1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
using System;
using System.Collections.Generic;
using System.Drawing;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
using System.Windows.Forms;
using System.Xml.Serialization;
using KeePass.App.Configuration;
using KeePass.Plugins;
using KeePass.UI;
using KeePassRPC.Properties;
namespace KeePassRPC.Forms
{
public partial class OptionsForm : Form
{
private IPluginHost _host;
private KeePassRPCExt _plugin;
public OptionsForm(IPluginHost host, KeePassRPCExt plugin)
{
_host = host;
_plugin = plugin;
InitializeComponent();
Icon = Resources.KPRPCico;
checkBox1.Text = "Automatically save KeePass database when Kee makes changes";
if (host.CustomConfig.GetBool("KeePassRPC.KeeFox.autoCommit", true))
checkBox1.Checked = true;
else
checkBox1.Checked = false;
checkBox2.Text = "Immediately edit entries created by Kee";
if (host.CustomConfig.GetBool("KeePassRPC.KeeFox.editNewEntries", false))
checkBox2.Checked = true;
else
checkBox2.Checked = false;
label13.Text = "You can generate new random passwords from Kee. These are stored in your system clipboard ready for you to paste into \"new user\" or \"change password\" fields. To protect against accidents these new passwords can be automatically stored in your current KeePass database under a special \"Kee Generated Password Backups\" group. You can generate new passwords when not logged in to a KeePass database but they will not receive this extra protection. The KeePass database can NOT be automatically saved after creating these backups so some problems can still result in a lost generated password.";
checkBox3.Text = "Store a backup of each password generated by Kee";
if (host.CustomConfig.GetBool("KeePassRPC.KeeFox.backupNewPasswords", true))
checkBox3.Checked = true;
else
checkBox3.Checked = false;
textBoxAuthExpiry.Text = (_host.CustomConfig.GetLong("KeePassRPC.AuthorisationExpiryTime", 8760 * 3600) / 3600).ToString();
long secLevel = _host.CustomConfig.GetLong("KeePassRPC.SecurityLevel", 2);
long secLevelClientMin = _host.CustomConfig.GetLong("KeePassRPC.SecurityLevelClientMinimum", 2);
switch (secLevel)
{
case 1: comboBoxSecLevelKeePass.SelectedItem = "Low"; break;
case 2: comboBoxSecLevelKeePass.SelectedItem = "Medium"; break;
default: comboBoxSecLevelKeePass.SelectedItem = "High"; break;
}
switch (secLevelClientMin)
{
case 1: comboBoxSecLevelMinClient.SelectedItem = "Low"; break;
case 2: comboBoxSecLevelMinClient.SelectedItem = "Medium"; break;
default: comboBoxSecLevelMinClient.SelectedItem = "High"; break;
}
label6.Text = "Listen for connections on this TCP/IP port.";
textBoxPort.Text = _host.CustomConfig.GetLong("KeePassRPC.webSocket.port", 12546).ToString();
UpdateAuthorisedConnections();
}
private void UpdateAuthorisedConnections()
{
KeyContainerClass[] kcs = FindAuthorisedConnections();
bool anyConnectionCompromised = false;
if (kcs == null)
{
// Tell the user it's not worked.
dataGridView1.Visible = false;
labelAuthorisedClientsFail.Visible = true;
return;
}
List<string> connectedClientUsernames = new List<string>();
foreach (KeePassRPCClientConnection client in _plugin.GetConnectedRPCClients())
if (!string.IsNullOrEmpty(client.UserName))
connectedClientUsernames.Add(client.UserName);
// Update the screen
foreach (KeyContainerClass kc in kcs)
{
bool connected = false;
if (connectedClientUsernames.Contains(kc.Username))
connected = true;
string[] row = { kc.ClientName, kc.Username, kc.AuthExpires.ToString() };
int rowid = dataGridView1.Rows.Add(row);
dataGridView1.Rows[rowid].Cells[3].Value = connected;
bool compromised = kc.Key == "5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9";
if (compromised) {
anyConnectionCompromised = true;
dataGridView1.Rows[rowid].DefaultCellStyle.ForeColor = Color.DarkRed;
}
}
if (anyConnectionCompromised) {
Utils.ShowMonoSafeMessageBox(@"Your KeePass instance may have previously been exploited by a malicious attacker.
The passwords contained within any databases that were open before this point may have been exposed so you should change them.
Suspicious clients will be listed in red on the Authorised clients tab.
See https://forum.kee.pm/t/3143/ for more information.",
"WARNING!",
MessageBoxButtons.OK,
MessageBoxIcon.Warning);
}
}
private KeyContainerClass[] FindAuthorisedConnections()
{
//This might not work, especially in .NET 2.0 RTM, a shame but more
//up to date users might as well use the feature if possible.
Dictionary<string, string> configValues;
try
{
FieldInfo fi = null;
fi = typeof(AceCustomConfig)
.GetField("m_vItems", BindingFlags.NonPublic | BindingFlags.Instance);
if (fi == null)
{
fi = typeof(AceCustomConfig)
.GetField("m_d", BindingFlags.NonPublic | BindingFlags.Instance);
}
configValues = (Dictionary<string, string>)fi.GetValue(_host.CustomConfig);
}
catch
{
return null;
}
List<KeyContainerClass> keyContainers = new List<KeyContainerClass>();
foreach (KeyValuePair<string, string> kvp in configValues)
{
if (kvp.Key.StartsWith("KeePassRPC.Key."))
{
string username = kvp.Key.Substring(15);
byte[] serialisedKeyContainer = null;
// Assume config entry is encrypted but fall back to attempting direct deserialisation if something goes wrong
if (string.IsNullOrEmpty(kvp.Value))
return null;
try
{
byte[] keyBytes = ProtectedData.Unprotect(
Convert.FromBase64String(kvp.Value),
new byte[] { 172, 218, 37, 36, 15 },
DataProtectionScope.CurrentUser);
serialisedKeyContainer = keyBytes;
XmlSerializer mySerializer = new XmlSerializer(typeof(KeyContainerClass));
using (MemoryStream ms = new MemoryStream(serialisedKeyContainer))
{
keyContainers.Add((KeyContainerClass) mySerializer.Deserialize(ms));
}
}
catch (Exception)
{
try
{
serialisedKeyContainer = Convert.FromBase64String(kvp.Value);
XmlSerializer mySerializer = new XmlSerializer(typeof(KeyContainerClass));
using (MemoryStream ms = new MemoryStream(serialisedKeyContainer))
{
keyContainers.Add((KeyContainerClass) mySerializer.Deserialize(ms));
}
}
catch (Exception)
{
// It's not a valid entry so ignore it and move on
}
}
}
}
return keyContainers.ToArray();
}
private void m_btnOK_Click(object sender, EventArgs e)
{
ulong port = 0;
try
{
if (textBoxPort.Text.Length > 0)
{
port = ulong.Parse(textBoxPort.Text);
if (port <= 0 || port > 65535)
throw new ArgumentOutOfRangeException();
if (port == _host.CustomConfig.GetULong("KeePassRPC.connection.port", 12536))
throw new ArgumentException("The legacy KeePassRPC connection system is configured to use the port you have selected so please select a different port.");
if (port == 19455)
throw new ArgumentException("Port 19455 is commonly used by the unrelated KeePassHTTP plugin so please select a different port.");
}
}
catch (ArgumentOutOfRangeException)
{
Utils.ShowMonoSafeMessageBox("Invalid listening port. Type a number between 1 and 65535 or leave empty to use the default port.");
DialogResult = DialogResult.None;
return;
}
catch (OverflowException)
{
Utils.ShowMonoSafeMessageBox("Invalid listening port. Type a number between 1 and 65535 or leave empty to use the default port.");
DialogResult = DialogResult.None;
return;
}
catch (ArgumentException ex)
{
Utils.ShowMonoSafeMessageBox(ex.Message);
DialogResult = DialogResult.None;
return;
}
long expTime = 8760;
try
{
expTime = long.Parse(textBoxAuthExpiry.Text);
}
catch (Exception)
{
Utils.ShowMonoSafeMessageBox("Invalid expiry time.");
DialogResult = DialogResult.None;
return;
}
if (expTime < 1)
{
expTime = 1;
Utils.ShowMonoSafeMessageBox("Expiry time set to 1 hour. This is the minimum allowed.");
}
if (expTime > 876000)
{
expTime = 876000;
Utils.ShowMonoSafeMessageBox("Expiry time set to 100 years. This is the maximum allowed.");
}
long secLevel = 2;
long secLevelClientMin = 2;
switch ((string)comboBoxSecLevelKeePass.SelectedItem)
{
case "Low": secLevel = 1; break;
case "Medium": secLevel = 2; break;
default: secLevel = 3; break;
}
switch ((string)comboBoxSecLevelMinClient.SelectedItem)
{
case "Low": secLevelClientMin = 1; break;
case "Medium": secLevelClientMin = 2; break;
default: secLevelClientMin = 3; break;
}
_host.CustomConfig.SetBool("KeePassRPC.KeeFox.autoCommit", checkBox1.Checked);
_host.CustomConfig.SetBool("KeePassRPC.KeeFox.editNewEntries", checkBox2.Checked);
_host.CustomConfig.SetBool("KeePassRPC.KeeFox.backupNewPasswords", checkBox3.Checked);
_host.CustomConfig.SetLong("KeePassRPC.AuthorisationExpiryTime", expTime * 3600);
_host.CustomConfig.SetLong("KeePassRPC.SecurityLevel", secLevel);
_host.CustomConfig.SetLong("KeePassRPC.SecurityLevelClientMinimum", secLevelClientMin);
if (port > 0)
{
ulong originalPort = _host.CustomConfig.GetULong("KeePassRPC.webSocket.port", 12546);
_host.CustomConfig.SetULong("KeePassRPC.webSocket.port", port);
if (port != originalPort)
{
Utils.ShowMonoSafeMessageBox("Restart KeePass to start using the new connection port");
}
}
_host.MainWindow.Invoke((MethodInvoker)delegate { _host.MainWindow.SaveConfig(); });
}
private void OnFormLoad(object sender, EventArgs e)
{
GlobalWindowManager.AddWindow(this);
// Prevent one cell being blue by default to reduce distraction
dataGridView1.ClearSelection();
}
private void btnCancel_Click(object sender, EventArgs e)
{
Close();
}
private void OnFormClosed(object sender, FormClosedEventArgs e)
{
GlobalWindowManager.RemoveWindow(this);
}
private void comboBoxSecLevelKeePass_SelectedIndexChanged(object sender, EventArgs e)
{
if ((string)comboBoxSecLevelKeePass.SelectedItem == "Low")
labelSecLevelWarning.Text = "A low security setting could increase the chance of your passwords being stolen. Please make sure you read the information in the manual (see link above).";
else if ((string)comboBoxSecLevelKeePass.SelectedItem == "High")
labelSecLevelWarning.Text = "A high security setting will require you to enter a randomly generated password every time you start KeePass or its client. A medium setting should suffice in most situations, especially if you set a low authorisation timeout below.";
else
labelSecLevelWarning.Text = "";
}
private void dataGridView1_CellContentClick(object sender, DataGridViewCellEventArgs e)
{
if (e.ColumnIndex == 4)
{
string username = (string)dataGridView1.Rows[e.RowIndex].Cells[1].Value;
// Revoke authorisation by deleting stored key data
_host.CustomConfig.SetString("KeePassRPC.Key." + username, null);
// If this connection is active, destroy it now
foreach (KeePassRPCClientConnection client in _plugin.GetConnectedRPCClients())
if (!string.IsNullOrEmpty(client.UserName) && client.UserName == username)
{
client.WebSocketConnection.Close();
break;
}
// Refresh the view
dataGridView1.Rows.RemoveAt(e.RowIndex);
dataGridView1.Refresh();
//UpdateAuthorisedConnections();
}
}
}
}
|
