[jira] [Closed] (GUACAMOLE-594) Import Private Key is Failing

Fri, 13 Jan 2023 17:42:04 -0800 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mike Jumper closed GUACAMOLE-594.
---------------------------------
    Resolution: Cannot Reproduce

This does not appear to still be applicable. Testing the latest, a leading 
newline at the beginning of a key is ignored.

> Import Private Key is Failing
> -----------------------------
>
>                 Key: GUACAMOLE-594
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-594
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacd
>    Affects Versions: 0.9.14
>            Reporter: Jean Mousinho
>            Priority: Minor
>
> Hi,
> I was trying to use private key in the basic user authentication and was 
> failing. After some debugging I found that it is reading the key from XML but 
> adding a new line character at the beginning, so when it tries to compare 
> with RSA/DSA headers it fails.
> I added the following code just for debugging purposes in common-ssh/key.c
>  
> {code:c}
>     /* Otherwise, unsupported type */
>     else {
>         printf("Unsupported/invalid private key!\n");
>         key->private_key_length = length+1;
>         key->private_key = malloc(length+1);
>         memcpy(key->private_key, data, length);
>         key->private_key[length] = '\0';
>         printf("Key data:\n%s",key->private_key);
>         BIO_free(key_bio);
>         return NULL;
>     }
> {code}
> With the following user-mapping.xml extract:
> {code:c}
>           <param name="private-key">-----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
> ...
> {code}
> It gives me:
> {code}
> guacd[19414]: DEBUG:  Re-attempting private key import (WITH passphrase)
> key data:
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
> ...
> {code}
> To fix it I simply discard the newline character if there is one in 
> common-ssl/user.c
> {code:c}
> int guac_common_ssh_user_import_key(guac_common_ssh_user* user,
>         char* private_key, char* passphrase) {
>     /* Free existing private key, if present */
>     if (user->private_key != NULL)
>         guac_common_ssh_key_free(user->private_key);
> +    /* Skip extra newline if there is one */
> +    if ( *private_key == '\n' )
> +        private_key += 1;
>     /* Attempt to read key without passphrase if none given */
>     if (passphrase == NULL)
>         user->private_key = guac_common_ssh_key_alloc(private_key,
>                 strlen(private_key), "");
>     /* Otherwise, use provided passphrase */
>     else
>         user->private_key = guac_common_ssh_key_alloc(private_key,
>                 strlen(private_key), passphrase);
>     /* Fail if key could not be read */
>     return user->private_key == NULL;
> }
> {code}
> I might be doing something wrong, if yes, please let me know.
> Thanks.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to