Sharing groups #2109
Sharing groups #2109
Conversation
|
Hey, thanks for your follow-up PR. Could you please check why the tests are failing and resolve the merge conflicts? Then we can start reviewing your changes. |
|
CodeFactor fails currently due to an intended duplication in |
|
That means we need to increment the version number in the docker script so it rebuilds the image. You can ignore the code factor finding as long as what you wrote here is documented in comments. |
|
@ckieschnick sorry for the incredible delay on this PR. We had to clean house a little first. I will rebase this after we merge your first PR. Any additional comments? |
|
I'm currently quite busy, so I couldn't track the progress - therefore I have nothing to comment. In case problems arise, I'll try to support you. |
|
Please consider adding the option of keeping a configurable number of backups (e.g. 3 older backups), not just one. |
droidmonkey
requested review from
phoerious and
droidmonkey
and removed request for
phoerious
droidmonkey
force-pushed
the
feature/sharing_groups
branch
from
92f18ff to
49164b8
Compare
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE * Move common crypto parts to src/crypto/ssh * Extended OpenSSHKey * Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher) * Small improvements for style and code in several classes * Sharing is secured using RSA-Keys which are generated on demand * Publisher signs the container using their private key * Client can verify the signed container and choose to decline an import, import only once or trust the publisher and automatically import all data of this source henceforth * Integration of settings into Group-Settings, Database-Settings and Application-Settings * Introduced dependency QuaZip as dependency to allow combined export of key container and the (custom format) certificate
* Add Sharing section to Quickstart Guide * Add pictures and text in quickstart to match extended functionality
droidmonkey
force-pushed
the
feature/sharing_groups
branch
from
49164b8 to
b9d6cb5
Compare
* Removed libquazip-headers from trusty ci images Trusty does not provide libquazip-headers (they are part of libquazip-dev most likely) * Bump rebuild counter
droidmonkey
force-pushed
the
feature/sharing_groups
branch
from
b9d6cb5 to
28e7540
Compare
|
Some issues I found right away:
|
|
For clarification:
Regarding your first point - I didn't have time to check the implementation against the current develop in the last month, but this problem seems weird. I'm currently quite busy, but I may be able to help, if you can provide some more information on this issue. |
|
@ckieschnick no problems, these were more notes for me to investigate further and provide fixes. It is very very likely we are going to drop the QuaZip usage, it currently does not have a port for Qt5 on Trusty and possibly not on macOS either. We could integrate it directly, but I'm sure the Debian folks will have a cow about that. I am mainly trying to find where the plugin breaks down so we can either add guards to warn or prevent the user from making a mistake. |
|
I've been testing this feature today. Very good functionality. However, the first thing which struck me as odd (even though it's mentioned in the docs) is the flat initial syncing.
|
|
@dsonck92 great points, this does require a little bit of work. I think the default behavior should be to maintain structure, it does not make any sense to eliminate structure that is created. |
|
I'll try to address the points in the same order as given:
|
Changed build options to use only WITH_XC_KEESHARE and WITH_XC_KEESHARE_SECURE - WITH_XC_KEESHARE_INSECURE remains as internal variable to highlight differences (may allow to build schemes later) Message widget in KeeShare settings for groups is not closeable anymore
QuaZip should now usable under windows (fixed include in FindQuaZip) Renamed the representation from secure and unsecure to signed and unsigned
|
I could reproduce the problem with the multiple dialogs - it's a problem with the |
BulkFileWatcher emitted multiple file change signals (like QFileSystemWatcher) for the watched files. Introduced a delay by waiting until the end of the event loop to aggregate signals emitted by QFileSystemWatcher before emitting custom signals.
|
Awesome, I tested everything out and it works much better. I think we can do a code review and merge it in afterwards. Any minor ui/ux issues can be cleaned up in a new PR. Thank you so much for your work on this and the previous PR. Many many people around the world are looking forward to this feature! |
|
@ckieschnick great work on this, it is now a part of 2.4.0 |
- New Database Wizard [#1952] - Advanced Search [#1797] - Automatic update checker [#2648] - KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739] - Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439] - Remove KeePassHttp support [#1752] - CLI: output info to stderr for easier scripting [#2558] - CLI: Add --quiet option [#2507] - CLI: Add create command [#2540] - CLI: Add recursive listing of entries [#2345] - CLI: Fix stdin/stdout encoding on Windows [#2425] - SSH Agent: Support OpenSSH for Windows [#1994] - macOS: TouchID Quick Unlock [#1851] - macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583] - Linux: Prevent Klipper from storing secrets in clipboard [#1969] - Linux: Use polling based file watching for NFS [#2171] - Linux: Enable use of browser plugin in Snap build [#2802] - TOTP QR Code Generator [#1167] - High-DPI Scaling for 4k screens [#2404] - Make keyboard shortcuts more consistent [#2431] - Warn user if deleting referenced entries [#1744] - Allow toolbar to be hidden and repositioned [#1819, #2357] - Increase max allowed database timeout to 12 hours [#2173] - Password generator uses existing password length by default [#2318] - Improve alert message box button labels [#2376] - Show message when a database merge makes no changes [#2551] - Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790] - Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]
|
Can someone please briefly explain the essential difference of this new addition and the AutoOpen functionality? If I understood the quickstart document correctly there is an additional |
|
AutoOpen keeps the database OUTSIDE of the currently used database. KeeShare brings the database INSIDE to the currently used database. Also the ability to IMPORT, EXPORT, SYNCHRONIZE versus just SYNCHRONIZE with AutoOpen. |
|
Thank you 👍 |
|
So, do I understand it right that you actually can not share the database with other versions of Keepass (e.g. Keepass2Android) and the implementation is essentially useless for mobile users because there is no KeePassXC for Android and no other keepass client has support for this sophisticated mechanism? |
|
You cannot update the share (currently) with KeePass2Android. However, the main database you use will have all shared entries stored within it and are accessible by other keepass clients. KeePass2 has support for the KeeShare implementation via a plugin. |
|
The mentioned quickstart guide is no longer available (404) and should be updated to QUICKSTART.md I also tested the share functionallity in my family and we ended up with a lot of confusion: duplicate entries, keys are not moved to new locations, users do not get when and why entries stop syncrhonization. I think to make "Sharing groups" working the way users expect would require more work than implementing a real sync like available in the C# keepass which is working quite good. In long term I would prefer a real database approach (postgres, mysql) for managing shared passwords beeing able to define group permissions, audit logs. This could be implemented as a simple and secure REST service in the first step and extended by messaging (e.g. rabbitmq) to "push" changes to the clients while they're connected. I'm willing to provice the server part with my company but we don't have any c skills for the client part. |
|
Please open a new issue (search first please) for any suggestions or bugs you come across. Please don't add to this completed PR. |
phoerious
added
pr: new feature
In many cases passwords should be kept secret and should not be shared with anyone, sometimes it is tiresome to give everybody access to the specific passwords without publishing the rest. Since keeping multiple databases does not do any good, especially when many people may need to access and update them, we created an extension which allows to share groups of entries with multiple peers while keeping others private without the need of multiple databases and regardless of the file location.
Description
The extension allows to export/import or synchronize(=import+export) groups with their contained entries to other parties. The shared data is placed in a share container which may be published by any means (i.e. cloud, network share, ...). Any client can import this container as long he has the password.
The sharing container is protected using a certificate which at least ensures that the source is the expected one, so the client may decline to import data from an untrusted source.
The features does make use of the synchronization (#1992) and merges data in time order (newest data will be on top, older data will be moved to the history).
All data required to work for KeeShare is stored either in KeePassXC-Settings or
CustomData, so the extension is fully compatible with existing databases.Motivation and context
It is often necessary to publish certain secrets to a selected group of people but protecting those secret none the less. Just imagine a company which wants to distribute passwords to some employee groups (i.e. banking data just for the managers, root passwords for admins). Those passwords can be published on internal sites, but keeping them in a password manager makes it easy to protect them. If the password manager takes care, that the passwords are up to date, even when it is not centralized, it would be even better. That's why we introduced the group sharing feature (KeeShare) to KeePassXC. There is no need to keep multiple databases around which may have problems when shared using some technologies.
Furthermore, the extension addresses some more wishes and improvements from the issue list:
Problems and Tickets which may gain in importance:
Possible use cases are:
How has this been tested?
There are extensions to the test suite, but a lot of functionality is tested manually. I'm note sure if a UI-test would be justified.
Screenshots (if appropriate):
Please look in the updated QUICKSTART
Types of changes
Checklist:
-DWITH_ASAN=ON.