Implement SSH key file path env substitution

Supports all platforms, including Windows with %FOO% syntax. Fixes #3523
keepassxreboot · Nov 12, 2019 · 6faf444 · 6faf444
1 parent d007ee9
commit 6faf444
Show file tree

Hide file tree

Showing 8 changed files with 57 additions and 2 deletions.
diff --git a/src/core/Tools.cpp b/src/core/Tools.cpp
@@ -296,6 +296,30 @@ namespace Tools
         return QUuid::fromRfc4122(QByteArray::fromHex(uuid.toLatin1()));
     }
 
+    QString envSubst(const QString& path, QProcessEnvironment environment)
+    {
+        QString fileName = path;
+
+#if defined(Q_OS_WIN)
+        QRegularExpression varRe("\\%([A-Za-z][A-Za-z0-9_]*)\\%");
+#else
+        QRegularExpression varRe("\\$([A-Za-z][A-Za-z0-9_]*)");
+        fileName.replace("~", environment.value("HOME"));
+#endif
+
+        QRegularExpressionMatch match;
+
+        do {
+            match = varRe.match(fileName);
+            if (match.hasMatch()) {
+                fileName = fileName.left(match.capturedStart()) + environment.value(match.captured(1))
+                           + fileName.mid(match.capturedStart() + match.capturedLength());
+            }
+        } while (match.hasMatch());
+
+        return fileName;
+    }
+
     Buffer::Buffer()
         : raw(nullptr)
         , size(0)

diff --git a/src/core/Tools.h b/src/core/Tools.h
@@ -22,6 +22,7 @@
 #include "core/Global.h"
 
 #include <QObject>
+#include <QProcessEnvironment>
 #include <QString>
 #include <QUuid>
 
@@ -47,6 +48,7 @@ namespace Tools
                                       bool useWildcards = false,
                                       bool exactMatch = false,
                                       bool caseSensitive = false);
+    QString envSubst(const QString& path, QProcessEnvironment environment = QProcessEnvironment::systemEnvironment());
 
     template <typename RandomAccessIterator, typename T>
     RandomAccessIterator binaryFind(RandomAccessIterator begin, RandomAccessIterator end, const T& value)

diff --git a/src/gui/entry/EditEntryWidget.cpp b/src/gui/entry/EditEntryWidget.cpp
@@ -682,7 +682,7 @@ bool EditEntryWidget::getOpenSSHKey(OpenSSHKey& key, bool decrypt)
         fileName = m_sshAgentUi->attachmentComboBox->currentText();
         privateKeyData = m_advancedUi->attachmentsWidget->getAttachment(fileName);
     } else {
-        QFile localFile(m_sshAgentUi->externalFileEdit->text());
+        QFile localFile(Tools::envSubst(m_sshAgentUi->externalFileEdit->text()));
         QFileInfo localFileInfo(localFile);
         fileName = localFileInfo.fileName();
 

diff --git a/src/sshagent/KeeAgentSettings.cpp b/src/sshagent/KeeAgentSettings.cpp
@@ -17,6 +17,7 @@
  */
 
 #include "KeeAgentSettings.h"
+#include "core/Tools.h"
 
 KeeAgentSettings::KeeAgentSettings()
     : m_allowUseOfSshKey(false)
@@ -108,6 +109,11 @@ const QString KeeAgentSettings::fileName() const
     return m_fileName;
 }
 
+const QString KeeAgentSettings::fileNameEnvSubst(QProcessEnvironment environment) const
+{
+    return Tools::envSubst(m_fileName, environment);
+}
+
 void KeeAgentSettings::setAllowUseOfSshKey(bool allowUseOfSshKey)
 {
     m_allowUseOfSshKey = allowUseOfSshKey;

diff --git a/src/sshagent/KeeAgentSettings.h b/src/sshagent/KeeAgentSettings.h
@@ -45,6 +45,7 @@ class KeeAgentSettings
     const QString attachmentName() const;
     bool saveAttachmentToTempFile() const;
     const QString fileName() const;
+    const QString fileNameEnvSubst(QProcessEnvironment environment = QProcessEnvironment::systemEnvironment()) const;
 
     void setAllowUseOfSshKey(bool allowUseOfSshKey);
     void setAddAtDatabaseOpen(bool addAtDatabaseOpen);

diff --git a/src/sshagent/SSHAgent.cpp b/src/sshagent/SSHAgent.cpp
@@ -331,7 +331,7 @@ void SSHAgent::databaseModeChanged()
             fileName = settings.attachmentName();
             keyData = e->attachments()->value(fileName);
         } else if (!settings.fileName().isEmpty()) {
-            QFile file(settings.fileName());
+            QFile file(settings.fileNameEnvSubst());
             QFileInfo fileInfo(file);
 
             fileName = fileInfo.fileName();

diff --git a/tests/TestTools.cpp b/tests/TestTools.cpp
@@ -64,3 +64,24 @@ void TestTools::testIsBase64()
     QVERIFY(not Tools::isBase64(QByteArray("abc_")));
     QVERIFY(not Tools::isBase64(QByteArray("123")));
 }
+
+void TestTools::testEnvSubst()
+{
+    QProcessEnvironment environment;
+
+#if defined(Q_OS_WIN)
+    environment.insert("HOMEDRIVE", "C:");
+    environment.insert("HOMEPATH", "\\Users\\User");
+
+    QCOMPARE(Tools::envSubst("%HOMEDRIVE%%HOMEPATH%\\.ssh\\id_rsa", environment),
+             QString("C:\\Users\\User\\.ssh\\id_rsa"));
+    QCOMPARE(Tools::envSubst("start%EMPTY%%EMPTY%%%HOMEDRIVE%%end", environment), QString("start%C:%end"));
+#else
+    environment.insert("HOME", QString("/home/user"));
+    environment.insert("USER", QString("user"));
+
+    QCOMPARE(Tools::envSubst("~/.ssh/id_rsa", environment), QString("/home/user/.ssh/id_rsa"));
+    QCOMPARE(Tools::envSubst("$HOME/.ssh/id_rsa", environment), QString("/home/user/.ssh/id_rsa"));
+    QCOMPARE(Tools::envSubst("start/$EMPTY$$EMPTY$HOME/end", environment), QString("start/$/home/user/end"));
+#endif
+}
diff --git a/tests/TestTools.h b/tests/TestTools.h
@@ -27,6 +27,7 @@ private slots:
     void testHumanReadableFileSize();
     void testIsHex();
     void testIsBase64();
+    void testEnvSubst();
 };
 
 #endif // KEEPASSX_TESTTOOLS_H