about summary refs log tree commit diff
path: root/users/grfn
diff options
context:
space:
mode:
authorGriffin Smith <grfn@gws.fyi>2021-11-13T13·54-0500
committergrfn <grfn@gws.fyi>2021-11-13T14·12+0000
commit33f29d081d17c496e2348075b430d8238e2998ea (patch)
tree8c79d70f3665a3ec9678ebda36219857f4846e6f /users/grfn
parent3d4e992c6fc2147e0f0ab9cf3dcc253b777b3a32 (diff)
fix(xanthous/server): Fix decoding secret key r/3056
The actual function we want for the format we're using is
decode_secret_key, not decode_openssh, apparently - covered this with a
toneest to make sure.

Change-Id: I659226169f213b8464b96aec6b94bf13fd80aac8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3863
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Diffstat (limited to 'users/grfn')
-rw-r--r--users/grfn/xanthous/server/Cargo.lock24
-rw-r--r--users/grfn/xanthous/server/Cargo.toml3
-rw-r--r--users/grfn/xanthous/server/src/main.rs40
3 files changed, 65 insertions, 2 deletions
diff --git a/users/grfn/xanthous/server/Cargo.lock b/users/grfn/xanthous/server/Cargo.lock
index 4bc9719911c8..46488d4575f2 100644
--- a/users/grfn/xanthous/server/Cargo.lock
+++ b/users/grfn/xanthous/server/Cargo.lock
@@ -1320,6 +1320,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
 
 [[package]]
+name = "remove_dir_all"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
 name = "rustc-demangle"
 version = "0.1.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1457,6 +1466,20 @@ dependencies = [
 ]
 
 [[package]]
+name = "tempfile"
+version = "3.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
+dependencies = [
+ "cfg-if 1.0.0",
+ "libc",
+ "rand",
+ "redox_syscall",
+ "remove_dir_all",
+ "winapi",
+]
+
+[[package]]
 name = "termcolor"
 version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1889,6 +1912,7 @@ dependencies = [
  "metrics-exporter-prometheus",
  "nix",
  "pbkdf2",
+ "tempfile",
  "thrussh",
  "thrussh-keys",
  "tokio",
diff --git a/users/grfn/xanthous/server/Cargo.toml b/users/grfn/xanthous/server/Cargo.toml
index 6772d75ec88f..adb2a02391bd 100644
--- a/users/grfn/xanthous/server/Cargo.toml
+++ b/users/grfn/xanthous/server/Cargo.toml
@@ -24,3 +24,6 @@ base64ct = "<1.2"
 [dependencies.tokio]
 version = "1.13"
 features = ["rt", "rt-multi-thread", "macros", "net", "process", "fs", "signal"]
+
+[dev-dependencies]
+tempfile = "3.2.0"
diff --git a/users/grfn/xanthous/server/src/main.rs b/users/grfn/xanthous/server/src/main.rs
index 9bb31bd9b875..ed8f831c7d3f 100644
--- a/users/grfn/xanthous/server/src/main.rs
+++ b/users/grfn/xanthous/server/src/main.rs
@@ -2,6 +2,7 @@ use std::net::SocketAddr;
 use std::path::PathBuf;
 use std::pin::Pin;
 use std::process::Command;
+use std::str;
 use std::sync::Arc;
 
 use clap::Parser;
@@ -17,7 +18,7 @@ use thrussh::{
     server::{self, Auth, Session},
     CryptoVec,
 };
-use thrussh_keys::decode_openssh;
+use thrussh_keys::decode_secret_key;
 use thrussh_keys::key::KeyPair;
 use tokio::fs::File;
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
@@ -75,7 +76,7 @@ impl Opts {
             .context("Reading secret key file")?;
         let mut secret_key = Vec::with_capacity(464);
         file.read_to_end(&mut secret_key).await?;
-        Ok(decode_openssh(&secret_key, None)?)
+        Ok(decode_secret_key(str::from_utf8(&secret_key)?, None)?)
     }
 
     async fn ssh_server_config(&self) -> Result<server::Config> {
@@ -350,3 +351,38 @@ async fn main() -> Result<()> {
         });
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use tempfile::NamedTempFile;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn read_secret_key() {
+        use std::io::Write;
+
+        let mut file = NamedTempFile::new().unwrap();
+        file.write_all(
+            b"
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAYz80xcK7jYxZMAl6apIHKRtB0Z2U78gG39c1QaIhgMwAAAJB9vxK9fb8S
+vQAAAAtzc2gtZWQyNTUxOQAAACAYz80xcK7jYxZMAl6apIHKRtB0Z2U78gG39c1QaIhgMw
+AAAEDNZ0d3lLNBGU6Im4JOpr490TOjm+cB7kMVXjVg3iCowBjPzTFwruNjFkwCXpqkgcpG
+0HRnZTvyAbf1zVBoiGAzAAAACHRlc3Qta2V5AQIDBAU=
+-----END OPENSSH PRIVATE KEY-----
+",
+        )
+        .unwrap();
+
+        let opts: Opts = Opts::parse_from(&[
+            "xanthous-server".as_ref(),
+            "--xanthous-binary-path".as_ref(),
+            "/bin/xanthous".as_ref(),
+            "--secret-key-file".as_ref(),
+            file.path().as_os_str(),
+        ]);
+        opts.read_secret_key().await.unwrap();
+    }
+}