open-vm-tools icon indicating copy to clipboard operation
open-vm-tools copied to clipboard
verified publisher icon vmware

Invalid argument with "\" in Linux username (Active Directory user)

Open nascarsayan opened this issue 2 years ago • 4 comments

Describe the bug

Is Backslash(\) accepted in Linux guest username using vmware tools or open-vm-tools?

VM: A domain (Active Directory) joined Linux VM open-vm-tools version: 2:11.1.5-1~ubuntu20.04.2

The following command works in Linux:

govc guest.getenv -l [email protected]:Password -vm ubuntu-20-vm-1

The following command fails:

govc guest.getenv -l arcvmw\\arcuser:Password -vm ubuntu-20-vm-1

Error: govc: ServerFaultCode: A specified parameter was not correct:

SSH succeeds though:

ssh arcvmw\\arcuser@<ip>

Contents of /var/log/vmware-vmsvc-root.log

[2023-02-21T16:10:55.717Z] [ message] [vix] VixTools_ProcessVixCommand: command 187
[2023-02-21T16:10:55.717Z] [ warning] [VCGA] Username 'arcvmw\arcuser' contains invalid characters
[2023-02-21T16:10:55.718Z] [ warning] [vix] VixToolsImpersonateUser: impersonation failed (3)
[2023-02-21T16:10:55.718Z] [ message] [vix] VixToolsReadEnvVariables: opcode 187 returning 3
[2023-02-21T16:10:55.718Z] [ message] [vix] ToolsDaemonTcloReceiveVixCommand: command 187, additionalError = 2

Reproduction steps

  1. Join a Linux VM to active directory
  2. Install latest version of open-vm-tools on the VM
  3. Try to authenticate to the VM using "domain\user" format ...

Expected behavior

The guest credentials should work.

Additional context

No response

nascarsayan avatar Feb 21 '23 16:02 nascarsayan

Is Backslash() accepted in Linux guest username using vmware tools or open-vm-tools?

No, it is accepted in Windows usernames that have a domain name, but not in Linux.

See Usercheck_UsernameIsLegal() in https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/vgauth/common/usercheck.c.

357 #ifdef _WIN32 358 // allow '' in for Windows domain usernames 359 char *illegalChars = "<>/"; 360 #else 361 char *illegalChars = "\<>/"; 362 #endif

dsouders avatar Feb 21 '23 17:02 dsouders

An internal bug has been filed to track this issue.

dsouders avatar Feb 21 '23 17:02 dsouders

Hi @dsouders , thanks for looking into this so quickly! I had one follow-up question. Should I open the same issue in the vmware forum for making the same change in the proprietary vmware-tools? If I need to do that, can you provide a suitable link as to where I should post?

nascarsayan avatar Feb 22 '23 07:02 nascarsayan

Hi @nascarsayan, There's no need for that. The internal bug covers both. Thanks!

dsouders avatar Feb 22 '23 13:02 dsouders