Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-Add keys on database unlock #2982

Merged
merged 1 commit into from
Apr 11, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 6 additions & 7 deletions src/gui/entry/EditEntryWidget.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -597,15 +597,14 @@ void EditEntryWidget::addKeyToAgent()
m_sshAgentUi->commentTextLabel->setText(key.comment());
m_sshAgentUi->publicKeyEdit->document()->setPlainText(key.publicKey());

int lifetime = 0;
bool confirm = m_sshAgentUi->requireUserConfirmationCheckBox->isChecked();
KeeAgentSettings settings;

if (m_sshAgentUi->lifetimeCheckBox->isChecked()) {
lifetime = m_sshAgentUi->lifetimeSpinBox->value();
}
settings.setRemoveAtDatabaseClose(m_sshAgentUi->removeKeyFromAgentCheckBox->isChecked());
settings.setUseConfirmConstraintWhenAdding(m_sshAgentUi->requireUserConfirmationCheckBox->isChecked());
settings.setUseLifetimeConstraintWhenAdding(m_sshAgentUi->lifetimeCheckBox->isChecked());
settings.setLifetimeConstraintDuration(m_sshAgentUi->lifetimeSpinBox->value());

if (!SSHAgent::instance()->addIdentity(
key, m_sshAgentUi->removeKeyFromAgentCheckBox->isChecked(), static_cast<quint32>(lifetime), confirm)) {
if (!SSHAgent::instance()->addIdentity(key, settings)) {
showMessage(SSHAgent::instance()->errorString(), MessageWidget::Error);
return;
}
Expand Down
31 changes: 14 additions & 17 deletions src/sshagent/SSHAgent.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ bool SSHAgent::sendMessagePageant(const QByteArray& in, QByteArray& out)
* @param removeOnLock autoremove from agent when the Database is locked
* @return true on success
*/
bool SSHAgent::addIdentity(OpenSSHKey& key, bool removeOnLock, quint32 lifetime, bool confirm)
bool SSHAgent::addIdentity(OpenSSHKey& key, KeeAgentSettings& settings)
{
if (!isAgentRunning()) {
m_error = tr("No agent running, cannot add identity.");
Expand All @@ -197,15 +197,17 @@ bool SSHAgent::addIdentity(OpenSSHKey& key, bool removeOnLock, quint32 lifetime,
QByteArray requestData;
BinaryStream request(&requestData);

request.write((lifetime > 0 || confirm) ? SSH_AGENTC_ADD_ID_CONSTRAINED : SSH_AGENTC_ADD_IDENTITY);
request.write((settings.useLifetimeConstraintWhenAdding() || settings.useConfirmConstraintWhenAdding())
? SSH_AGENTC_ADD_ID_CONSTRAINED
: SSH_AGENTC_ADD_IDENTITY);
key.writePrivate(request);

if (lifetime > 0) {
if (settings.useLifetimeConstraintWhenAdding()) {
request.write(SSH_AGENT_CONSTRAIN_LIFETIME);
request.write(lifetime);
request.write(static_cast<quint32>(settings.lifetimeConstraintDuration()));
}

if (confirm) {
if (settings.useConfirmConstraintWhenAdding()) {
request.write(SSH_AGENT_CONSTRAIN_CONFIRM);
}

Expand All @@ -218,11 +220,11 @@ bool SSHAgent::addIdentity(OpenSSHKey& key, bool removeOnLock, quint32 lifetime,
m_error =
tr("Agent refused this identity. Possible reasons include:") + "\n" + tr("The key has already been added.");

if (lifetime > 0) {
if (settings.useLifetimeConstraintWhenAdding()) {
m_error += "\n" + tr("Restricted lifetime is not supported by the agent (check options).");
}

if (confirm) {
if (settings.useConfirmConstraintWhenAdding()) {
m_error += "\n" + tr("A confirmation request is not supported by the agent (check options).");
}

Expand All @@ -231,7 +233,7 @@ bool SSHAgent::addIdentity(OpenSSHKey& key, bool removeOnLock, quint32 lifetime,

OpenSSHKey keyCopy = key;
keyCopy.clearPrivate();
m_addedKeys[keyCopy] = removeOnLock;
m_addedKeys[keyCopy] = settings.removeAtDatabaseClose();
return true;
}

Expand Down Expand Up @@ -364,15 +366,10 @@ void SSHAgent::databaseModeChanged()
key.setComment(fileName);
}

if (!m_addedKeys.contains(key) && settings.addAtDatabaseOpen()) {
quint32 lifetime = 0;

if (settings.useLifetimeConstraintWhenAdding()) {
lifetime = static_cast<quint32>(settings.lifetimeConstraintDuration());
}

if (!addIdentity(
key, settings.removeAtDatabaseClose(), lifetime, settings.useConfirmConstraintWhenAdding())) {
if (settings.addAtDatabaseOpen()) {
// Add key to agent; ignore errors if we have previously added the key
bool known_key = m_addedKeys.contains(key);
if (!addIdentity(key, settings) && !known_key) {
emit error(m_error);
}
}
Expand Down
3 changes: 2 additions & 1 deletion src/sshagent/SSHAgent.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@

#include "crypto/ssh/OpenSSHKey.h"
#include "gui/DatabaseWidget.h"
#include "sshagent/KeeAgentSettings.h"

class SSHAgent : public QObject
{
Expand All @@ -36,7 +37,7 @@ class SSHAgent : public QObject

const QString errorString() const;
bool isAgentRunning() const;
bool addIdentity(OpenSSHKey& key, bool removeOnLock, quint32 lifetime, bool confirm);
bool addIdentity(OpenSSHKey& key, KeeAgentSettings& settings);
bool removeIdentity(OpenSSHKey& key);
void setAutoRemoveOnLock(const OpenSSHKey& key, bool autoRemove);

Expand Down