113c8eb702
The CLI module was lacking unit test coverage and showed some severe coding style violations, which this patch addresses. In addition, all uses of qCritical() with untranslatble raw char* sequences were removed in favor of proper locale strings. These are written to STDERR through QTextStreams and support output redirection for testing purposes. With this change, error messages don't depend on the global Qt logging settings and targets anymore and go directly to the terminal or into a file if needed. This patch also fixes a bug discovered during unit test development, where the extract command would just dump the raw XML contents without decrypting embedded Salsa20-protected values first, making the XML export mostly useless, since passwords are scrambled. Lastly, all CLI commands received a dedicated -h/--help option.
672 lines
17 KiB
C++
672 lines
17 KiB
C++
/*
|
|
* Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
|
|
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 2 or (at your option)
|
|
* version 3 of the License.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "Database.h"
|
|
|
|
#include <QDebug>
|
|
#include <QFile>
|
|
#include <QSaveFile>
|
|
#include <QTemporaryFile>
|
|
#include <QTextStream>
|
|
#include <QTimer>
|
|
#include <QXmlStreamReader>
|
|
|
|
#include "cli/Utils.h"
|
|
#include "core/Clock.h"
|
|
#include "core/Group.h"
|
|
#include "core/Merger.h"
|
|
#include "core/Metadata.h"
|
|
#include "crypto/kdf/AesKdf.h"
|
|
#include "format/KeePass2.h"
|
|
#include "format/KeePass2Reader.h"
|
|
#include "format/KeePass2Writer.h"
|
|
#include "keys/FileKey.h"
|
|
#include "keys/PasswordKey.h"
|
|
|
|
QHash<QUuid, Database*> Database::m_uuidMap;
|
|
|
|
Database::Database()
|
|
: m_metadata(new Metadata(this))
|
|
, m_rootGroup(nullptr)
|
|
, m_timer(new QTimer(this))
|
|
, m_emitModified(false)
|
|
, m_uuid(QUuid::createUuid())
|
|
{
|
|
m_data.cipher = KeePass2::CIPHER_AES256;
|
|
m_data.compressionAlgo = CompressionGZip;
|
|
|
|
// instantiate default AES-KDF with legacy KDBX3 flag set
|
|
// KDBX4+ will re-initialize the KDF using parameters read from the KDBX file
|
|
m_data.kdf = QSharedPointer<AesKdf>::create(true);
|
|
m_data.kdf->randomizeSeed();
|
|
m_data.hasKey = false;
|
|
|
|
setRootGroup(new Group());
|
|
rootGroup()->setUuid(QUuid::createUuid());
|
|
m_timer->setSingleShot(true);
|
|
|
|
m_uuidMap.insert(m_uuid, this);
|
|
|
|
connect(m_metadata, SIGNAL(modified()), this, SIGNAL(modifiedImmediate()));
|
|
connect(m_metadata, SIGNAL(nameTextChanged()), this, SIGNAL(nameTextChanged()));
|
|
connect(this, SIGNAL(modifiedImmediate()), this, SLOT(startModifiedTimer()));
|
|
connect(m_timer, SIGNAL(timeout()), SIGNAL(modified()));
|
|
}
|
|
|
|
Database::~Database()
|
|
{
|
|
m_uuidMap.remove(m_uuid);
|
|
}
|
|
|
|
Group* Database::rootGroup()
|
|
{
|
|
return m_rootGroup;
|
|
}
|
|
|
|
const Group* Database::rootGroup() const
|
|
{
|
|
return m_rootGroup;
|
|
}
|
|
|
|
void Database::setRootGroup(Group* group)
|
|
{
|
|
Q_ASSERT(group);
|
|
|
|
m_rootGroup = group;
|
|
m_rootGroup->setParent(this);
|
|
}
|
|
|
|
Metadata* Database::metadata()
|
|
{
|
|
return m_metadata;
|
|
}
|
|
|
|
const Metadata* Database::metadata() const
|
|
{
|
|
return m_metadata;
|
|
}
|
|
|
|
QString Database::filePath() const
|
|
{
|
|
return m_filePath;
|
|
}
|
|
|
|
void Database::setFilePath(const QString& filePath)
|
|
{
|
|
m_filePath = filePath;
|
|
}
|
|
|
|
Entry* Database::resolveEntry(const QUuid& uuid)
|
|
{
|
|
return findEntryRecursive(uuid, m_rootGroup);
|
|
}
|
|
|
|
Entry* Database::resolveEntry(const QString& text, EntryReferenceType referenceType)
|
|
{
|
|
return findEntryRecursive(text, referenceType, m_rootGroup);
|
|
}
|
|
|
|
Entry* Database::findEntryRecursive(const QUuid& uuid, Group* group)
|
|
{
|
|
const QList<Entry*> entryList = group->entries();
|
|
for (Entry* entry : entryList) {
|
|
if (entry->uuid() == uuid) {
|
|
return entry;
|
|
}
|
|
}
|
|
|
|
const QList<Group*> children = group->children();
|
|
for (Group* child : children) {
|
|
Entry* result = findEntryRecursive(uuid, child);
|
|
if (result) {
|
|
return result;
|
|
}
|
|
}
|
|
|
|
return nullptr;
|
|
}
|
|
|
|
Entry* Database::findEntryRecursive(const QString& text, EntryReferenceType referenceType, Group* group)
|
|
{
|
|
Q_ASSERT_X(referenceType != EntryReferenceType::Unknown,
|
|
"Database::findEntryRecursive",
|
|
"Can't search entry with \"referenceType\" parameter equal to \"Unknown\"");
|
|
|
|
bool found = false;
|
|
const QList<Entry*> entryList = group->entries();
|
|
for (Entry* entry : entryList) {
|
|
switch (referenceType) {
|
|
case EntryReferenceType::Unknown:
|
|
return nullptr;
|
|
case EntryReferenceType::Title:
|
|
found = entry->title() == text;
|
|
break;
|
|
case EntryReferenceType::UserName:
|
|
found = entry->username() == text;
|
|
break;
|
|
case EntryReferenceType::Password:
|
|
found = entry->password() == text;
|
|
break;
|
|
case EntryReferenceType::Url:
|
|
found = entry->url() == text;
|
|
break;
|
|
case EntryReferenceType::Notes:
|
|
found = entry->notes() == text;
|
|
break;
|
|
case EntryReferenceType::QUuid:
|
|
found = entry->uuid() == QUuid::fromRfc4122(QByteArray::fromHex(text.toLatin1()));
|
|
break;
|
|
case EntryReferenceType::CustomAttributes:
|
|
found = entry->attributes()->containsValue(text);
|
|
break;
|
|
}
|
|
|
|
if (found) {
|
|
return entry;
|
|
}
|
|
}
|
|
|
|
const QList<Group*> children = group->children();
|
|
for (Group* child : children) {
|
|
Entry* result = findEntryRecursive(text, referenceType, child);
|
|
if (result) {
|
|
return result;
|
|
}
|
|
}
|
|
|
|
return nullptr;
|
|
}
|
|
|
|
Group* Database::resolveGroup(const QUuid& uuid)
|
|
{
|
|
return findGroupRecursive(uuid, m_rootGroup);
|
|
}
|
|
|
|
Group* Database::findGroupRecursive(const QUuid& uuid, Group* group)
|
|
{
|
|
if (group->uuid() == uuid) {
|
|
return group;
|
|
}
|
|
|
|
const QList<Group*> children = group->children();
|
|
for (Group* child : children) {
|
|
Group* result = findGroupRecursive(uuid, child);
|
|
if (result) {
|
|
return result;
|
|
}
|
|
}
|
|
|
|
return nullptr;
|
|
}
|
|
|
|
QList<DeletedObject> Database::deletedObjects()
|
|
{
|
|
return m_deletedObjects;
|
|
}
|
|
|
|
const QList<DeletedObject>& Database::deletedObjects() const
|
|
{
|
|
return m_deletedObjects;
|
|
}
|
|
|
|
bool Database::containsDeletedObject(const QUuid& uuid) const
|
|
{
|
|
for (const DeletedObject& currentObject : m_deletedObjects) {
|
|
if (currentObject.uuid == uuid) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
bool Database::containsDeletedObject(const DeletedObject& object) const
|
|
{
|
|
for (const DeletedObject& currentObject : m_deletedObjects) {
|
|
if (currentObject.uuid == object.uuid) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
void Database::setDeletedObjects(const QList<DeletedObject>& delObjs)
|
|
{
|
|
if (m_deletedObjects == delObjs) {
|
|
return;
|
|
}
|
|
m_deletedObjects = delObjs;
|
|
}
|
|
|
|
void Database::addDeletedObject(const DeletedObject& delObj)
|
|
{
|
|
Q_ASSERT(delObj.deletionTime.timeSpec() == Qt::UTC);
|
|
m_deletedObjects.append(delObj);
|
|
}
|
|
|
|
void Database::addDeletedObject(const QUuid& uuid)
|
|
{
|
|
DeletedObject delObj;
|
|
delObj.deletionTime = Clock::currentDateTimeUtc();
|
|
delObj.uuid = uuid;
|
|
|
|
addDeletedObject(delObj);
|
|
}
|
|
|
|
const QUuid& Database::cipher() const
|
|
{
|
|
return m_data.cipher;
|
|
}
|
|
|
|
Database::CompressionAlgorithm Database::compressionAlgo() const
|
|
{
|
|
return m_data.compressionAlgo;
|
|
}
|
|
|
|
QByteArray Database::transformedMasterKey() const
|
|
{
|
|
return m_data.transformedMasterKey;
|
|
}
|
|
|
|
QByteArray Database::challengeResponseKey() const
|
|
{
|
|
return m_data.challengeResponseKey;
|
|
}
|
|
|
|
bool Database::challengeMasterSeed(const QByteArray& masterSeed)
|
|
{
|
|
m_data.masterSeed = masterSeed;
|
|
return m_data.key->challenge(masterSeed, m_data.challengeResponseKey);
|
|
}
|
|
|
|
void Database::setCipher(const QUuid& cipher)
|
|
{
|
|
Q_ASSERT(!cipher.isNull());
|
|
|
|
m_data.cipher = cipher;
|
|
}
|
|
|
|
void Database::setCompressionAlgo(Database::CompressionAlgorithm algo)
|
|
{
|
|
Q_ASSERT(static_cast<quint32>(algo) <= CompressionAlgorithmMax);
|
|
|
|
m_data.compressionAlgo = algo;
|
|
}
|
|
|
|
/**
|
|
* Set and transform a new encryption key.
|
|
*
|
|
* @param key key to set and transform or nullptr to reset the key
|
|
* @param updateChangedTime true to update database change time
|
|
* @param updateTransformSalt true to update the transform salt
|
|
* @return true on success
|
|
*/
|
|
bool Database::setKey(QSharedPointer<const CompositeKey> key, bool updateChangedTime, bool updateTransformSalt)
|
|
{
|
|
if (!key) {
|
|
m_data.key.reset();
|
|
m_data.transformedMasterKey = {};
|
|
m_data.hasKey = false;
|
|
return true;
|
|
}
|
|
|
|
if (updateTransformSalt) {
|
|
m_data.kdf->randomizeSeed();
|
|
Q_ASSERT(!m_data.kdf->seed().isEmpty());
|
|
}
|
|
|
|
QByteArray oldTransformedMasterKey = m_data.transformedMasterKey;
|
|
QByteArray transformedMasterKey;
|
|
if (!key->transform(*m_data.kdf, transformedMasterKey)) {
|
|
return false;
|
|
}
|
|
|
|
m_data.key = key;
|
|
m_data.transformedMasterKey = transformedMasterKey;
|
|
m_data.hasKey = true;
|
|
if (updateChangedTime) {
|
|
m_metadata->setMasterKeyChanged(Clock::currentDateTimeUtc());
|
|
}
|
|
|
|
if (oldTransformedMasterKey != m_data.transformedMasterKey) {
|
|
emit modifiedImmediate();
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool Database::hasKey() const
|
|
{
|
|
return m_data.hasKey;
|
|
}
|
|
|
|
bool Database::verifyKey(QSharedPointer<CompositeKey> key) const
|
|
{
|
|
Q_ASSERT(hasKey());
|
|
|
|
if (!m_data.challengeResponseKey.isEmpty()) {
|
|
QByteArray result;
|
|
|
|
if (!key->challenge(m_data.masterSeed, result)) {
|
|
// challenge failed, (YubiKey?) removed?
|
|
return false;
|
|
}
|
|
|
|
if (m_data.challengeResponseKey != result) {
|
|
// wrong response from challenged device(s)
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return (m_data.key->rawKey() == key->rawKey());
|
|
}
|
|
|
|
QVariantMap& Database::publicCustomData()
|
|
{
|
|
return m_data.publicCustomData;
|
|
}
|
|
|
|
const QVariantMap& Database::publicCustomData() const
|
|
{
|
|
return m_data.publicCustomData;
|
|
}
|
|
|
|
void Database::setPublicCustomData(const QVariantMap& customData)
|
|
{
|
|
m_data.publicCustomData = customData;
|
|
}
|
|
|
|
void Database::createRecycleBin()
|
|
{
|
|
Group* recycleBin = Group::createRecycleBin();
|
|
recycleBin->setParent(rootGroup());
|
|
m_metadata->setRecycleBin(recycleBin);
|
|
}
|
|
|
|
void Database::recycleEntry(Entry* entry)
|
|
{
|
|
if (m_metadata->recycleBinEnabled()) {
|
|
if (!m_metadata->recycleBin()) {
|
|
createRecycleBin();
|
|
}
|
|
entry->setGroup(metadata()->recycleBin());
|
|
} else {
|
|
delete entry;
|
|
}
|
|
}
|
|
|
|
void Database::recycleGroup(Group* group)
|
|
{
|
|
if (m_metadata->recycleBinEnabled()) {
|
|
if (!m_metadata->recycleBin()) {
|
|
createRecycleBin();
|
|
}
|
|
group->setParent(metadata()->recycleBin());
|
|
} else {
|
|
delete group;
|
|
}
|
|
}
|
|
|
|
void Database::emptyRecycleBin()
|
|
{
|
|
if (m_metadata->recycleBinEnabled() && m_metadata->recycleBin()) {
|
|
// destroying direct entries of the recycle bin
|
|
QList<Entry*> subEntries = m_metadata->recycleBin()->entries();
|
|
for (Entry* entry : subEntries) {
|
|
delete entry;
|
|
}
|
|
// destroying direct subgroups of the recycle bin
|
|
QList<Group*> subGroups = m_metadata->recycleBin()->children();
|
|
for (Group* group : subGroups) {
|
|
delete group;
|
|
}
|
|
}
|
|
}
|
|
|
|
void Database::setEmitModified(bool value)
|
|
{
|
|
if (m_emitModified && !value) {
|
|
m_timer->stop();
|
|
}
|
|
|
|
m_emitModified = value;
|
|
}
|
|
|
|
void Database::markAsModified()
|
|
{
|
|
emit modified();
|
|
}
|
|
|
|
const QUuid& Database::uuid()
|
|
{
|
|
return m_uuid;
|
|
}
|
|
|
|
Database* Database::databaseByUuid(const QUuid& uuid)
|
|
{
|
|
return m_uuidMap.value(uuid, 0);
|
|
}
|
|
|
|
void Database::startModifiedTimer()
|
|
{
|
|
if (!m_emitModified) {
|
|
return;
|
|
}
|
|
|
|
if (m_timer->isActive()) {
|
|
m_timer->stop();
|
|
}
|
|
m_timer->start(150);
|
|
}
|
|
|
|
QSharedPointer<const CompositeKey> Database::key() const
|
|
{
|
|
return m_data.key;
|
|
}
|
|
|
|
Database* Database::openDatabaseFile(const QString& fileName, QSharedPointer<const CompositeKey> key)
|
|
{
|
|
|
|
QFile dbFile(fileName);
|
|
if (!dbFile.exists()) {
|
|
qCritical("File %s does not exist.", qPrintable(fileName));
|
|
return nullptr;
|
|
}
|
|
if (!dbFile.open(QIODevice::ReadOnly)) {
|
|
qCritical("Unable to open file %s.", qPrintable(fileName));
|
|
return nullptr;
|
|
}
|
|
|
|
KeePass2Reader reader;
|
|
Database* db = reader.readDatabase(&dbFile, key);
|
|
if (reader.hasError()) {
|
|
qCritical("Error while parsing the database: %s", qPrintable(reader.errorString()));
|
|
return nullptr;
|
|
}
|
|
|
|
return db;
|
|
}
|
|
|
|
Database* Database::unlockFromStdin(QString databaseFilename, QString keyFilename, FILE* outputDescriptor, FILE* errorDescriptor)
|
|
{
|
|
auto compositeKey = QSharedPointer<CompositeKey>::create();
|
|
QTextStream out(outputDescriptor);
|
|
QTextStream err(errorDescriptor);
|
|
|
|
out << QObject::tr("Insert password to unlock %1: ").arg(databaseFilename);
|
|
out.flush();
|
|
|
|
QString line = Utils::getPassword();
|
|
auto passwordKey = QSharedPointer<PasswordKey>::create();
|
|
passwordKey->setPassword(line);
|
|
compositeKey->addKey(passwordKey);
|
|
|
|
if (!keyFilename.isEmpty()) {
|
|
auto fileKey = QSharedPointer<FileKey>::create();
|
|
QString errorMessage;
|
|
// LCOV_EXCL_START
|
|
if (!fileKey->load(keyFilename, &errorMessage)) {
|
|
err << QObject::tr("Failed to load key file %1: %2").arg(keyFilename, errorMessage)<< endl;
|
|
return nullptr;
|
|
}
|
|
|
|
if (fileKey->type() != FileKey::Hashed) {
|
|
err << QObject::tr("WARNING: You are using a legacy key file format which may become\n"
|
|
"unsupported in the future.\n\n"
|
|
"Please consider generating a new key file.") << endl;
|
|
}
|
|
// LCOV_EXCL_STOP
|
|
|
|
compositeKey->addKey(fileKey);
|
|
}
|
|
|
|
return Database::openDatabaseFile(databaseFilename, compositeKey);
|
|
}
|
|
|
|
/**
|
|
* Save the database to a file.
|
|
*
|
|
* This function uses QTemporaryFile instead of QSaveFile due to a bug
|
|
* in Qt (https://bugreports.qt.io/browse/QTBUG-57299) that may prevent
|
|
* the QSaveFile from renaming itself when using Dropbox, Drive, or OneDrive.
|
|
*
|
|
* The risk in using QTemporaryFile is that the rename function is not atomic
|
|
* and may result in loss of data if there is a crash or power loss at the
|
|
* wrong moment.
|
|
*
|
|
* @param filePath Absolute path of the file to save
|
|
* @param atomic Use atomic file transactions
|
|
* @param backup Backup the existing database file, if exists
|
|
* @return error string, if any
|
|
*/
|
|
QString Database::saveToFile(QString filePath, bool atomic, bool backup)
|
|
{
|
|
QString error;
|
|
if (atomic) {
|
|
QSaveFile saveFile(filePath);
|
|
if (saveFile.open(QIODevice::WriteOnly)) {
|
|
// write the database to the file
|
|
error = writeDatabase(&saveFile);
|
|
if (!error.isEmpty()) {
|
|
return error;
|
|
}
|
|
|
|
if (backup) {
|
|
backupDatabase(filePath);
|
|
}
|
|
|
|
if (saveFile.commit()) {
|
|
// successfully saved database file
|
|
return {};
|
|
}
|
|
}
|
|
error = saveFile.errorString();
|
|
} else {
|
|
QTemporaryFile tempFile;
|
|
if (tempFile.open()) {
|
|
// write the database to the file
|
|
error = writeDatabase(&tempFile);
|
|
if (!error.isEmpty()) {
|
|
return error;
|
|
}
|
|
|
|
tempFile.close(); // flush to disk
|
|
|
|
if (backup) {
|
|
backupDatabase(filePath);
|
|
}
|
|
|
|
// Delete the original db and move the temp file in place
|
|
QFile::remove(filePath);
|
|
#ifdef Q_OS_LINUX
|
|
// workaround to make this workaround work, see: https://bugreports.qt.io/browse/QTBUG-64008
|
|
if (tempFile.copy(filePath)) {
|
|
// successfully saved database file
|
|
return {};
|
|
}
|
|
#else
|
|
if (tempFile.rename(filePath)) {
|
|
// successfully saved database file
|
|
tempFile.setAutoRemove(false);
|
|
return {};
|
|
}
|
|
#endif
|
|
}
|
|
error = tempFile.errorString();
|
|
}
|
|
// Saving failed
|
|
return error;
|
|
}
|
|
|
|
QString Database::writeDatabase(QIODevice* device)
|
|
{
|
|
KeePass2Writer writer;
|
|
setEmitModified(false);
|
|
writer.writeDatabase(device, this);
|
|
setEmitModified(true);
|
|
|
|
if (writer.hasError()) {
|
|
// the writer failed
|
|
return writer.errorString();
|
|
}
|
|
return {};
|
|
}
|
|
|
|
/**
|
|
* Remove the old backup and replace it with a new one
|
|
* backups are named <filename>.old.kdbx
|
|
*
|
|
* @param filePath Path to the file to backup
|
|
* @return
|
|
*/
|
|
bool Database::backupDatabase(QString filePath)
|
|
{
|
|
QString backupFilePath = filePath;
|
|
auto re = QRegularExpression("\\.kdbx$|(?<!\\.kdbx)$", QRegularExpression::CaseInsensitiveOption);
|
|
backupFilePath.replace(re, ".old.kdbx");
|
|
QFile::remove(backupFilePath);
|
|
return QFile::copy(filePath, backupFilePath);
|
|
}
|
|
|
|
QSharedPointer<Kdf> Database::kdf() const
|
|
{
|
|
return m_data.kdf;
|
|
}
|
|
|
|
void Database::setKdf(QSharedPointer<Kdf> kdf)
|
|
{
|
|
m_data.kdf = std::move(kdf);
|
|
}
|
|
|
|
bool Database::changeKdf(QSharedPointer<Kdf> kdf)
|
|
{
|
|
kdf->randomizeSeed();
|
|
QByteArray transformedMasterKey;
|
|
if (!m_data.key) {
|
|
m_data.key = QSharedPointer<CompositeKey>::create();
|
|
}
|
|
if (!m_data.key->transform(*kdf, transformedMasterKey)) {
|
|
return false;
|
|
}
|
|
|
|
setKdf(kdf);
|
|
m_data.transformedMasterKey = transformedMasterKey;
|
|
emit modifiedImmediate();
|
|
|
|
return true;
|
|
}
|