Hi all, We're having issues with the Guacamole Encrypted JSON 1.5.3. functionality (https://dlcdn.apache.org/guacamole/1.5.3/binary/guacamole-auth-json-1.5.3.tar.gz); it looks like that the JSONAuthenticationProviderModule is not loading properly due to missing @Inject annotation.
Here follows the journal log for the boot: ``` guacamole tomcat9[9121]: Command line argument: -Djava.io.tmpdir=/tmp guacamole tomcat9[9121]: Loaded Apache Tomcat Native library [1.2.31] using APR version [1.7.0]. guacamole tomcat9[9121]: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true]. guacamole tomcat9[9121]: APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] guacamole tomcat9[9121]: OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022] guacamole tomcat9[9121]: Initializing ProtocolHandler ["http-nio-8080"] guacamole tomcat9[9121]: Server initialization in [286] milliseconds guacamole tomcat9[9121]: Starting service [Catalina] guacamole tomcat9[9121]: Starting Servlet engine: [Apache Tomcat/9.0.58 (Ubuntu)] guacamole tomcat9[9121]: Deploying deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] guacamole tomcat9[9121]: The path attribute with value [/host-manager] in deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] has been ignored guacamole tomcat9[9121]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in> guacamole tomcat9[9121]: Deployment of deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] has finished in [449] ms guacamole tomcat9[9121]: Deploying deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] guacamole tomcat9[9121]: The path attribute with value [/manager] in deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] has been ignored guacamole tomcat9[9121]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in> guacamole tomcat9[9121]: Deployment of deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] has finished in [233] ms guacamole tomcat9[9121]: Deploying web application archive [/var/lib/tomcat9/webapps/guacamole.war] guacamole tomcat9[9121]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in> guacamole tomcat9[9121]: 14:01:22.190 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". guacamole tomcat9[9121]: 14:01:22.233 [main] INFO o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/etc/guacamole/guacamole.properties". guacamole tomcat9[9121]: 14:01:22.234 [main] INFO o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity. guacamole tomcat9[9121]: 14:01:22.465 [main] ERROR o.a.g.extension.ProviderFactory - authentication provider extension failed to start: Unable to create injector, see the following errors: guacamole tomcat9[9121]: 1) [Guice/MissingConstructor]: No injectable constructor for type RequestValidationService. guacamole tomcat9[9121]: class RequestValidationService does not have a @Inject annotated constructor or a no-arg constructor. guacamole tomcat9[9121]: Requested by: guacamole tomcat9[9121]: 1 : RequestValidationService.class(RequestValidationService.java:39) guacamole tomcat9[9121]: at JSONAuthenticationProviderModule.configure(JSONAuthenticationProviderModule.java:80) guacamole tomcat9[9121]: Learn more: guacamole tomcat9[9121]: https://github.com/google/guice/wiki/MISSING_CONSTRUCTOR guacamole tomcat9[9121]: 1 error guacamole tomcat9[9121]: ====================== guacamole tomcat9[9121]: Full classname legend: guacamole tomcat9[9121]: ====================== guacamole tomcat9[9121]: JSONAuthenticationProviderModule: "org.apache.guacamole.auth.json.JSONAuthenticationProviderModule" guacamole tomcat9[9121]: RequestValidationService: "org.apache.guacamole.auth.json.RequestValidationService" guacamole tomcat9[9121]: ======================== guacamole tomcat9[9121]: End of classname legend: guacamole tomcat9[9121]: ======================== guacamole tomcat9[9121]: 14:01:22.482 [main] INFO o.a.g.extension.ExtensionModule - Extension "Encrypted JSON Authentication" (json) loaded. guacamole tomcat9[9121]: 14:01:22.546 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support... guacamole tomcat9[9121]: 14:01:22.782 [main] WARN o.g.jersey.server.wadl.WadlFeature - JAXBContext implementation could not be found. WADL feature is disabled. guacamole tomcat9[9121]: Deployment of web application archive [/var/lib/tomcat9/webapps/guacamole.war] has finished in [1,415] ms guacamole tomcat9[9121]: Deploying web application directory [/var/lib/tomcat9/webapps/ROOT] guacamole tomcat9[9121]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in> guacamole tomcat9[9121]: Deployment of web application directory [/var/lib/tomcat9/webapps/ROOT] has finished in [243] ms guacamole tomcat9[9121]: Starting ProtocolHandler ["http-nio-8080"] guacamole tomcat9[9121]: Server startup in [2384] milliseconds ``` This is the JSON to be signed (with anon user, we have the same result with populated username): ```json { "username" : "", "expires" : "1696814895720", "connections" : { "Connection Name" : { "id": "test-01", "protocol" : "ssh", "parameters" : { "hostname" : "localhost", "port" : "22", "username" : "guacamole", "password" : "guacamole", } } } } ``` Which corresponds to the base64: ``` ./encrypt-json.sh dcd40d46fe2c6bc0015b5fb22712a87a ./test.json jB0HHSt5jeUagAqSmz/u4Yz7aMAnwTrd1yqbFhiABAO5WnQ70OqkOXjymgvIEHRH 3Fbfsmr78YfX5CLjoCufgK54TXo2NB5hlWaynQV71kBI/2L+hmdCGK8+aZF1wxsu jrNCtLHl3gVr814Tix5ZHt2537x8IOMJYtzY9tPrr3q2oPyuP5+oFlyI0GDhejmL OO3NknRp6u+kOsyuzP1UwnoYMKrPeo1jzEv7wIjfWwVl7BZKQYsceIAE7MLkCm2M OeIQKRYixDZJX9VbyZK0zs7ILbuHgNCYbXrtB21R5cASirwv/JyUJh3QRAtxywsW uzW2bgKgH0ZLuQ/eFFGxr4/x/GIqeR3ZFdefWk6EI9SMrkjPeLGLaBd83bDa1eHT IwB3p20+UEuCrDbQ0irfkjlLqZP7x6zCrNzSxnlWIxaJ11lkKilPcyt+r1+b3Uwp d5aWd2mXxMsGY4Ov5G6CKrtnLDHfEMMFCtkfLbnGKLxulD8ch6FETlYDS2xt70tX qX0KgX9D/R/d+3WISAnJ/pAgNv+swDvqA+uBWyXfmq0= ``` and the CURL prompt: ``` curl --data-urlencode "data=jB0HHSt5jeUagAqSmz/u4Yz7aMAnwTrd1yqbFhiABAO5WnQ70OqkOXjymgvIEHRH3Fbfsmr78YfX5CLjoCufgK54TXo2NB5hlWaynQV71kBI/2L+hmdCGK8+aZF1wxsujrNCtLHl3gVr814Tix5ZHt2537x8IOMJYtzY9tPrr3q2oPyuP5+oFlyI0GDhejmLOO3NknRp6u+kOsyuzP1UwnoYMKrPeo1jzEv7wIjfWwVl7BZKQYsceIAE7MLkCm2MOeIQKRYixDZJX9VbyZK0zs7ILbuHgNCYbXrtB21R5cASirwv/JyUJh3QRAtxywsWuzW2bgKgH0ZLuQ/eFFGxr4/x/GIqeR3ZFdefWk6EI9SMrkjPeLGLaBd83bDa1eHTIwB3p20+UEuCrDbQ0irfkjlLqZP7x6zCrNzSxnlWIxaJ11lkKilPcyt+r1+b3Uwpd5aWd2mXxMsGY4Ov5G6CKrtnLDHfEMMFCtkfLbnGKLxulD8ch6FETlYDS2xt70tXqX0KgX9D/R/d+3WISAnJ/pAgNv+swDvqA+uBWyXfmq0=" http://localhost:8080/guacamole/api/tokens ``` The response: ```json { "message": "Permission Denied.", "translatableMessage": { "key": "APP.TEXT_UNTRANSLATED", "variables": { "MESSAGE": "Permission Denied." } }, "statusCode": null, "expected": [ { "name": "username", "type": "USERNAME" }, { "name": "password", "type": "PASSWORD" } ], "type": "INVALID_CREDENTIALS" } ``` And the corresponding log: ``` [http-nio-8080-exec-2] WARN o.a.g.e.AuthenticationProviderFacade - Authentication attempt ignored because the relevant authentication provider could not be loaded. Please check for errors earlier in the logs. ``` Property file guacamole.properties: ``` cat /etc/guacamole/guacamole.properties # Hostname and port of guacamole proxy guacd-hostname: localhost guacd-port: 4822 # Authentication provider class auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider # Properties used by BasicFileAuthenticationProvider #user-mapping: /etc/guacamole/user-mapping.xml json-secret-key: dcd40d46fe2c6bc0015b5fb22712a87a ``` Looking online we found that improperly encoded base64 data parameter might lead to issues, but this doesn't seems to be the case. We also tried to urlencode the data value to no changes. --- We noticed that there's a commit (https://github.com/apache/guacamole-client/commit/0a031c80a19449aa0ef61bb1adc2d102dbce790e) followed by a merge in the main branch (https://github.com/apache/guacamole-client/commit/4defba9728a26375615dc9265cb5be7e779bd428). If the problem we have found has been fixed by the indicated commits, should we wait for version 1.5.4 to be released or just compile the project ourselves? Thank you, Have a nice day. Mattia -- Ing. Mattia Zago, PhD Head of Research and Innovation e. [email protected] p. +39 345 080 4389 w. www.monokee.com Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i, sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al Destinatario del messaggio, per le finalità indicate dal messaggio stesso. Qualora riceveste questo messaggio senza esserne il Destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Trattenere il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti o utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal Decreto LGS 196/2003. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
