search

bk138 / droidVNC-NG

VNC server app for Android that does not require root privileges.
GNU General Public License v2.0
1.3k stars 186 forks source link

The password configured on the droid-ng VNC interface is not working w/ Guacamole 1.5 client #219

Closed luyaotang closed 1 month ago

luyaotang commented 1 month ago

The password configured on the droid-ng VNC interface is not working. Currently, I've set up the connection in Guacamole, but I found that whether the password is correct or incorrect, or even if no password is configured, the connection to droid-ng VNC still works normally.

image image

Your environment (please complete the following information):

bk138 commented 1 month ago

Thanks for reporting! However, I cannot reproduce this. Is your password some non-ASCII string? Can you try with another client please?

luyaotang commented 1 month ago

password is somthing like abc1234

luyaotang commented 1 month ago

I will try with vncviewer clinet later

luyaotang commented 1 month ago

I tried VNC Viewer, and it indeed is influenced by the password set in droidVNC-NG. Based on the comparison between Guacamole and VNC Viewer, it seems that the password on the VNC server side is just for show. If a malicious client doesn't follow the standard implementation, it can bypass the password and directly connect to the server.

bk138 commented 1 month ago

That's indeed a bug then, but very probably in the underlying library. How would I be able to repro with Guacamole most easily?

Edit: tried with this https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step tutorial. If I enter a wrong password or none, droidVNC-NG does not let me in, so everything works as expected.

luyaotang commented 1 month ago

https://guacamole.apache.org/releases/ image

2. Server Installation

Extract the downloaded guacamole-server-1.5.1.tar.gz to any directory. I placed it in the /opt directory.

Install Compilation Environment

yum install cairo-devel libjpeg-devel libpng-devel uuid-devel ffmpeg-devel freerdp-devel freerdp-plugins pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel wget gedit java-1.8.0-openjdk* libwebsockets-devel libgcrypt-devel

Extract and Compile

tar zxvf guacamole-server-1.5.1.tar.gz -C /opt/
cd /opt/guacamole-server-1.5.1
./configure
make && make install

After Installation, Check if guacd is Successfully Installed:

ldconfig
systemctl restart guacd
systemctl enable guacd
systemctl status guacd

3. Client Installation

If using the official client: simply use the downloaded guacamole-1.5.3.war. systemctl restart tomcat

4 Server Side Configure

Create the /etc/guacamole/ Directory:

mkdir /etc/guacamole/

Create the guacamole.properties File:

[root@zmdev guacamole]# cat guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: 127.0.0.1
guacd-port: 4822
user-mapping.xml: /etc/guacamole/user-mapping.xml
enable-clipboard-integration: true

Create the user-mapping.xml File in the /etc/guacamole/ Directory:

[root@zmdev guacamole]# cat /etc/guacamole/user-mapping.xml
<user-mapping>
        <!-- This configuration will show the device selection page after login -->
        <authorize username="xxxxx" password="xxxxxx">
                <connection name="zk(242)-RDP">
                        <protocol>rdp</protocol>
                        <param name="security">nla</param>
                        <param name="hostname">192.168.22.242</param>
                        <param name="port">3389</param>
                        <param name="color-depth">24</param>
                        <param name="username">xxxxx</param>
                        <param name="password">xxxxx</param>
                        <param name="ignore-cert">true</param>
                        <param name="enable-font-smoothing">true</param>
                </connection>
                <connection name="zk-242(VNC)">
                        <protocol>vnc</protocol>
                        <param name="hostname">192.168.22.242</param>
                        <param name="port">5900</param>
                        <param name="password">xxxx</param>
                </connection>
        </authorize>
</user-mapping>

4 Login Test

Browser Access: http://192.168.22.xxxx:xxx/guacamole/

Default Username and Password: guacadmin / guacadmin After logging in successfully, please change the password.

luyaotang commented 1 month ago

I don't know the reason, but regardless of whether I set it up or not, or even if I set it up incorrectly, it can still connect to my phone normally. It is also unrelated to whether I use repeater services. The version of Guacamole is 1.5, the phone is Android 14, and DroidVNC-NG is 2.5.0. image

That's indeed a bug then, but very probably in the underlying library. How would I be able to repro with Guacamole most easily?

Edit: tried with this https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step tutorial. If I enter a wrong password or none, droidVNC-NG does not let me in, so everything works as expected.

luyaotang commented 1 month ago

let me try on another phone

I don't know the reason, but regardless of whether I set it up or not, or even if I set it up incorrectly, it can still connect to my phone normally. It is also unrelated to whether I use repeater services. The version of Guacamole is 1.5, the phone is Android 14, and DroidVNC-NG is 2.5.0. image

That's indeed a bug then, but very probably in the underlying library. How would I be able to repro with Guacamole most easily? Edit: tried with this https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step tutorial. If I enter a wrong password or none, droidVNC-NG does not let me in, so everything works as expected.

luyaotang commented 1 month ago

On other devices, it's the same issue. Regardless of what the password is set to, it can directly connect to DroidVNC-NG.

image

let me try on another phone

bk138 commented 1 month ago

@luyaotang Might it be that the password is somehow cached or Guacamole 1.5 has some superpowers? Can you try with my setup https://krdesigns.com/articles/how-to-install-guacamole-using-docker-step-by-step to rule out Guacamole?

luyaotang commented 1 month ago

I will try using Docker to build Guacamole later. It should be unrelated to the cache. I also tried changing different passwords in DroidVNC-NG and configuring different passwords in Guacamole, but the result was that I could access it directly, regardless of the password.

bk138 commented 1 month ago

@luyaotang I can not reproduce this with guacamole 1.5.5 either. If a password is set on the server, the guacamole user needs to enter it always.

Here's what the connection looks like in English locale (everything else left blank) grafik

luyaotang commented 1 month ago

Sorry for the confusion. The issue can be closed. It seems that there is a connection pool between guacd and droidvnc-ng. When reconfiguring the password in the configuration interface, the current connection will not be disconnected, causing the previous connection to be reused during the preview. If I restart droidvnc-ng, the changes can take effect.