Keepassxc: Multiple issues (tray icon, auto-add SSH agent keys, DB opens twice) when unlocking a database from the command line (since KeePass 2.4.0)
Expected Behavior
When unlocking the password database through the command line, such as for example, using a command like the following:
cat "the_password.bin" | keepassxc /path/to/database.kdbx --pw-stdin
I expect the database to unlock as if I had done the equivalent actions (select the database and type the password) through the graphical user interface.
Current Behavior
When unlocking the password database through the command line, the following differences are observed compared to unlocking the database through the graphical user interface:
Even though the database unlocks, the icon that is shown in the system tray, is the same as if the database were still locked. Screenshot
Even if the SSH agent is enabled, and one or more entries have an associated SSH key, and the "Add key to agent when database is opened/unlocked" checkbox is checked, the SSH keys are not automatically added to the SSH agent when the database is opened. However, manually going to the entry and clicking "Add to agent" works. Screenshot
After opening KeePassXC + unlocking the database through the command line, closing KeePassXC, and then reopening KeePassXC + reunlocking the database through the command line, one has two tabs for the same database: One of them is locked, and the other is unlocked. Screenshot
NOTE: The problems don't happen in KeePassXC 2.3.4, but they happen in KeePassXC 2.4.0 and current master.
Possible Solution
I traced back problems (1) and (2) to the big commit d612cad09a4f1cd8ef9bf6be8bf90b75248ecfef "Refactor Database and Database widgets". However, I haven't done further research. My guess is that the root cause for both problems is the same, probably that this commit inadvertently broke the behaviour of some events that are triggered when unlocking the database, and they don't trigger if the database is unlocked at startup.
I think problem (3) is related to the bootstrap function. If true, the locked tab would correspond to the restored database tab from when the application was closed, and the unlocked tab would correspond to the database that was passed through the command line. If this is the case, there should be some communication mechanism between the bootstrap and the command line unlocking, so that only one tab is opened for a database.
Steps to Reproduce
- Create a KeePassXC database, let's say with password '1234'. Enable the tray icon and SSH agent in the settings, and create an entry with an associated SSH key, checking the 'Add key to agent when database is opened/unlocked' option in the SSH agent tab. Save it to, let's say, /tmp/db.kdbx.
- Close KeePassXC completely.
- Open KeePassXC and unlock the database though the command line like so:
echo 1234 | keepassxc /tmp/db.kdbx --pw-stdin
- (Problem 1) Observe the tray icon aften KeePassXC is opened. Even though the database is unlocked, it will still show the icon as if the database were locked.
- (Problem 2) Check the SSH agent key list (
ssh-add -l). The SSH key associated to the database will not have been added automatically when the database was unlocked. - (Problem 3) Close KeePassXC and reopen it like in step (3). Observe how there are two tabs for the same database in the tab list.
Context
I have a small startup script to unlock KeePassXC using a keyfile when (re)starting the computer, without any user interaction, so I can start working right away. This bug would require me to manually unlock KeePassXC every time I (re)start the computer, since I don't have access to my SSH keys and have other minor issues otherwise, so I downgraded to 2.3.4.
I use X11+i3 for the GUI, in case it's specific for the tray icon issues.
Debug Info
KeePassXC - Version 2.4.0
Revision: c51752d
Libraries:
- Qt 5.12.2
- libgcrypt 1.8.4
Operating system: Arch Linux
CPU architecture: x86_64
Kernel: linux 5.0.2-arch1-1-ARCH
Enabled extensions:
- Auto-Type
- Browser Integration
- SSH Agent
- KeeShare (only unsigned sharing)
- YubiKey
joanbm
All 2 comments
Ahhh it looks like the MainWindow::openDatabase function was left behind during the refactor. The issue is the MainWindow function should be calling the DatabaseTabWidget::openDatabase(QString, bool, QString) function. Instead it tries to roll its own implementation and fails spectacularly.
droidmonkey
on 21 Mar 2019
@droidmonkey Just did a very quick test with the PR #2830, and everything looks OK so far, can't reproduce any of the 3 issues.
I'll be running 2.4.0 + PR #2830 until 2.4.1 comes out, so hopefully it will get some testing beforehand.
If anyone is interested, here's my PKGBUILD: https://pastebin.com/7TsfiS6E (c.f. the original at https://git.archlinux.org/svntogit/community.git/tree/trunk?h=packages/keepassxc )
PS: Forgot to say, nice quick fix for the problem 馃樃
joanbm
on 22 Mar 2019
Related issues
clementlesne
路
3Comments
shyim
路
3Comments
shaneknysh
路
3Comments
813gan
路
3Comments
guihkx
路
3Comments
Most helpful comment
@droidmonkey Just did a very quick test with the PR #2830, and everything looks OK so far, can't reproduce any of the 3 issues.
I'll be running 2.4.0 + PR #2830 until 2.4.1 comes out, so hopefully it will get some testing beforehand.
If anyone is interested, here's my PKGBUILD: https://pastebin.com/7TsfiS6E (c.f. the original at https://git.archlinux.org/svntogit/community.git/tree/trunk?h=packages/keepassxc )
PS: Forgot to say, nice quick fix for the problem 馃樃