Commit c390f8fb authored by Robert Hoffmann's avatar Robert Hoffmann
Browse files

Security: Don't copy passwords to remote clients

When copying a password to the clipboard, password managers can set the
additional mime type "x-kde-passwordManagerHint" to tell klipper not to insert
secrets into its history.

This change adds an option to VNC connections to prevent krdc from copying
passwords to remote clients by checking the mime type before sending clipboard
contents.

Test:
Open a krdc connection to a remote client. Check the checkbox "Don't copy
passwords from supported password managers to remote" in the VNC connection setup
dialog.

On the local machine, run the password manager keepassxc, which is known to set
"x-kde-passwordManagerHint".

Select an entry from your password list and copy the password into the clipboard
by pressing Ctrl-C. Locally, the password will stay in clipboard for about 10
seconds but will not be inserted into klipper's history. Check the clipboard
on the remote machine. With the option unchecked the password will be there and in
klipper's history, with the ...
parent aff186a4
......@@ -34,6 +34,7 @@ static const char use_ssh_tunnel_config_key[] = "use_ssh_tunnel";
static const char use_ssh_tunnel_loopback_config_key[] = "use_ssh_tunnel_loopback";
static const char ssh_tunnel_port_config_key[] = "ssh_tunnel_port";
static const char ssh_tunnel_user_name_config_key[] = "ssh_tunnel_user_name";
static const char dont_copy_passwords_config_key[] = "dont_copy_passwords";
VncHostPreferences::VncHostPreferences(KConfigGroup configGroup, QObject *parent)
: HostPreferences(configGroup, parent)
......@@ -76,6 +77,8 @@ QWidget* VncHostPreferences::createProtocolSpecificConfigPage()
vncUi.use_ssh_tunnel->hide();
#endif
vncUi.dont_copy_passwords->setChecked(dontCopyPasswords());
return vncPage;
}
......@@ -153,6 +156,7 @@ void VncHostPreferences::acceptConfig()
setUseSshTunnelLoopback(vncUi.use_loopback->isChecked());
setSshTunnelPort(vncUi.ssh_tunnel_port->value());
setSshTunnelUserName(vncUi.ssh_tunnel_user_name->text());
setDontCopyPasswords(vncUi.dont_copy_passwords->isChecked());
}
void VncHostPreferences::setQuality(RemoteView::Quality quality)
......@@ -205,3 +209,13 @@ void VncHostPreferences::setSshTunnelUserName(const QString &userName)
{
m_configGroup.writeEntry(ssh_tunnel_user_name_config_key, userName);
}
bool VncHostPreferences::dontCopyPasswords() const
{
return m_configGroup.readEntry(dont_copy_passwords_config_key, false);
}
void VncHostPreferences::setDontCopyPasswords(bool dontCopyPasswords)
{
m_configGroup.writeEntry(dont_copy_passwords_config_key, dontCopyPasswords);
}
......@@ -42,6 +42,7 @@ public:
bool useSshTunnelLoopback() const;
int sshTunnelPort() const;
QString sshTunnelUserName() const;
bool dontCopyPasswords() const;
protected:
void acceptConfig() override;
......@@ -53,6 +54,7 @@ private:
void setUseSshTunnelLoopback(bool useSshTunnelLoopback);
void setSshTunnelPort(int port);
void setSshTunnelUserName(const QString &userName);
void setDontCopyPasswords(bool dontCopyPasswords);
Ui::VncPreferences vncUi;
void checkEnableCustomSize(int index);
......
......@@ -251,6 +251,16 @@
</layout>
</widget>
</item>
<item>
<widget class="QCheckBox" name="dont_copy_passwords">
<property name="text">
<string>Don't copy passwords from supported password managers to remote hosts</string>
</property>
<property name="toolTip">
<string>Supported password managers (like KeePassXC) mark copied passwords with an additional MIME type "x-kde-passwordManagerHint" which is used for filtering.</string>
</property>
</widget>
</item>
<item>
<spacer name="verticalSpacer">
<property name="orientation">
......
......@@ -29,6 +29,7 @@
#include <QPainter>
#include <QMouseEvent>
#include <QTimer>
#include <QMimeData>
#ifdef QTONLY
#include <QMessageBox>
......@@ -724,6 +725,14 @@ void VncView::clipboardDataChanged()
if (m_clipboard->ownsClipboard() || m_dontSendClipboard)
return;
if (m_hostPreferences->dontCopyPasswords()) {
const QMimeData* data = m_clipboard->mimeData();
if (data && data->hasFormat(QLatin1String("x-kde-passwordManagerHint"))) {
qCDebug(KRDC) << "VncView::clipboardDataChanged data hasFormat x-kde-passwordManagerHint -- ignoring";
return;
}
}
const QString text = m_clipboard->text(QClipboard::Clipboard);
vncThread.clientCut(text);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment