Fixes bug #1185 where the password from the CLI wouldn't be send to KeePassXC

[TheChiefMeat]

Description

Fixes bug #1185 where the password from the CLI wouldn't be send to KeePassXC

Motivation and context

Original bug thread: https://github.com/keepassxreboot/keepassxc/issues/1185
I wanted to be able to more easily launch my database.

How has this been tested?

Ran the changed code on two Windows 10 64-bit machines.
The new code works in all the below tested configurations:

To test use the following:

keepassxc --pw-stdin PASSWORD --keyfile G:\KEYFILE.key D:\KeePass\Database.kdbx
keepassxc --keyfile G:\KEYFILE.key D:\KeePass\Database.kdbx --pw-stdin PASSWORD

Types of changes

• ✅ Bug fix (non-breaking change which fixes an issue)

Checklist:

• ✅ I have read the CONTRIBUTING document. [REQUIRED]
• ✅ My code follows the code style of this project. [REQUIRED]
• ✅ All new and existing tests passed. [REQUIRED]
• ✅ I have added tests to cover my changes.

[phoerious]

I don't think this is working. You just made the --pw-stdin option effectively a --password option. The reason why we read the password from STDIN instead of the command line is that with the latter option your password would appear in the process list (possibly readable by other users) and in your shell history. You should therefore never provide passwords on the command line.

[TheChiefMeat]

I'm trying to get it to work with stdin but it never sends the password at all, lines 145-149 effectively did nothing. I'm not really sure why it doesn't function the way intended, but so far the only method I've found for getting the password to the input box is to do it more directly like I have done.

[phoerious]

It works on other platforms, but not on Windows.

[TheChiefMeat]

I'm not entirely sure what I should do then. If it's working for other platforms but not for Windows, then I don't know why it's acting the way it is.

[phoerious]

The problem is that GUI applications on Windows don't have an attached console like *nix applications have.

[TheChiefMeat]

Would something like:
#ifdef Q_OS_WIN
mainWindow.openDatabase(filename, parser.value(pwstdinOption), parser.value(keyfileOption));
#else
mainWindow.openDatabase(filename, password, parser.value(keyfileOption));
#endif

be a good enough solution here so all platforms have a working option?

[TheChiefMeat]

Also there are some strange discrepancies between the src folder on the Github site and the actual keepassxc-2.2.4-src.tar.xz file, notably line 103 Translator::installTranslator(); is Translator::installTranslators(); , and the

#if defined(Q_OS_WIN)
Q_IMPORT_PLUGIN(QWindowsIntegrationPlugin)
#elif defined(Q_OS_UNIX) && !defined(Q_OS_MAC)
Q_IMPORT_PLUGIN(QXcbIntegrationPlugin)
#endif

I assume this is something in development.

[phoerious]

2.2.4 is built from the 2.2.4 tag. 😉

[TheChiefMeat]

Ahh,...I must be getting sleepy.

What do you think of the new proposed solution? It would allow both the other two OSes to continue to have the previous working solution, but would give Windows users a functioning option to send their password through to the application.

[phoerious]

I'm not a fan of passwords on the command line. It's just bad security practice.

[TheChiefMeat]

I think this is the only way of getting that function to work on Windows tbh.

[TheChiefMeat]

I'm getting a compilation error about the lack of missing argon2 libraries when I try to compile now, did something major change with the dev branch?

[phoerious]

Yes, we merged KDBX4. Also please don't merge in changes. Use rebasing, otherwise we need to edit out the merge commits before merging into develop.

[TheChiefMeat]

Okay, I did a full reinstall of my env but I still get:

objcopy: 'ARGON2_SYS_LIBRARIES-NOTFOUND': No such file

I guess there's missing information on the wiki as it's out of date now?

[phoerious]

You need libargon2-0-dev. The wiki hasn't been updated yet.

[Remonli]

Bad news that this bug fix was postponed to 2.4.0.

[TheChiefMeat]

@Remonli I don't think the fix I'm using it going to be used in a release build tbh.

[Remonli]

@TheChiefMeat Sorry, I don't understand, do you mean this fix will not be included even in future release
and you will not follow up ?

[TheChiefMeat]

@Remonli I'm not one of the main contributors, so I can't push the code to a release. I think the developers of KeePassXC aren't satisfied with how I fixed it, so it's going to be left as it is.

outdated

[droidmonkey]

@TheChiefMeat please rebase on develop, squash all your commits, and fix your whitespace and this can be merged.

[TheChiefMeat]

Well...I can't seem to do any of those things as I deleted the fork thinking this wouldn't ever actually go through due to the fact that the password was on the command line...

I guess I'll need to reopen the pull request, apparently this has been an issue with github for ages.

[TheZ3ro]

I think this is already fixed now after #1608 #1628 and #1686