
CMake first runs the current directory install() calls and then it's
child subdirectory ones. Because we want macdeployqt to be the last
install() call, it needs to be done inside a subdirectory that is
added last.

Note due to a bug in macdeployqt, the deployed app inside the .dmg
file will fail to run on arm macs, due to broken code signature.
See https://bugreports.qt.io/browse/QTBUG-101696 for details.

For the final release, the release-tool should take care of proper
resigning.
2022-03-21 00:15:57 +01:00
Janek Bevendorff
60f7744ec6 Fix translations 2022-03-20 23:31:52 +01:00
alcroito
abfebea4f2 Fix rpath handling and deployment of macOS helper binaries
CPack by default invokes the 'make install' target to install
all project files into a staging area for further packaging.

The order of installation follows the order of install() commands.

One of the first install() commands is the one that installs the
KeePassXC.app bundle and all the contents inside of it,
which includes POST_BUILD copied binaries like keepassxc-cli
and keepassxc-proxy.

Subsequent install(TARGETS) commands would then override the
keepassxc-cli and keepassxc-proxy binaries inside the staging area
with the ones which didn't have macdeployqt run on them (the ones from
src/cli and src/proxy).
Launching the binaries would then fail because of missing rpath
adjustments.

The libkeepassxc-autotype-cocoa.so library was working fine because
there is no install(TARGETS) command for it in a WITH_APP_BUNDLE build,
so the POST_BUILD copy with the adjusted rpaths was preserved.

To fix the issue and make the handling consistent, macdeployqt is no
longer run at POST_BUILD time, but instead at 'make install' time,
after each binary is installed by install(TARGETS).

libkeepassxc-autotype-cocoa.so also has its install command run
unconditionally now.

The build dir binaries that are POST_BUILD copied into
src/KeePassXC.app continue to run because they use the build dir
rpaths that CMake embeds by default. They don't macdeployqt run for
them anymore, which slightly speeds up the build time.

Fixes: #7475
2022-03-05 11:03:50 -05:00
Patrick Klein
bce8c84c26
Remove obsolete read only state from database. (#7324) 2022-01-28 21:26:53 -05:00
Geert Ijewski
d16fc2d62a Add db statistic output to CLI db-info command.
Closes #6920
2021-12-08 23:41:05 -05:00
Patrick Klein
a0a063b57f
Add -i/--include option to "generate" CLI command. (#7112) 2021-12-07 23:40:09 -05:00
louib
004f2b6801 Removing QWidget dependency from src/core. 2021-11-12 07:41:30 -05:00
Jonathan White
6f5bbf7ad1
Fix database save calls in CLI due to backup path 2021-11-07 17:52:23 -05:00
Patrick Klein
84ff6a13f9
Allow specifing database backup paths. (#7035)
- Default backupFilePath is '{DB_FILENAME}.old.kdbx' to conform to existing standards
- Implement backupPathPattern tests.
- Show tooltip on how to format database backup location text field.
2021-11-07 17:41:17 -05:00
Andre Blanke
7d37f65ad0 CLI: Add commands to handle attachments
* Add commands to manipulate entry attachments from the CLI
* Closes #4462

* Add the following commands:
  attachment-export: Exports the content of an attachment to a specified file.

  attachment-import: Imports the attachment into an entry. An existing attachment with the same name may be overwritten if the -f option is specified.

  attachment-rm: Removes the named attachment from an entry.

* Add --show-attachments  to the show command
2021-11-07 17:27:16 -05:00
Jonathan White
f2aa32c7b0 Add direct write save option
* Closes #6335
* Modify application settings presentation to  allow for alternative saving strategies
* Transition Database::save calls to using flags to control saving behavior. Reduces boolean flags on function call.
* Made direct write save option a local setting to prevent unintentional carry over between platforms.
2021-10-09 11:12:25 -04:00
Christoph Honal
6d1fc31e96
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC

This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.

* Split hardware key access into multiple classes to handle different methods of communicating with the keys.

* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.

* Add PC/SC interface for YubiKey challenge-response

This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.

Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.

This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.

* Remove PC/SC ATR whitelist, instead scan for AIDs

Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.

This enables the support of currently unknown or unreleased hardware.

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
smlu
0c6587b5b7 Add support for Microsoft Visual Studio buildchain
* Use C++17 when using MSVC compiler
* Remove unneeded header files and macros
* Removed unnecessary Yubikey cmake file
* Enhance release tool
* Updated INSTALL.md
2021-09-19 17:16:45 -04:00
Robin Ebert
e8f2c9d126 CLI: Replace locate command with search
* Introduce search CLI command to replace locate command. Search can provide the same functionality but in a more fine-grained fashion

* Replace use of Group::locate in code: Use EntrySearcher in clip cli command best-match option. This removes the matching against group hierarchy of an entry which is kind of nonsense as clip expects exactly one match. Matching against groups can be done using search command.

* Remove obsolete Group::locate method
2021-08-22 19:23:16 -04:00
louib
5e68cd2fa2 Abort CLI open on error 2021-08-16 01:13:51 -04:00
Julius Zint
38a60df40b Set the MIME-Type to text/plain when using wl-copy on wayland. If
unset, wl-copy will try to guess the MIME-Type based on the data.
For some reason this did not work on my machine and i was unable
to paste passwords in Firefox.
2021-08-15 22:51:17 -04:00
peter
6b14b5dc27 Optimize includes across code base 2021-07-13 22:08:33 -04:00
Jonathan White
fd0bdaae80 Fix challenge-response key data after Botan
* Fix #6420
* Refactor Challenge-Response key files to be more streamlined. Added a test to confirm raw key data is accurate.
2021-05-19 22:36:30 -04:00
Jonathan White
8a7be101e4 CLI Improvements
* Fix #6001 - only use `--notes` in Add/Edit commands to prevent clash with password generator option `-n`.

* Fix #6119 - Send Unicode to clip command; Windows only understands UTF-16 encoding.

* Fix #6128 - `clip` command will default to clearing the clipboard after 10 seconds. To disable clearing set timeout to 0.
2021-04-25 07:38:21 -04:00
Jonathan White
be3e77d721 Cleanup CLI includes across all components
* Remove unused include files
* Move includes out of widely shared headers (reduced rebuild time)
* Consolidate code for Analyze command
2021-04-25 07:38:21 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Jonathan White
6c7b04fee8
Revert zxcvbn changes from f3d88f 2021-03-01 20:57:08 -05:00
Ojas Anand
022154462e Add entry view column for password strength
* Closes #4216

Reduced to three-tiered rating system and fixed column implementation. Hide password strength indicator in entry view if excluded from reports.

Introduce password health caching to prevent unnecessary calculations.
2021-02-26 22:10:04 -05:00
Jonathan White
f3d88fbd36 Address translation feedback from Transifex 2021-02-19 18:37:33 -05:00
Janek Bevendorff
af55d1b1b3 Use macdeployqt for all executables
Since Homebrew moved all its stuff to /opt/homebrew, our hard-coded
install_name_tool patch magic stopped working. This patch uses
macdeployqt for all executables to prevent this kind of behaviour.

Fixes #6042
2021-02-05 15:12:12 -05:00
Janek Bevendorff
cd0084f21c Add support for version 2 XML key files.
As discussed in #4317, the next KeePass2 release will ship with
support for a new generation of XML key files which enable
hash integrity checks.

This patch adds support for reading and generating this new format.
By default, KeePass2 now uses the .keyx extension for generated
key files, which was added to KeePassXC's key generation file chooser
filter. We continue to generate hashed binary key files by default,
but the user can explicitly save the file with the new .keyx
extension to generate an XML v2 key file (currently undocumented).

When opening a database, the key file type is still determined
by content negotation, so the file extension has no impact here.

As an additional change, the legacy key file warnings have been
improved slightly to be less confusing and more helpful.
2020-12-19 09:42:21 -05:00
Bernhard Berg
fd3cc7e8c3
Add keyfile option to keepassxc cli import cmd (#5402)
Fixes #5311

Added the keyFile logic from the create command to the import command and moved the loadFileKey() function
to the Utils class since it is now used in both create & import classes.
2020-10-09 20:31:29 -04:00
Wolfram Rösler
34b44e7496 Add fuzz test support
Describe how to invoke the AFL fuzz tester on the KeePassXC
CLI tool. As suggested in #2729.

Fuzz test build of keepassxc-cli takes database password from
environment variable instead of requiring it to be empty.
Provide two empty kdbx files as initial fuzzer input, one
kdbx 3 and one kdbx 4, both with minimal number of decryption
rounds to speed up the test.
2020-10-08 22:49:34 -04:00
louib
48d9fb3e79
Remove GUI bootstraping from core/ (#5513) 2020-10-08 22:48:45 -04:00
Jonathan White
7426693f1d CLI: Add support for okon in offline HIBP checks
* Closes #5447
* Add option `--okon <okon-cli path>` to trigger the use of the okon cli tool to process a database's entries. When using this option the `-H, --hibp` option must point to a post-processed okon file instead of the standard HIBP text file.
* Updated documentation
2020-09-27 15:23:03 -04:00
Jonathan White
e1c2537084
Merge branch 'release/2.6.2' into develop 2020-09-27 12:11:02 -04:00
Bernhard Berg
9fd9d65995
reset Qshared ptr (#5470)
CLI: Fix heapUseAfterFree in db-create command
2020-09-26 09:56:45 -04:00
Jonathan White
d3747f40e2
Fix code format 2020-09-21 21:32:02 -04:00
david
55eb855267 Add a -n (--notes) option to keepassxc-cli add and edit commands 2020-09-21 16:04:32 -04:00
Bernhard
9cf93111d6 Fix heap-use-after-free & error-msg output in keepassxc-cli
* Fixes #5367
2020-09-04 21:15:03 -04:00
Laurent Erignoux
f49f62d3be Add a best option to CLI command clip (#4489)
The best option copy the password from the best match if only one matching entry exists.

Adding clip best option documentation

Adding unit tests on the new clip --best option
2020-08-31 23:06:27 -04:00
Anton Vanda
c2bdb48bc6 Fix 'db-info' command name to show it right in 'help'
* Fixes #5139
2020-07-20 21:20:21 -04:00
Shun Sakai
9dde9314e8 Change to generate man page from AsciiDoc 2020-07-05 14:54:31 -04:00
Jonathan White
5142981018 Significantly enhance hardware key robustness
* Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC.

* Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write.

* Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize.

* Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations.

* Fixes #4400
* Fixes #4065
* Fixes #1050
* Fixes #1215
* Fixes #3087
* Fixes #1088
* Fixes #1869
2020-05-14 20:19:56 -04:00
Jonathan White
485852c9db CLI: Use stderr for password prompt
Fixes #3398.

Convert to QTextStream for all CLI IO and greatly improve CLI tests

* Completely overhaul CLI tests to be much more streamlined and easy to read. Removed unnecessary code blocks by using existing functions.

Co-authored-by: Emma Brooks <me@pluvano.com>
2020-05-14 16:33:25 -04:00
Tezkerek
6128e5d582 [CLI] On Unix, copy to clipboard using wl-clipboard if xclip is not available. 2020-04-09 15:46:44 +02:00
tuxmaster5000
e316a09a79 Change link sequence to allow static versions of libgpg-error and libgcrypt. 2020-04-02 09:17:42 -04:00
louib
e6c2c7ed93
CLI: Cleanup create options (#4313)
* Add ability to create database with an empty password
* Add password repeat check
* Standardize process between `db-create` and `import` commands
* Improve db-create tests with new password repeat

Co-authored-by: Jonathan White <support@dmapps.us>
2020-03-18 21:51:36 -04:00
Jonathan White
91c6e436b3 Dynamically determine database validity
* Check that the database composite key exists, has sub-keys associated with it, and the root group exists.
2020-03-07 16:52:24 -05:00
Jonathan White
7ac292e09b Fix crashes on database save
* Add saving mutex to database class to prevent re-entrant saving
* Prevent saving multiple times to the same file if the database is not marked as modified
* Prevent locking the database while saving. This also prevents closing the application and database tab while saving.
* FileWatcher: only perform async checksum calculations when triggered by timer (prevents random GUI freezes)
* Re-attempt database lock when requested during save operation
* Prevent database tabs from closing before all databases are locked on quit
2020-03-07 16:52:24 -05:00
Wolfram Rösler
a81c6469a8 Implement Password Health Report
Introduce a password health check to the application that evaluates every entry in a database. Entries that fail  various tests are listed for user review and action. Also moves the statistics panel to the new Database -> Reports  widget. Recycled entries are excluded from the results.

We now have two classes, PasswordHealth to deal with a single password and HealthChecker to deal with all passwords of a database.

Tests include passwords that are expired, re-used, and weak.

* Closes #551

* Move zxcvbn usage to a centralized class (PasswordHealth)  and replace its usages across the application to ensure standardized interpretation of entropy calculations.

* Add new icons for the database reports view

* Updated the demo database to show off the reports
2020-02-01 09:30:12 -05:00
James Ring
71a39c37ec
Add --username option to Clip command. (#3947)
* make Clip accept an attribute name

This allows users to copy arbitrary attributes (e.g. username, notes,
URL) to the clipboard in addition to the password and TOTP values.

* update Clip manpage

* Add findAttributes to CLI utils

* Use case-insensitive search in Show command.

* Use case-insensitive search in Clip command.

Co-authored-by: louib <L0U13@protonmail.com>
2020-01-30 15:46:48 -05:00
Balazs Gyurak
06e0f38523 CLI: Fix XML encoding when export database
Add write function to TextStream
Fix #3900
2020-01-29 20:51:53 -05:00
James Ring
94b45ea16f
Use db-create as Create::name (#4263)
Fixes a name mismatch introduced in
b78ca924fd.
2020-01-29 15:18:48 -05:00