You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2022/01/03 04:31:00 UTC
[jira] [Commented] (GUACAMOLE-594) Import Private Key is Failing
[ https://issues.apache.org/jira/browse/GUACAMOLE-594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17467777#comment-17467777 ]
Nick Couchman commented on GUACAMOLE-594:
-----------------------------------------
[~jean.mousinho]: Can you confirm if this is still an issue with the latest version?
> Import Private Key is Failing
> -----------------------------
>
> Key: GUACAMOLE-594
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-594
> Project: Guacamole
> Issue Type: Bug
> Components: guacd
> Affects Versions: 0.9.14
> Reporter: Jean Mousinho
> Priority: Minor
>
> Hi,
> I was trying to use private key in the basic user authentication and was failing. After some debugging I found that it is reading the key from XML but adding a new line character at the beginning, so when it tries to compare with RSA/DSA headers it fails.
> I added the following code just for debugging purposes in common-ssh/key.c
>
> {code:c}
> /* Otherwise, unsupported type */
> else {
> printf("Unsupported/invalid private key!\n");
> key->private_key_length = length+1;
> key->private_key = malloc(length+1);
> memcpy(key->private_key, data, length);
> key->private_key[length] = '\0';
> printf("Key data:\n%s",key->private_key);
> BIO_free(key_bio);
> return NULL;
> }
> {code}
> With the following user-mapping.xml extract:
> {code:c}
> <param name="private-key">-----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
> ...
> {code}
> It gives me:
> {code}
> guacd[19414]: DEBUG: Re-attempting private key import (WITH passphrase)
> key data:
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-128-CBC,2EEB73462EA53EFFB1AF2EF62440CEB8
> ...
> {code}
> To fix it I simply discard the newline character if there is one in common-ssl/user.c
> {code:c}
> int guac_common_ssh_user_import_key(guac_common_ssh_user* user,
> char* private_key, char* passphrase) {
> /* Free existing private key, if present */
> if (user->private_key != NULL)
> guac_common_ssh_key_free(user->private_key);
> + /* Skip extra newline if there is one */
> + if ( *private_key == '\n' )
> + private_key += 1;
> /* Attempt to read key without passphrase if none given */
> if (passphrase == NULL)
> user->private_key = guac_common_ssh_key_alloc(private_key,
> strlen(private_key), "");
> /* Otherwise, use provided passphrase */
> else
> user->private_key = guac_common_ssh_key_alloc(private_key,
> strlen(private_key), passphrase);
> /* Fail if key could not be read */
> return user->private_key == NULL;
> }
> {code}
> I might be doing something wrong, if yes, please let me know.
> Thanks.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)