[GitHub] guacamole-client pull request #322: GUACAMOLE-622: Add parameter definitions...
Github user asfgit closed the pull request at: https://github.com/apache/guacamole-client/pull/322 ---
[GitHub] guacamole-client pull request #322: GUACAMOLE-622: Add parameter definitions...
GitHub user mike-jumper opened a pull request: https://github.com/apache/guacamole-client/pull/322 GUACAMOLE-622: Add parameter definitions for telnet login success/failure regex. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mike-jumper/guacamole-client telnet-regex-param Alternatively you can review and apply these changes as the patch at: https://github.com/apache/guacamole-client/pull/322.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #322 ---
[GitHub] guacamole-client pull request #321: GUACAMOLE-624: Include user full name an...
Github user asfgit closed the pull request at: https://github.com/apache/guacamole-client/pull/321 ---
[GitHub] guacamole-server pull request #187: GUACAMOLE-622: Withhold first SSH/telnet...
Github user asfgit closed the pull request at: https://github.com/apache/guacamole-server/pull/187 ---
[GitHub] guacamole-server pull request #188: GUACAMOLE-628: Correct RDP scancode mapp...
Github user asfgit closed the pull request at: https://github.com/apache/guacamole-server/pull/188 ---
[GitHub] guacamole-client pull request #320: Guacamole-626 - Add support for Docker s...
Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/320#discussion_r219650390 --- Diff: guacamole-docker/README.md --- @@ -28,14 +28,25 @@ Once the Guacamole image is running, Guacamole will be accessible at `-p 8080:8080` option to expose this port at the level of the machine hosting Docker, as well. +Docker Secrets +== +The string `_FILE` may be appended to some of the environment variables listed below if you are using MySQL or PostgreSQL authentication. This will cause the startup script to load the values for those variables from files within in the container. This is useful for specifying sensitive info, ie. passwords for the database, in secured files instead of plaintext environment variables, and is generally used for loading values from [Docker secrets](https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands), which are stored in `/run/secrets/` within the container. + --- End diff -- A couple of issues, here: - In the rest of the README.md file, here, lines are formatted with a roughly similar maximum column size. It looks like you've got a single very long line, here - please reformat these lines (and the others you've added below) to match the style used throughout the rest of the file. - There is a mistake in the line "for those variables from files within in the" should be "for those variables from files within the". ---
[GitHub] guacamole-client pull request #320: Guacamole-626 - Add support for Docker s...
Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/320#discussion_r219652878 --- Diff: guacamole-docker/README.md --- @@ -90,6 +107,9 @@ the image will stop: 1. `MYSQL_DATABASE` - The name of the database to use for Guacamole authentication. 2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL. 3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`. +4. `MYSQL_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication. +5. `MYSQL_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to MySQL. +6. `MYSQL_PASSWORD` - The path of the docker secret containing the password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`. --- End diff -- `MYSQL_PASSWORD` -> `MYSQL_PASSWORD_FILE` ---
[GitHub] guacamole-client pull request #320: Guacamole-626 - Add support for Docker s...
Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/320#discussion_r219652862 --- Diff: guacamole-docker/README.md --- @@ -90,6 +107,9 @@ the image will stop: 1. `MYSQL_DATABASE` - The name of the database to use for Guacamole authentication. 2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL. 3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`. +4. `MYSQL_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication. +5. `MYSQL_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to MySQL. --- End diff -- `MYSQL_USER` -> `MYSQL_USER_FILE` ---
[GitHub] guacamole-client pull request #320: Guacamole-626 - Add support for Docker s...
Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/320#discussion_r219652808 --- Diff: guacamole-docker/README.md --- @@ -45,6 +56,9 @@ the image will stop: 1. `POSTGRES_DATABASE` - The name of the database to use for Guacamole authentication. 2. `POSTGRES_USER` - The user that Guacamole will use to connect to PostgreSQL. 3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`. +4. `POSTGRES_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication. +5. `POSTGRES_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to PostgreSQL. --- End diff -- This should probably be `POSTGRES_USER_FILE` if it's the "path of the docker secret," no? ---
[GitHub] guacamole-client pull request #320: Guacamole-626 - Add support for Docker s...
Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/320#discussion_r219652842 --- Diff: guacamole-docker/README.md --- @@ -45,6 +56,9 @@ the image will stop: 1. `POSTGRES_DATABASE` - The name of the database to use for Guacamole authentication. 2. `POSTGRES_USER` - The user that Guacamole will use to connect to PostgreSQL. 3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`. +4. `POSTGRES_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication. +5. `POSTGRES_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to PostgreSQL. +6. `POSTGRES_PASSWORD` - The path of the docker secret containing the password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`. --- End diff -- This should probably be `POSTGRES_PASSWORD_FILE` if it's the "path of the docker secret," no? ---
[GitHub] guacamole-server pull request #188: GUACAMOLE-628: Correct RDP scancode mapp...
GitHub user mike-jumper opened a pull request: https://github.com/apache/guacamole-server/pull/188 GUACAMOLE-628: Correct RDP scancode mapping for right control key. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mike-jumper/guacamole-server fix-right-ctrl Alternatively you can review and apply these changes as the patch at: https://github.com/apache/guacamole-server/pull/188.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #188 commit 622a849bae04a512e5c9fc1e6e782fd1bb77953a Author: Michael Jumper Date: 2018-09-21T23:25:11Z GUACAMOLE-628: Correct RDP scancode mapping for right control key. ---
[GitHub] guacamole-server pull request #187: GUACAMOLE-622: Withhold first SSH/telnet...
Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-server/pull/187#discussion_r219632398
--- Diff: src/protocols/telnet/settings.c ---
@@ -196,12 +198,31 @@ enum TELNET_ARGS_IDX {
*/
IDX_SCROLLBACK,
+/**
+ * The regular expression to use when searching for whether login was
+ * successful. This parameter is optional. If given, the
+ * "login-failure-regex" parameter must also be specified, and the
first
+ * frame of the Guacamole connection will be withheld until login
+ * success/failure has been determined.
+ */
+IDX_LOGIN_SUCCESS_REGEX,
+
+/**
+ * The regular expression to use when searching for whether login was
+ * unsuccessful. This parameter is optional. If given, the
+ * "login-failure-regex" parameter must also be specified, and the
first
--- End diff --
Definitely. Fixed and rebased.
---
[GitHub] guacamole-server pull request #187: GUACAMOLE-622: Withhold first SSH/telnet...
Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-server/pull/187#discussion_r219632440
--- Diff: src/protocols/telnet/settings.h ---
@@ -253,6 +267,16 @@ typedef struct guac_telnet_settings {
guac_telnet_settings* guac_telnet_parse_args(guac_user* user,
int argc, const char** argv);
+/**
+ * Frees the regex pointed to by the given pointer, assigning the value
NULL to
+ * that pointer once the regex is freed. If the pointer already contains
NULL,
+ * this functino has no effect.
--- End diff --
Heh - fixed.
---
[GitHub] guacamole-server pull request #187: GUACAMOLE-622: Withhold first SSH/telnet...
Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-server/pull/187#discussion_r219631546
--- Diff: src/protocols/telnet/telnet.c ---
@@ -82,57 +83,178 @@ static int __guac_telnet_write_all(int fd, const char*
buffer, int size) {
}
/**
- * Searches for a line matching the stored password regex, appending the
given
- * buffer to the internal pattern matching buffer. The internal pattern
match
- * buffer is cleared whenever a newline is read. Returns TRUE if a match
is found and the
- * value is sent.
+ * Matches the given line against the given regex, returning true and
sending
+ * the given value if a match is found. An enter keypress is automatically
+ * sent after the value is sent.
+ *
+ * @param client
+ * The guac_client associated with the telnet session.
+ *
+ * @param regex
+ * The regex to search for within the given line buffer.
+ *
+ * @param value
+ * The string value to send through STDIN of the telnet session if a
+ * match is found, or NULL if no value should be sent.
+ *
+ * @param line_buffer
+ * The line of character data to test.
+ *
+ * @return
+ * true if a match is found, false otherwise.
*/
-static bool __guac_telnet_regex_search(guac_client* client, regex_t*
regex, char* value, const char* buffer, int size) {
+static bool guac_telnet_regex_exec(guac_client* client, regex_t* regex,
+const char* value, const char* line_buffer) {
-static char line_buffer[1024] = {0};
-static int length = 0;
+guac_telnet_client* telnet_client = (guac_telnet_client*) client->data;
+
+/* Send value upon match */
+if (regexec(regex, line_buffer, 0, NULL, 0) == 0) {
+
+/* Send value */
+if (value != NULL) {
+guac_terminal_send_string(telnet_client->term, value);
+guac_terminal_send_string(telnet_client->term, "\x0D");
+}
+
+/* Stop searching for prompt */
+return true;
+
+}
+
+return false;
+
+}
+
+/**
+ * Matches the given line against the various stored regexes, automatically
+ * sending the configured username, password, or reporting login
+ * success/failure depending on context. If no search is in progress,
either
+ * because no regexes have been defined or because all applicable searches
have
+ * completed, this function has no effect.
+ *
+ * @param client
+ * The guac_client associated with the telnet session.
+ *
+ * @param line_buffer
+ * The line of character data to test.
+ */
+static void guac_telnet_search_line(guac_client* client, const char*
line_buffer) {
guac_telnet_client* telnet_client = (guac_telnet_client*) client->data;
+guac_telnet_settings* settings = telnet_client->settings;
+
+/* Continue search for username prompt */
+if (settings->username_regex != NULL) {
+if (guac_telnet_regex_exec(client, settings->username_regex,
+settings->username, line_buffer)) {
+guac_client_log(client, GUAC_LOG_DEBUG, "Username sent");
+guac_telnet_regex_free(&settings->username_regex);
+}
+}
+
+/* Continue search for password prompt */
+if (settings->password_regex != NULL) {
+if (guac_telnet_regex_exec(client, settings->password_regex,
+settings->password, line_buffer)) {
-int i;
-const char* current;
+guac_client_log(client, GUAC_LOG_DEBUG, "Password sent");
-/* Ensure line buffer contains only the most recent line */
-current = buffer;
-for (i = 0; i < size; i++) {
+/* Do not continue searching for username/password once
password is sent */
+guac_telnet_regex_free(&settings->username_regex);
--- End diff --
Yep. There is a situation where `username_regex` will still not be NULL,
yet the password regex will match.
While no telnet server has support for sending the password as a dedicated
authentication phase, some telnet servers have support for sending the username
directly. This is accomplished through sending an environment variable called
`USER`:
https://github.com/apache/guacamole-server/blob/332e187813595fc2e769f3e29c0582b7ec726ea1/src/protocols/telnet/telnet.c#L222-L229
As this isn't guaranteed, the heuristics for recognizing username/password
prompts have to be somewhat forgiving. It's possible that there will be a
username prompt followed by a password prompt, and it's possible that there
will be only a password prompt.
---
[GitHub] guacamole-client pull request #321: GUACAMOLE-624: Include user full name an...
GitHub user mike-jumper opened a pull request: https://github.com/apache/guacamole-client/pull/321 GUACAMOLE-624: Include user full name and organization in display and filter. This change adds two new columns to the user admin interface, "Full name" and "Organization", which display the contents of the standard attributes `guac-full-name` and `guac-organization` respectively. These attributes are also added to the set of filtered attributes, allowing the list of users to be filtered by any of the values displayed. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mike-jumper/guacamole-client profile-columns Alternatively you can review and apply these changes as the patch at: https://github.com/apache/guacamole-client/pull/321.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #321 commit 660fe82fff8fff3ab3a7a5948a3b260315d8f67e Author: Michael Jumper Date: 2018-09-21T21:14:39Z GUACAMOLE-624: Add columns displaying user full name and organization. commit d4a9208c2bf7b757e070e80410fcbc1617219709 Author: Michael Jumper Date: 2018-09-21T21:14:57Z GUACAMOLE-624: Include user full name and organization in filtered attributes. ---
