From 33f29d081d17c496e2348075b430d8238e2998ea Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Sat, 13 Nov 2021 08:54:24 -0500 Subject: fix(xanthous/server): Fix decoding secret key The actual function we want for the format we're using is decode_secret_key, not decode_openssh, apparently - covered this with a toneest to make sure. Change-Id: I659226169f213b8464b96aec6b94bf13fd80aac8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3863 Tested-by: BuildkiteCI Reviewed-by: grfn --- users/grfn/xanthous/server/Cargo.lock | 24 ++++++++++++++++++++ users/grfn/xanthous/server/Cargo.toml | 3 +++ users/grfn/xanthous/server/src/main.rs | 40 ++++++++++++++++++++++++++++++++-- 3 files changed, 65 insertions(+), 2 deletions(-) (limited to 'users/grfn/xanthous/server') diff --git a/users/grfn/xanthous/server/Cargo.lock b/users/grfn/xanthous/server/Cargo.lock index 4bc9719911c8..46488d4575f2 100644 --- a/users/grfn/xanthous/server/Cargo.lock +++ b/users/grfn/xanthous/server/Cargo.lock @@ -1319,6 +1319,15 @@ version = "0.6.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" +[[package]] +name = "remove_dir_all" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" +dependencies = [ + "winapi", +] + [[package]] name = "rustc-demangle" version = "0.1.21" @@ -1456,6 +1465,20 @@ dependencies = [ "unicode-xid", ] +[[package]] +name = "tempfile" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" +dependencies = [ + "cfg-if 1.0.0", + "libc", + "rand", + "redox_syscall", + "remove_dir_all", + "winapi", +] + [[package]] name = "termcolor" version = "1.1.2" @@ -1889,6 +1912,7 @@ dependencies = [ "metrics-exporter-prometheus", "nix", "pbkdf2", + "tempfile", "thrussh", "thrussh-keys", "tokio", diff --git a/users/grfn/xanthous/server/Cargo.toml b/users/grfn/xanthous/server/Cargo.toml index 6772d75ec88f..adb2a02391bd 100644 --- a/users/grfn/xanthous/server/Cargo.toml +++ b/users/grfn/xanthous/server/Cargo.toml @@ -24,3 +24,6 @@ base64ct = "<1.2" [dependencies.tokio] version = "1.13" features = ["rt", "rt-multi-thread", "macros", "net", "process", "fs", "signal"] + +[dev-dependencies] +tempfile = "3.2.0" diff --git a/users/grfn/xanthous/server/src/main.rs b/users/grfn/xanthous/server/src/main.rs index 9bb31bd9b875..ed8f831c7d3f 100644 --- a/users/grfn/xanthous/server/src/main.rs +++ b/users/grfn/xanthous/server/src/main.rs @@ -2,6 +2,7 @@ use std::net::SocketAddr; use std::path::PathBuf; use std::pin::Pin; use std::process::Command; +use std::str; use std::sync::Arc; use clap::Parser; @@ -17,7 +18,7 @@ use thrussh::{ server::{self, Auth, Session}, CryptoVec, }; -use thrussh_keys::decode_openssh; +use thrussh_keys::decode_secret_key; use thrussh_keys::key::KeyPair; use tokio::fs::File; use tokio::io::{AsyncReadExt, AsyncWriteExt}; @@ -75,7 +76,7 @@ impl Opts { .context("Reading secret key file")?; let mut secret_key = Vec::with_capacity(464); file.read_to_end(&mut secret_key).await?; - Ok(decode_openssh(&secret_key, None)?) + Ok(decode_secret_key(str::from_utf8(&secret_key)?, None)?) } async fn ssh_server_config(&self) -> Result { @@ -350,3 +351,38 @@ async fn main() -> Result<()> { }); } } + +#[cfg(test)] +mod tests { + use tempfile::NamedTempFile; + + use super::*; + + #[tokio::test] + async fn read_secret_key() { + use std::io::Write; + + let mut file = NamedTempFile::new().unwrap(); + file.write_all( + b" +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAYz80xcK7jYxZMAl6apIHKRtB0Z2U78gG39c1QaIhgMwAAAJB9vxK9fb8S +vQAAAAtzc2gtZWQyNTUxOQAAACAYz80xcK7jYxZMAl6apIHKRtB0Z2U78gG39c1QaIhgMw +AAAEDNZ0d3lLNBGU6Im4JOpr490TOjm+cB7kMVXjVg3iCowBjPzTFwruNjFkwCXpqkgcpG +0HRnZTvyAbf1zVBoiGAzAAAACHRlc3Qta2V5AQIDBAU= +-----END OPENSSH PRIVATE KEY----- +", + ) + .unwrap(); + + let opts: Opts = Opts::parse_from(&[ + "xanthous-server".as_ref(), + "--xanthous-binary-path".as_ref(), + "/bin/xanthous".as_ref(), + "--secret-key-file".as_ref(), + file.path().as_os_str(), + ]); + opts.read_secret_key().await.unwrap(); + } +} -- cgit 1.4.1