Re: guacamole-auth-json & simultaneous independent connections
Le 22/02/2023 à 20:37, Michael Jumper - mjum...@apache.org a écrit : No, you understood correctly. The error you're seeing is from the database auth extension refusing to create/update a user with an empty username. Do you have "postgresql-auto-create-accounts" set? Good catch, Mike! I have this option set indeed (in the failing environment). Is there some extensions ordering to be done or are these two scenarios technically incompatible ? Toine - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: guacamole-auth-json & simultaneous independent connections
On 22/02/2023 17:02, Nick Couchman - vn...@apache.org wrote: Yes, I think you need to provide a non-blank username. That's what the error indicates, anyway. Well I'm now confused :) You suggested ealier to 'set the username to "" (empty string)' and now you suggest to 'to provide a non-blank username'. Did I understand your first suggestion the wrong way ? Antoine - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Delegated administration setup
Hello, Le 18/01/2023 à 22:32, Spierings, Alphons - a.f.e.b.spieri...@tue.nl.INVALID a écrit : Acting as “administrator” we have so far not been able to setup any user or user-group with the privileges to READ/UPDATE users or connections apart from the ones they had created themselves. I'm also interested in the answer since I encountered roughly the same problem in my organization. We eventually decided to set up a management middleware (that has admin rights) to manage the users & connections. (because back then, I didn't have the time/knowledge to patch the whole Gucamole RBAC system to meet my needs). I had to play a bit with user groups to make my own RBAC without changing the Guacamole database schema patching the exising guacamole-client code. This solution has the drawback of not being integrated within the Guacamole management UI but it matched the need we have of giving people the autonomy they deserved. I might have been blind, and there might be a possibility to do this out of the box. But if so, I'm happy to see I was not the only blind one! Regards, Antoine - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: guacamole 1.4.0 + nginx X-Frame-Options DENY Browser refresh ( F5 ) issue
On 08/03/2022 23:55, Mike Jumper - mjum...@apache.org wrote: Can you see in browser dev tools the specific request that is blocked unless "SAMEORIGIN" is set? Yes, of course. Firefox states: The loading of “https://guacamole.example.org/app/element/templates/blank.html” in a frame is denied by “X-Frame-Options“ directive set to “DENY“. - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Get connection URL
On 08/02/2022 10:08, Caleb Coverdale - calebcoverd...@me.com.INVALID wrote: I was wondering if there was a way I could get the connection URL’s encoded in the same format that the auth header json uses? As far as I know, yes (but it should be confirmed by Guacamole devs/maintainers). If your connection is called "joe_10.1.2.3_3389" (because you passed the JSON below to this Guacamole extension), you have to b64 its name + FF char + NUL char + "json". The result would be "/#/client/am9lXzEwLjEuMi4zXzMzODkAYwBqc29u". In Python3, a method to do generate that result could be: connection_id = "joe_10.1.2.3_3389" return base64.b64encode( connection_id.encode() + "\0c\0json".encode() ).decode() Toine --- { "username": "joe", "expires": 1644335456000, "connections": { "joe_10.1.2.3_3389": { "protocol": "rdp", "parameters": { "create-drive-path": "false", "hostname": "10.1.2.3", ... } ... } - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections
On 12/01/2022 22:32, Nick Couchman - vn...@apache.org wrote: We do not plan to release patches for lower versions. Essentially, 1.4.0 is the patch. Thank you for your answer. Just to be sure I understand the CVE and the stack, do you confirm that technically, upgrading only guacamole-client to 1.4.0 (and leaving guacd in 1.3.0) is enough to patch the CVE? - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: Problem with File Transfer Protocol RDP behind nginx
Le 07/06/2021 à 22:43, tedd77 - i...@quantiss.com a écrit : > I even increased it to 20g , once it reaches the 1Mbyte it comes up with the > message And what does the nginx error log say? Antoine - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org