From 12ab3513c746272238acf2fa6fef6cc02c84ba21 Mon Sep 17 00:00:00 2001 From: Tobias Beeh Date: Wed, 16 Oct 2019 15:11:47 +0200 Subject: [PATCH] Add check for database files when selecting a key file Reject own database file as the key file. Prompt for other kdbx files as key files. Also add a static warning message to the key file selection dialog --- src/gui/dbsettings/DatabaseSettingsWidget.cpp | 6 +++++ src/gui/dbsettings/DatabaseSettingsWidget.h | 2 ++ src/gui/masterkey/KeyFileEditWidget.cpp | 24 ++++++++++++++++++- src/gui/masterkey/KeyFileEditWidget.h | 6 ++++- src/gui/masterkey/KeyFileEditWidget.ui | 17 ++++++++++++- 5 files changed, 52 insertions(+), 3 deletions(-) diff --git a/src/gui/dbsettings/DatabaseSettingsWidget.cpp b/src/gui/dbsettings/DatabaseSettingsWidget.cpp index 4699344a7d..224c4e5655 100644 --- a/src/gui/dbsettings/DatabaseSettingsWidget.cpp +++ b/src/gui/dbsettings/DatabaseSettingsWidget.cpp @@ -43,3 +43,9 @@ void DatabaseSettingsWidget::load(QSharedPointer db) m_db = std::move(db); initialize(); } + +const QSharedPointer DatabaseSettingsWidget::getDatabase() const +{ + return m_db; +} + diff --git a/src/gui/dbsettings/DatabaseSettingsWidget.h b/src/gui/dbsettings/DatabaseSettingsWidget.h index 5a6e5c0690..9efe072b81 100644 --- a/src/gui/dbsettings/DatabaseSettingsWidget.h +++ b/src/gui/dbsettings/DatabaseSettingsWidget.h @@ -38,6 +38,8 @@ class DatabaseSettingsWidget : public SettingsWidget virtual void load(QSharedPointer db); + const QSharedPointer getDatabase() const; + signals: /** * Can be emitted to indicate size changes and allow parents widgets to adjust properly. diff --git a/src/gui/masterkey/KeyFileEditWidget.cpp b/src/gui/masterkey/KeyFileEditWidget.cpp index ff56f2cb4f..e6b5bef493 100644 --- a/src/gui/masterkey/KeyFileEditWidget.cpp +++ b/src/gui/masterkey/KeyFileEditWidget.cpp @@ -17,6 +17,7 @@ #include "KeyFileEditWidget.h" #include "ui_KeyFileEditWidget.h" +#include #include "gui/FileDialog.h" #include "gui/MainWindow.h" @@ -24,9 +25,10 @@ #include "keys/CompositeKey.h" #include "keys/FileKey.h" -KeyFileEditWidget::KeyFileEditWidget(QWidget* parent) +KeyFileEditWidget::KeyFileEditWidget(DatabaseSettingsWidget* parent) : KeyComponentWidget(parent) , m_compUi(new Ui::KeyFileEditWidget()) + , m_parent(parent) { setComponentName(tr("Key File")); setComponentDescription(tr("

You can add a key file containing random bytes for additional security.

" @@ -120,6 +122,26 @@ void KeyFileEditWidget::browseKeyFile() QString filters = QString("%1 (*.key);;%2 (*)").arg(tr("Key files"), tr("All files")); QString fileName = fileDialog()->getOpenFileName(this, tr("Select a key file"), QString(), filters); + if (QFileInfo(fileName).canonicalFilePath() == m_parent->getDatabase()->canonicalFilePath()) { + MessageBox::critical(getMainWindow(), + tr("Invalid Key File"), + tr("You cannot use the current database as its own keyfile. Please choose a different " + "file or generate a new key file.")); + return; + } else if (fileName.endsWith(".kdbx", Qt::CaseInsensitive)) { + auto response = + MessageBox::warning(getMainWindow(), + tr("Suspicious Key File"), + tr("The chosen key file looks like a password database file. A key file must be a " + "static file that never changes or you will lose access to your database " + "forever.\nAre you sure you want to continue with this file?"), + MessageBox::Continue | MessageBox::Cancel, + MessageBox::Cancel); + if (response != MessageBox::Continue) { + return; + } + } + if (!fileName.isEmpty()) { m_compUi->keyFileCombo->setEditText(fileName); } diff --git a/src/gui/masterkey/KeyFileEditWidget.h b/src/gui/masterkey/KeyFileEditWidget.h index 76cb31fa47..7d5868e88a 100644 --- a/src/gui/masterkey/KeyFileEditWidget.h +++ b/src/gui/masterkey/KeyFileEditWidget.h @@ -26,12 +26,15 @@ namespace Ui class KeyFileEditWidget; } +class DatabaseSettingsWidget; + class KeyFileEditWidget : public KeyComponentWidget { Q_OBJECT + public: - explicit KeyFileEditWidget(QWidget* parent = nullptr); + explicit KeyFileEditWidget(DatabaseSettingsWidget* parent); Q_DISABLE_COPY(KeyFileEditWidget); ~KeyFileEditWidget() override; @@ -49,6 +52,7 @@ private slots: private: const QScopedPointer m_compUi; QPointer m_compEditWidget; + const QPointer m_parent; }; #endif // KEEPASSXC_KEYFILEEDITWIDGET_H diff --git a/src/gui/masterkey/KeyFileEditWidget.ui b/src/gui/masterkey/KeyFileEditWidget.ui index fd52e2e1f4..088995dc87 100644 --- a/src/gui/masterkey/KeyFileEditWidget.ui +++ b/src/gui/masterkey/KeyFileEditWidget.ui @@ -6,7 +6,7 @@ 0 0 - 364 + 370 76 @@ -72,6 +72,21 @@ + + + + + true + + + + Note: Do not use a file that may change as that will prevent you from unlocking your database! + + + true + + +