[jira] [Comment Edited] (GUACAMOLE-1283) Legacy RDP encryption may fail with "ERRINFO_DECRYPT_FAILED"

Shaun Tarves (Jira) Tue, 27 Apr 2021 10:17:24 -0700


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17333386#comment-17333386
 ]


Shaun Tarves edited comment on GUACAMOLE-1283 at 4/27/21, 5:16 PM:
-------------------------------------------------------------------

[~mjumper] I believe the problem is actually related to file permissions on the 
virtual drive. Did any of the code you write/added change if or how read 
permissions are enforced? 

Specifically, we're seeing the following:

{code}
guacd[139]: DEBUG:      guac_rdp_fs_open: path="", access=0x80, 
file_attributes=0x0, create_disposition=0x1, create_options=0x1
guacd[139]: DEBUG:      guac_rdp_fs_open: Normalized path "\" to "\".
guacd[139]: DEBUG:      guac_rdp_fs_open: Translated path "\" to 
"/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/".
guacd[139]: DEBUG:      guac_rdp_fs_open: native open: 
real_path="/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/", flags=0x0
guacd[139]: DEBUG:      guac_rdp_fs_open: open() failed: No such file or 
directory
guacd[139]: DEBUG:      guac_rdpdr_fs_process_create: [file_id=-2] 
desired_access=0x80, file_attributes=0x0, create_disposition=0x1, 
create_options=0x1, path=""
guacd[139]: ERROR:      File open refused (-2): ""

guacd[176]: DEBUG:      guac_rdp_fs_open: path="\", access=0x100001, 
file_attributes=0x0, create_disposition=0x1, create_options=0x21
guacd[176]: DEBUG:      guac_rdp_fs_open: Normalized path "\" to "\".
guacd[176]: DEBUG:      guac_rdp_fs_open: Translated path "\" to 
"/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/".
guacd[176]: DEBUG:      guac_rdp_fs_open: native open: 
real_path="/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/", flags=0x0
guacd[176]: DEBUG:      guac_rdp_fs_open: open() failed: No such file or 
directory
guacd[176]: DEBUG:      guac_rdpdr_fs_process_create: [file_id=-2] 
desired_access=0x100001, file_attributes=0x0, create_disposition=0x1, 
create_options=0x21, path="\"
guacd[176]: ERROR:      File open refused (-2): "\"
guacd[176]: DEBUG:      guac_rdp_fs_open: path="\gitlab-icon-rgb.eps", 
access=0x40000000, file_attributes=0x0, create_disposition=0x5, 
create_options=0x0
guacd[176]: DEBUG:      guac_rdp_fs_open: Normalized path 
"\gitlab-icon-rgb.eps" to "\gitlab-icon-rgb.eps".
guacd[176]: DEBUG:      guac_rdp_fs_open: Translated path 
"\gitlab-icon-rgb.eps" to 
"/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/gitlab-icon-rgb.eps".
guacd[176]: DEBUG:      guac_rdp_fs_open: native open: 
real_path="/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/gitlab-icon-rgb.eps",
 flags=0x241
guacd[176]: DEBUG:      guac_rdp_fs_open: open() failed: No such file or 
directory
{code}

We can plainly see that the folder is there:
{code}
guacd@e589d3d20349:/$ ls -l /shares
drwx------. 3 root root  38 Mar  5 15:00 
a92552f6-1c43-4459-b338-c506a72a04c5-starves
{code}


was (Author: shauntarves):
I believe the problem is actually related to file permissions on the virtual 
drive. Did any of the code you write/added change if or how read permissions 
are enforced? 

Specifically, we're seeing the following:

{code}
guacd[139]: DEBUG:      guac_rdp_fs_open: path="", access=0x80, 
file_attributes=0x0, create_disposition=0x1, create_options=0x1
guacd[139]: DEBUG:      guac_rdp_fs_open: Normalized path "\" to "\".
guacd[139]: DEBUG:      guac_rdp_fs_open: Translated path "\" to 
"/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/".
guacd[139]: DEBUG:      guac_rdp_fs_open: native open: 
real_path="/shares/fd438710-6ab2-48aa-8db2-9b3cc02db7b9-starves/", flags=0x0
guacd[139]: DEBUG:      guac_rdp_fs_open: open() failed: No such file or 
directory
guacd[139]: DEBUG:      guac_rdpdr_fs_process_create: [file_id=-2] 
desired_access=0x80, file_attributes=0x0, create_disposition=0x1, 
create_options=0x1, path=""
guacd[139]: ERROR:      File open refused (-2): ""
{code}

We can plainly see that the folder is there:
{code}

> Legacy RDP encryption may fail with "ERRINFO_DECRYPT_FAILED"
> ------------------------------------------------------------
>
>                 Key: GUACAMOLE-1283
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1283
>             Project: Guacamole
>          Issue Type: Bug
>          Components: RDP
>    Affects Versions: 1.2.0
>         Environment: guacd 1.2 running in Docker on RHEL 7 deployed in AWS
>            Reporter: Shaun Tarves
>            Assignee: Mike Jumper
>            Priority: Minor
>             Fix For: 1.4.0
>
>         Attachments: RemoteDesktop.txt, TerminalServices.txt
>
>
> We are experiencing semi-regular disconnects of the guacamole-server (guacd) 
> while a user is interacting with a remote machine. Attached are the 
> DEBUG-level logs, which we see every time we experience the disconnects. I'm 
> not sure how to further debug this issue.
> {code}
> Feb  8 14:46:21 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011Clipboard 
> data received. Reporting availability of clipboard data to RDP server.
> Feb  8 14:46:24 ip-172-16-10-253 journal: guacd[84]: DEBUG:#011Clipboard data 
> received. Reporting availability of clipboard data to RDP server.
> Feb  8 14:46:41 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011Clipboard 
> data received. Reporting availability of clipboard data to RDP server.
> Feb  8 14:47:13 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011Clipboard 
> data received. Reporting availability of clipboard data to RDP server.
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011Clipboard 
> data received. Reporting availability of clipboard data to RDP server.
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: 
> DEBUG:#011ERRINFO_DECRYPT_FAILED (0x00001192):(a) Decryption using Standard 
> RDP Security mechanisms (section 5.3.6) failed.
> Feb  8 14:47:22 ip-172-16-10-253 journal: (b) Session key creation using 
> Standard RDP Security mechanisms (section 5.3.5) failed.
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011BIO_read 
> returned a system error 104: Connection reset by peer
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: ERROR:#011Connection 
> closed.
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011Unloading 
> device 0 (Remote Access Filesystem)
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011SVC "rdpdr" 
> disconnected.
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011SVC "rdpsnd" 
> disconnected.
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: INFO:#011Internal RDP 
> client disconnected
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: INFO:#011User 
> "@5dd34373-1e17-4091-9670-c00fc2d68684" disconnected (0 users remain)
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: INFO:#011Last user of 
> connection "$60bea827-60a1-403b-84b8-3c7358f490ee" disconnected
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011Requesting 
> termination of client...
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[148]: DEBUG:#011Client 
> terminated successfully.
> Feb  8 14:47:22 ip-172-16-10-253 journal: guacd[8]: INFO:#011Connection 
> "$60bea827-60a1-403b-84b8-3c7358f490ee" removed.
> {code}
> Attached are the MS Event Logs for the `RemoteDesktop*` and 
> `TerminalServices*` log sources



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (GUACAMOLE-1283) Legacy RDP encryption may fail with "ERRINFO_DECRYPT_FAILED"

Reply via email to