keepassxc-browser
keepassxc-browser copied to clipboard
keepassxreboot
Can not connect to database - Key Exchange not work
Hello, i have a new installed firefox with deleted profiles. So i start from the scratch. I use the firefox installed from ppa on kubuntu 22.04. It is not possible for me to connect firefox with keepass.
I have checked the configuration script and the binary 'keepassxc-proxy' exist. You can see the log from strace. But i am confused. In the trace you see the line execve("/usr/bin/keepassxc-proxy", ["/usr/bin/keepassxc-proxy", "/home/theakki/.mozilla/native-me"..., "[email protected]"], 0x7f7a576b8f00 /* 69 vars */) = -1 EACCES (Keine Berechtigung). Is this ok?
I have tried to debug the app. But i'm not good in js. So i give up.
Debug info
Log from Extension
KeePassXC-Browser: Connecting to native messaging host org.keepassxc.keepassxc_browser [client.js:317:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/background/client.js) [Error keepass.js:270] KeePassXC-Browser - 7: Die Nachrichtenverschlüsselung ist fehlgeschlagen. Läuft KeePassXC? 2 [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf inline blockiert ("script-src"). moz-extension:22:1 [Error event.js:127] KeePassXC-Browser - 7: Die Nachrichtenverschlüsselung ist fehlgeschlagen. Läuft KeePassXC? [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) [Error ] KeePassXC-Browser - No content script available for this tab. [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) [Error ] KeePassXC-Browser - Cannot send activated_tab message: Could not establish connection. Receiving end does not exist. 2 [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) [Error keepass.js:270] KeePassXC-Browser - 7: Die Nachrichtenverschlüsselung ist fehlgeschlagen. Läuft KeePassXC? [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) [Error keepass.js:353] KeePassXC-Browser - No content script available for this tab. [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) KeePassXC-Browser: Connecting to native messaging host org.keepassxc.keepassxc_browser [client.js:317:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/background/client.js) [Error keepass.js:753] KeePassXC-Browser - 9: Schlüsselaustausch war nicht erfolgreich. [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) [Error keepass.js:440] KeePassXC-Browser - No content script available for this tab. [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js) [Error init.js:66] KeePassXC-Browser - Cannot send activated_tab message: Could not establish connection. Receiving end does not exist. 2 [global.js:178:13](moz-extension://f4867c8a-3612-4ddf-9f0a-53668b34148b/common/global.js)
Log from strace:
sudo strace -f -p $(pgrep firefox) 2>&1 | grep keepass [pid 7868] recvmsg(127, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="github.com/keepassxreboot/keepas"..., iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT) = 228 [pid 7976] sendmmsg(118, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\2547\1 \0\1\0\0\0\0\0\1\tkeepassxc\3org\0\0\1\0\1\0"..., iov_len=42}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=42}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\331-\1 \0\1\0\0\0\0\0\1\tkeepassxc\3org\0\0\34\0\1\0"..., iov_len=42}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, msg_len=42}], 2, MSG_NOSIGNAL) = 2 [pid 7976] <... recvfrom resumed>"\2547\201\200\0\1\0\1\0\0\0\1\tkeepassxc\3org\0\0\1\0\1\300"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, [28 => 16]) = 58 [pid 7976] recvfrom(118, "\331-\201\200\0\1\0\1\0\0\0\1\tkeepassxc\3org\0\0\34\0\1\300"..., 65536, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, [28 => 16]) = 70 [pid 8223] openat(AT_FDCWD, "/home/theakki/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json", O_RDONLY <unfinished ...> [pid 8085] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy", <unfinished ...> [pid 8246] execve("/usr/bin/keepassxc-proxy", ["/usr/bin/keepassxc-proxy", "/home/theakki/.mozilla/native-me"..., "[email protected]"], 0x7f7a576b8f00 /* 69 vars */) = -1 EACCES (Keine Berechtigung) [pid 7868] recvmsg(127, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="github.com/keepassxreboot/keepas"..., iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT) = 228 [pid 7868] sendmsg(63, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\24\2\0\0\377\377\377\177u\0;\0\1\0\0\0\0\0\0\0\377\377\377\377F\1\0\0(\0\0\0"..., iov_len=64}, {iov_base="usr/bin/keepassxc-proxy%20owner\277"..., iov_len=500}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT) = 564 [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 8318] openat(AT_FDCWD, "/home/theakki/.mozilla/firefox/lsv8qvia.default-release/extensions/[email protected]", O_RDONLY <unfinished ...> [pid 7864] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy owner", 0x7ffe05ca5290, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden) [pid 7864] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy owner", <unfinished ...> [pid 7864] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy owner", <unfinished ...> [pid 8313] openat(AT_FDCWD, "/usr/bin/keepassxc-proxy owner", O_RDONLY <unfinished ...> [pid 8311] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy owner", <unfinished ...> [pid 8311] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy owner", <unfinished ...> [pid 7868] sendmsg(124, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\334\10\0\0\377\377\377\177o\0;\0\1\0\0\0\0\0\0\0\377\377\377\377)\0\0\0(\0\0\0"..., iov_len=64}, {iov_base="keepassxc-proxy%20owner\277\0\0\0\0\4\0\0\0"..., iov_len=2236}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT <unfinished ...> [pid 8319] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy owner", {st_mode=032205567100, st_size=140017924856272, ...}, AT_SYMLINK_NOFOLLOW) = 262
KeePassXC - 2.7.1 KeePassXC-Browser - 1.8.1 Operating system:/Linux Kubuntu 22.04 Browser: Firefox 102.0.1 (as deb)
Is no symbolic link
ll /usr/bin/keepassxc-proxy
-rwxr-xr-x 1 root root 35208 Apr 6 19:28 /usr/bin/keepassxc-proxy*
The only thing I can come up with is that KeePassXC is not setting the browser integration socket to a place it's accesible. Search for the org.keepassxc.KeePassXC.BrowserServer file.
sudo find / | grep org.keepassxc.KeePassXC.BrowserServer find: ‘/run/user/1026/doc’: Keine Berechtigung /run/user/1026/org.keepassxc.KeePassXC.BrowserServer
ll /run/user/1026/org.keepassxc.KeePassXC.BrowserServer srwx------ 1 theakki theakki 0 Jul 15 09:38 /run/user/1026/org.keepassxc.KeePassXC.BrowserServer=
Everything seems to be in order then. Very strange. Have you tried some other browser?
No, i had not tried yet. Because of 'browser are snaps' in ubuntu 22.04.
Chromium as snap is also not working
It is possible to "try" the proxy manually?
You can try starting it from the shell.
Snap/Flatpak browsers won't work.
With input "version"
/usr/bin/keepassxc-proxy version Qt Concurrent has caught an exception thrown from a worker thread. This is not supported, exceptions thrown in worker threads must be caught before control returns to Qt Concurrent. terminate called after throwing an instance of 'std::bad_alloc' what(): std::bad_alloc Abgebrochen (Speicherabzug geschrieben)
It should be just enough to start it. Entering something shouldn't crash it though. I wonder if the same happens if you try using KeePassXC as AppImage or Flatpak. I'm not sure what install version you are using.
I'm using:
dpkg --list | grep keepass ii keepassxc 2.7.1-1ppa1~jammy1 amd64 KeePass Cross-Platform Community Edition
I want to add me to this problem. I have the same or similar problem. I am also on Kubuntu 22.04. I uninstalled firefox snap and installed the from ppa.
I get the same result in strace
~$ sudo strace -f -p $(pgrep firefox) 2>&1 | grep keepass
[sudo] password for :
[pid 4919] openat(AT_FDCWD, "/home/fexma/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json", O_RDONLY <unfinished ...>
[pid 4409] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy", <unfinished ...>
[pid 4987] execve("/usr/bin/keepassxc-proxy", ["/usr/bin/keepassxc-proxy", "/home/fexma/.mozilla/native-mess"..., "[email protected]"], 0x7f21f156f100 /* 71 vars */) = -1 EACCES (Permission denied)
I tried to look if it was a symbolic link for me
~$ ll /usr/bin/keepassxc-proxy
-rwxr-xr-x 1 root root 31184 Sep 14 2021 /usr/bin/keepassxc-proxy*
I had the same issue after installing Ubuntu 22.04.
Manually installing Firefox and using KeePassXC 2.7.1 from the ppa fixed it for me.
Hi,
I have the same issue here. Firefox 102.0.1 from PPA (no snap) Keepass2 2.47 from PPA KeePassNatMsg 2.0.14.0 Proxy 0.0.9.28122
@floviolleau What proxy is that?
https://github.com/smorks/keepassnatmsg-proxy which is equivalent to /usr/bin/keepassxc-proxy
Smorks' one is run with mono (/home/user/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json):
{
"name": "org.keepassxc.keepassxc_browser",
"description": "KeepassXC integration with Firefox with Native Messaging support",
"path" : "/home/user/.keepassnatmsg/run-proxy.sh",
"type": "stdio",
"allowed_extensions": [
"[email protected]"
]
}
cat /home/user/.keepassnatmsg/run-proxy.sh
#!/bin/bash
mono keepassnatmsg-proxy.exe
instead of:
{
"allowed_extensions": [
"[email protected]"
],
"description": "KeePassXC integration with native messaging support",
"name": "org.keepassxc.keepassxc_browser",
"path": "/usr/bin/keepassxc-proxy",
"type": "stdio"
}
This file is created when you click on browser integration in keepassxc or in keepass2
For me both integrations didn't work (keepass2 or keepassxc)
@floviolleau With KeePassXC you must use its own proxy. We don't officially support Keepass 2 or KeePassNatMsg-Proxy.
I know but like mentionned
For me both integrations didn't work (keepass2 or keepassxc)
@floviolleau https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide
I followed the guide and I have the same issue mentionned in https://github.com/keepassxreboot/keepassxc-browser/issues/1681#issuecomment-1186080300
I tried the new Kubuntu and I had a lof of troubles getting Firefox to be actually installed from the PPA instead. Please check about:support to see the binary folder.
I tried the new Kubuntu and I had a lof of troubles getting Firefox to be actually installed from the PPA instead. Please check
about:supportto see the binary folder.
For me, the binary path of firefox is /usr/lib/firefox/firefox
Hi,
I tried 2 different ways:
with KeepassXC:
$ sudo strace -f -p $(pgrep firefox) 2>&1 | grep keepass
[pid 445831] openat(AT_FDCWD, "/home/user/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json", O_RDONLY <unfinished ...>
[pid 436696] newfstatat(AT_FDCWD, "/usr/bin/keepassxc-proxy", <unfinished ...>
[pid 449207] execve("/usr/bin/keepassxc-proxy", ["/usr/bin/keepassxc-proxy", "/home/user/.mozilla/native-me"..., "[email protected]"], 0x7fa0a9ce9d00 /* 72 vars */) = -1 EACCES (Permission denied)
with Keepass2 (mono):
$ sudo strace -f -p $(pgrep firefox) 2>&1 | grep keepass
[pid 445230] openat(AT_FDCWD, "/home/user/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json", O_RDONLY <unfinished ...>
[pid 445230] <... read resumed>"{\n \"name\": \"org.keepassxc.keepa"..., 276) = 276
[pid 436696] newfstatat(AT_FDCWD, "/home/user/.keepassnatmsg/run-proxy.sh", <unfinished ...>
[pid 436697] chdir("/home/user/.keepassnatmsg") = 0
[pid 448832] execve("/home/user/.keepassnatmsg/run-proxy.sh", ["/home/user/.keepassnatmsg/run"..., "/home/user/.mozilla/native-me"..., "[email protected]"], 0x7fa0bcca0b00 /* 72 vars */) = -1 EACCES (Permission denied)
Same issue
$ ls -ailh /usr/bin/keepassxc-proxy
-rwxr-xr-x 1 root root 31K sept. 14 2021 /usr/bin/keepassxc-proxy
$ dpkg --list | grep keepass
ii keepass2 2.51.1-0ubuntu1~22.04 all Password manager
ii keepassxc 2.6.6+dfsg.1-1 amd64 Cross Platform Password Manager
$ /usr/bin/keepassxc-proxy
version
Qt Concurrent has caught an exception thrown from a worker thread.
This is not supported, exceptions thrown in worker threads must be
caught before control returns to Qt Concurrent.
terminate called after throwing an instance of 'std::bad_alloc'
what(): std::bad_alloc
[1] 450865 IOT instruction (core dumped) /usr/bin/keepassxc-proxy
$ /home/user/.keepassnatmsg/run-proxy.sh
version
(still working no crash)
Any help?
I have/had the same problem, but I think I've found the cause (and a local solution). My system:
Ubuntu 22.04.1 LTS Firefox 103.0.2+build1-0ubuntu0.22.04.1~mt1 from the Mozilla PPA KeepassXC 2.6.6+dfsg.1-1 from Ubuntu pkg repo
After noticing the permission problems above I suspected AppArmor. So I created /etc/apparmor.d/local/usr.bin.firefox (loaded if it exists by /etc/apparmor.d/usr.bin.firefox) with this line in it:
/usr/bin/keepassxc-proxy Uxr,
Then reloaded the AppArmor profiles:
sudo systemctl reload apparmor
When restarting firefox after that I was again able to connect to my KeepassXC db.
Given that the AppArmor file (without /local/) is part of the firefox PPA package maybe this should be forwarded to them to allow keepassxc-proxy to be executed by firefox?
