Commit Graph

22 Commits

Author SHA1 Message Date
egglessness
d44486ce94
Add configurable password strength check on database password (#9782)
* Set default value of DatabasePasswordMinimumQuality to 3 (do not accept a master password that is less than Good)

* Add custom message box button "Continue with weak password"
2024-01-06 13:53:18 -05:00
Jonathan White
eee25a1c35
Fix several issues with Quick Unlock (#9697)
* Fix #7892 - Pressing escape when the quick unlock prompt is shown will now go back to the main unlock dialog view.
* Fix #9030 - Quick unlock will be automatically invoked in the unlock dialog upon being shown.
* Fix #9554 - Quick unlock application setting will be updated every time the settings widget is shown instead of just on first launch.

* Show warning that quick unlock is not enabled if user cancels Windows Hello prompt. This should limit people thinking there is a security issue. Also improve documentation describing this behavior.

* Disable quick unlock in gui tests
2023-08-10 08:21:08 -04:00
luzpaz
880cc230ac
Fix various typos (#8748) 2023-01-29 09:38:44 -05:00
Aetf
0f7b674cbb FdoSecrets: add smarter handling of database unlock requests
This commit implements the following logic:
* If there're already unlocked collections, just use those,
* otherwise, show the unlock dialog until there's an unlocked and exposed collection.

* Fixes #7574
2022-06-04 16:27:18 -04:00
Aetf
e2bf537c4a FdoSecrets: ask to unlock the database when creating items
Also only emit databaseUnlockFinished after the database is unlocked

Fix #7989
2022-06-04 15:49:34 -04:00
J.M. Dana
a740fe128c Add password strength indicator to PasswordEditWidget
Fixes #7437 (entry edit view only)
Fixes #5220
2022-05-31 07:34:50 -04:00
Aetf
a4c5997050 FdoSecrets: skip entries in recycle bin when searching (fix #7933) 2022-05-28 15:36:17 -04:00
Aetf
7d3c3b09fb FdoSecrest: allow remember decision for future entries
Also added a reset decision button in session management tab

Fixes #7464

* Fix distorted button in settings page: the default margin in QToolBar is too large for our use case in a table row.
2022-03-21 08:42:17 -04:00
Aetf
2a9d92faeb
FdoSecrets: reject setting refs via the API (#7043)
* FdoSecrets: add TOTP as a readonly attribute

* FdoSecrets: reject setting fields containing refs, fixes #6802

It is still possible to set refs using KPXC UI.
2021-10-24 10:22:50 -04:00
Aetf
a31c5ba006 FdoSecrets: Implement unlock before search
Fixes #6942 and fixes #4443

- Return number of deleted entries
- Fix minor memory leak
- FdoSecrets: make all prompt truly async per spec and update tests
    * the waited signal may already be emitted before calling spy.wait(),
      causing the test to fail. This commit checks the count before waiting.
    * check unlock result after waiting for signal
- FdoSecrets: implement unlockBeforeSearch option
- FdoSecrets: make search always work regardless of entry group searching settings, fixes #6942
- FdoSecrets: cleanup gracefully even if some test failed
- FdoSecrets: make it safe to call prompts concurrently
- FdoSecrets: make sure in unit test we click on the correct dialog

Note on the unit tests: objects are not deleted (due to deleteLater event not handled).
So there may be multiple AccessControlDialog. But only one of
it is visible and is the correctly one to click on.

Before this change, a random one may be clicked on, causing the
completed signal never be sent.
2021-10-16 22:50:04 -04:00
Aetf
60cfba8e46
FdoSecrets: Improve client executable path handling (#6915)
* Fixes #6459 

Improves the overall handling of FdoSecrets showing client executable paths to the user. It does the following:

* Check executable file existence as described in [RFC] fdosecrets: add optional confirmation to secret access (#4733)
* Show application PID and dbus address in the client list
* When the executable file is inaccessible, depending on where the client name is shown:
    * when shown inline, e.g. in notification text, where space is limited, clearly say that the path is invalid
    * when shown in auth dialog, show warning and print detailed info about the client
    * when shown in the client list, draw a warning icon

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 18:22:15 -04:00
peter
6b14b5dc27 Optimize includes across code base 2021-07-13 22:08:33 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Aetf
9a8a5a0006
FdoSecrets: Major Refactor and Code Consolidation (#5747)
* Fixes #3837

* Change objects to use DBusMgr rather than separate adaptors
  - Update all DBus invokable methods to new parameter order
  - Change all usage of DBusReturn to simpler DBusResult
  - Use DBusMgr to handle path and service registration
  - Remove adaptor/*
  - Set path in DBusObject
  - Unregister service when service is destroyed
  - Restore handling of invalid QVariant in prompt complete signal
  - Clean up meta type registration
  - Move dbus related file together
  - Convert to QSharedPointer as much as possible
  - Fix mapping of the Delete method
  - Handle dbus property get all

* Add per-client states
  - Move cipher negotiation to DBusClient
  - Show list of clients instead of sessions in the settings page
  - Add settings for confirmation of accessing items
  - Fix infinite recursion when client disconnected
  - Use optional explicit DBusClient parameter instead. This makes accessing 
    the client info in an async context explicit, and thus prevent accidental 
    assertions in prompts.

* Improve User Interface
  - Add per-item access confirmation (if enabled)
  - Remove the "disable for site" button for the access control dialog
  - Improve the text on the settings page to be more consistent
  - Fix disconnect buttons in settings page not working
  - Make the unlock prompt method nonblocking

* Fix and cleanup unit tests
  - Use QTRY_COMPARE when checking signal spies, as dbus signals are threaded
  - Fixes in meta type registration and type conversion
  - Remove QStringLiteral in COMPARE macros, making diff output readable
  - Add testing for remembering auth decision
2021-02-05 15:07:59 -05:00
Aetf
9f4118974d FdoSecrets: fix signal connections 2020-11-13 17:20:45 -05:00
Aetf
a651d7049d FdoSecrets: handle corner cases in collection dbus names, fix #5279
- Use completeBaseName rather than baseName to ensure nonempty name
- Handle two databases have the same name
- Cleanup Service::onDatabaseTabOpened logic
2020-11-13 17:16:22 -05:00
Aetf
f5caf3968f FdoSecrets: fix typos 2020-11-13 17:16:22 -05:00
louib
48d9fb3e79
Remove GUI bootstraping from core/ (#5513) 2020-10-08 22:48:45 -04:00
Jonathan White
736df7696f FDO Secrets: Fix double free on exit
* Prevent double free due to QObject cleanup happening before/after the ExtraPage  storing the QSharedPointer to FdoSecretsPlugin is deleted.
* Fixes #4877
2020-06-19 21:24:43 -04:00
Jonathan White
fbebf30b98 Fix permissions changing on database save
* Saving a database in unsafe mode retains the existing permissions on the kdbx file
* New databases (save as, save backup, new database) and new key files are saved with 0600 permissions (user read/write), fixes #2575
2020-06-07 16:00:56 -04:00
Jonathan White
2073f2ddc3 Fix theming with Qt 5.15
* Fixes #4765
* Fixes #4766
2020-06-04 10:03:40 -04:00
Aetf
44779bc862 FdoSecrets: add unit tests 2020-05-27 22:07:25 -04:00