v0.11.1 - "Save attachment to temporary file when key is loaded" no longer works

[FrozenDragoon]

The file does not get written to %USERPROFILE%\AppData\Local\Temp\KeeAgent\, or anywhere that I could locate.

Testing versions:

Keepass v2.42.1 + KeeAgent v0.10.1 - File is present
Keepass v2.42.1 + KeeAgent v0.11.1 - No File
Keepass v2.43   + KeeAgent v0.11.1 - No file

[dlech]

I cannot reproduce the problem. v0.11.x does a better job of deleting the file when the key is unloaded, so perhaps you were relying on an unintended behavior of leaving the private key file on the filesystem forever?

[ktwombley]

I am not OP, but I have the same issue. Can confirm I do have the key loaded in the UI and the keyfile is not written anywhere.

[dlech]

Have you checked your environment variables according to the rules listed in https://keeagent.readthedocs.io/en/v0.11.1/usage/options.html#entry-settings?

[dlech]

Does this key work?

https://github.com/dlech/SshAgentLib/blob/b86f8666dc29453696ab2b3fad513075f02cd7e1/SshAgentLibTests/Resources/ssh2-rsa-no-passphrase.ppk

[Mairu]

I have the same problem and also with your provided key it is not working. So when the key is loaded the %TMP%\KeyAgent folder is created, but it stays empty.

[Tolgor]

Same problem here.

When using URL cmd://node -e "console.log(\"filepath: '{KEEAGENT:KEYFILEPATH}'\"); setTimeout(() => {}, 2000);"

Output: filepath: ''

[FrozenDragoon]

so perhaps you were relying on an unintended behavior of leaving the private key file on the filesystem forever?

Just the opposite, I do not want to leave the private key on the system forever. I'm aware it's not a strict technical control, but it is a nudge in the right direction to have the key disappear from the path when the DB is locked. I will do some testing with the key you provided and report back, in addition to the other commenters. Thank you.

[FrozenDragoon]

I've tested using a new set up of KeePass v2.4.3 and KeeAgent v0.11.1, created a DB and new entry and imported the key you linked above. To test, I set the AutoType Sequence to {KEEAGENT:KEYFILEPATH} and used Crtl-V to trigger auto-type to Notepad.

On v2.43 it does not output any text. On v2.42.1 it types out C:\Users\USER\AppData\Local\Temp\KeeAgent\KEYFILE, which is expected.

[Schnuecks]

Same here on KeePass 2.43 and 0.11.1.0 the folder is created but no files in it.

[dlech]

Can everyone please try this version (0.11.2.1) and see if it gives an error message?

KeeAgent.zip

[markschuh]

Indeed it seems that changes new introduced in KeeAgent 0.11.0 trigger the issue. I could narrow it down to #194 and the code using "Util.TryChmod" in KeeAgentExt.cs. The KeeAgent directory in tempPath is created correctly - but the code line that saves the attachment is not reached.

When I debug the execution on Windows 10 within Visual Studio 2019 the Util.TryChmod just returns False and attachment is saved. But when I execute the KeePass.exe with KeeAgent.plgx the checks, if some Mono.Posix library exists, somehow seems to run into an exception, which cause, that the code after the first Util.TryChmod is skipped.

[dlech]

@markschuh thanks for digging into this. Where does the exception occur? Everything in Util.TryChmod is in a try/catch block so I don't see how there could be an exception.

https://github.com/dlech/SshAgentLib/blob/b86f8666dc29453696ab2b3fad513075f02cd7e1/SshAgentLib/Util.cs#L304-L313

[markschuh]

I have installed the KeeAgent.plgx you have provided above, so the versions tested byme: KeeAgent 0.11.2.1/KeePaas 2,42.1/Windows 10 1903 64bit

When I run this and load a key, for which I have activated the save to filesystem, I get the message;

---------------------------
KeePass
---------------------------
System.IO.FileNotFoundException: Could not load file or assembly 'Mono.Posix, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756' or one of its dependencies. The system cannot find the file specified.
File name: 'Mono.Posix, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756'
   at dlech.SshAgentLib.Util.TryChmod(String path, Int32 mode)
   at KeeAgent.KeeAgentExt.AddEntry(PwEntry entry, ICollection`1 constraints)
WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].
---------------------------
OK   
---------------------------

I wasn't able to really see an exception outside of debug mode before. My comment above was meant, that it behaves as if there were an exception. But now I also have managed to attach the Visual Studio as Debugger to a running exe. The Output window in debugger shows now:

Exception thrown at 0x00007FFC3D554F69 in KeePass.exe: Microsoft C++ exception: EEFileLoadException at memory location 0x0000000001148100.
Exception thrown at 0x00007FFC3D554F69 in KeePass.exe: Microsoft C++ exception: [rethrow] at memory location 0x0000000000000000.
Exception thrown at 0x00007FFC3D554F69 in KeePass.exe: Microsoft C++ exception: EEFileLoadException at memory location 0x0000000001148100.
Exception thrown at 0x00007FFC3D554F69 in KeePass.exe: Microsoft C++ exception: [rethrow] at memory location 0x0000000000000000.
Exception thrown at 0x00007FFC3D554F69 in KeePass.exe: Microsoft C++ exception: EEFileLoadException at memory location 0x0000000001148100.
Exception thrown at 0x00007FFC3D554F69 (KernelBase.dll) in KeePass.exe: 0xE0434352 (parameters: 0xFFFFFFFF80070002, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x00007FFC27000000).
Exception thrown at 0x00007FFC3D554F69 in KeePass.exe: Microsoft C++ exception: [rethrow] at memory location 0x0000000000000000.
Exception thrown at 0x00007FFC3D554F69 (KernelBase.dll) in KeePass.exe: 0xE0434352 (parameters: 0xFFFFFFFF80070002, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x00007FFC27000000).
'KeePass.exe' (Win32): Loaded 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll'. 
The thread 0xf5c has exited with code 0 (0x0).

So in summary it looks, as if the call of Util.TryChmod triggers a search for Mono.Posix, which fails and triggers an exception. But the try/catch also contains the File.WriteAllBytes, so this isn't executed. Which is somehow secure behavior, when the Directory security couldn't be set to the wanted reduced ACL.

Would it make sense, to have a try/catch around each call of Util.TryChmod, so the File.WriteAllBytes is called, even when the permissions could not be reduced to owner only?

[dlech]

That is what I was starting to suspect. I'm guessing that the exception is thrown when the method is loaded the first time. I must have mono installed on Windows for some reason, so I am not seeing this.

I think we could wrap the Mono method call in another method so that the exception can be caught inside of the Util method instead of having to wrap each call of the Util method.

[dlech]

Please try: https://github.com/dlech/KeeAgent/releases/tag/v0.11.3

[Mairu]

Yes, with this version the files are created again, thx.

[markschuh]

I confirm, it works for me, too.

[FrozenDragoon]

I can also confirm v0.11.3 works as expected.

Since the problem has been identified and addressed, I'll go ahead and close this issue.

[addshore]

I just came to my laptop after 6 months and did multiple upgrades of things. KeeAgent seemed to not work (was not copying keys to temp files). After some searching online I found this post. I have tried 0.11.3 but still the copying doesn't seem to work.

KeePass 2.43 KeeAgent 0.11.3 Windows 10 1903 64bit

Going to see if I can debug further :/

[addshore]

This seems to get thrown for every single one of my keys:

System.IO.FileNotFoundException
  HResult=0x80070002
  Message=Could not load file or assembly 'Mono.Posix, Version=4.0.0.0, Culture=neutral, PublicKeyToken=XXXX' or one of its dependencies. The system cannot find the file specified.
  Source=SshAgentLib
  StackTrace:
   at dlech.SshAgentLib.Util.Chmod(String path, Int32 mode)
   at dlech.SshAgentLib.Util.TryChmod(String path, Int32 mode)

Which looks similar but slightly different to the one reported in https://github.com/dlech/KeeAgent/issues/273#issuecomment-538843792

[dlech]

@addshore Are you sure you don't have more than one KeeAgent.plgx file installed? Maybe try clearing plugin cache.

[addshore]

Sorry, you can totally ignore my previous comments. 0.11.3 did fix my problem.

However when trying to verify I was looking in C:\Users\USER\AppData\Local\KeePass instead of C:\Users\USER\AppData\Local\Temp\KeeAgent I I would have just tried sshing somewhere I would have seen everything working.

Thanks for the fix!