Commit 7e0cd4a5 authored by ale's avatar ale

Properly decode user encrypted private keys

The field is prefixed by an ID in LDAP (separated from the key data by
a ':'), strip it before returning key data from the backend.
parent 29c4b470
Pipeline #1016 passed with stages
in 53 seconds
package backend
import (
"bytes"
"context"
"errors"
"fmt"
......@@ -133,6 +134,15 @@ func NewLDAPBackend(config *LDAPConfig) (*ldapBackend, error) {
}, nil
}
// The encrypted private keys are a compound object in LDAP (in
// "id:key" format), we can safely ignore the key id here.
func decodePrivateKey(enc []byte) []byte {
if n := bytes.IndexByte(enc, ':'); n >= 0 {
return enc[n+1:]
}
return enc
}
func (b *ldapBackend) GetPrivateKeys(ctx context.Context, username string) ([][]byte, error) {
result, err := b.pool.Search(ctx, b.config.Query.searchRequest(username, b.config.Query.PrivateKeyAttr))
if err != nil {
......@@ -142,7 +152,7 @@ func (b *ldapBackend) GetPrivateKeys(ctx context.Context, username string) ([][]
var out [][]byte
for _, ent := range result.Entries {
for _, val := range ent.GetAttributeValues(b.config.Query.PrivateKeyAttr) {
out = append(out, []byte(val))
out = append(out, decodePrivateKey([]byte(val)))
}
}
return out, nil
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment