M #~: Fix guacamole connection via ssh (#1717)

(cherry picked from commit 360eb0ee5fde38ea3efe0b8e6f044f380ef1ad03)
2025-03-21 14:50:08 +03:00 · 2022-01-25 17:18:23 +01:00 · 2022-01-25 17:18:23 +01:00 · 490d7db9e1
commit 490d7db9e1
parent 3e55e9584d
1 changed files with 27 additions and 1 deletions
--- a/src/sunstone/models/sunstone_guac.rb
+++ b/src/sunstone/models/sunstone_guac.rb
@ -31,6 +31,7 @@ else
    VAR_LOCATION ||= ONE_LOCATION + '/var/'
 end

+ONE_KEY = VAR_LOCATION + '/.one/one_key'
 FIREEDGE_KEY = VAR_LOCATION + '/.one/fireedge_key'

 # Class for Guacamole connection configuration
@ -194,7 +195,8 @@ class SunstoneGuac < SunstoneRemoteConnections
        end

        if vm_resource['TEMPLATE/CONTEXT/PASSWORD']
-            hash['password'] = vm_resource['TEMPLATE/CONTEXT/PASSWORD']
+            password = vm_resource['TEMPLATE/CONTEXT/PASSWORD']
+            hash['password'] = decrypt_by_one_key(password)
        end

        if vm_resource['TEMPLATE/CONTEXT/SSH_PUBLIC_KEY']
@ -244,4 +246,28 @@ class SunstoneGuac < SunstoneRemoteConnections
        Base64.strict_encode64(token.to_json).encode('utf-8').strip
    end

+    def decrypt_by_one_key(password)
+        # rubocop:disable Style/GlobalVars
+        system = OpenNebula::System.new($cloud_auth.client)
+        # rubocop:enable Style/GlobalVars
+        config = system.get_configuration
+        need_decrypt = config['VM_ENCRYPTED_ATTR'].include? 'CONTEXT/PASSWORD'
+
+        return password unless need_decrypt
+
+        key = File.read(ONE_KEY)
+        key = key.strip.delete("\n")
+
+        cipher = OpenSSL::Cipher.new('aes-256-cbc')
+        cipher.decrypt
+
+        # truncate token to 32-bytes for Ruby >= 2.4
+        cipher.key = key[0..31]
+
+        rc =  cipher.update(Base64.decode64(password))
+        rc << cipher.final
+    rescue StandardError
+        password
+    end
+
 end