[jira] [Created] (GUACAMOLE-594) Import Private Key is Failing

Thu, 26 Jul 2018 06:56:11 -0700 

Jean Mousinho created GUACAMOLE-594:
---------------------------------------

             Summary: Import Private Key is Failing
                 Key: GUACAMOLE-594
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-594
             Project: Guacamole
          Issue Type: Bug
          Components: guacd
    Affects Versions: 0.9.14
            Reporter: Jean Mousinho


Hi,

I was trying to use private key in the basic user authentication and was 
failing. After some debugging I found that it is reading the key from XML but 
adding a new line character at the beginning, so when it tries to compare with 
RSA/DSA headers it fails.

I added the following code just for debugging purposes in common-ssh/key.c
 
{code:c}
    /* Otherwise, unsupported type */
    else {
        printf("Unsupported/invalid private key!\n");
        key->private_key_length = length+1;
        key->private_key = malloc(length+1);
        memcpy(key->private_key, data, length);
        key->private_key[length] = '\0';
        printf("Key data:\n%s",key->private_key);
        BIO_free(key_bio);
        return NULL;
    }
{code}

With the following user-mapping.xml extract:

{code:c}
          <param name="private-key">-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
...
{code}

It gives me:

{code}
guacd[19414]: DEBUG:    Re-attempting private key import (WITH passphrase)
key data:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
...
{code}

To fix it I simply discard the newline character if there is one in 
common-ssl/user.c

{code:c}
int guac_common_ssh_user_import_key(guac_common_ssh_user* user,
        char* private_key, char* passphrase) {

    /* Free existing private key, if present */
    if (user->private_key != NULL)
        guac_common_ssh_key_free(user->private_key);

+    /* Skip extra newline if there is one */
+    if ( *private_key == '\n' )
+        private_key += 1;

    /* Attempt to read key without passphrase if none given */
    if (passphrase == NULL)
        user->private_key = guac_common_ssh_key_alloc(private_key,
                strlen(private_key), "");

    /* Otherwise, use provided passphrase */
    else
        user->private_key = guac_common_ssh_key_alloc(private_key,
                strlen(private_key), passphrase);

    /* Fail if key could not be read */
    return user->private_key == NULL;

}
{code}

I might be doing something wrong, if yes, please let me know.

Thanks.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to