You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2022/01/03 04:31:00 UTC

[jira] [Commented] (GUACAMOLE-594) Import Private Key is Failing

    [ https://issues.apache.org/jira/browse/GUACAMOLE-594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17467777#comment-17467777 ] 

Nick Couchman commented on GUACAMOLE-594:
-----------------------------------------

[~jean.mousinho]: Can you confirm if this is still an issue with the latest version?

> Import Private Key is Failing
> -----------------------------
>
>                 Key: GUACAMOLE-594
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-594
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacd
>    Affects Versions: 0.9.14
>            Reporter: Jean Mousinho
>            Priority: Minor
>
> Hi,
> I was trying to use private key in the basic user authentication and was failing. After some debugging I found that it is reading the key from XML but adding a new line character at the beginning, so when it tries to compare with RSA/DSA headers it fails.
> I added the following code just for debugging purposes in common-ssh/key.c
>  
> {code:c}
>     /* Otherwise, unsupported type */
>     else {
>         printf("Unsupported/invalid private key!\n");
>         key->private_key_length = length+1;
>         key->private_key = malloc(length+1);
>         memcpy(key->private_key, data, length);
>         key->private_key[length] = '\0';
>         printf("Key data:\n%s",key->private_key);
>         BIO_free(key_bio);
>         return NULL;
>     }
> {code}
> With the following user-mapping.xml extract:
> {code:c}
>           <param name="private-key">-----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
> ...
> {code}
> It gives me:
> {code}
> guacd[19414]: DEBUG:	Re-attempting private key import (WITH passphrase)
> key data:
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
> ...
> {code}
> To fix it I simply discard the newline character if there is one in common-ssl/user.c
> {code:c}
> int guac_common_ssh_user_import_key(guac_common_ssh_user* user,
>         char* private_key, char* passphrase) {
>     /* Free existing private key, if present */
>     if (user->private_key != NULL)
>         guac_common_ssh_key_free(user->private_key);
> +    /* Skip extra newline if there is one */
> +    if ( *private_key == '\n' )
> +        private_key += 1;
>     /* Attempt to read key without passphrase if none given */
>     if (passphrase == NULL)
>         user->private_key = guac_common_ssh_key_alloc(private_key,
>                 strlen(private_key), "");
>     /* Otherwise, use provided passphrase */
>     else
>         user->private_key = guac_common_ssh_key_alloc(private_key,
>                 strlen(private_key), passphrase);
>     /* Fail if key could not be read */
>     return user->private_key == NULL;
> }
> {code}
> I might be doing something wrong, if yes, please let me know.
> Thanks.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)