puppet-splunk
puppet-splunk copied to clipboard
Published
20 hours ago •
voxpupuli
voxpupuli
Issue with value decryption
Hi,
we have an issue with the decryption of values which starts with '$7$' but only on certain systems.
We figured out that the problem happen on following line in lib/puppet_x/voxpupuli/splunk/util.rb
splunk_secret = IO.binread(secrets_file).chomp
With this following code we hexdump the readed string by ruby and the string from cat /opt/splunk/etc/auth/splunk.secret
require 'openssl'
require 'base64'
require 'hexdump'
secrets_file = "/opt/splunk/etc/auth/splunk.secret"
secret = "RXSD6HJ0djZLGzsByc9nPrnb0q.raCu3iOQJ0i2WQjhnro0qL0Oev/a7CXC5f8WUOZ.bn60vnq6d1WGkzvmhVxhVPk4vj8.TI2njFNyU5FIZLnQZwVtE4/UuGPZzFqY6Oj6.Es2btfLtn8j72k7joJ2zHSMwVneEXsmrgHPadNgoGx65y3bqtNMJCkowbGwAvNg1mpes2P9.QSkYi42zTx5.imVsX125wMlHLyOUnWN0WkeX0PyxSj1k3aZ8xU" # cat /opt/splunk/etc/auth/splunk.secret
splunk_secret = IO.binread(secrets_file).chomp
puts splunk_secret
Hexdump.dump(splunk_secret)
puts "-------"
Hexdump.dump(secret)
The result is:
00000000 52 58 53 44 36 48 4a 30 64 6a 5a 4c 47 7a 73 42 |RXSD6HJ0djZLGzsB|
00000010 79 63 39 6e 50 72 6e 62 30 71 2e 72 61 43 75 33 |yc9nPrnb0q.raCu3|
00000020 69 4f 51 4a 30 69 32 57 51 6a 68 6e 72 6f 30 71 |iOQJ0i2WQjhnro0q|
00000030 4c 30 4f 65 76 2f 61 37 43 58 43 35 66 38 57 55 |L0Oev/a7CXC5f8WU|
00000040 4f 5a 2e 62 6e 36 30 76 6e 71 36 64 31 57 47 6b |OZ.bn60vnq6d1WGk|
00000050 7a 76 6d 68 56 78 68 56 50 6b 34 76 6a 38 2e 54 |zvmhVxhVPk4vj8.T|
00000060 49 32 6e 6a 46 4e 79 55 35 46 49 5a 4c 6e 51 5a |I2njFNyU5FIZLnQZ|
00000070 77 56 74 45 34 2f 55 75 47 50 5a 7a 46 71 59 36 |wVtE4/UuGPZzFqY6|
00000080 4f 6a 36 2e 45 73 32 62 74 66 4c 74 6e 38 6a 37 |Oj6.Es2btfLtn8j7|
00000090 32 6b 37 6a 6f 4a 32 7a 48 53 4d 77 56 6e 65 45 |2k7joJ2zHSMwVneE|
000000a0 58 73 6d 72 67 48 50 61 64 4e 67 6f 47 78 36 35 |XsmrgHPadNgoGx65|
000000b0 79 33 62 71 74 4e 4d 4a 43 6b 6f 77 62 47 77 41 |y3bqtNMJCkowbGwA|
000000c0 76 4e 67 31 6d 70 65 73 32 50 39 2e 51 53 6b 59 |vNg1mpes2P9.QSkY|
000000d0 69 34 32 7a 54 78 35 2e 69 6d 56 73 58 31 32 35 |i42zTx5.imVsX125|
000000e0 77 4d 6c 48 4c 79 4f 55 6e 57 4e 30 57 6b 65 58 |wMlHLyOUnWN0WkeX|
000000f0 30 50 79 78 53 6a 31 6b 33 61 5a 38 78 55 00 |0PyxSj1k3aZ8xU.|
-------
00000000 52 58 53 44 36 48 4a 30 64 6a 5a 4c 47 7a 73 42 |RXSD6HJ0djZLGzsB|
00000010 79 63 39 6e 50 72 6e 62 30 71 2e 72 61 43 75 33 |yc9nPrnb0q.raCu3|
00000020 69 4f 51 4a 30 69 32 57 51 6a 68 6e 72 6f 30 71 |iOQJ0i2WQjhnro0q|
00000030 4c 30 4f 65 76 2f 61 37 43 58 43 35 66 38 57 55 |L0Oev/a7CXC5f8WU|
00000040 4f 5a 2e 62 6e 36 30 76 6e 71 36 64 31 57 47 6b |OZ.bn60vnq6d1WGk|
00000050 7a 76 6d 68 56 78 68 56 50 6b 34 76 6a 38 2e 54 |zvmhVxhVPk4vj8.T|
00000060 49 32 6e 6a 46 4e 79 55 35 46 49 5a 4c 6e 51 5a |I2njFNyU5FIZLnQZ|
00000070 77 56 74 45 34 2f 55 75 47 50 5a 7a 46 71 59 36 |wVtE4/UuGPZzFqY6|
00000080 4f 6a 36 2e 45 73 32 62 74 66 4c 74 6e 38 6a 37 |Oj6.Es2btfLtn8j7|
00000090 32 6b 37 6a 6f 4a 32 7a 48 53 4d 77 56 6e 65 45 |2k7joJ2zHSMwVneE|
000000a0 58 73 6d 72 67 48 50 61 64 4e 67 6f 47 78 36 35 |XsmrgHPadNgoGx65|
000000b0 79 33 62 71 74 4e 4d 4a 43 6b 6f 77 62 47 77 41 |y3bqtNMJCkowbGwA|
000000c0 76 4e 67 31 6d 70 65 73 32 50 39 2e 51 53 6b 59 |vNg1mpes2P9.QSkY|
000000d0 69 34 32 7a 54 78 35 2e 69 6d 56 73 58 31 32 35 |i42zTx5.imVsX125|
000000e0 77 4d 6c 48 4c 79 4f 55 6e 57 4e 30 57 6b 65 58 |wMlHLyOUnWN0WkeX|
000000f0 30 50 79 78 53 6a 31 6b 33 61 5a 38 78 55 |0PyxSj1k3aZ8xU|
Where you can see there are difference .
If we change the problem line to splunk_secret = IO.binread(secrets_file).chop it works well.
Unfortunately I am not a dev. So someone else with more knowledge of ruby can validate the problem.
