keepassxc/src/fdosecrets/objects/Session.cpp

106 lines
3.1 KiB
C++
Raw Normal View History

Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403) This plugin implements the Secret Storage specification version 0.2. While running KeePassXC, it acts as a Secret Service server, registered on DBus, so clients like seahorse, python-secretstorage, or other implementations can connect and access the exposed database in KeePassXC. Squashed commits: - Initial code - Add SessionAdaptor and fix build - The skeletons for all dbus objects are in place - Implement collection creation and deletion - Emit collectionChanged signal - Implement app-wise settings page - Implement error message on GUI - Implement settings - Fix uuid to dbus path - Implement app level settings - Add freedesktop logo - Implement database settings page - Change database settings to a treeview - Move all settings read/write to one place - Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets - Fix selected group can not be saved if the user hasn't click on the item - Show selected group per database in app settings - Disable editing of various readonly widgets - Remove unused warning about non exposed database - Fix method signature on dbus adaptors - Fix type derived from DBusObject not recognized as QDBusContext - Resolve a few TODOs around error handling - Remove const when passing DBus exposed objects - Move dismiss to PromptBase - Implement per collection locking/unlocking - Fix const correctness on Item::setSecret - Implement SecretService::getSecrets - Rework the signal connections around collections. - Remove generateId from DBusObject - Per spec, use encoded label as DBus object path for collections - Fix some corner cases around collection name changes - Implement alias - Fix wrong alias dbus path - Implement encryption per spec - Cleanup SessionCipher - Implement searchItems for SecretService - Use Tools::uuidToHex - Implement Item attributes and delete - Implement createItem - Always check if the database is unlocked before perform any operation - Add missing ReadAlias/SetAlias on service - Reorganize and fix OpenSession always returning empty output - Overhaul error handling - Make sure default alias is always present - Remove collection aliases early in doDelete - Handles all content types, fix setProperties not working - Fix sometimes there is an extraneous leading zero when converting from MPI - Fix session encryption negotiation - Do not expose recycle bin - Protect against the methods not called from DBus - Also emit collectionChanged signal when lock state changes - Show notification when entry secret is requested - Add a README file - Actually close session when client disconnects - Gracefully return alternative label when collection is locked - Reorganize, rename secretservice to fdosecrets - Fix issues reported by clazy - Unify UI strings and fix icon - Implement a setting to skip confirmation when deleting entries from DBus - Remove some unused debugging log - Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter. - Simplify GcryptMPI using std::unique_ptr and add unit test - Format code in fdosecrets - Move DBusReturnImpl to details namespace - Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted - Make sure Collection::searchItems works, whether it's locked or not - Fix FdoSecrets::Collection becomes empty after a database reload - Fix crash when looping while modifying the list
2019-03-26 03:07:18 +00:00
/*
* Copyright (C) 2018 Aetf <aetf@unlimitedcodeworks.xyz>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 2 or (at your option)
* version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "Session.h"
#include "fdosecrets/objects/SessionCipher.h"
#include "core/Tools.h"
namespace FdoSecrets
{
QHash<QString, QVariant> Session::negoniationState;
Session::Session(std::unique_ptr<CipherPair>&& cipher, const QString& peer, Service* parent)
: DBusObject(parent)
, m_cipher(std::move(cipher))
, m_peer(peer)
, m_id(QUuid::createUuid())
{
registerWithPath(QStringLiteral(DBUS_PATH_TEMPLATE_SESSION).arg(p()->objectPath().path(), id()),
new SessionAdaptor(this));
}
void Session::CleanupNegotiation(const QString& peer)
{
negoniationState.remove(peer);
}
DBusReturn<void> Session::close()
{
emit aboutToClose();
deleteLater();
return {};
}
QString Session::peer() const
{
return m_peer;
}
QString Session::id() const
{
return Tools::uuidToHex(m_id);
}
std::unique_ptr<CipherPair> Session::CreateCiphers(const QString& peer,
const QString& algorithm,
const QVariant& input,
QVariant& output,
bool& incomplete)
{
Q_UNUSED(peer);
incomplete = false;
std::unique_ptr<CipherPair> cipher{};
if (algorithm == QLatin1Literal("plain")) {
cipher.reset(new PlainCipher);
} else if (algorithm == QLatin1Literal("dh-ietf1024-sha256-aes128-cbc-pkcs7")) {
QByteArray clientPublicKey = input.toByteArray();
cipher.reset(new DhIetf1024Sha256Aes128CbcPkcs7(clientPublicKey));
} else {
// error notSupported
}
if (!cipher) {
return {};
}
if (!cipher->isValid()) {
qWarning() << "FdoSecrets: Error creating cipher";
return {};
}
output = cipher->negotiationOutput();
return cipher;
}
SecretStruct Session::encode(const SecretStruct& input) const
{
auto output = m_cipher->encrypt(input);
output.session = objectPath();
return output;
}
SecretStruct Session::decode(const SecretStruct& input) const
{
return m_cipher->decrypt(input);
}
} // namespace FdoSecrets