You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Cayetano Gómez <ca...@svtcloud.com> on 2016/10/26 09:15:04 UTC

'$' chra in password.

I have a problem using '$' char into  password to access guacamole.


IF you use, in logon to web interface, '$' in any position of a 
password, the logon process is reject to "incorrect password"

Using xml backend or Mysq Backend.


� any idea ?


Regards, and ... sorry, I have a bad english


-- 

SVTCloud <http://www.svtcloud.com>

Cayetano G\u221a\u2265mez / Director de Operaciones
cayetano@svtcloud.com <ma...@svtcloud.com>/ +34 606 57 3333

SVTCloud
902 602 015
Parque Cient\u221a\u2260fico y Tecnol\u221a\u2265gico Agroalimentario de Lleida Edificio H1 
2pta 25003 Lleida
http://www.svtcloud.com

Este mensaje y la documentaci\u221a\u2265n unida a ella como anexo se dirige 
exclusivamente a su destinatario. Se informa a quien reciba por error 
este correo que su lectura, copia y uso est\u221a�n prohibidos, toda vez que 
contiene INFORMACI\u221a�N CONFIDENCIAL sometida a secreto profesional, cuya 
divulgaci\u221a\u2265n est\u221a� prohibida por la ley. Le pedimos que si lo ha 
recibido por error nos lo comunique inmediatamente por esta misma v\u221a\u2260a a 
la direcci\u221a\u2265n svtcloud@svtcloud.com o por tel\u221a�fono (902 602 015), 
absteni\u221a�ndose de realizar copias del mensaje, enviarlo o entregarlo a 
otra persona, procediendo a eliminarlo inmediatamente.

Re: '$' chra in password.

Posted by Mike Jumper <mi...@guac-dev.org>.

On Nov 7, 2016 5:59 PM, "Shanon Loughton" <sl...@cloudmine.net.au>
wrote:
>
> I think I observed something similar when dealing with hard coding the
password in the XML files, both noauth-config.xml and user-mapping.xml and
for RDP connections.
>
> The work around was to escape the $ character, and possibly other
characters too.
>
> ie  <param name="password" value="foo\$bar@123" />
>
> What happens when you escape \$ character entry in the web interface?
>

Hi Shanon,

It shouldn't be necessary to escape the '$' in either case, unless it is
used in the same format as a parameter token ("${arbitrary text}"), in
which case the escape pattern is to repeat the '$' ("$${arbitrary text}").

Even then, however, it's virtually never required. The substitution will
only occur if the ${...} pattern fully matches (both braces are present,
not just the '$'), *and* the name of the token (the next within the braces)
is the name of a defined token.

In practice, this means that the '$' in a parameter value needs only be
escaped if it is part of the following substrings, and is intended to be
interpreted literally (not automatically substituted at all):

${GUAC_USERNAME}
${GUAC_PASSWORD}

And, as of current git:

${GUAC_DATE}
${GUAC_TIME}

See:
http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens

For XML, you would of course also need to escape characters which have
special meaning to XML (like '&'), but that is not Guacamole-specific. As
long as your XML is valid, you should be OK.

For the database auth, and for both XML-driven extensions, backslashes in
values have no special meaning will be interpreted as literal backslashes.
In fact, with the exception of parameter tokens, absolutely all characters
are interpreted literally.

Thanks,

- Mike

Re: '$' chra in password.

Posted by Shanon Loughton <sl...@cloudmine.net.au>.

I think I observed something similar when dealing with hard coding the
password in the XML files, both noauth-config.xml and user-mapping.xml and
for RDP connections.

The work around was to escape the $ character, and possibly other
characters too.

ie  <param name="password" value="foo\$bar@123" />

What happens when you escape \$ character entry in the web interface?

Hope that helps
Shanon

*Shanon Loughton*
phone +61 (0) 412 584 142
email  sloughton@cloudmine.net.au
web
*www.cloudmine.net.au <http://www.cloudmine.net.au>*skype cgltower
twitter @cloudmine_shan,@minefromwhereva

On Tue, Nov 8, 2016 at 9:34 AM, Mike Jumper <mi...@guac-dev.org>
wrote:

> On Mon, Nov 7, 2016 at 4:02 PM, Mike Jumper <mi...@guac-dev.org>
> wrote:
>
>>
>> 2) Created a new connection, "Test", configured to use RDP to connect to
>> a Windows 2008 server. A Windows user account with identical credentials
>> was created ("test" / "foo@bar@123"), with those credentials explicitly
>> specified in the connection parameters.
>>
>>
> "foo$bar@123"
>
> Sorry - ironic typo.
>
>

Re: '$' chra in password.

Posted by Mike Jumper <mi...@guac-dev.org>.

On Mon, Nov 7, 2016 at 4:02 PM, Mike Jumper <mi...@guac-dev.org>
wrote:

>
> 2) Created a new connection, "Test", configured to use RDP to connect to a
> Windows 2008 server. A Windows user account with identical credentials was
> created ("test" / "foo@bar@123"), with those credentials explicitly
> specified in the connection parameters.
>
>
"foo$bar@123"

Sorry - ironic typo.

Re: '$' chra in password.

Posted by Mike Jumper <mi...@guac-dev.org>.

Hello Cayetano and Maxime,

I cannot reproduce this issue as described. Testing against current
Guacamole from git master, I tried the following:

1) Created a user "test" with password "foo$bar@123" (no connections).

    Logging into Guacamole: success

2) Created a new connection, "Test", configured to use RDP to connect to a
Windows 2008 server. A Windows user account with identical credentials was
created ("test" / "foo@bar@123"), with those credentials explicitly
specified in the connection parameters.

    Logging into Guacamole: success
    Connecting to the RDP server: success

3) Edited the "Test" connection, replacing the explicitly-specified
username and password with "${GUAC_USERNAME}" and "${GUAC_PASSWORD}"
respectively.

    Logging into Guacamole: success
    Connecting to the RDP server: success

Are you positive that the password was not simply misentered?

- Mike


On Wed, Oct 26, 2016 at 2:25 AM, Maxime De Cuypere <je...@gmail.com>
wrote:

> I confirm this issue. I encountered this when I tried to use a $ char in a
> connection password (rdp) . Guacamole seems to only see the end of the
> password (if I remember) : zE$xT0tO becomes $xT0tO
>
> On Oct 26, 2016 11:15 AM, "Cayetano Gómez" <ca...@svtcloud.com> wrote:
>
>> I have a problem using '$' char into  password to access guacamole.
>>
>>
>> IF you use, in logon to web interface, '$' in any position of a password,
>> the logon process is reject to "incorrect password"
>>
>> Using xml backend or Mysq Backend.
>>
>>
>> ¿ any idea ?
>>
>>
>> Regards, and ... sorry, I have a bad english
>>
>> --
>>
>> [image: SVTCloud] <http://www.svtcloud.com>
>>
>> Cayetano G√≥mez / Director de Operaciones
>> cayetano@svtcloud.com / +34 606 57 3333
>>
>> SVTCloud
>> 902 602 015
>> Parque Cient√≠fico y Tecnol√≥gico Agroalimentario de Lleida Edificio H1
>> 2pta 25003 Lleida
>> http://www.svtcloud.com
>>
>> Este mensaje y la documentaci√≥n unida a ella como anexo se dirige
>> exclusivamente a su destinatario. Se informa a quien reciba por error este
>> correo que su lectura, copia y uso est√°n prohibidos, toda vez que contiene
>> INFORMACI√ìN CONFIDENCIAL sometida a secreto profesional, cuya divulgaci√≥n
>> est√° prohibida por la ley. Le pedimos que si lo ha recibido por error nos
>> lo comunique inmediatamente por esta misma v√≠a a la direcci√≥n
>> svtcloud@svtcloud.com o por tel√©fono (902 602 015), absteni√©ndose de
>> realizar copias del mensaje, enviarlo o entregarlo a otra persona,
>> procediendo a eliminarlo inmediatamente.
>>
>

Re: '$' chra in password.

Posted by Maxime De Cuypere <je...@gmail.com>.

I confirm this issue. I encountered this when I tried to use a $ char in a
connection password (rdp) . Guacamole seems to only see the end of the
password (if I remember) : zE$xT0tO becomes $xT0tO

On Oct 26, 2016 11:15 AM, "Cayetano Gómez" <ca...@svtcloud.com> wrote:

> I have a problem using '$' char into  password to access guacamole.
>
>
> IF you use, in logon to web interface, '$' in any position of a password,
> the logon process is reject to "incorrect password"
>
> Using xml backend or Mysq Backend.
>
>
> ¿ any idea ?
>
>
> Regards, and ... sorry, I have a bad english
>
> --
>
> [image: SVTCloud] <http://www.svtcloud.com>
>
> Cayetano G√≥mez / Director de Operaciones
> cayetano@svtcloud.com / +34 606 57 3333
>
> SVTCloud
> 902 602 015
> Parque Cient√≠fico y Tecnol√≥gico Agroalimentario de Lleida Edificio H1
> 2pta 25003 Lleida
> http://www.svtcloud.com
>
> Este mensaje y la documentaci√≥n unida a ella como anexo se dirige
> exclusivamente a su destinatario. Se informa a quien reciba por error este
> correo que su lectura, copia y uso est√°n prohibidos, toda vez que contiene
> INFORMACI√ìN CONFIDENCIAL sometida a secreto profesional, cuya divulgaci√≥n
> est√° prohibida por la ley. Le pedimos que si lo ha recibido por error nos
> lo comunique inmediatamente por esta misma v√≠a a la direcci√≥n
> svtcloud@svtcloud.com o por tel√©fono (902 602 015), absteni√©ndose de
> realizar copias del mensaje, enviarlo o entregarlo a otra persona,
> procediendo a eliminarlo inmediatamente.
>