search

Azure / avdaccelerator

AVD Accelerator deployment automation to simplify the setup of AVD (Azure Virtual Desktop) based on best practices
MIT License
324 stars 207 forks source link

Need to escape or quote passwords #504

Closed marcosgm closed 10 months ago

marcosgm commented 11 months ago

https://github.com/Azure/avdaccelerator/blob/4b3e0004c2250df3d121d9de57954afa5bfa1f2e/workload/scripts/DSCStorageScripts/Configuration.ps1#L211

When using a password with special symbols, powershell will process them without escaping or enquoting the password variable. This is the error I got when using a domain join username with "Kg6;$$~;PWiZvkDl2a" as a password, executed and sent from an Azure Devops Pipeline variable and then run on a Windows Server 2022 machine where the DSC extension was applied1

[{"version":"1","timestampUTC":"2023-10-13T14:41:26.0684059Z","status":{"name":"SecureCommand_0","operation":"Command Execution Finished","status":"success","code":0,"formattedMessage":{"lang":"en-US","message":"Command execution finished"},"substatus":[{"name":"StdOut","status":"success","code":0,"formattedMessage":{"lang":"en-US","message":" alias 'inmo'.\r\n
VERBOSE: Exporting alias 'upmo'.\r\n
VERBOSE: Exporting alias 'pumo'.\r\n
VERBOSE: Using the provider 'PowerShellGet' for searching packages.\r\n
VERBOSE: The -Repository parameter was not specified.  PowerShellGet will use all of the registered repositories.\r\n
VERBOSE: Getting the provider object for the PackageManagement Provider 'NuGet'.\r\n
VERBOSE: The specified Location is 'https://www.powershellgallery.com/api/v2' and PackageManagementProvider is 'NuGet'.\r\n
VERBOSE: Searching repository 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='PSDscResources'' for ''.\r\n
VERBOSE: Total package yield:'1' for the specified package 'PSDscResources'.\r\n
VERBOSE: The installation scope is specified to be 'AllUsers'.\r\n
VERBOSE: The specified module will be installed in 'C:\\Program Files\\WindowsPowerShell\\Modules'.\r\n
VERBOSE: The specified Location is 'NuGet' and PackageManagementProvider is 'NuGet'.\r\n
VERBOSE: Downloading module 'PSDscResources' with version '2.12.0.0' from the repository \r\n
'https://www.powershellgallery.com/api/v2'.\r\n
VERBOSE: Searching repository 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='PSDscResources'' for ''.\r\n
VERBOSE: InstallPackage' - name='PSDscResources', version='2.12.0.0',destination='C:\\Windows\\TEMP\\1761544845'\r\n
VERBOSE: DownloadPackage' - name='PSDscResources', \r\n
version='2.12.0.0',destination='C:\\Windows\\TEMP\\1761544845\\PSDscResources\\PSDscResources.nupkg', \r\n
uri='https://www.powershellgallery.com/api/v2/package/PSDscResources/2.12.0'\r\n
VERBOSE: Downloading 'https://www.powershellgallery.com/api/v2/package/PSDscResources/2.12.0'.\r\n
VERBOSE: Completed downloading 'https://www.powershellgallery.com/api/v2/package/PSDscResources/2.12.0'.\r\n
VERBOSE: Completed downloading 'PSDscResources'.\r\n
VERBOSE: Hash for package 'PSDscResources' does not match hash provided from the server.\r\n
VERBOSE: InstallPackageLocal' - name='PSDscResources', version='2.12.0.0',destination='C:\\Windows\\TEMP\\1761544845'\r\n
VERBOSE: Catalog file 'PSDscResources.cat' is not found in the contents of the module 'PSDscResources' being installed.\r\n
VERBOSE: Module 'PSDscResources' was installed successfully to path 'C:\\Program \r\n
Files\\WindowsPowerShell\\Modules\\PSDscResources\\2.12.0.0'.\r\n
Executing the commmand ./Configuration.ps1 -StorageAccountName avdfx01n6zotd -StorageAccountRG rg-avd-common-pr-cac-01 -StoragePurpose fslogix -ShareName fslogix-pc-pr-cac-01 -SubscriptionId f689e20e-1379-4727-a529-b10869c51b97 -ClientId 49ae31cc-d7a0-45ae-8a6b-0252d1682136 -DomainName reesexploration.com -IdentityServiceProvider ADDS -AzureCloudEnvironment AzureCloud -CustomOuPath true -OUName \"OU=AVD-Computers,DC=reesexploration,DC=com\" -CreateNewOU false -DomainAdminUserName JoinADUser@xxxxxxxxxxxx.com -DomainAdminUserPassword Kg6;$$~;PWiZvkDl2a -Verbose\r\n
Generated MOF files here: C:\\Packages\\DSCStorageScripts-fslogix\\DomainJoinFileShare\r\n
Applying MOF files. DSC configuration\r\n
WinRM has been updated to receive requests.\r\n
WinRM service type changed successfully. \r\n
WinRM service started. \r\n
\r\n
WinRM has been updated for remote management.\r\n
WinRM firewall exception enabled. \r\n
\r\n
VERBOSE: Exporting function 'Configuration'.\r\n
VERBOSE: Exporting function 'New-DscChecksum'.\r\n
VERBOSE: Exporting function 'Get-DscResource'.\r\n
VERBOSE: Exporting alias 'sacfg'.\r\n
VERBOSE: Exporting alias 'tcfg'.\r\n
VERBOSE: Exporting alias 'gcfg'.\r\n
VERBOSE: Exporting alias 'rtcfg'.\r\n
VERBOSE: Exporting alias 'glcm'.\r\n
VERBOSE: Exporting alias 'slcm'.\r\n
VERBOSE: Exporting alias 'pbcfg'.\r\n
VERBOSE: Exporting alias 'ulcm'.\r\n
VERBOSE: Exporting alias 'upcfg'.\r\n
VERBOSE: Exporting alias 'gcfgs'.\r\n
VERBOSE: Exporting function 'Get-DscConfiguration'.\r\n
VERBOSE: Exporting function 'Get-DscLocalConfigurationManager'.\r\n
VERBOSE: Exporting function 'Restore-DscConfiguration'.\r\n
VERBOSE: Exporting function 'Get-DscConfigurationStatus'.\r\n
VERBOSE: Exporting function 'Stop-DscConfiguration'.\r\n
VERBOSE: Exporting function 'Remove-DscConfigurationDocument'.\r\n
VERBOSE: Exporting function 'Disable-DscDebug'.\r\n
VERBOSE: Exporting function 'Enable-DscDebug'.\r\n
DSC extension run clean up\r\n
\r\n
\r\n
"}},{"name":"StdErr","status":"success","code":0,"formattedMessage":{"lang":"en-US","message":"Invoke-Expression : At line:1 char:523\r\n
+ ... inADUser@reesexploration.com -DomainAdminUserPassword Kg6;$$~;PWiZvkD ...\r\n
+                                                                 ~\r\n
Unexpected token '~' in expression or statement.\r\n
At C:\\Packages\\Plugins\\Microsoft.Compute.CustomScriptExtension\\1.10.15\\Downloads\\0\\Manual-DSC-Storage-Scripts.ps1:90 \r\n
char:1\r\n
+ Invoke-Expression -Command $DscCompileCommand\r\n
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n
    + CategoryInfo          : ParserError: (:) [Invoke-Expression], ParseException\r\n
    + FullyQualifiedErrorId : UnexpectedToken,Microsoft.PowerShell.Commands.InvokeExpressionCommand\r\n
 \r\n
Start-DscConfiguration : C:\\Packages\\DSCStorageScripts-fslogix\\DomainJoinFileShare is not a valid directory.\r\n
At C:\\Packages\\Plugins\\Microsoft.Compute.CustomScriptExtension\\1.10.15\\Downloads\\0\\Manual-DSC-Storage-Scripts.ps1:98 \r\n
char:1\r\n
+ Start-DscConfiguration -Path $MofPath -Wait -Verbose -force\r\n
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n
    + CategoryInfo          : NotSpecified: (:) [Start-DscConfiguration], ArgumentException\r\n
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.DesiredStateConfiguration.Commands.StartDs \r\n
   cConfigurationCommand\r\n
 \r\n
Remove-Item : Cannot find path 'C:\\Packages\\DSCStorageScripts-fslogix\\DomainJoinFileShare' because it does not exist.\r\n
At C:\\Packages\\Plugins\\Microsoft.Compute.CustomScriptExtension\\1.10.15\\Downloads\\0\\Manual-DSC-Storage-Scripts.ps1:101 \r\n
char:1\r\n
+ Remove-Item -Path $MofPath -Force -Recurse\r\n
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n
    + CategoryInfo          : ObjectNotFound: (C:\\Packages\\DSC...inJoinFileShare:String) [Remove-Item], ItemNotFoundEx \r\n
   ception\r\n
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand\r\n
 \r\n
"}}]}}]
danycontre commented 11 months ago

@marcosgm thanks for the feedback we are reviewing the issue.

danycontre commented 10 months ago

@marcosgm code was merged to introduce an escaping character logic on the domain join PowerShell script.

Please test and let us know if you have any comments/feedback.