Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with value decryption #237

Open
posteingang opened this issue May 8, 2019 · 0 comments
Open

Issue with value decryption #237

posteingang opened this issue May 8, 2019 · 0 comments

Comments

@posteingang
Copy link

posteingang commented May 8, 2019
edited
Loading

Hi,

we have an issue with the decryption of values which starts with '$7$' but only on certain systems.

We figured out that the problem happen on following line in lib/puppet_x/voxpupuli/splunk/util.rb
splunk_secret = IO.binread(secrets_file).chomp

With this following code we hexdump the readed string by ruby and the string from cat /opt/splunk/etc/auth/splunk.secret

require 'openssl'
require 'base64'
require 'hexdump'

secrets_file = "/opt/splunk/etc/auth/splunk.secret"

secret = "RXSD6HJ0djZLGzsByc9nPrnb0q.raCu3iOQJ0i2WQjhnro0qL0Oev/a7CXC5f8WUOZ.bn60vnq6d1WGkzvmhVxhVPk4vj8.TI2njFNyU5FIZLnQZwVtE4/UuGPZzFqY6Oj6.Es2btfLtn8j72k7joJ2zHSMwVneEXsmrgHPadNgoGx65y3bqtNMJCkowbGwAvNg1mpes2P9.QSkYi42zTx5.imVsX125wMlHLyOUnWN0WkeX0PyxSj1k3aZ8xU" # cat /opt/splunk/etc/auth/splunk.secret

splunk_secret = IO.binread(secrets_file).chomp

puts splunk_secret
Hexdump.dump(splunk_secret)
puts "-------"
Hexdump.dump(secret)

The result is:

00000000  52 58 53 44 36 48 4a 30 64 6a 5a 4c 47 7a 73 42  |RXSD6HJ0djZLGzsB|
00000010  79 63 39 6e 50 72 6e 62 30 71 2e 72 61 43 75 33  |yc9nPrnb0q.raCu3|
00000020  69 4f 51 4a 30 69 32 57 51 6a 68 6e 72 6f 30 71  |iOQJ0i2WQjhnro0q|
00000030  4c 30 4f 65 76 2f 61 37 43 58 43 35 66 38 57 55  |L0Oev/a7CXC5f8WU|
00000040  4f 5a 2e 62 6e 36 30 76 6e 71 36 64 31 57 47 6b  |OZ.bn60vnq6d1WGk|
00000050  7a 76 6d 68 56 78 68 56 50 6b 34 76 6a 38 2e 54  |zvmhVxhVPk4vj8.T|
00000060  49 32 6e 6a 46 4e 79 55 35 46 49 5a 4c 6e 51 5a  |I2njFNyU5FIZLnQZ|
00000070  77 56 74 45 34 2f 55 75 47 50 5a 7a 46 71 59 36  |wVtE4/UuGPZzFqY6|
00000080  4f 6a 36 2e 45 73 32 62 74 66 4c 74 6e 38 6a 37  |Oj6.Es2btfLtn8j7|
00000090  32 6b 37 6a 6f 4a 32 7a 48 53 4d 77 56 6e 65 45  |2k7joJ2zHSMwVneE|
000000a0  58 73 6d 72 67 48 50 61 64 4e 67 6f 47 78 36 35  |XsmrgHPadNgoGx65|
000000b0  79 33 62 71 74 4e 4d 4a 43 6b 6f 77 62 47 77 41  |y3bqtNMJCkowbGwA|
000000c0  76 4e 67 31 6d 70 65 73 32 50 39 2e 51 53 6b 59  |vNg1mpes2P9.QSkY|
000000d0  69 34 32 7a 54 78 35 2e 69 6d 56 73 58 31 32 35  |i42zTx5.imVsX125|
000000e0  77 4d 6c 48 4c 79 4f 55 6e 57 4e 30 57 6b 65 58  |wMlHLyOUnWN0WkeX|
000000f0  30 50 79 78 53 6a 31 6b 33 61 5a 38 78 55 00     |0PyxSj1k3aZ8xU.|
-------
00000000  52 58 53 44 36 48 4a 30 64 6a 5a 4c 47 7a 73 42  |RXSD6HJ0djZLGzsB|
00000010  79 63 39 6e 50 72 6e 62 30 71 2e 72 61 43 75 33  |yc9nPrnb0q.raCu3|
00000020  69 4f 51 4a 30 69 32 57 51 6a 68 6e 72 6f 30 71  |iOQJ0i2WQjhnro0q|
00000030  4c 30 4f 65 76 2f 61 37 43 58 43 35 66 38 57 55  |L0Oev/a7CXC5f8WU|
00000040  4f 5a 2e 62 6e 36 30 76 6e 71 36 64 31 57 47 6b  |OZ.bn60vnq6d1WGk|
00000050  7a 76 6d 68 56 78 68 56 50 6b 34 76 6a 38 2e 54  |zvmhVxhVPk4vj8.T|
00000060  49 32 6e 6a 46 4e 79 55 35 46 49 5a 4c 6e 51 5a  |I2njFNyU5FIZLnQZ|
00000070  77 56 74 45 34 2f 55 75 47 50 5a 7a 46 71 59 36  |wVtE4/UuGPZzFqY6|
00000080  4f 6a 36 2e 45 73 32 62 74 66 4c 74 6e 38 6a 37  |Oj6.Es2btfLtn8j7|
00000090  32 6b 37 6a 6f 4a 32 7a 48 53 4d 77 56 6e 65 45  |2k7joJ2zHSMwVneE|
000000a0  58 73 6d 72 67 48 50 61 64 4e 67 6f 47 78 36 35  |XsmrgHPadNgoGx65|
000000b0  79 33 62 71 74 4e 4d 4a 43 6b 6f 77 62 47 77 41  |y3bqtNMJCkowbGwA|
000000c0  76 4e 67 31 6d 70 65 73 32 50 39 2e 51 53 6b 59  |vNg1mpes2P9.QSkY|
000000d0  69 34 32 7a 54 78 35 2e 69 6d 56 73 58 31 32 35  |i42zTx5.imVsX125|
000000e0  77 4d 6c 48 4c 79 4f 55 6e 57 4e 30 57 6b 65 58  |wMlHLyOUnWN0WkeX|
000000f0  30 50 79 78 53 6a 31 6b 33 61 5a 38 78 55        |0PyxSj1k3aZ8xU|

Where you can see there are difference .

If we change the problem line to splunk_secret = IO.binread(secrets_file).chop it works well.

Unfortunately I am not a dev. So someone else with more knowledge of ruby can validate the problem.
@posteingang posteingang changed the title Issue with pass4symmkey decryption Issue with value decryption May 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@posteingang