FS#61228 - [pgadmin4] 3.6-1 python3-pycryptodome patch encoding failure

Attached to Project: Community Packages
Opened by mal (mal) - Tuesday, 01 January 2019, 09:02 GMT
Last edited by Balló György (City-busz) - Friday, 29 March 2019, 11:54 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
The change to using native python libraries re-found the same error as https://bugs.archlinux.org/task/60332 with a different cause.

pgadmin4 3.6-1
python-pycryptodome 3.7.2-1

Log:
2019-01-01 03:39:56,598: ERROR flask.app: Object type <class 'str'> cannot be passed to C code
Traceback (most recent call last):
File "/usr/lib/pgadmin4/web/pgadmin/utils/driver/psycopg2/server_manager.py", line 409, in create_ssh_tunnel
tunnel_password = decrypt(tunnel_password, user.password)
File "/usr/lib/pgadmin4/web/pgadmin/utils/crypto.py", line 54, in decrypt
cipher = AES.new(pad(key), AES.MODE_CFB, iv)
File "/usr/lib/python3.7/site-packages/Crypto/Cipher/AES.py", line 232, in new
return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
File "/usr/lib/python3.7/site-packages/Crypto/Cipher/__init__.py", line 79, in _create_cipher
return modes[mode](factory, **kwargs)
File "/usr/lib/python3.7/site-packages/Crypto/Cipher/_mode_cfb.py", line 270, in _create_cfb_cipher
cipher_state = factory._create_base_cipher(kwargs)
File "/usr/lib/python3.7/site-packages/Crypto/Cipher/AES.py", line 103, in _create_base_cipher
result = start_operation(c_uint8_ptr(key),
File "/usr/lib/python3.7/site-packages/Crypto/Util/_raw_api.py", line 144, in c_uint8_ptr
raise TypeError("Object type %s cannot be passed to C code" % type(data))
TypeError: Object type <class 'str'> cannot be passed to C code
2019-01-01 03:39:56,602: ERROR flask.app: Could not connected to server(#6) - 'REDACTED'.
Error: Failed to decrypt the SSH tunnel password.
Error: Object type <class 'str'> cannot be passed to C code

Steps to reproduce:
- Have a server accessed via an SSH tunnel using a key with a password that's not saved by pgadmin
- Attempt to connect to the server

Fix:
pgadmin4-compatibility-with-python3-pycryptodome.patch, instead of patching psycopg2, should be adding encoding for the key on line 54 of crypto.py:
- cipher = AES.new(pad(key), AES.MODE_CFB, iv)
+ cipher = AES.new(pad(key.encode('utf-8')), AES.MODE_CFB, iv)

Thanks!
This task depends upon

Closed by  Balló György (City-busz)
Friday, 29 March 2019, 11:54 GMT
Reason for closing:  Fixed
Additional comments about closing:  pgadmin4 4.2-1
Comment by mal (mal) - Tuesday, 01 January 2019, 09:23 GMT
Oops, that's not actually a vendored psycopg2, just an interface. I think the change I wrote is still good though - it works for me, and it appears decrypt() is called from many places in the psycopg2 interface.
Comment by loqs (loqs) - Monday, 07 January 2019, 21:36 GMT
Consider contributing all the pycryptodome changes to https://www.postgresql.org/message-id/flat/CAKKotZSL6hT_3J3PP3vQz_2fsqbWHTHE_2AFYK8yTAaEjr%2B%2BOQ%40mail.gmail.com ?
Attachment adds mal's suggested change to the patch file.
   pgadmin4-compatibility-with-p... (1.7 KiB)
Comment by Ilia Draga (shadowuser) - Tuesday, 29 January 2019, 11:39 GMT
sudo pip uninstall pycryptodome && sudo pip install pycrypto
Comment by mal (mal) - Wednesday, 30 January 2019, 01:37 GMT
If you installed pycryptodome through pacman, you need to uninstall it that way or it will be re-installed next update.
I strongly recommend against managing system-wide things with pip regardless, since if you do that they'll never get updated, and can interfere with the package manager.

This problem still exists with pgadmin4 4.1-1, and the following does work, but is probably not the best solution:
pacman -Rdd python-pycryptodome
pikaur -S python-pycrypto

Loading...