docker
Ampersand in username for docker login
Description
Using docker login with a username that contains the ampersand (&) in a private registry not working.
OS: Ubuntu 18.04 Shell: Bash Docker Version: 20.10.16
The ampersand is always written as "\u0026" which probably leads to the authentication failure. No escaping helped:
- "usernameWithAmpersand&"
- "usernameWithAmpersand&"
- usernameWithAmpersand"&"
- 'usernameWithAmpersand&'
- 'usernameWithAmpersand&'
- usernameWithAmpersand'&'
The password / CLI Token were resetted multiple times, copy&pasted and even manually entered.
Any help would be appreciated. Unfortunately the username is provided and cannot be changed that simple. For users from Mac with Docker GUI everything works as expected.
Steps to reproduce the issue:
- Try login to docker registry with a username containing an ampersand
- Login failed
Describe the results you received: Login failed since the ampersand is written as "\u0026".
In docker debug / verbose mode following were printed: form data: {"password":"*****","serveraddress":"myserver","username":"usernameWithAmpersand\u0026"}
Describe the results you expected: Login success.
Output of docker version:
Docker version 20.10.16, build aa7e414
Output of docker info:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 12
Running: 0
Paused: 0
Stopped: 12
Images: 135
Server Version: 20.10.16
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
runc version: v1.1.1-0-g52de29d
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.4.0-110-generic
Operating System: Ubuntu 18.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 62.57GiB
Name: my_host_name
ID: J5V4:CCK4:OPS4:PYIQ:TPOQ:5SW2:M6TF:L5EA:5DA4:S2UM:L36W:Z7ID
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 24
Goroutines: 33
System Time: 2022-05-19T15:49:06.412529695+02:00
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
Best regards
The \u0026 should be valid JSON; JSON allows characters to be represented that way (see https://www.ietf.org/rfc/rfc4627.html#section-2.5);
Any character may be escaped. If the character is in the Basic
Multilingual Plane (U+0000 through U+FFFF), then it may be
represented as a six-character sequence: a reverse solidus, followed
by the lowercase letter u, followed by four hexadecimal digits that
encode the character's code point. The hexadecimal letters A though
F can be upper or lowercase. So, for example, a string containing
only a single reverse solidus character may be represented as
"\u005C".
That said, authentication fully depends on the registry implementation; the docker daemon only acts as an intermediary in this case (the daemon receives the request, and forwards it to the registry), so without more information it's neigh impossible to debug that situation, and it could just as well be a be bug in the registry you're using or a misconfiguration.
Thank you for the quick response.
The support team assumed that this should be the root cause. I will investigate further and try to get back to the support team as well to let them check if there is any misconfiguration or anything.
Having the same issue with ampersand / & in password . We can potentially change this password but it is not trivial so we're investigating how to use as is
