Re: Configuring LDAP

2017-11-15 Thread Mike Jumper
And, failing that, journalctl or /var/log/messages or syslog. Distributions
vary widely.

- Mike


On Nov 15, 2017 12:24, "Nick Couchman"  wrote:

> On Mon, Nov 13, 2017 at 7:27 PM,  wrote:
>
>> /var/log/tomcat/catalina.2017-11-13.log
>>
>
> Can you look for/at /var/log/tomcat/catalina.out, instead?  I'm not
> certain that file will be there, but my general experience with Tomcat is
> that catalina.out has more detail than even the catalina.*.log files.
>
> -Nick
>


Re: Configuring LDAP

2017-11-13 Thread Mike Jumper
Which log are these messages from?

- Mike


On Mon, Nov 13, 2017 at 12:55 PM,  wrote:

> OK, here goes:  https://pastebin.com/Be35FaN6
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Mike Jumper [mailto:mike.jum...@guac-dev.org]
> *Sent:* Monday, November 13, 2017 3:49 PM
>
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> Don't send it to me directly off-list - things really need to be kept
> on-list.
>
>
>
> pastebin or a GitHub gist are decent choices. You could also paste the
> logs directly into a new email. I don't recommend trying to attach the
> logs, as attachments are sometimes filtered away.
>
>
>
>
>
> On Mon, Nov 13, 2017 at 12:44 PM,  wrote:
>
> Any place in particular?  Not really sure where I can put something like
> that.  Can I send it to you off-list?
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Mike Jumper [mailto:mike.jum...@guac-dev.org]
> *Sent:* Monday, November 13, 2017 2:02 PM
>
>
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> Following a restart of Tomcat, can you post the entire Tomcat log
> somewhere, at least the portion which follows that restart?
>
>
>
> - Mike
>
>
>
>
>
> On Mon, Nov 13, 2017 at 10:51 AM,  wrote:
>
> I tried to add GUACAMOLE_HOME=”/etc/guacamole” into
> /etc/tomcat/tomcat.conf and restarting Tomcat, but that didn’t work.
> Instead of getting “Login failed” on the page, the page did nothing.  So I
> backed that out and restarted everything, and can’t log in at all.  I enter
> the guacadmin user and password and click Login, and nothing happens.  I do
> see a successful login message in /var/log/messages, but the page doesn’t
> redirect me anywhere any longer.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Devine, Harry (FAA)
> *Sent:* Monday, November 13, 2017 8:49 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* RE: Configuring LDAP
>
>
>
> Well, I tried moving the extensions to /etc/guacamole and restarting
> Tomcat and guacamole, and I still don’t see LDAP referenced in the logs.
> Where do I set that in catalina.properties?  That’s my next step.  Also,
> when I try to log in, I do see the following error in the log (I masked out
> the IP and the user name):
>
>
>
> Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> xxx.xxx.xxx.xxx for user "user" failed.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Nick Couchman [mailto:vn...@apache.org ]
> *Sent:* Monday, November 13, 2017 8:05 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> On Mon, Nov 13, 2017 at 7:55 AM,  wrote:
>
> I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP
> loading.  I have the 0.9.13 LDAP extension at 
> /usr/share/tomcat/.guacamole/extensions.
> Is that the proper directory for it?  I’m pretty sure that’s where the user
> guide said to put it.  I also have the pertinent LDAP parameters set in the
> guacamole.properties file at /etc/guacamole.
>
>
>
> In 0.9.13-incubating, if you downloaded the release from the website, then
> the default GUACAMOLE_HOME will be the $HOME/.guacamole directory.
> Double-check and make sure that's the Tomcat user's home directory.  You
> can also change the GUACAMOLE_HOME via either the guacamole.home property
> in Tomcat's catalina.properties file, or by setting the GUACAMOLE_HOME
> environment variable before starting Tomcat.  This changes slightly in
> 0.9.14-incubating (git repo), with /etc/guacamole becoming the
> fallback-default location.
>
>
>
> If you have guacamole.properties in /etc/guacamole, and you can
> successfully change other items in that file and see the changes take
> effect, then I believe your GUACAMOLE_HOME is probably configured for
> /etc/guacamole, in which case your extensions should be in
> /etc/guacamole/extensions.  So, you might try creating that directory,
> placing the LDAP extension there, and then restarting Tomcat.
>
>
>
> -Nick
>
>
>
>
>


Re: Configuring LDAP

2017-11-13 Thread Mike Jumper
Don't send it to me directly off-list - things really need to be kept
on-list.

pastebin or a GitHub gist are decent choices. You could also paste the logs
directly into a new email. I don't recommend trying to attach the logs, as
attachments are sometimes filtered away.


On Mon, Nov 13, 2017 at 12:44 PM,  wrote:

> Any place in particular?  Not really sure where I can put something like
> that.  Can I send it to you off-list?
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Mike Jumper [mailto:mike.jum...@guac-dev.org]
> *Sent:* Monday, November 13, 2017 2:02 PM
>
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> Following a restart of Tomcat, can you post the entire Tomcat log
> somewhere, at least the portion which follows that restart?
>
>
>
> - Mike
>
>
>
>
>
> On Mon, Nov 13, 2017 at 10:51 AM,  wrote:
>
> I tried to add GUACAMOLE_HOME=”/etc/guacamole” into
> /etc/tomcat/tomcat.conf and restarting Tomcat, but that didn’t work.
> Instead of getting “Login failed” on the page, the page did nothing.  So I
> backed that out and restarted everything, and can’t log in at all.  I enter
> the guacadmin user and password and click Login, and nothing happens.  I do
> see a successful login message in /var/log/messages, but the page doesn’t
> redirect me anywhere any longer.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Devine, Harry (FAA)
> *Sent:* Monday, November 13, 2017 8:49 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* RE: Configuring LDAP
>
>
>
> Well, I tried moving the extensions to /etc/guacamole and restarting
> Tomcat and guacamole, and I still don’t see LDAP referenced in the logs.
> Where do I set that in catalina.properties?  That’s my next step.  Also,
> when I try to log in, I do see the following error in the log (I masked out
> the IP and the user name):
>
>
>
> Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> xxx.xxx.xxx.xxx for user "user" failed.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Nick Couchman [mailto:vn...@apache.org ]
> *Sent:* Monday, November 13, 2017 8:05 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> On Mon, Nov 13, 2017 at 7:55 AM,  wrote:
>
> I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP
> loading.  I have the 0.9.13 LDAP extension at 
> /usr/share/tomcat/.guacamole/extensions.
> Is that the proper directory for it?  I’m pretty sure that’s where the user
> guide said to put it.  I also have the pertinent LDAP parameters set in the
> guacamole.properties file at /etc/guacamole.
>
>
>
> In 0.9.13-incubating, if you downloaded the release from the website, then
> the default GUACAMOLE_HOME will be the $HOME/.guacamole directory.
> Double-check and make sure that's the Tomcat user's home directory.  You
> can also change the GUACAMOLE_HOME via either the guacamole.home property
> in Tomcat's catalina.properties file, or by setting the GUACAMOLE_HOME
> environment variable before starting Tomcat.  This changes slightly in
> 0.9.14-incubating (git repo), with /etc/guacamole becoming the
> fallback-default location.
>
>
>
> If you have guacamole.properties in /etc/guacamole, and you can
> successfully change other items in that file and see the changes take
> effect, then I believe your GUACAMOLE_HOME is probably configured for
> /etc/guacamole, in which case your extensions should be in
> /etc/guacamole/extensions.  So, you might try creating that directory,
> placing the LDAP extension there, and then restarting Tomcat.
>
>
>
> -Nick
>
>
>


Re: Configuring LDAP

2017-11-13 Thread Mike Jumper
Following a restart of Tomcat, can you post the entire Tomcat log
somewhere, at least the portion which follows that restart?

- Mike


On Mon, Nov 13, 2017 at 10:51 AM,  wrote:

> I tried to add GUACAMOLE_HOME=”/etc/guacamole” into
> /etc/tomcat/tomcat.conf and restarting Tomcat, but that didn’t work.
> Instead of getting “Login failed” on the page, the page did nothing.  So I
> backed that out and restarted everything, and can’t log in at all.  I enter
> the guacadmin user and password and click Login, and nothing happens.  I do
> see a successful login message in /var/log/messages, but the page doesn’t
> redirect me anywhere any longer.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Devine, Harry (FAA)
> *Sent:* Monday, November 13, 2017 8:49 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* RE: Configuring LDAP
>
>
>
> Well, I tried moving the extensions to /etc/guacamole and restarting
> Tomcat and guacamole, and I still don’t see LDAP referenced in the logs.
> Where do I set that in catalina.properties?  That’s my next step.  Also,
> when I try to log in, I do see the following error in the log (I masked out
> the IP and the user name):
>
>
>
> Nov 13 08:32:28 access server: 08:32:28.177 [http-bio-8080-exec-1] WARN
> o.a.g.r.auth.AuthenticationService - Authentication attempt from
> xxx.xxx.xxx.xxx for user "user" failed.
>
>
>
> Thanks,
>
> Harry
>
>
>
> *From:* Nick Couchman [mailto:vn...@apache.org ]
> *Sent:* Monday, November 13, 2017 8:05 AM
> *To:* user@guacamole.incubator.apache.org
> *Subject:* Re: Configuring LDAP
>
>
>
> On Mon, Nov 13, 2017 at 7:55 AM,  wrote:
>
> I just restarted Guacamole and Tomcat, and I don’t see anything about LDAP
> loading.  I have the 0.9.13 LDAP extension at 
> /usr/share/tomcat/.guacamole/extensions.
> Is that the proper directory for it?  I’m pretty sure that’s where the user
> guide said to put it.  I also have the pertinent LDAP parameters set in the
> guacamole.properties file at /etc/guacamole.
>
>
>
> In 0.9.13-incubating, if you downloaded the release from the website, then
> the default GUACAMOLE_HOME will be the $HOME/.guacamole directory.
> Double-check and make sure that's the Tomcat user's home directory.  You
> can also change the GUACAMOLE_HOME via either the guacamole.home property
> in Tomcat's catalina.properties file, or by setting the GUACAMOLE_HOME
> environment variable before starting Tomcat.  This changes slightly in
> 0.9.14-incubating (git repo), with /etc/guacamole becoming the
> fallback-default location.
>
>
>
> If you have guacamole.properties in /etc/guacamole, and you can
> successfully change other items in that file and see the changes take
> effect, then I believe your GUACAMOLE_HOME is probably configured for
> /etc/guacamole, in which case your extensions should be in
> /etc/guacamole/extensions.  So, you might try creating that directory,
> placing the LDAP extension there, and then restarting Tomcat.
>
>
>
> -Nick
>


Re: Intermittent VNC connectivity to IP KVM

2017-11-13 Thread Mike Jumper
On Mon, Nov 13, 2017 at 9:47 AM, kpham  wrote:

> ...
> kernel: [20018.150998] traps: guacd[2185] trap divide error ip :
> 7f493214dbcd sp:7f4932d70b80 error:0 in
> libvncclient.so.1.0.0[7f493213d+1e]
>
> Do you think it's a bug in vncclient module? Any suggestion for me on how
> to
> fix it ?
>
>
This does look like a bug in libvncclient, the library used by Guacamole's
VNC support to handle the VNC protocol. It's hard to tell exactly where
within the library this is happening, but the kernel is reporting here that
the library is attempting to divide by zero. My guess, given context, is
that the VNC server is sending an empty rectangle with one of the
dimensions being zero, and libvncclient is improperly handling this
condition.

I would recommend installing the absolute latest libvncclient (part of
libvncserver), rebuilding guacamole-server, and seeing if the problem is
resolved. If the bug remains, the next step would be to report it upstream:

https://github.com/LibVNC/libvncserver

- Mike


Re: Guacamole Redirected Printer download files

2017-11-13 Thread Mike Jumper
On Mon, Nov 13, 2017 at 9:56 AM, Amarjeet Singh 
wrote:

> Hi Team,
>
> when I print any file using guacamole redirected printer, it always
> download the file instead of showing print preview.
> It is written to follow the above behavior
> .
> I looked into guacamole common js where it downloads with the help of
> iframe.
>

guacamole-common-js leaves the handling of downloads open to the
implementor using the API. If you're looking at code which leverages an
iframe for download, you are looking at the web application, not
guacamole-common-js.

I tried all the possible ways to edit the code and show the PDF files in
> iframe instead of downloading directly.
> It always downloads.
> Then I tried to change the url and gave the url of the PDF file from the
> server directly. It shows in the iframe and doesn't downloads.
> I came to know that there is something with the url which always tried to
> download.
> Any suggestions to resolve and show the PDF file in the iframe?
>

My suggestion would be to not attempt to override this behavior, and allow
the PDF to always download. Displaying the PDF within the browser is
problematic, and does not work identically across all browsers. Some will
display the PDF correctly, downloading the PDF only if no viewer is
present, others will display an empty iframe/tab even though a PDF viewer
is available or built-in, and yet others will silently fail with no way for
JavaScript to detect this.

Downloading the PDF directly is the only behavior which works universally.

- Mike


Re: Virtual or Dyanmic Channels support

2017-11-11 Thread Mike Jumper
On Sat, Nov 11, 2017 at 4:51 AM, Amarjeet Singh 
wrote:

> ...
>>
>> *Nov 11 07:46:04 localhost guacd[7887]: Inbound half of channel "hyprint"
>> connected.*
>
>
This is not an error, but an informative message that the inbound pipe
stream (the pipe from the browser to the server) for your channel has been
connected. It is being logged at the wrong log level, but is not an error.


> When I am printing the document on server side using this module. i am not
> receiving any data?
>
> client.onpipe = function(input_stream, mimetype, name) {
>>
>> reader = new Guacamole.StringReader(input_stream);
>> reader.ontext = function(text) {
>> // Handle input here
>> };
>>
>
>
What makes you think you're not receiving any data? The example code you've
provided here is explicitly not handling any data (it has placeholder
comments where the necessary code would need to go). Assuming you're using
this code as-is, you would have no indication regarding whether data is
being received or not. Received data would be silently discarded.

- Mike


Re: Virtual or Dyanmic Channels support

2017-11-10 Thread Mike Jumper
On Fri, Nov 10, 2017 at 12:52 PM, Amarjeet Singh 
wrote:

> Yes, There is a module which will be running on server side for Printing (
> instead of using Guacamole Printer which changes name  for every session )
> name=hyprint.
>
>
You can expose arbitrary static virtual channels to JavaScript using the
"static-channels" parameter provided by Guacamole's RDP support:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#rdp-device-redirection

The parameter accepts a comma-separated list of static channel names to
open and expose as pipe streams. For each SVC which is successfully handled
within RDP, Guacamole will open an outbound pipe with the name of the
static channel, which will trigger the "onpipe" handler of Guacamole.Client:

http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Client.html#event:onpipe

You can then deal with the inbound stream however you see fit. If
JavaScript needs to communicate back in the other direction, it should
respond by opening another pipe with the same name:

http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Client.html#createPipeStream

- Mike


Re: Virtual or Dyanmic Channels support

2017-11-10 Thread Mike Jumper
On Fri, Nov 10, 2017 at 12:11 PM, Amarjeet Singh 
wrote:

> Static Virtual channels in RDP which is of 7 character and RDP supports 31
> static virtual channels.
> That is what I am talking about.
>
>
So, just arbitrary static virtual channels? Do you have some application
which will be running under RDP which will be leveraging your own SVC, and
which you want the JavaScript side of Guacamole to communicate with? Can
you elaborate on the nature of the SVC in your case?

- Mike


Re: Virtual or Dyanmic Channels support

2017-11-10 Thread Mike Jumper
On Fri, Nov 10, 2017 at 4:59 AM, Amarjeet Singh 
wrote:

> I am asking about support of Static Virtual Channels in Guacamole?
>
> How can we configure support of more Static virtual channels in Guacamole ?
>
>
Can you be more specific? What channels?

- Mike


Re: Configuring LDAP

2017-11-09 Thread Mike Jumper
On Thu, Nov 9, 2017 at 12:45 PM,  wrote:

> I’m trying to configure LDAP to work on our new Guacamole installation.  I
> followed Chapter 7 in the user guide, but I still can’t get it to work.
> When I enter a user name and the password that I know exists in our LDAP
> (which is running on RHEL 7 using IDM), and click the Login button, nothing
> happens.  No errors, no visual clues, nothing.  I look at the logs on the
> server and get zero errors or indications that it even attempted it.
>

There will not be visual clues, as such details are not exposed at the
user-visible level. There should be log messages, however, including
messages indicating that the LDAP authentication extension was loaded. Can
you post what you see in the Tomcat logs from the point that Guacamole is
starting up until the first pair of login failures (there should be at
least two: the first resulting from the default anonymous auth attempt
which caused the login dialog to display, and the second from using that
login dialog)?

- Mike


Re: FLASH SUPPORT for Audio in IE

2017-11-08 Thread Mike Jumper
On Wed, Nov 8, 2017 at 2:22 AM, Amarjeet Singh  wrote:

> Hi Team,
>
> As there is no fallback of * AudioContext() *for IE I am trying to add
> support for sound in IE using Flashback but unable to do so.
>
> *In Chrome and Firefox  during WebSocket connection I get the following
> stream :-*
>
>>
>> 5.audio,1.1,31.audio/L16;rate=44100,channels=2;10.filesystem,1.0,12.Shared
>> Drive;4.size,1.0,4.1920,3.546;4.name,11.172.16.1.75;4.size,
>> 2.-1,2.11,2.16;3.img,1.3,2.12,2.-1,9.image/png,1.0,1.0;4.blob,1.3,232.
>> iVBORw0KGgoNSUhEUgsQCAYAAADAvYV+BmJLR0QA/wD/AP+
>> gvaeTYklEQVQokY2RQQ4AIQgDW+L/v9y9qCEsIJ4QZggoJAnDYwAwFQwASI
>> 4EO8FEMH95CRYTnfCDOyGFK6GEM6GFo7AqKI4sSSsCJH1X+roFkKdjueABX/
>> On77lz2uGtr6pj9okfTeJQAYVaxnMASUVORK5CYII=;3.end,1.3;6.
>> cursor,1.0,1.0,2.-1,1.0,1.0,2.11,2.16;
>
>
> *In IE I get the following stream :- *
>
>>
>> "10.filesystem,1.0,12.Shared Drive;4.size,1.0,4.1920,3.516;4.name
>> ,11.172.16.1.75;4.size,2.-1,2.11,2.16;3.img,1.3,2.12,
>> 2.-1,9.image/png,1.0,1.0;4.blob,1.3,232.iVBORw0KGgoNSUhEUgsAAA
>> AQCAYAAADAvYV+BmJLR0QA/wD/AP+gvaeTYklEQVQokY2RQQ4AIQgDW+L/
>> v9y9qCEsIJ4QZggoJAnDYwAwFQwASI4EO8FEMH95CRYTnfCDOyGFK6GEM6GF
>> o7AqKI4sSSsCJH1X+roFkKdjueABX/On77lz2uGtr6pj9okfTeJQAYVaxnMA
>> SUVORK5CYII=;3.end,1.3;6.cursor,1.0,1.0,2.-1,1.0,1.0,2.11,2.16;"
>
>
> Why there is *no audio* coming from the back end in IE ?
>
> Does the back end code depends on the browser ?
>
>
The mimetypes of any supported audio codecs are required to be submitted
during the initial Guacamole protocol handshake. As that handshake is
handled server-side, those mimetypes need to be submitted to the server
prior to or as the connection is being established. In the mainline
Guacamole webapp, the audio mimetypes are submitted to the tunnel during
the initial connection attempt via "GUAC_AUDIO" query parameters, and the
part of the webapp that handles tunnel requests transforms those parameters
into the list of audio mimetypes required by the GuacamoleClientInformation
object which is given to ConfiguredGuacamoleSocket to perform the handshake.

See:

http://guacamole.incubator.apache.org/doc/gug/guacamole-protocol.html#guacamole-protocol-handshake

The flow for this in the mainline Guacamole webapp is:

https://github.com/apache/incubator-guacamole-client/blob/0611fe8fff694dff7e3cb6a62918f6c90668728c/guacamole-common-js/src/main/webapp/modules/AudioPlayer.js#L62-L79
https://github.com/apache/incubator-guacamole-client/blob/0611fe8fff694dff7e3cb6a62918f6c90668728c/guacamole/src/main/webapp/app/client/services/guacAudio.js
https://github.com/apache/incubator-guacamole-client/blob/0611fe8fff694dff7e3cb6a62918f6c90668728c/guacamole/src/main/webapp/app/client/types/ManagedClient.js#L229-L232
https://github.com/apache/incubator-guacamole-client/blob/0611fe8fff694dff7e3cb6a62918f6c90668728c/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequest.java#L333-L343
https://github.com/apache/incubator-guacamole-client/blob/0611fe8fff694dff7e3cb6a62918f6c90668728c/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java#L154-L157

If you are adding IE-specific support for
"audio/L16;rate=44100,channels=2", you will need to see that this mimetype
is submitted to the server. Lacking this, the code handling audio for the
remote desktop will not know what formats the client side supports, and
will not be able to provide an audio stream.

- Mike


Re: Capture keyboard input?

2017-11-06 Thread Mike Jumper
On Tue, Oct 31, 2017 at 10:30 AM, Anthony Moon
 wrote:
> Hi all,
>
> Just wondering if Gauc has the ability to capture all keyboard input? I
> can’t tell you how many times I’ve accidentally closed the whole tab while
> typing (CTRL + W)..
>

Guacamole already attempts to capture absolutely all keyboard input.
It's up to the OS and the browser to decide which key events to
actually expose to JavaScript. Keyboard events for shortcuts reserved
by the OS (Ctrl+Alt+Del, Alt+Tab, etc.) are typically eaten by the OS
before they reach the browser, and keyboard events for shortcuts
reserved by the browser (such as Ctrl+W) are typically eaten by the
browser before they reach JavaScript.

Some browsers, Chrome included, will allow bookmarks to be saved to
the desktop or home screen, and give the webapps bookmarked in such a
manner access to additional keystrokes. If the browser you're using
has this feature, that may help things. Beyond that, it's a security
feature of the browser that web applications cannot take full control
of the keyboard, and there's nothing that can be done within
JavaScript to alter this. As long as the key event actually happens
within JavaScript, Guacamole will handle it and pass it along to the
remote desktop.

- Mike


Re: GUAC-1096 conditions for WebSockets

2017-11-05 Thread Mike Jumper
On Tue, Oct 31, 2017 at 1:17 PM, bkalb  wrote:
> I apologize for the lack of logs but we can only reproduce this in a closed
> off network.

Logs would be helpful. If you are seeing unexpected behavior, the
first thing to check would be whether there are errors in the Tomcat
and guacd logs, as well as the JavaScript error log of the browser in
use.

>
> ...  We don't see this error when deploying Guacamole on our normal
> development environment.
>

How do the failing environment and development environment differ?

- Mike


Re: guacamole-common-js confusion

2017-11-05 Thread Mike Jumper
On Tue, Oct 31, 2017 at 1:54 PM, David L Napier  wrote:
> We're building an app that's utilizing Guacamole.  I have Tomcat behind an
> Nginx reverse proxy.  The app successfully utilizes guacamole-common-js and
> connects to tomcat via the proxy.  Then it loads the canvas into the client.
> However, the canvas is returning with a size of 0 height, 0 width.
>

What do you mean by "loads the canvas into the client"?

Guacamole does use canvas tags, but you shouldn't be touching the
canvas itself (which is internal). You should only be dealing with the
display abstraction provided by Guacamole.Display (returned by
getDisplay() of Guacamole.Client), adding the display to the DOM using
the element returned by getElement():

http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Client.html#getDisplay
http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Display.html#getElement

The display itself will not have non-zero dimensions until it receives
the size from the server. If this never occurs, check that:

1) You have set handlers for the tunnel and client "onerror" and
"onstatechange" events (so you know when things are failing)
2) There aren't errors in the logs from guacd (the connection may not
have succeeded at all)

> I've got this warning in my console: "[Deprecation] Resource requests whose
> URLs contained both removed whitespace (`\n`, `\r`, `\t`) characters and
> less-than characters (`<`) are blocked. Please remove newlines and encode
> less-than characters from places like element attribute values in order to
> load these resources. See
> https://www.chromestatus.com/feature/5735596811091968 for more details."
>

Check your HTML. From the warning, it sounds like some of your
attribute values contain angle brackets, and are thus being recognized
by Chrome as possible injection attacks.

- Mike


Re: Authentication using http

2017-11-05 Thread Mike Jumper
On Fri, Nov 3, 2017 at 6:01 AM, Nick Couchman  wrote:
>
> On Tue, Oct 31, 2017 at 5:43 PM, Thompson, John H. (GSFC-606.2)[PATUXENT 
> TECHNOLOGY PARTNERS]  wrote:
>>
>> Will storing the allowed connections in LDAP work with HTTP
>> header authentication"?
>>
>> ...
>>
>
> I believe the answer is no.  Mike can correct this if I'm wrong, but my 
> understanding is that one of the security mechanisms in the LDAP module is 
> that the bind to look for connections is done with the user who logged in.  
> So, if the user is logged in through another mechanism (header 
> authentication), and particularly one that doesn't provide the password to 
> Guacamole (header will not), then there's not going to be any way for the 
> user who logged in to bind to the LDAP directory.
>

This is exactly correct. Part of the idea behind the LDAP
authentication is to allow the LDAP directory's own security
constraints to dictate access level. This cannot be done without a
bind.

- Mike


Re: BAD signature when trying to verify the download

2017-11-05 Thread Mike Jumper
On Sun, Nov 5, 2017 at 5:36 AM, dirkguacamole  wrote:

> Hi all,
>
> when trying to verify the download with
> https://www.apache.org/dist/incubator/guacamole/0.9.13-
> incubating/source/guacamole-client-0.9.13-incubating.tar.gz.asc
>
> i get :
> BAD signature from "Michael Jumper (CODE SIGNING KEY)  >"
> [unknown]
>
> any idea ?
>
>
What command did you run when trying to verify the signature?

- Mike


Re: Disable SFTP from web interface

2017-10-27 Thread Mike Jumper
On Fri, Oct 27, 2017 at 10:43 AM, Nick Couchman  wrote:

> On Thu, Oct 26, 2017 at 5:40 PM, Anthony Moon <
> anthon...@moving-picture.com> wrote:
>
>> We’d like to eliminate the potential for administrators to have access to
>> this feature (if at all possible).
>>
>
> I do not know of a way to do this at the Guacamole level at this point.
> On the server-side you could disable it in the SSH server config
> (sshd_config) if you have control over those servers and don't want it
> available at all, or disable it for certain groups of users, etc.  But I
> don't know of a way in the Guacamole configuration to prevent it.
>
>
There really isn't a way to disable this access via configuration alone. It
would be possible to write an extension which does not use the
corresponding connection parameters, but if the use case here is
specialized enough, it may be better to look into leveraging the Guacamole
API to build a webapp specific to that case, rather than stripping out
parts of the mainline webapp.

- Mike


Re: ssh handshake failed latest libssh2

2017-10-26 Thread Mike Jumper
On Thu, Oct 26, 2017 at 8:10 PM, cchance  wrote:

> Ok i read that the reason SSH was giving handshake errors was that it was
> due
> to the dockerfile based on centos which had old libssh2 so i wrote my own
> dockerfile that builds with
>
> ENV GUACAMOLE_VERSION 0.9.13-incubating
> ENV OPENSSL_VERSION 1.1.0f
> ENV LIBSSH2_VERSION 1.8.0
>
> But STILL i'm getting ssh handshake failed everytime i try to ssh to a
> switch, works in putty works
>
> As a note the switch seems to use diffie-hellman-group1-sha1
>
> I thought using the latest openssl and libssh2 would fix the issue but
> apparently not? Is their somewhere i need to allow specifically sha1 beyond
> just upgrading to latest libssh2 before building guacd?
>

Are you sure that the libssh2 version from the distribution's own packages
is no longer installed?

- Mike


Re: VNC & Networking

2017-10-26 Thread Mike Jumper
On Thu, Oct 26, 2017 at 6:38 PM, Steven Pollock 
wrote:

> Thanks Mike, but makes no sense to me that it is a network issue.
>
>
That's really the only possibility. Unless the hostname or IP address of
the destination machine has been mistyped, there is no other possible
explanation.

Have you checked the logs from guacd?

I can connect from an other VNC client, just not Guac.
>
>
>From another VNC client on the same machine that's running guacd?

I can connect via RDP from guac.
>
>
Via RDP to the same machine that you are unable to connect to via VNC?

- Mike


Re: VNC & Networking

2017-10-26 Thread Mike Jumper
On Thu, Oct 26, 2017 at 5:53 PM, Steven Pollock 
wrote:

> I have tried this with both the noauth and mysql configs, as I thought it
> might be a noauth issue initially.  The network is not blocking, lets not
> go there.
>
>
The authentication backend in use has no bearing on whether Guacamole can
connect via VNC to a particular machine. It is guacd which actually
performs the network connection to the VNC server.


> Single interface guac sitting on 10.80.100.x/24
>VNC to 10.80.100.10 -- works
>RDP to 10.80.100.11 -- works
>RDP to AWS (amazon) -- works
>
> Move the guac to another network and change the IP address to
> 10.80.160.x/24
>VNC to 10.80.100.10 -- fail
>RDP to 10.80.100.11 -- works
>RDP to AWS (amazon) -- works
>
> Use a standard off the shelf VNC client in 10.80.160.x
>VNC to 10.80.100.10 -- works
>
> Simply changing the subnet causes guac VNC to fail in either noauth or
> mysql configs.
>
> Any ideas? Maybe a way to troubleshoot?
>
>
If you are able to connect to other machines, and only connections to a
particular subnet fail, that strongly suggests that there is an issue with
the network configuration on either of the machines in question, or in the
network between them. There is no magic within guacd nor within the
authentication extensions which would result in connections failing only
for a particular subnet. Routing of packets between subnets is handled by
the system's networking stack, not by guacd.

To troubleshoot, I suggest looking strictly at the network configuration
and behavior of the machines where you're seeing this issue. Don't draw
conclusions from connecting from another machine that happens to be in the
same subnet; connect strictly from the machine hosting guacd.

On another note, you mention NoAuth - beware that this extension has been
deprecated. Its use is no longer recommended. See:

http://guacamole.incubator.apache.org/releases/0.9.13-incubating/#noauth-now-deprecated

- Mike


Re: what is java.lang.NullPointerException

2017-10-25 Thread Mike Jumper
.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:486)
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
>
>
>
>
> I am looking forward to hearing from you.
>
> Sincerely yours,
>
>
> -- Yo
>
>
>
>
>
> 2017-10-25 15:57 GMT+09:00 Mike Jumper :
>>
>> The access logs are of very limited utility, providing little
>> information beyond the status code (500). Please provide the log
>> output from:
>>
>> 1) Guacamole itself (this will likely be in "catalina.out", but could
>> also be in journalctl or elsewhere, depending on how Tomcat is
>> installed/packaged in your case)
>> 2) guacd (this will be syslog, likely /var/log/messages,
>> /var/log/syslog, or journalctl, depending on your distribution)
>>
>> Thanks,
>>
>> - Mike
>>
>>
>> On Tue, Oct 24, 2017 at 11:47 PM, Youhei Ootsuki
>>  wrote:
>> > Hi,
>> >
>> >
>> > Would you like to read this log ?
>> >
>> > Suddenly "HTTP 500 ERROR" is occurring.
>> >
>> > The setting at that time is as follows
>> >
>> > --- setting -
>> >
>> > 
>> > ssh
>> > *
>> > 22
>> > true
>> > *
>> > *
>> > 
>> > 
>> >
>> > ---
>> >
>> >
>> >
>> > --- log ---
>> >
>> >
>> > 25/Oct/2017:15:21:10 "GET /GUAC/api/patches HTTP/1.1" 200
>> > 25/Oct/2017:15:21:10 "GET /GUAC/api/languages HTTP/1.1" 200
>> > 25/Oct/2017:15:21:10 "POST /GUAC/api/tokens HTTP/1.1" 403
>> > 25/Oct/2017:15:21:33 "POST /GUAC/api/tokens HTTP/1.1" 403
>> > 25/Oct/2017:15:21:42 "POST /GUAC/api/tokens HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "POST /GUAC/api/tokens HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET
>> >
>> > /GUAC/api/session/data/default/connectionGroups/ROOT/tree?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
>> > HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET
>> >
>> > /GUAC/api/patches?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
>> > HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET
>> >
>> > /GUAC/api/session/data/default/users/youhei-otsuki?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
>> > HTTP/1.1" 200
>> >
>> >
>> > 25/Oct/2017:15:21:42 "GET /GUAC/images/magnifier.png HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET /GUAC/images/protocol-icons/guac-text.png
>> > HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET /GUAC/images/protocol-icons/guac-monitor.png
>> > HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET /GUAC/images/action-icons/guac-logout-dark.png
>> > HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET /GUAC/images/arrows/down.png HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET /GUAC/images/user-icons/guac-user.png
>> > HTTP/1.1"
>> > 200
>> > 25/Oct/2017:15:21:42 "GET
>> >
>> > /GUAC/api/session/data/default/self/permissions?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
>> > HTTP/1.1" 200
>> > 25/Oct/2017:15:21:42 "GET
>> >
>&g

Re: what is java.lang.NullPointerException

2017-10-24 Thread Mike Jumper
The access logs are of very limited utility, providing little
information beyond the status code (500). Please provide the log
output from:

1) Guacamole itself (this will likely be in "catalina.out", but could
also be in journalctl or elsewhere, depending on how Tomcat is
installed/packaged in your case)
2) guacd (this will be syslog, likely /var/log/messages,
/var/log/syslog, or journalctl, depending on your distribution)

Thanks,

- Mike


On Tue, Oct 24, 2017 at 11:47 PM, Youhei Ootsuki
 wrote:
> Hi,
>
>
> Would you like to read this log ?
>
> Suddenly "HTTP 500 ERROR" is occurring.
>
> The setting at that time is as follows
>
> --- setting -
>
> 
> ssh
> *
> 22
> true
> *
> *
> 
> 
>
> ---
>
>
>
> --- log ---
>
>
> 25/Oct/2017:15:21:10 "GET /GUAC/api/patches HTTP/1.1" 200
> 25/Oct/2017:15:21:10 "GET /GUAC/api/languages HTTP/1.1" 200
> 25/Oct/2017:15:21:10 "POST /GUAC/api/tokens HTTP/1.1" 403
> 25/Oct/2017:15:21:33 "POST /GUAC/api/tokens HTTP/1.1" 403
> 25/Oct/2017:15:21:42 "POST /GUAC/api/tokens HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "POST /GUAC/api/tokens HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET
> /GUAC/api/session/data/default/connectionGroups/ROOT/tree?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET
> /GUAC/api/patches?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET
> /GUAC/api/session/data/default/users/youhei-otsuki?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 200
>
>
> 25/Oct/2017:15:21:42 "GET /GUAC/images/magnifier.png HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET /GUAC/images/protocol-icons/guac-text.png
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET /GUAC/images/protocol-icons/guac-monitor.png
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET /GUAC/images/action-icons/guac-logout-dark.png
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET /GUAC/images/arrows/down.png HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET /GUAC/images/user-icons/guac-user.png HTTP/1.1"
> 200
> 25/Oct/2017:15:21:42 "GET
> /GUAC/api/session/data/default/self/permissions?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET
> /GUAC/api/session/data/default/activeConnections?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET /GUAC/images/action-icons/guac-home-dark.png
> HTTP/1.1" 200
> 25/Oct/2017:15:21:42 "GET /GUAC/images/action-icons/guac-config-dark.png
> HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/settings/touchscreen.png HTTP/1.1"
> 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/settings/touchpad.png HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/settings/tablet-keys.png HTTP/1.1"
> 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/settings/zoom-in.png HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/settings/zoom-out.png HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "POST /GUAC/api/tokens HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/share.png HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/action-icons/guac-back.png HTTP/1.1"
> 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/drive.png HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/layouts/en-us-qwerty.json HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/app/element/templates/blank.html HTTP/1.1"
> 200
>
>
>
>
> 25/Oct/2017:15:21:54 "GET
> /GUAC/api/session/data/default/connections/Catalyst%203750%20V2(ssh)?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/x.png HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET /GUAC/images/logo-144.png HTTP/1.1" 200
> 25/Oct/2017:15:21:54 "GET
> /GUAC/websocket-tunnel?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0&GUAC_DATA_SOURCE=default&GUAC_ID=Catalyst%203750%20V2(ssh)&GUAC_TYPE=c&GUAC_WIDTH=1475&GUAC_HEIGHT=864&GUAC_DPI=96&GUAC_AUDIO=audio%2FL8&GUAC_AUDIO=audio%2FL16&GUAC_IMAGE=image%2Fjpeg&GUAC_IMAGE=image%2Fpng
> HTTP/1.1" 500
> 25/Oct/2017:15:21:54 "GET
> /GUAC/api/session/tunnels/3f75fd9f-1dc5-469c-a50e-7d11d1c465b9/activeConnection/connection/sharingProfiles?token=5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 404
> 25/Oct/2017:15:22:09 "POST /GUAC/api/tokens HTTP/1.1" 200
> 25/Oct/2017:15:22:09 "GET /GUAC/images/action-icons/guac-home.png HTTP/1.1"
> 200
> 25/Oct/2017:15:22:09 "GET /GUAC/images/circle-arrows.png HTTP/1.1" 200
> 25/Oct/2017:15:22:09 "GET /GUAC/images/action-icons/guac-logout.png
> HTTP/1.1" 200
> 25/Oct/2017:15:22:16 "DELETE
> /GUAC/api/tokens/5B2E50C517D0B38A68B5824EA84D5D6B4F1FDC6430834B581C7275195DAAB5F0
> HTTP/1.1" 204
> 25/Oct/2017:15:22:16 "POST /GUAC/api/tokens HTTP/1.1" 403
>
>
>
>
> Don’t hesitate to contact me if you have any questions.
>

Re: guacamole-common-js confusion

2017-10-24 Thread Mike Jumper
On Tue, Oct 24, 2017 at 1:10 PM, David L Napier  wrote:

> I'm a bit confused by the architecture in this project after reading the
> documentation.  I'm build a node.js application and hoping to utilize
> Guacamole.
>
> My questions are:
>
> Does guacamole-common-js load on the front or back end of my web
> application?
>

guacamole-common-js is used by the client side of the stack. It runs in the
browser only. There are no server-side JavaScript components.

Does guacamole-common-js connect to the Java Servlet or can it connect to
> guacd directly?  (Is the Servlet required?)
>

The client built into guacamole-common-js expects that the Guacamole
protocol handshake will be taken care of server-side. This is important
from a security perspective, to ensure that users cannot simply establish
arbitrary connections with arbitrary privileges to any remote desktop that
they please. The implementation provided for this is written in Java that
is meant to run server-side:

https://github.com/apache/incubator-guacamole-client/blob/d955fbea1adbbcd88a9a169100ebad19ef2092cb/guacamole-common/src/main/java/org/apache/guacamole/protocol/ConfiguredGuacamoleSocket.java

Typically, this would run within the tunnel servlet/endpoint, yes, with
that tunnel serving as the sole intermediary between the browser and guacd.
Again, not being able to connect to guacd directly is an important security
consideration.

Leveraging guacamole-common is the recommended way of doing this, but if
you are hard-set on not using Java, you can implement the Guacamole
protocol handshake yourself and achieve the same. The Guacamole protocol
and its handshake are documented in the manual:

http://guacamole.incubator.apache.org/doc/gug/guacamole-protocol.html

- Mike


Re: Assistance on creating jar file from directory

2017-10-21 Thread Mike Jumper
On Sat, Oct 21, 2017 at 9:25 AM, Nick Couchman  wrote:
> On Sat, Oct 21, 2017 at 10:04 AM, Charles Mccrea 
> ...
>
>>
>> Inside this directory I have my guacamole.properties file and the
>> extensions folder.
>> I didn't have my GUACAMOLE_HOME environement variable set so I've done
>> this now using an .sh script.  Confirmed on reboot that my environment
>> variable is set properly.
>
> If you're setting this property directly, now, in the startup script, it
> should be set to /usr/share/tomcat/.guacamole.
>

To further clarify, "GUACAMOLE_HOME" is the placeholder text used in
the manual and elsewhere to represent the base directory which
contains guacamole.properties, the "extensions" and "lib" directories,
and additional configuration files. The environment variable for
explicitly defining this location has the same name, but you do not
need to set the GUACAMOLE_HOME environment variable nor the
guacamole.home system property if you are planning to use one of the
default locations for GUACAMOLE_HOME, such as the ".guacamole"
directory within the home directory of the tomcat user.

Explicitly setting GUACAMOLE_HOME or guacamole.home to
/usr/share/tomcat/.guacamole won't hurt anything (except maybe my
brain), but it's completely superfluous.

>...
>
> If you're running 0.9.9 you should really consider upgrading.  First, I'm
> not sure when custom branding support was added in, but it may not work in
> that version, and, second, that's 4 releases behind the current version, and
> there have been lots of improvements since then.  0.9.13-incubating is the
> current released version, and then the git repo master will eventually be
> 0.9.14-incubating and has more changes/fixes on top of that.
>

+1

- Mike


Re: Telnet/SSH buffer size

2017-10-19 Thread Mike Jumper
On Thu, Oct 19, 2017 at 8:14 AM, Nick Couchman  wrote:
> On Thu, Oct 19, 2017 at 9:24 AM, McRoy, Jeffrey (GE Healthcare)
>  wrote:
>>
>> Hi Everyone,
>>
>> Does anyone know what the buffer size is for Guac’s Telnet and SSH
>> sessions?
>>
>
> For SSH, looks like 8192:
>
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/ssh/ssh.c#L157
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/ssh/ssh.c#L177
>
> For telnet, looks probably 8192 for most things, but there are a couple of
> operations that are slightly different:
>
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L92
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L263
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L386
> https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/protocols/telnet/telnet.c#L465
>

In case you meant the size of the scrollback buffer, the answer is 1000 lines:

https://github.com/apache/incubator-guacamole-server/blob/95be88be19e04e07ac1dafb823993745bee7d146/src/terminal/terminal.c#L327-L328

- Mike


Re: Problems with basic authentication

2017-10-18 Thread Mike Jumper
On Wed, Oct 18, 2017 at 5:30 AM, Felix Wolfheimer
 wrote:
> Hi Nick,
>
> thanks for your help and your suggestions. I created /etc/guacamole and put
> guacamole.properties into this directory. The file has the following
> content:
>
> guacd-hostname: localhost
> guacd-port: 4822
> user-mapping: /etc/guacamole/user-mapping.xml
>

Beware that:

1) The property "user-mapping" is a typo in the manual, and should
actually be "basic-user-mapping"
2) The "basic-user-mapping" property was deprecated in 0.9.10-incubating [1]

Though the property "basic-user-mapping" should still work, its use is
no longer recommended. The default location of
"GUACAMOLE_HOME/user-mapping.xml" should be used instead.

It's worth noting that "/etc/guacamole" was recently added to the
default search locations for GUACAMOLE_HOME [2], so the locations
you're using for everything here is actually the default on git and
for future releases.

- Mike

[1] 
http://guacamole.incubator.apache.org/releases/0.9.10-incubating/#deprecation-of-the-basic-user-mapping-property
[2] https://issues.apache.org/jira/browse/GUACAMOLE-335


Re: Problems with basic authentication

2017-10-18 Thread Mike Jumper
On Wed, Oct 18, 2017 at 3:24 PM, Felix Wolfheimer
 wrote:
> ...
>
> INFO  o.a.g.environment.LocalEnvironment - No guacamole.properties file
> found within GUACAMOLE_HOME or the classpath. Using defaults.
>

Is /etc/guacamole/guacamole.properties readable by the user running
the Tomcat service?

>
> ... So I wonder whether this might be a problem in openjdk. Is
> guacamole usually working better with a proprietary Java version?
>

No. OpenJDK should work fine.

- Mike


Re: Websockets not working

2017-10-18 Thread Mike Jumper
On Wed, Oct 18, 2017 at 10:31 AM, Colin McGuigan
 wrote:
> Mike Jumper wrote
>> What version of Tomcat?
>
> 7.0.69.0; as I understand it, websockets have been supported since 7.0.47.
>

Yes, and since 7.0.37 via the Tomcat-specific WebSocket API. Your
version is definitely new enough.

What does Chrome show in the "network" tab of its dev tools when you
try to connect? You'll probably need to open dev tools and reload the
page for the WebSocket connection attempt to be visible.

- Mike


Re: Websockets not working

2017-10-18 Thread Mike Jumper
On Wed, Oct 18, 2017 at 8:48 AM, Colin McGuigan
 wrote:
> Hello again,

> So I have an SSH connection.  I can connect through Guacamole, but it's
> really slow.  Some research says that this is because I'm not using
> websockets, ...

Not necessarily. It is true that the WebSocket tunnel is faster than
the HTTP tunnel, but if you would describe the connection as "really
slow", something else might be at work here. The HTTP tunnel should
still be reasonably fast.

> ...
> Now, I've verified the following things:
>
> 1. I am connecting directly through Tomcat on port 8080.  There is no Apache
> or nginx reverse proxy.
>

What version of Tomcat?

> My question is, is there any way to determine why there is the initial
> connect/disconnect of a connection that lasts 14ms, or why there is an
> exception being thrown as if this disconnect is unexpected?

An exception is thrown normally when a read attempt is made against a
closed TCP socket. As this is not an error per se, at least not from
the perspective of the HTTP tunnel, that particular exception is not
normally logged, but rather handled as another indicator of connection
closure. It's only logged in this case because debug-level logging is
enabled.

- Mike


Re: Deploying locally built WAR

2017-10-13 Thread Mike Jumper
On Fri, Oct 13, 2017 at 1:00 PM, Ryan Underwood 
wrote:

> Thanks Nick – not sure how I missed it in the root.
>
> Now I have the image built from my local repo clone. I’ve modified some of
> the source to add logging because I still can’t connect to an RDP instance
> and the only error I get is:
>
> 9:50:16.382 [http-nio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet
> - HTTP tunnel request failed: java.net.ConnectException: Connection refused
>
> 19:50:16.384 [http-nio-8080-exec-9] DEBUG o.a.g.s.GuacamoleHTTPTunnelServlet
> - Internal error in HTTP tunnel.
>
> org.apache.guacamole.GuacamoleServerException: java.net.ConnectException:
> Connection refused
>
>
This looks like guacd is unreachable. Is your Guacamole image configured to
connect to a running copy of guacd (in another Docker container or
otherwise)?

This is the same error I get with the docker hub image too.  However, after
> adding some logging in the java classes and updating the logback.xml to go
> to trace, none of my messages show up anywhere.  Any thoughts?
>
>
What logging did you add?

- Mike


Re: Clipboard Usage

2017-10-09 Thread Mike Jumper
On Sun, Oct 8, 2017 at 6:07 PM, Nick Couchman  wrote:

> On Sun, Oct 8, 2017 at 3:37 PM, Steve Karam 
> wrote:
>
>> Hi Philip,
>>
>> If you’re using Chrome you can install this extension:
>> https://chrome.google.com/webstore/detail/clipboa
>> rd-permission-mana/ipbhneeanpgkaleihlknhjiaamobkceh?hl=en
>>
>> On a supported guacamole desktop, an icon in the extensions bar will let
>> you allow direct copy/paste. I’m not sure what the minimum required
>> guacamole version is, but it didn’t work on 0.9.7.
>>
>
>  I tracked it down not too long ago, and I believe it was either 0.9.10 or
> 0.9.11 where support was added; however, using the latest version
> (0.9.13-incubating or building from git master) definitely works.
>
>
The JIRA issue associated with this change was:

https://issues.apache.org/jira/browse/GUACAMOLE-24

The change was merged for 0.9.10-incubating, so anything 0.9.10 or later
will have this support. The releases prior to acceptance into the Incubator
(0.9.9 and earlier) will lack this support.

- Mike


Re: showing an error message to the end user

2017-10-07 Thread Mike Jumper
On Sat, Oct 7, 2017 at 12:03 AM, shaykeren  wrote:

> Our extension inherit from AuthenticationProvider
> In authenticateUser method We are validating credentials.getRequest().
> in case the request(HttpServletRequest) contains invalid parameter an
> exception is raised (GuacamoleException) with the right message.
>
> Basically our users are being redirected to guacamole in order to SSH/RDP.
> Our custom AuthenticationProvider sets GuacamoleConfiguration with the
> pre-selected protocol parameters.
> Thanks!
>
> Any Idea?
>
>
If you throw the lowest-level, Guacamole-specific exception available
(GuacamoleException), there is no semantic information surrounding that
exception for the web application to handle that error in a way which makes
sense. It will be converted to a hard HTTP 500 status code, and
authentication will abort.

Depending on what exactly you're looking for, there are other exceptions
available for:

* Notifying the user that something they've entered is invalid
(GuacamoleClientException). Example: [1]
* Requesting that the user provide entirely new credentials
(GuacamoleInvalidCredentialsException). Example: [2]
* Requesting that the user provide additional credentials
(GuacamoleInsufficientCredentialsException). Example: [3]

Error handling within the web application will not necessarily have the
effect you're looking for, though. If you're only using Guacamole to
service individual connections, you should probably look into building your
own application using the Guacamole API.

It's still unclear exactly what you're aiming for, what the intended user
experience is, etc. It's clear that you are validating HTTP parameters
during authentication, and that you wish to display an error, but the
context of that error is unknown; Guacamole performs authentication on
absolutely all pages, so this parameter could be coming from anywhere. It
would be helpful if you could walk through the user experience, starting
from what they see within the non-Guacamole part of your application.

- Mike

[1]
https://github.com/apache/incubator-guacamole-client/blob/728d9b937c80bbf61ac79dd563dc1775203b34e6/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java#L98-L100

[2]
https://github.com/apache/incubator-guacamole-client/blob/728d9b937c80bbf61ac79dd563dc1775203b34e6/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java#L79-L80

[3]
https://github.com/apache/incubator-guacamole-client/blob/728d9b937c80bbf61ac79dd563dc1775203b34e6/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java#L434-L438


RE: tracking down a tomcat 500 error

2017-10-04 Thread Mike Jumper
Does the Windows 10 version of Docker have the "docker logs" command?

https://docs.docker.com/engine/reference/commandline/logs/


On Oct 4, 2017 05:39, "Ryan Underwood"  wrote:

Thanks Mike.
I typed PUT but meant POST, as it shows below, to POST
/guacamole/api/tokens.
The larger log excerpt I pasted is catalina.out from tomcat. I'll
investigate the MySQL side and jdbc connection.
-Ryan

Sent from my Android phone using TouchDown (www.symantec.com)


-Original Message-
*From:* Mike Jumper [mike.jum...@guac-dev.org]
*Received:* Wednesday, 04 Oct 2017, 12:18AM
*To:* user@guacamole.incubator.apache.org [user@guacamole.incubator.
apache.org]
*Subject:* Re: tracking down a tomcat 500 error

On Tue, Oct 3, 2017 at 8:42 PM, Ryan Underwood 
wrote:

> I am running guacamole via docker on win10 pro. I’m using Mysql, guacamole
> and guacd and all appear to be running as intended.  I get a 500 error when
> I hit the home page. Localhost access log shows all the GETs work
>

Those GETs are probably to static files, and thus aren't hitting the
component which is failing.


> and a PUT failed (172.17.0.1 - - [04/Oct/2017:03:27:52 +]
>

There shouldn't be a PUT occurring prior to login. What URL is that PUT
request for?

"POST /guacamole/api/tokens HTTP/1.1" 500 185).  Any ideas where I should
> be looking to narrow this down or get more info?
>

".../api/tokens" is the URL of the REST endpoint used for handling
authentication. Given the description of your setup, the MySQL portion of
things is most likely misconfigured (somehow). Once we find the proper log,
things should clear up.

  Catalina error seems to be in non-guacamole classes so not sure where to
> go next.
>
> -Ryan
>
>
>
> Catalina:
>
>
>
> 04-Oct-2017 03:13:40.242 SEVERE [http-nio-8080-exec-8]
> com.sun.jersey.spi.container.ContainerResponse.logException Mapped
> exception to response: 500 (Internal Server Error)
>
> org.apache.guacamole.rest.APIException
>
> at org.apache.guacamole.rest.RESTExceptionWrapper.invoke(RESTEx
> ceptionWrapper.java:202)
>

What log file is this from specifically?

Thanks,

- Mike


Re: tracking down a tomcat 500 error

2017-10-03 Thread Mike Jumper
On Tue, Oct 3, 2017 at 8:42 PM, Ryan Underwood 
wrote:

> I am running guacamole via docker on win10 pro. I’m using Mysql, guacamole
> and guacd and all appear to be running as intended.  I get a 500 error when
> I hit the home page. Localhost access log shows all the GETs work
>

Those GETs are probably to static files, and thus aren't hitting the
component which is failing.


> and a PUT failed (172.17.0.1 - - [04/Oct/2017:03:27:52 +]
>

There shouldn't be a PUT occurring prior to login. What URL is that PUT
request for?

"POST /guacamole/api/tokens HTTP/1.1" 500 185).  Any ideas where I should
> be looking to narrow this down or get more info?
>

".../api/tokens" is the URL of the REST endpoint used for handling
authentication. Given the description of your setup, the MySQL portion of
things is most likely misconfigured (somehow). Once we find the proper log,
things should clear up.

  Catalina error seems to be in non-guacamole classes so not sure where to
> go next.
>
> -Ryan
>
>
>
> Catalina:
>
>
>
> 04-Oct-2017 03:13:40.242 SEVERE [http-nio-8080-exec-8]
> com.sun.jersey.spi.container.ContainerResponse.logException Mapped
> exception to response: 500 (Internal Server Error)
>
> org.apache.guacamole.rest.APIException
>
> at org.apache.guacamole.rest.RESTExceptionWrapper.invoke(
> RESTExceptionWrapper.java:202)
>

What log file is this from specifically?

Thanks,

- Mike


Re: Automatic execution of commands in Telnet/SSH

2017-10-03 Thread Mike Jumper
On Tue, Oct 3, 2017 at 3:00 PM, McRoy, Jeffrey (GE Healthcare) <
jeffrey.mc...@ge.com> wrote:

> ... Would Guacamole have a way to programmatically inject commands into
> the input stream?
>
>
It's important to distinguish between commands and input events here. In
general, yes, you can inject input events into the stream. Assuming you're
building your own web application driven by the Guacamole API, there is an
API at the JavaScript level which facilitates this [1], and you can
leverage that to send a sequence of key press/release events to replicate
what a user would type.

The concept of a "command" doesn't exist at the Guacamole level, though.
There's no way that Guacamole would be able to know that the keystrokes
being sent are not actually being sent in the middle of a command that the
user already partially typed, or that they're actually being handled by a
text editor and not the shell, etc. You would also need to take into
account the current keyboard state (what if the user is holding down Ctrl?
or Shift?), and maybe even reset the keyboard entirely prior to sending any
events [2].

- Mike

[1]
http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Client.html#sendKeyEvent
[2]
http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Keyboard.html#reset


Re: showing an error message to the end user

2017-10-03 Thread Mike Jumper
On Tue, Oct 3, 2017 at 2:00 PM, shaykeren  wrote:

> Hi,
> I've implemented my own AuthenticationProvider.
> I would like to show an error message to user if some request parameter
> is not valid.


What request are you referring to? What is the nature of the parameter?

- Mike


Re: Extension hooking into log out

2017-10-02 Thread Mike Jumper
On Mon, Oct 2, 2017 at 12:22 PM, Colin McGuigan <
colin_guacam...@walkingshadows.org> wrote:

> Currently, if you logout it removes your token from memory and redirects
> you
> to the main page.
>
> For an extension implementing SAML authentication, it would also be
> necessary to send a message to the identity provider telling it to discard
> its own token.
>
> However, there seems to be no way to hook into this event.  As best I can
> tell, /api/tokens handles it completely internally and does not shell out
> to
> any extension API.
>
>
As of a few days ago, there is such an API:
https://issues.apache.org/jira/browse/GUACAMOLE-393

AuthenticatedUser and UserContext now both define an invalidate() function
which is invoked upon user logout:

https://github.com/apache/incubator-guacamole-client/blob/d808f7fbbdef9a0e14b139ac31e9fa225354efc6/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java#L52-L57
https://github.com/apache/incubator-guacamole-client/blob/d808f7fbbdef9a0e14b139ac31e9fa225354efc6/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/UserContext.java#L233-L238

You will need to build off git to leverage this.

- Mike


Re: Information Required : Installation of GUACD on Centos 7

2017-09-29 Thread Mike Jumper
On Fri, Sep 29, 2017 at 2:55 AM, Amarjeet Singh 
wrote:

> Hi Team,
>
>
> Is it must to compile and build Guacamole server every time on each server
> ?
> I  don't want the source code to be on that server where Guacamole server
> is there.
> I only want the binary files of guacd on Guacamole server.  Can I do that
> ? ( like in rpm or war file )
>
>
We don't produce distribution-specific packages, like those which would be
required for binary convenience builds of guacamole-server. You can
definitely do this yourself, however, or leverage the Docker images, or
clean up the source from the server once the build is completed.

You can also check with your distribution and surrounding community to see
if they provide their own packages of guacamole-server. For CentOS, I
believe the EPEL repository provides such packages. If no such packages
exist, you could always get the ball rolling there yourself, and work with
the distribution to begin packaging guacamole-server.

- Mike


Re: Docker Guacamole Latest

2017-09-27 Thread Mike Jumper
On Wed, Sep 27, 2017 at 7:58 PM, Nick Couchman  wrote:

>
>>>
>>> Since 0.9.10-incubating++ appear under guacamole/guacamole it may be
>>> worth stripping the same out of glyptodon/guacamole to funnel those like me
>>> more directly towards the right answer.
>>>
>>>
>> The Guacamole project doesn't control whether third parties distribute
>> their own Docker images. As long as licenses and trademarks/brands are not
>> violated, we welcome such distribution. See:
>>
>> Mike
>
> Is guacamole/guacamole not something you control?
>

guacamole/guacamole is something anyone in the Guacamole PPMC controls,
including myself. You should have access, too, as all committers are
implicitly PPMC within Guacamole. If not, that's an oversight we should
correct.

See:
https://lists.apache.org/thread.html/b345e6c72629e3bf79c3e1243c6290073c3cf6f3901aa100a649f2a2@%3Cgeneral.incubator.apache.org%3E

I assume glyptodon/guacamole is yours?
>
>
Not really. "glyptodon/guacamole" is Glyptodon's, and while I'm certainly
affiliated with Glyptodon, I'm not equal to it. For the health of the
project, I refuse to wear my Glyptodon hat when doing anything within the
Guacamole community. Here, I am strictly a committer on the Guacamole
project and a member of its PPMC.

If the question here is whether third-party distribution of Guacamole is
harmful, my personal view is that it isn't, and that part of the philosophy
of the Apache Way is to embrace such distribution. It is expected (and
beneficial) that third parties will package and distribute Guacamole,
including via Docker images. Quickly checking Docker Hub, I find at least
15 pages of search results for Docker images containing Guacamole:

https://hub.docker.com/search/?isAutomated=0&isOfficial=0&page=1&pullCount=0&q=guacamole&starCount=0

To me, that's a good sign.

If there is a trademark/branding/licensing issue, however, that would be a
different matter and should definitely be corrected ASAP.

- Mike


Re: Docker Guacamole Latest

2017-09-27 Thread Mike Jumper
On Wed, Sep 27, 2017 at 5:39 PM, Jacob Staub  wrote:

> Thanks for your patience and assistance. The instruction to inspect the
> guacamole containers was the steer I needed.
>
>
Great!


> ...
>
> Since 0.9.10-incubating++ appear under guacamole/guacamole it may be worth
> stripping the same out of glyptodon/guacamole to funnel those like me more
> directly towards the right answer.
>
>
The Guacamole project doesn't control whether third parties distribute
their own Docker images. As long as licenses and trademarks/brands are not
violated, we welcome such distribution. See:

http://community.apache.org/projectIndependence.html

- Mike


Re: Docker Guacamole Latest

2017-09-27 Thread Mike Jumper
This same issue has been encountered before [1] for an earlier version, but
there was no problem with the Guacamole images in that case, and rechecking
now things are still correct. The "latest" tag does point to the same image
as "0.9.13-incubating", which does contain 0.9.13-incubating:

[mjumper@dev-mjumper ~]$ sudo docker images guacamole/guacamole
REPOSITORY  TAG IMAGE ID
 CREATED SIZE
docker.io/guacamole/guacamole   0.9.13-incubating   b602d8daff1b11
weeks ago659.7 MB
docker.io/guacamole/guacamole   latest  b602d8daff1b11
weeks ago659.7 MB
docker.io/guacamole/guacamole   0.9.12-incubating   9af030afb8c86
months ago651.2 MB
docker.io/guacamole/guacamole   0.9.11-incubating   b08c4f8e69f58
months ago650.4 MB
[mjumper@dev-mjumper ~]$ sudo docker images guacamole/guacd
REPOSITORY  TAG IMAGE IDCREATED
SIZE
docker.io/guacamole/guacd   0.9.13-incubating   ac5de9daf9f311
weeks ago499.2 MB
docker.io/guacamole/guacd   latest  ac5de9daf9f311
weeks ago499.2 MB
docker.io/guacamole/guacd   0.9.12-incubating   8e1536c549856
months ago404.9 MB
docker.io/guacamole/guacd   0.9.11-incubating   940310c239218
months ago404.5 MB
[mjumper@dev-mjumper ~]$

The output from your run of "docker images" matches, so it looks like that
much is correct on your end, but if you are still seeing 0.9.12 ... you
must somehow still be pulling an old copy. The string "0.9.12-incubating"
is simply not present in these images. They are 0.9.13.

[mjumper@dev-mjumper ~]$ sudo docker run -it guacamole/guacd
[sudo] password for mjumper:
WARNING: IPv4 forwarding is disabled. Networking will not work.
guacd[1]: INFO: Guacamole proxy daemon (guacd) version 0.9.13-incubating
started
guacd[1]: INFO: Listening on host 0.0.0.0, port 4822

(See attached screenshot for guacamole/guacamole version)

If, after retrying, you still see the wrong version, I suggest using
"docker inspect" to verify that the image being used matches the image ID
of 0.9.13-incubating. If it does match, check that your browser hasn't
simply cached the old version.

- Mike

[1]
https://lists.apache.org/thread.html/962d0277242c751786615adbc232f6c669fe842a3465a6331ff4e08c@%3Cuser.guacamole.apache.org%3E


On Wed, Sep 27, 2017 at 10:31 AM, Jacob Staub  wrote:

> See attached for the requested output.
>
> Regards,
> Jake
>
>
> On 9/27/2017 12:27 PM, Mike Jumper wrote:
>
> On Wed, Sep 27, 2017 at 8:34 AM, Jacob Staub  wrote:
>
>> Images are were pulled via the Docker Pull Command listed on each
>> corresponding page. Example for guacamole:
>>
>> docker pull guacamole/guacamole
>>
>> Using the above command pulls Tag = latest. I would expect "latest" to
>> include 0.9.13-incubating but the suggestion is that "latest" does not
>> include 0.9.13-incubating.
>>
>>
> Please post the output of:
>
> docker images guacamole/guacamole
>
> docker images guacamole/guacd
>
> - Mike
>
>
>


Re: Docker Guacamole Latest

2017-09-27 Thread Mike Jumper
On Wed, Sep 27, 2017 at 8:34 AM, Jacob Staub  wrote:

> Images are were pulled via the Docker Pull Command listed on each
> corresponding page. Example for guacamole:
>
> docker pull guacamole/guacamole
>
> Using the above command pulls Tag = latest. I would expect "latest" to
> include 0.9.13-incubating but the suggestion is that "latest" does not
> include 0.9.13-incubating.
>
>
Please post the output of:

docker images guacamole/guacamole

docker images guacamole/guacd

- Mike


Re: Compilation error installing on Raspberry Pi

2017-09-24 Thread Mike Jumper
You may need to explicitly disable support for WebP:

   ./configure --without-webp

It looks like the libwebp installed in your case is old enough that its API
is incompatible with that used by Guacamole. I'd need to look deeper to
determine what the minimum version of libwebp would be for Guacamole as it
stands, and to determine whether compatibility with older libwebp is
possible, but the above will at least allow Guacamole to build. Lacking
WebP support, Guacamole will still work well; it will use PNG for image
compression in most cases, and will use JPEG for cases where things look
like they would benefit from lossy compression.

- Mike


On Sun, Sep 24, 2017 at 12:07 PM, Philip Abbey  wrote:

> Thought I would see how var I could get with installing Guacamole on a
> Raspberry Pi. It was all looking so good, 'configure' gave me the thumbs
> up.
> Alas 'make' failed compiling 'libguac_la-encode-webp.lo' with errors from
> 'encode-webp.c'.
>
> Now I had to mess with the dependencies a little, falling back to to a
> non-turbo version of JPEG, but 'configure' suggested the alternative seemed
> promising. I've included the version info for WebP, which seems to be the
> source of the error in the hopes I've enough info for someone knowledgeable
> to home in on the issue.
>
> Thanks,
>
> Philip
>
> $:~/guacamole# cat dependencies.bash
>
> #!/bin/bash
> # 'libjpeg62-turbo-dev' not available, trying 'libjpeg62-dev'
> # 'libvncserver-dev' requires 'libjpeg8-dev' instead of 'libjpeg-dev',
> 'libjpeg62-dev' will be removed.
>
> apt-get install libcairo2-dev libjpeg8-dev libpng12-dev libossp-uuid-dev
> libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev
> libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev
> libvorbis-dev libwebp-dev
>
> $:~/guacamole/guacamole-server-0.9.13-incubating# ./configure
> --with-init-dir=/etc/init.d
> checking for a BSD-compatible install... /usr/bin/install -c
> checking whether build environment is sane... yes
> checking for a thread-safe mkdir -p... /bin/mkdir -p
> checking for gawk... no
> checking for mawk... mawk
> checking whether make sets $(MAKE)... yes
> checking whether make supports nested variables... yes
> checking whether make supports nested variables... (cached) yes
> checking build system type... armv6l-unknown-linux-gnueabihf
> checking host system type... armv6l-unknown-linux-gnueabihf
> checking how to print strings... printf
> checking for style of include used by make... GNU
> checking for gcc... gcc
> checking whether the C compiler works... yes
> checking for C compiler default output file name... a.out
> checking for suffix of executables...
> checking whether we are cross compiling... no
> checking for suffix of object files... o
> checking whether we are using the GNU C compiler... yes
> checking whether gcc accepts -g... yes
> checking for gcc option to accept ISO C89... none needed
> checking whether gcc understands -c and -o together... yes
> checking dependency style of gcc... gcc3
> checking for a sed that does not truncate output... /bin/sed
> checking for grep that handles long lines and -e... /bin/grep
> checking for egrep... /bin/grep -E
> checking for fgrep... /bin/grep -F
> checking for ld used by gcc... /usr/bin/ld
> checking if the linker (/usr/bin/ld) is GNU ld... yes
> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
> checking the name lister (/usr/bin/nm -B) interface... BSD nm
> checking whether ln -s works... yes
> checking the maximum length of command line arguments... 1572864
> checking how to convert armv6l-unknown-linux-gnueabihf file names to
> armv6l-unknown-linux-gnueabihf format... func_convert_file_noop
> checking how to convert armv6l-unknown-linux-gnueabihf file names to
> toolchain format... func_convert_file_noop
> checking for /usr/bin/ld option to reload object files... -r
> checking for objdump... objdump
> checking how to recognize dependent libraries... pass_all
> checking for dlltool... no
> checking how to associate runtime and link libraries... printf %s\n
> checking for ar... ar
> checking for archiver @FILE support... @
> checking for strip... strip
> checking for ranlib... ranlib
> checking command to parse /usr/bin/nm -B output from gcc object... ok
> checking for sysroot... no
> checking for a working dd... /bin/dd
> checking how to truncate binary pipes... /bin/dd bs=4096 count=1
> checking for mt... mt
> checking if mt is a manifest tool... no
> checking how to run the C preprocessor... gcc -E
> checking for ANSI C header files... yes
> checking for sys/types.h... yes
> checking for sys/stat.h... yes
> checking for stdlib.h... yes
> checking for string.h... yes
> checking for memory.h... yes
> checking for strings.h... yes
> checking for inttypes.h... yes
> checking for stdint.h... yes
> checking for unistd.h... yes
> checking for dlfcn.h... yes
> checking for objdir... .libs
> checking if gcc supports -fno-rtti -fno-exceptions... no
> checking for gc

Re: Handling a SAML POST response

2017-09-22 Thread Mike Jumper
On Fri, Sep 22, 2017 at 2:39 PM, Colin McGuigan <
colin_guacam...@walkingshadows.org> wrote:

> tldr: The SAML POST body is getting thrown away, and I don't know how to
> keep
> that from happening.
>
> Longer: I'm writing a SAML authentication extension, based off of Mike
> Jumper's OpenID extension:
> https://github.com/mike-jumper/guacamole-auth-openid
>
>
FYI - that code is missing recent changes, as I moved things over to the
"openid-auth" branch of my development fork of incubator-guacamole-client,
to prepare things to be merged into mainline:

https://github.com/mike-jumper/incubator-guacamole-client/tree/openid-auth

...
> 5. Identity provider redirects user back to guacamole site
> (/?id_token=...)
> 6. Javascript detects id_token, redirects user again
> (/#/id_token=...)
> (I don't fully understand the point of this step, but not relevant to my
> actual question)
>

With OpenID Connect's "implicit flow" (which is what the
guacamole-auth-openid extension implements), the IDP sends the token back
within the URL fragment, with that token intended to be handled by
client-side code. The Guacamole extension manually rearranges that token
such that Guacamole's existing automatic authentication code will forward
it along to the authentication service for server-side verification and
handling.

OpenID Connect also provides a different flow which involves a POST to a
defined service, but Guacamole's authentication system doesn't work this
way. There is a .../api/tokens REST service which produces a JSON response
containing the auth token to be used for all future requests. POSTing to
that service would result in the generation of an auth token, but would not
result in the user being redirected back to Guacamole.


> ... Now on my SAML extension, step 1-4 are conceptually the same, and work
> fine.
> Step 5 is where things break down.  The IDP isn't sending information back
> in the URL, as is done with the id_token request parameter -- instead, it's
> a POST with the SAMLRequest data in the request body.  I see this POST
> going
> to the guacamole site.
>
> However, when it hits the extension, the request body is empty, which is
> not
> what I want -- I want the SAMLRequest body that the IDP sent.
>
>
The POST is not hitting the extension; it's hitting a static file.

I /presume/ that what is happening is that client-side Javascript is
> executing a separate POST to guacamole/api/tokens, and that it is this
> request that is actually being handled by the authentication extension.
> However, this request does not contain the original request body, hence, my
> problem.
>
>
Yes, this is exactly what is happening. The URL that the IDP is using is
not a service (it's static HTML and JavaScript), and the JavaScript will
not be able to see the body of that POST.

I see two possibilities:

1) Reconfigure things with the IDP such that the necessary token is
included in the URL, ideally via normal query parameters. Guacamole will
forward these automatically, and your extension will receive them in the
authentication request. Not sure whether this is possible with SAML.

2) Add a custom REST service within your extension that can accept the POST
and deal with the SAML body, generating some unique temporary token and
redirecting the user back to the main Guacamole page, including the token
in the URL. When the user is taken to that URL in their browser, Guacamole
will automatically send the token within the URL through the authentication
system, and your extension can validate and complete the process.

- Mike


Re: MS EasyPrint Redirect

2017-09-22 Thread Mike Jumper
On Fri, Sep 22, 2017 at 10:46 AM, Aldo Bassanini 
wrote:

> ...
>
> Is there any way to see and use the local printers when accesing through
> guacamole?
>
>
No, it is not possible for JavaScript to see local printers, and thus there
is no way to expose client-side local printers through Guacamole. For this
reason, Guacamole emulates its own printer, transferring printed documents
as PDF files for the user to do with as they wish.

- Mike


RE: value of ${GUAC_USERNAME} need help

2017-09-21 Thread Mike Jumper
On Sep 21, 2017 02:21, "fou fe"  wrote:

...

Parameters of  connection are:


parameter_name ='drive-path';
parameter_value ='/tmp/$GUAC_USERNAME/';


This would need to be '/tmp/${GUAC_USERNAME}/'. The braces are required.
See:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#
parameter-tokens

- Mike


Re: Issues with mysql/mariadb authentication

2017-09-19 Thread Mike Jumper
On Tue, Sep 19, 2017 at 7:29 PM, Eric Sten  wrote:

> Nick,
>
>   That was exactly the issue!  Once I disabled SELinux and rebooted the
> database authentication worked like a charm!
>

Interesting - I've never encountered this on all the CentOS + SELinux
deployments I've dealt with thus far. Mind reporting back when you
determine what setsebool, etc. is necessary to allow things to work
properly with SELinux enabled?

Thanks,

- Mike


Re: single link for vnc?

2017-09-19 Thread Mike Jumper
On Sep 19, 2017 11:01 AM, "dan"  wrote:

Is there a current method to have a web link to a session?

for example, I want to drop a raspberri pi in and launch a full screen
session to a specific connecting in guac.  Basically bypassing the recent
connections/all connections page.


The URLs for each connection are generated deterministically. You can
safely bookmark a connection once you are connected, and then visit that
bookmark when you wish to use that connection. You will be prompted to
login if necessary.

Alternatively, if your user has access to only one connection, they will
always be taken to that connection directly.

- Mike


Re: how to customize login page and site label

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 7:35 PM, vnick  wrote:

> ...
>
> Side (but related) question - I'm trying to load a custom font with the
> resources section, and I think I'm not getting the MIME type quite right.
> Is there a limit to the types of files Guacamole will load in this resource
> section, or do I just need the correct type of the file?  I've tried
> several
> different variations of application/font-* and none of them have allowed
> Chrome to actually load the resource.
>
>
Hey Nick,

No, Guacamole doesn't apply any limitations to the MIME types of resources
exposed via extensions. It's on the author of the extension to determine
the correct MIME type, but Guacamole will simply pass that through.

Are you seeing any specific errors from the browser when attempting to load
the resource?

- Mike


Re: Restrict Home Screen

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 3:19 PM, jacksonp  wrote:

> I am using mysql auth, generating connection link
> via:https://sourceforge.net/p/guacamole/discussion/1110834/
> thread/fb609070/
>
> and passing in credentials like:
> http://10.80.100.199:8080/guacamole/#/client/MwBjAG15c3Fs/?username=user3&;
> password=xxx
>
> This works perfect!
>
> The user can still "ctrl-shift-alt" and get the setting side window.  All
> good.  However, in the drop down they can select "home".  I would like to
> disable that if possible and keep have them only connect via the link with
> no options to see the "home" screen.
>
>
Can you describe what you're trying to achieve at a high level? Are you
trying to integrate Guacamole into an existing application? How do you
envision that integration working from a user's perspective?

There may be a better solution that embedding the username and password in
the URL and trying to hide parts of the UI.

- Mike


Re: how to customize login page and site label

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 3:26 PM, dan  wrote:

> got it.  error in the guide.
>
> guide shows:
> "resources" : [
> "resources/your-logo.png" : "image/png"
> ],
>
>
> what works is:
>  "resources" : {
> "images/snake2.png" : "image/png"
>  }
>
>
What guide are you referring to above?

The manual correctly states that the "resources" property is an object, and
the example provided a little bit below the table of properties
demonstrates it as such:

http://guacamole.incubator.apache.org/doc/gug/guacamole-ext.html#ext-manifest

- Mike


Re: how to customize login page and site label

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 2:39 PM, dan  wrote:

> it does indeed remove the error, and gives a new one:
> ERROR o.a.g.extension.ExtensionModule - Extension "xyz.jar" could not be
> loaded: guac-manifest.json is not valid JSON: xyz.jar
>
>
Can you post the .jar of the extension itself?


Re: how to customize login page and site label

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 1:40 PM, dan  wrote:

> Here are the lines for loading extensions:
> 20:37:35.278 [localhost-startStop-1] INFO  o.a.g.extension.ExtensionModule
> - Extension "MySQL Authentication" loaded.
> 20:37:35.283 [localhost-startStop-1] ERROR o.a.g.e.LanguageResourceService
> - Unable to merge language resource "en": Unexpected character ('}' (code
> 125)): was expecting double-quote to start field name
>  at [Source: sun.net.www.protocol.jar.JarURLConnection$
> JarURLInputStream@2af5f30a; line: 4, column: 10]
> 20:37:35.283 [localhost-startStop-1] INFO  o.a.g.extension.ExtensionModule
> - Extension "xyz" loaded.
>
> No theming extension and a syntax error that I'm assuming is related to
> the lack of theming??
>
>
The string "Theming Extension" referred to by Erik is actually the name of
the extension as declared in guac-manifest.json. That much looks correct
here, as your extension is listed by name as loaded.

The error regarding the failure to merge the language resource refers to
your translation JSON, and is preventing your extension from loading fully.
Looking at what you posted previously:

{
"APP" : {
"NAME" : "XYZ APP",
}
}

You have a trailing trailing comma after "XYZ APP", which JSON does not
allow. If you remove that comma, rebuild your extension, and restart
Tomcat, I expect that error will disappear.

- Mike


Re: password hash in mysql guacamole_user table

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 12:59 PM, jacksonp  wrote:

> trying to manually set a password via mysql guacamole_user table. Not
> concerned about security, not salting, just want to enter any kind of
> password that will work.
>
>
I strongly recommend against using unsalted passwords. Even if you're not
concerned about security, you should be concerned about security.

Documentation says if password_salt is null, it just ignores.
>
> I tried hashing with sha256 which is how I read the doc.
>
> mkpasswd -m sha-256
> Password:
> $5$AlqeE/FaJQ.BC$oB5w9sisUTuFjLCQMknBS6XVFSEWH5cAs/84ajS.dO5
>
>
mkpasswd will not produce a SHA-256 hash, but rather a salted and hashed
password formatted as necessary for Linux / UNIX password files like
/etc/shadow. You are forcing it to use SHA-256, yes, but it is still
salting the password prior to hashing and formatting the result for use
within a password file.

If you just want to calculate the SHA-256 hash of an arbitrary string, you
would do:

echo -n "the-string-to-hash" | sha256sum

That will produce a result like:

d07f9c10b821ac6e82e683831594136438701d7fcfdd7e877b5caca2bdfd31f7  -

That hex value in the result, in this case
"d07f9c10b821ac6e82e683831594136438701d7fcfdd7e877b5caca2bdfd31f7", is the
value you're looking for. You would then specify that in your INSERT /
UPDATE, using UNHEX() to transform it into a BINARY(32).

- Mike


Re: how to customize login page and site label

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 8:32 AM, dan  wrote:

> how do I find the real guac home directory? I have a
> /etc/guacamole/extensions, I dropped a file in that is basically
> cut'n'paste from the example, zipped it up with 'zip -r
> customtheme.jar *' and reloaded tomcat.  no changes.
>
>
For all current releases of Guacamole, /etc/guacamole will not be used
unless you have taken explicit steps to override the default search
locations for GUACAMOLE_HOME. This has changed recently, but that change is
not yet in a release:

https://issues.apache.org/jira/browse/GUACAMOLE-335

The default search locations, in order of priority, are defined in the
manual:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#guacamole-home

The easiest option is to simply create a ".guacamole" directory within the
home directory of the tomcat user. Which user that actually is will depend
on how you've installed Tomcat, but assuming you installed Tomcat via your
distribution's packages, there will likely be a user defined specifically
for that service, and the home directory will be visible within /etc/passwd.

Once you believe you have your extension in the right location, be sure to
check the Tomcat logs if things still aren't working. Guacamole will log
its attempts to load extensions, including any failures due to the
extension not following the correct format. If those messages don't provide
enough information, you can also enable debug-level logging:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#webapp-logging

- Mike


Re: CAS Extension

2017-09-18 Thread Mike Jumper
On Mon, Sep 18, 2017 at 8:23 AM, richk  wrote:

>
> In the docs with regards to the CAS extension it has this line:
>
> "This module must be layered on top of other authentication extensions that
> provide connection information, as it only provides user authentication".
>
> So would I configure the auth-provider property with
> BasicFileAuthenticationProvider as usual, but then specify
> cas-authorization-endpoint and cas-redirect-uri to override the default
> login action to use CAS instead?


There actually is no "auth-provider" property. This property was deprecated
in 0.9.7 in favor of a new, self-contained extension format [1] and finally
removed entirely in 0.9.10-incubating [2]. Usage of this property between
0.9.7 and 0.9.10-incubating would have worked but resulted in a warning in
the logs, but the property it is now ignored. It is no longer documented in
the manual, and any third-party tutorials which refer to it are out of date.

If so, then can I just specify the
> connection configs in user-mapping.xml as usual too?
>
> Is that how it's intended to work? It seems too easy?
>
>
This is exactly how it's intended to work. Guacamole supports loading
multiple extensions simultaneously, and will automatically combine
authentication methods. I'd recommend using the MySQL or PostgreSQL
extensions instead of "user-mapping.xml", however. Besides the way that
user-mapping.xml requires the password to be manually defined for each
user, I believe there is a known issue with using user-mapping.xml
alongside other auth extensions (where the built-in auth mechanism handling
user-mapping.xml does not properly collaborate with other extensions,
unlike the database, ldap, etc. auth), but I've thus far not found a link
to where this was reported.

- Mike

[1]
http://guacamole.incubator.apache.org/releases/0.9.7/#simplified-extensions
[2]
http://guacamole.incubator.apache.org/releases/0.9.10-incubating/#removal-of-deprecated-lib-directory-and-auth-provider-properties


Re: Guacamole only shows a screenshot when using importState

2017-09-16 Thread Mike Jumper
On Fri, Sep 15, 2017 at 7:32 PM, messido  wrote:

> Appreciate your very quick response! I just have a quick follow up question
> if you have the chance..
>
> Since I have the connectionID string inside my Java class, how can I send
> it
> to my frontend angular app, or in other words, back to my
> guacamole-common-js obj? Can it be done within guacamole or am I going to
> need an external module to transmit the ID?
>
>
No, the Guacamole API is pretty strict with respect to scope and separation
of concerns. Exposing the connection ID, if at all, would be an
implementation detail of the Guacamole-driven application. If possible, I
would recommend instead keeping that ID purely server-side, generating your
own opaque IDs for exposure on the client-side as you see fit. That way,
you will have full control of who can connect to what, and the flow of
information surrounding the creation of each connection.

- Mike


Re: Guacamole only shows a screenshot when using importState

2017-09-15 Thread Mike Jumper
On Fri, Sep 15, 2017 at 1:47 PM, messido  wrote:

> To cut it short, I'm using my own front end. One of my pages create the
> connection with guacamole, and when connection is established it uses
> "exportState" to save the state inside localStorage as a JSON string..
> So far so good, I get valid data.
>
> Now when I go to a different page and importState from local storage (after
> JSON parsing) I get almost like a snapshot of the host machine, I can see
> it
> but cant interact with anything.. pretty sure it's just a still image
> because the terminal cursor isn't flashing.. anyways here's my code
>
> ...
>
> Am I using the wrong functionality? Are importState and exportState meant
> to
> be like just a snapshot of that current moment? I'm looking for a way  to
> save the clients.. state... so i can move it around and start that same
> session from different computers
>
>
Yes and yes. ;)

importState() and exportState() deal with the instantaneous internal state
of a particular Guacamole.Client instance. They do not deal with the
continuous, ever-changing state of an active connection. For that, you need
to leverage the screen replication features built into the backend,
normally referred to as "screen sharing".

When a connection is created, guacd automatically allocates a unique
identifier for that connection, sending that identifier back during the
initial Guacamole protocol handshake:

http://guacamole.incubator.apache.org/doc/gug/guacamole-protocol.html#guacamole-protocol-handshake

This identifier can be automatically parsed and retrieved using
getConnectionID() of ConfiguredGuacamoleSocket:

http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/ConfiguredGuacamoleSocket.html#getConnectionID--

For users which should see the same screen, you establish connections to
the same guacd exactly as for any other connection, except you pass in the
connection ID instead of a protocol using setConnectionID():

http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/GuacamoleConfiguration.html#setConnectionID-java.lang.String-

guacd will join the new connection to the existing connection,
automatically synchronizing state to the new client, and then replicating
incremental state changes across all users sharing that connection.

- Mike


Re: how to customize login page and site label

2017-09-12 Thread Mike Jumper
On Tue, Sep 12, 2017 at 6:20 AM, vnick  wrote:
> dan-2 wrote
>> I can't find any docs on how to change the site label and login pages
>> in the current 9.13.  Changes made in the translation pages don't seem
>> to do anything.
>>
>> Thanks.
>
> What files, specifically, are you changing?
>
> There's currently not an easy way to make these changes ...

On the contrary!

Please see the Guacamole extension format:
http://guacamole.incubator.apache.org/doc/gug/guacamole-ext.html#ext-file-format

All user-visible text within Guacamole has a corresponding translation
string, which can be overridden by providing a new string for that
same translation key within your extension. The content of the various
HTML templates can also be overridden/augmented using
specially-formatted HTML snippets.

It shouldn't be necessary to patch the web application source, unless
the intent is to fork the source to produce your own application which
you will maintain independently of mainline. The idea behind the
extension subsystem is to allow such changes to Guacamole to remain
stable and independent.

- Mike


Re: Websocket tunnel connection time out issues

2017-09-09 Thread Mike Jumper
On Sat, Sep 9, 2017 at 12:28 PM, vnick  wrote:
> EricSten wrote
>> ...
>> guacd[51911]: INFO: Creating new client for protocol "rdp"
>> guacd[51911]: INFO: Connection ID is
>> "$425c3cfe-029f-4465-b2fa-059d51f253b8"
>> guacd[51911]: INFO: Connection "$425c3cfe-029f-4465-b2fa-059d51f253b8"
>> removed.
>> ...
>
> If I get a chance I'll try to spin up a FreeBSD VM and see if I can
> replicate it or if I can get it to work.
>

Assuming that you succeed in reproducing this, it may help to run
guacd under gdb. Normally, when a connection terminates, even
unsuccessfully, there will be at least two log messages: one from the
protocol-specific plugin noting that the client has closed, and
another from guacd noting that it has cleaned up after the connection.
As only the latter is present here, that suggests that something might
be causing the connection's child process to crash completely.

- Mike


Re: per-connection guacd

2017-09-09 Thread Mike Jumper
On Sat, Sep 9, 2017 at 8:31 AM, vnick  wrote:
> flittermice wrote
>> Hello,
>>
>> in the release notes I read about this interesting new feature
>> (GUACAMOLE-189 - Add support for per-connection guacd) and I wonder how to
>> configure that.
>> I suppose that has to be done in the user-mapping.xml file, but I can't
>> find
>> any documentation on it.
>>
>> Does it work already or is the feature yet to be released?
>
> The feature was released in Guacamole 0.9.13-incubating, and so it should
> work; however, I'm not entirely certain if it works with the basic user
> mapping authentication module, or if you need to use JDBC.  I don't
> currently use it, and the only place I see documentation for those
> parameters is in the JDBC module.
>
> Mike might be able to chime in with confirmation on whether it should work
> with basic user mapping - the connection attributes you're looking for are
> proxy_hostname, proxy_port, and proxy_encryption_method.  You're welcome to
> give those a try and see if they work.
>

The per-connection guacd feature is definitely specific to the
database auth. The simplified user-mapping.xml auth mechanism does not
provide a means of specifying a different guacd for each connection
(though that may need to change once the X.Org driver stabilizes).

- Mike


Re: Guacamole not reading guacamole.properties

2017-09-08 Thread Mike Jumper
On Fri, Sep 8, 2017 at 8:28 AM, D Chen  wrote:

> Looks like the logs got dropped...Anyways, I did more testing (Alpine 3.6,
> Guacamole 0.9.13) and narrowed it down to the "user-mapping" property
> contained within the guacamole.properties file not being read.
>
> guacamole.properties properties:
>
> guac:/etc/guacamole# cat guacamole.properties
>
> guacd-port: 
> user-mapping: /etc/guacamole/map/user-mapping.xml
>
>
>
The manual is incorrect in a couple ways here:

1) The "user-mapping" property doesn't actually exist and will have no
effect. The property is actually "basic-user-mapping":

https://github.com/apache/incubator-guacamole-client/blob/1c0ee41d0ecd5bc4a3550804b74b73b901e074c2/guacamole/src/main/java/org/apache/guacamole/auth/file/FileAuthenticationProvider.java#L72-L84

2) The "basic-user-mapping" property was supposed to be deprecated in favor
of GUACAMOLE_HOME/user-mapping.xml. It shouldn't be documented in the
manual at all:

https://github.com/apache/incubator-guacamole-client/blob/1c0ee41d0ecd5bc4a3550804b74b73b901e074c2/guacamole/src/main/java/org/apache/guacamole/auth/file/FileAuthenticationProvider.java#L128

The manual needs to be updated to remove mention of this property, as (in
addition to being wrong) it shouldn't be used in new deployments. For
reference, the deprecation was due to the development associated with the
initial migration to the Apache Incubator:

https://issues.apache.org/jira/browse/GUACAMOLE-1

And is mentioned in the release notes of the first release under the
Incubator:

http://guacamole.incubator.apache.org/releases/0.9.10-incubating/#deprecation--compatibility-notes

Anyway, as far as your case is concerned, the proper solution would be to
place "user-mapping.xml" within GUACAMOLE_HOME ("/etc/guacamole"). Anything
else leverages deprecated features.

- Mike


Re: Guacamole not reading guacamole.properties

2017-09-08 Thread Mike Jumper
On Fri, Sep 8, 2017 at 9:08 AM, Nicholas Couchman 
wrote:

> Can you try specifying a relative path instead of an absolute one?  So, if
> you want it in /etc/guacamole/map/user-mapping.xml, then use:
>
> user-mapping: map/user-mapping.xml
>
>
I would recommend against this. Guacamole assumes that this path will be
absolute. The behavior of specifying a relative path here is undefined.

- Mike


Re: What could be causing guacamole to kill my server

2017-09-06 Thread Mike Jumper
On Wed, Sep 6, 2017 at 7:13 PM, austin wonderly 
wrote:

> hello,
>
> I'm trying to set up guacamole to allow html5 ssh access to my server. so
> far I've done the following:
>
> 1. apt-get install guacamole
>

Though this is unlikely to be related to your problem, I would recommend
installing a recent release of Guacamole following the manual, rather than
installing packages via apt-get.


> ...
>
> 3. Restarted Guacd and tomcat
>
> After doing all of this, I'll be able to login to guacamole's web
> interface and get presented with "Login:" on guacamole's web terminal
> interface, but then my debian installation (clean install aside from
> guacamole, open-vm-tools, and ssh) just becomes completely unresponsive and
> won't respond again until I perform a hard reboot. I'm running Linux
> kingston 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64
> GNU/Linux.
>

Does the lack of response correlate to logging in to Guacamole?

When the system is unresponsive, does the Guacamole interface respond (page
can be reloaded, you can log out / back in successfully, etc.)?

To what degree is the system unresponsive? Does the server respond to input
via a hardware keyboard? Does the server respond to pings?

Is there something in my configuration that's incorrect? I checked syslog
> and catalina.log, but they both just stop logging at the same time that my
> system becomes unresponsive.
>

It's unlikely that anything in Guacamole could cause your system to go
entirely down like this. Since "unresponsive" can mean many things, I think
the first step here is to determine exactly what condition occurs on the
server to result in that behavior.

- Mike


Re: Clipboard support using guacamole-common-js API

2017-09-06 Thread Mike Jumper
On Wed, Sep 6, 2017 at 4:27 AM, davids4us  wrote:

> ...
> Amarjeet, I will have a look at the suggested code and try it.
>
>
Please beware that the code posted by Amarjeet was copied from a
third-party, proprietary application. It is very likely not legal to be
used/copied in this way.

- Mike


Re: Clipboard support using guacamole-common-js API

2017-09-05 Thread Mike Jumper
Please do not post the code of proprietary software here (or elsewhere).
Doing so is most likely a copyright violation.

- Mike


On Sep 5, 2017 18:27, "Amarjeet Singh"  wrote:

> I went through spark view  and digging into that.
>
> On Tue, Sep 5, 2017 at 10:43 PM, Mike Jumper 
> wrote:
>
>> On Tue, Sep 5, 2017 at 5:51 AM, Amarjeet Singh 
>> wrote:
>> > Hi Dave,
>> >
>> > Please dig into getLocalClipboard() function in guacamole-common-js API,
>> > once data is copied to clipboardContent it broadcast to guacClipboard
>> i.e.
>> > Guacamole menu.
>> >
>>
>> It's good to check against the main Guacamole web application
>> regarding implementation details and possible solutions, but beware
>> that the functions you refer to are not part of guacamole-common-js,
>> but rather the web application.
>>
>> >
>> > I am not sure how to implement it in Chrome and Firefox but the
>> following
>> > code works in all the browsers without any API or extension. Please dig
>> into
>> > that.
>> >
>> > var q = new function() {
>> > function a(a, b) {
>> > var c = q.parseClipData(b);
>> > if (!(n.copyTextOnly && "text/plain" != c.type ||
>> > q.processFileGroup(c)))
>> > if (t.isEdge && "text/plain" != c.type)
>> k.resetCSS(),
>> > k.setValue(c.value), k.select(),
>> > ...
>>
>> This code looks minified, and references functions which are not part
>> of Guacamole. Where did you copy this from?
>>
>> - Mike
>>
>
>


Re: Unable to open Share Drive on Windows RDP Server 2012 R2

2017-09-05 Thread Mike Jumper
On Tue, Sep 5, 2017 at 5:40 AM, Amarjeet Singh  wrote:

> ...
>
> 2. I have given *sftp-directory* as /tmp but it is pointing to */ (root)
> directory* always --> *NOT RESOLVED*
>
> The "sftp-directory" parameter does not control the root directory of the
>> SFTP filesystem, but rather the default upload directory for files uploaded
>> via drag-and-drop. From the section covering RDP + SFTP in the manual [1]:
>> "sftp-directory - The directory to upload files to if they are simply
>> dragged and dropped, and thus otherwise lack a specific upload location.
>> This parameter is optional. If omitted, the default upload location of the
>> SSH server providing SFTP will be used."
>
>
>
> -* I am not trying to control the root directory. I have configured
> sftp-directory as /tmp*
>
>true
>>162.16.1.25
>> 22
>> vpnsadmin
>> 123
>> /tmp
>
>
>
This will only affect the directory used for uploads by default. It will
not limit access in any way (please see the description above).


>
> *- Now, It is not showing /tmp directory in Guacamole menu. Please refer
> the screenshot.*
>
>

Correct. The "sftp-directory" does not control this. It only affects
drag-and-drop uploads.

-
> * It is showing   / directory as sftp-directory. User is able to access
> all the directories of the SSH server and upload in any directory. I want
> the user to upload only in the directory defined in sftp-directory
> parameter.*
>
>
The "sftp-directory" parameter does not control this. It only controls the
default upload directory for drag-and-drop uploads. Only the
"sftp-root-directory" parameter controls which directory is exposed via
SFTP.


> 3. when I configure both *enable-drive* ad *enable-sftp*, then DRAG and
> DROP does not work ( though Guacamole client shows that file is
> transferred successfully ). When I use only enable-drive, then it works
> fine.
>
>
If you enable both traditional drive redirection and SFTP, file transfer
via drag-and-drop will use drive redirection. The upload will go over SFTP
only if that is the only file transfer mechanism enabled, or if you
explicitly upload via SFTP using the Guacamole menu.

4. When I am configuring only SFTP transfer , then also drag and drop
> doesn't work ( though Guacamole client shows that file is transferred
> successfully ).
>
>
When transferring via drag-and-drop, the file will be transferred to the
location specified within "sftp-directory" (this is the purpose of that
parameter). Based on the configuration information you've provided, you
should find the uploaded file within /tmp on your Guacamole server.

5. Do Guacamole supports virtual channels or dynamic channels ?
>
>
You already have a thread open for this. Rather than duplicating your
question, please be patient. To anyone encountering this thread while
searching for an answer to this question, the original thread is here:

https://lists.apache.org/thread.html/f9b04626a3c972f7a34003b851739ec4f31402d05b8f5ed9491105de@%3Cuser.guacamole.apache.org%3E

6. I tried to copy image but it didn't worked. I digged into guacamole.js
> where it do support copy of image.
>
>
Guacamole currently only supports copy/paste of plain text.

Amarjeet - this is an awful lot of questions, some of which do not deal
with the original topic. If you have additional questions which do not
relate to the original subject of the thread (your issues opening the
virtual drive within the RDP session), please open a new thread.

- Mike


Re: Clipboard support using guacamole-common-js API

2017-09-05 Thread Mike Jumper
On Tue, Sep 5, 2017 at 5:51 AM, Amarjeet Singh  wrote:
> Hi Dave,
>
> Please dig into getLocalClipboard() function in guacamole-common-js API,
> once data is copied to clipboardContent it broadcast to guacClipboard i.e.
> Guacamole menu.
>

It's good to check against the main Guacamole web application
regarding implementation details and possible solutions, but beware
that the functions you refer to are not part of guacamole-common-js,
but rather the web application.

>
> I am not sure how to implement it in Chrome and Firefox but the following
> code works in all the browsers without any API or extension. Please dig into
> that.
>
> var q = new function() {
> function a(a, b) {
> var c = q.parseClipData(b);
> if (!(n.copyTextOnly && "text/plain" != c.type ||
> q.processFileGroup(c)))
> if (t.isEdge && "text/plain" != c.type) k.resetCSS(),
> k.setValue(c.value), k.select(),
> ...

This code looks minified, and references functions which are not part
of Guacamole. Where did you copy this from?

- Mike


Re: How do I ensure that the sample guacamole I use is using websockets and not ajax (XMLHttpRequest) ?

2017-09-05 Thread Mike Jumper
On Tue, Sep 5, 2017 at 5:32 AM, odonya  wrote:
> I set up sample guacamole ...

Are you referring to the mainline Guacamole web application, or to a
web application leveraging the Guacamole API?

- Mike


Re: How Play Screen Recorded

2017-09-05 Thread Mike Jumper
On Mon, Sep 4, 2017 at 8:45 PM, Amin Joodaki  wrote:
>
> Hi All,
> How to play Screen recorded file ?
> what is the format of this files ?

Screen recordings are dumps of the Guacamole protocol instructions
sent to the client by the Guacamole server. You can use the "guacenc"
utility to reencode Guacamole's screen recordings as normal video, and
then play back the video in your media player of choice. From the
manual [1]:

"... These recordings take the form of Guacamole protocol dumps and
are recorded automatically to a specified directory. Recordings can be
subsequently translated to a normal video stream using the guacenc
utility provided with guacamole-server."

- Mike

[1] 
http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#vnc-recording


Re: Unable to open Share Drive on Windows RDP Server 2012 R2

2017-09-05 Thread Mike Jumper
On Fri, Sep 1, 2017 at 6:57 AM, Amarjeet Singh  wrote:

> ...
> 1. when I am clicking on "*G on Gucamole RDP*" it's not opening. I tried
> to open in new Window but nothing came up.
>
>
Did you recently reconnect to Guacamole?

When the RDP connection is closed and reestablished, resources from the
previous connection become unavailable, including the virtual drive exposed
by the Guacamole server. This doesn't technically relate to Guacamole, but
rather how Windows handles mapped drives associated with RDP sessions. You
might need to close that Explorer window and open a new one, to stop
Explorer from trying to open the drive that no longer exists.


> 2. I have given *sftp-directory* as /tmp but it is pointing to */ (root)
> directory* always. Please *refer the screenshot*.
>

The "sftp-directory" parameter does not control the root directory of the
SFTP filesystem, but rather the default upload directory for files uploaded
via drag-and-drop. From the section covering RDP + SFTP in the manual [1]:

"sftp-directory - The directory to upload files to if they are simply
dragged and dropped, and thus otherwise lack a specific upload location.
This parameter is optional. If omitted, the default upload location of the
SSH server providing SFTP will be used."

If you're trying to control the root directory of the SFTP filesystem
overall, the parameter you're looking for is "sftp-root-directory", but
beware that support for that parameter was added very recently. It has not
been released. The associated issue in JIRA is:
https://issues.apache.org/jira/browse/GUACAMOLE-303

- Mike

[1]
http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#rdp-sftp


Re: How to use just the backend of guac

2017-08-31 Thread Mike Jumper
On Thu, Aug 31, 2017 at 3:15 PM, Scott  wrote:
>
> Nick,
>
> Thanks again for the help.
>
> My next question is, for SSH, how does the display automatically get resized
> when the web page is resized

Changes to the size of the screen are communicated through "size" instructions:

http://guacamole.incubator.apache.org/doc/gug/protocol-reference.html#size-event-instruction

The Guacamole.Client object provides a function for sending this:

http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Client.html#sendSize

>
> and how is the size of the SSH terminal
> initialized to the size of the web page?
>

The initial screen size is communicated during the Guacamole protocol handshake:

http://guacamole.incubator.apache.org/doc/gug/guacamole-protocol.html#guacamole-protocol-handshake

The Guacamole.Client JavaScript object does not handle the handshake,
instead relying on the underlying tunnel to have taken care of that
prior to access being granted (thus enforcing the restriction that
users cannot obtain access to systems not explicitly allowed by the
web application acting as a gateway). The Guacamole Java API provides
an implementation of the handshake via ConfiguredGuacamoleSocket:

http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/ConfiguredGuacamoleSocket.html

with the screen size being a part of GuacamoleClientInformation:

http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/GuacamoleClientInformation.html

- Mike


Re: How to automatically authenticate in RDP after LDAP user access Guacamole Web with the same user.

2017-08-31 Thread Mike Jumper
The  tag for user-mapping.xml defines a username/password
combination for Guacamole, not for a connection. The user-mapping.xml file
is a separate, simplified, XML-driven authentication mechanism. It is not
involved at all if you're using LDAP.

The tokens should be specified as the values of the "username" and
"password" connection parameters. You can do this via LDAP alone, if you're
using Guacamole's schema modifications in your LDAP directory:

http://guacamole.incubator.apache.org/doc/gug/ldap-auth.
html#ldap-schema-changes

or with a database like MySQL or PostgreSQL.

http://guacamole.incubator.apache.org/doc/gug/ldap-auth.
html#ldap-and-database

- Mike


On Aug 31, 2017 09:51, "Marcos Lopes"  wrote:

Dear Mike,

I try this, but doesn´t work.

I put  ${GUAC_USERNAME} and ${GUAC_PASSWORD} parameter tokens in
user-mapping.xml like picture in attachment.

I believe I have to put it in the tag :

> On Thu, Aug 31, 2017 at 9:40 AM, marcosrlopes 
> wrote:
>
>>
>> How to automatically authenticate in RDP after LDAP user access Guacamole
>> Web with the same user? Thank you
>>
>>
> Use the ${GUAC_USERNAME} and ${GUAC_PASSWORD} parameter tokens in your
> connection configuration:
>
> http://guacamole.incubator.apache.org/doc/gug/configuring-gu
> acamole.html#parameter-tokens
>
> Thanks,
>
> - Mike
>
>


Re: How to automatically authenticate in RDP after LDAP user access Guacamole Web with the same user.

2017-08-31 Thread Mike Jumper
On Thu, Aug 31, 2017 at 9:40 AM, marcosrlopes 
wrote:

>
> How to automatically authenticate in RDP after LDAP user access Guacamole
> Web with the same user? Thank you
>
>
Use the ${GUAC_USERNAME} and ${GUAC_PASSWORD} parameter tokens in your
connection configuration:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens

Thanks,

- Mike


Re: Browser crashes while copying Data ( More than 5000 lines ) in Internet Explorer and Microsoft Edge

2017-08-30 Thread Mike Jumper
On Wed, Aug 30, 2017 at 4:53 AM, Amarjeet Singh 
wrote:

> ...
>
> -  I have checked on *JIRA *as well where it has been issued as a BUG
>
> *Ticket No : GUACAMOLE-310
>>    Multi-line text
>> clipboard strips LF*
>
>
>
This particular issue is also being actively worked on (see the "Status"
field at the top of the issue in JIRA). If you'd like to be updated
regarding progress on this issue, you can add yourself as a "watcher". If
you have pertinent information which you think might help the development
effort, you can also always comment on the issue.

2. While copying more than 5000 lines in Internet Explorer and Microsoft
> Edge crashes.
> ...
>
> *Ticket No : *GUACAMOLE-128
>>   Clipboard sharing
>> can crash IE ( It relates to the above issue. )
>
>
>
If interested, you're more than welcome to dig into the code, debug, and
contribute - we are an open source community, after all:

http://guacamole.incubator.apache.org/open-source/ (see the section on
contributing)

If not, the next best alternative is to simply follow the issues in JIRA.
The first issue you mention here is already in progress, and all other
reported issues will be investigated and worked on eventually. As things
get completed, you can help by re-testing.

Thanks,

- Mike


Re: Docker installation problem

2017-08-29 Thread Mike Jumper
On Tue, Aug 29, 2017 at 7:08 AM, Suncatcher16 
wrote:

> One last question: how should one install Duo on Docker version? On regular
> Guacamole we copied *guacamole-auth-duo-0.9.13-incubating.jar* to
> GUACAMOLE_HOME/extensions and all is get working.
>
> Here I copy JAR to */root/.guacamole/extensions* of Guacamole container,
> restart container and see nothing. It doesn't prompt me for Duo
> authentication. Am I missing smth?
>
>
Manually modifying the contents of the container will not work, as the
container's startup process automatically regenerates the contents of the
GUACAMOLE_HOME based on the environment variables passed in when the
container was created.

The Guacamole Docker image provides a special mechanism for seeding the
image with a skeleton GUACAMOLE_HOME, leveraging the "GUACAMOLE_HOME"
environment variable and a volume mount. This allows the image to be used
with arbitrary extensions and properties, not just those which the image
explicitly supports/bundles. Take a look at:

http://guacamole.incubator.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-guacamole-home

- Mike


Re: Docker installation problem

2017-08-25 Thread Mike Jumper
On Fri, Aug 25, 2017 at 6:57 AM, Suncatcher16 
wrote:

> I seems to be doing everything according manual but cannot access Guacamole
> Wegbui.
> All my containers start properly:
>
> >  docker ps
> > CONTAINER IDIMAGE COMMAND
> CREATED
> > STATUS  PORTSNAMES
> > b62e3f9b41a8guacamole/guacamole   "/opt/guacamole/bi..."   7
> > seconds ago   Up 5 seconds0.0.0.0:8080->8080/tcp   guaca
> > 23011e844a31guacamole/guacd   "/usr/local/sbin/g..."   21
> > seconds ago  Up 19 seconds   0.0.0.0:4822->4822/tcp   daemon
> > edfb0f4b77fepostgres  "docker-entrypoint..."   13
> > minutes ago  Up 13 minutes   0.0.0.0:5432->5432/tcp   posty
>
>
What happens specifically when you try to visit Guacamole with your
browser? Connection times out / is refused, and no content is returned from
the server?

- Mike


Re: Problem with printing using 0.9.13-incubating

2017-08-24 Thread Mike Jumper
On Thu, Aug 24, 2017 at 7:16 AM, Juarez Freitas 
wrote:

> I used 0.8.4 version and printing with RDP in windows 2003 terminal server
> was working very well...
>
> Now, I upgraded to 0.9.13-incubating version and printing does not work.
>
>
Are both guacamole-server and the Guacamole web application
0.9.13-incubating?

Thanks,

- Mike


Re: CAS extensions with Docker?

2017-08-24 Thread Mike Jumper
Alternatively, the Guacamole Docker image supports arbitrary extensions and
properties through specifying a GUACAMOLE_HOME template:

http://guacamole.incubator.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-guacamole-home

If you create a GUACAMOLE_HOME having a guacamole.properties containing
only the properties you need for CAS, and add the extension .jar to
GUACAMOLE_HOME/extensions/, you can expose the GUACAMOLE_HOME directory to
the Docker image using a volume mount and the GUACAMOLE_HOME environment
variable documented above.

- Mike


On Thu, Aug 24, 2017 at 5:57 AM, Nick Couchman 
wrote:

> Tako,
> You would probably have to modify the Dockerfile to copy in the extension
> at build time, or find some other way of injecting the CAS extension into
> the correct place in the docker image.  Once that's done you need two
> config lines in the guacamole.properties file, as well.
>
> -Nick
>
>
> On Wednesday, August 2, 2017, 9:38:38 AM EDT, tako 
> wrote:
>
>
> Just wondering, how would I enable the CAS extension through a docker
> image?
> Don't see documentation for it on
> http://guacamole.incubator.apache.org/doc/0.9.13-
> incubating/gug/cas-auth.html
> but assuming it's just :
>
>
>
> but would like confirmation.
>
> Thanks!
>
>
>
> --
> View this message in context: http://apache-guacamole-
> incubating-users.2363388.n4.nabble.com/CAS-extensions-
> with-Docker-tp1458.html
> Sent from the Apache Guacamole (incubating) - Users mailing list archive
> at Nabble.com.
>


Re: Connection Error

2017-08-21 Thread Mike Jumper
On Mon, Aug 21, 2017 at 4:05 PM, surfshack66 
wrote:

> Its a work laptop and I believe there is antivirus software on it but I
> cannot change any settings. I didnt think that would be a problem
> considering the domain I use is https with ssl, so it can't scan web
> traffic?
>
>
While that's true in most cases, it depends on the software used. If the
antivirus software implements this scanning via browser extensions, it will
likely be able to intercept and meddle with traffic after the browser has
handled decryption. It's also not unheard of for corporate proxies to do
full-blown man-in-the-middle of all SSL connections, relying on their own
root certificate having been installed on all employees' computers.

Do you see the same issue when using a non-work laptop without such
software present?

- Mike


Re: Connection Error

2017-08-21 Thread Mike Jumper
On Mon, Aug 21, 2017 at 3:30 PM, surfshack66 
wrote:

> Yes, I see a remote desktop display and it does respond to keyboard/mouse
> input albeit very slow.
>
>
Is there another proxy between your browser and the Nginx proxy in front of
Guacamole?

On the machine you're connecting from, do you perchance have antivirus
software which intercepts and scans web traffic?

- Mike


Re: Connection Error

2017-08-21 Thread Mike Jumper
On Mon, Aug 21, 2017 at 3:20 PM, surfshack66 
wrote:

> The error came from Guacamole
>
> "The connection has been closed because the server is taking too long to
> respond..."
>
> I'm able to connect, but it disconnects after a few seconds.
>
>
When the connection is established and it has not yet disconnected, do you
a remote desktop display, or does the display remain black?

If you see a remote desktop display, does it respond to mouse/keyboard
input prior to disconnecting?

- Mike


Re: Connection Error

2017-08-21 Thread Mike Jumper
On Thu, Aug 17, 2017 at 12:34 PM, surfshack66 
wrote:

> Hi - I am able to connect via RDP but after a few seconds I receive an
> error
> saying the server took too long to respond.
>
> Here is my nginx reverse proxy config.
>

What was the error specifically? Did the error come from Guacamole, or was
it an error from Nginx?

- Mike


Re: guacd connection refused from docker image

2017-08-20 Thread Mike Jumper
On Sun, Aug 20, 2017 at 9:04 PM, Travis Kelley  wrote:

> Ok, this was a really boneheaded move by me.  When I created the
> connection inside the guacamole gui I put the IP address of the RDP
> server I wanted to connect to in the hostname field for the guacd
> proxy.  Completely my fault, and once I put the RDP ip address in the
> correct hostname field everything worked.
>
> I wonder if the logging could be enhanced to say somewhere what
> address its failing to connect to (either the proxy address or the
> guacd address).  If I had seen my RDP servers IP address as the guacd
> server I would have immediately understood the problem.
>
>
I think we should also consider whether the proxy address, etc. could be
better displayed such that it's not so easily confused with the connection
parameters. I've made the same mistake myself several times.

- Mike


Re: INITIAL-PROGRAM not working in the Congiguratuions

2017-08-14 Thread Mike Jumper
On Mon, Aug 14, 2017 at 10:20 AM, Amarjeet Singh 
wrote:

> Hi Mike,
>
> Thanks for a reply.
>
> Do I have to include these in GuacamoleConfiguration Object?
>
> or
>
>  Do I have to include it in GuacamoleClientConfiguration Object?
>
> Where I do have to configure them to get these working ?
>
>
You're writing your own application or extension using the API then?

The object which contains connection parameters is GuacamoleConfiguration,
part of guacamole-common:


http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/GuacamoleConfiguration.html

The parameters are stored as name/value pairs within a Map:


http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/GuacamoleConfiguration.html#setParameters-java.util.Map-

or can be set on a case-by-case basis:


http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/GuacamoleConfiguration.html#setParameter-java.lang.String-java.lang.String-

There is no GuacamoleClientConfiguration object. If you're referring to
GuacamoleClientInformation, that object does not hold connection
parameters, but rather information describing the mimetypes supported by
the client browser, the ideal display resolution, etc.


http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/GuacamoleClientInformation.html

Both of these objects would ultimately be passed to a
ConfiguredGuacamoleSocket, which will use the data therein to perform the
Guacamole protocol handshake (the part of the Guacamole connection where
this information is exchanged):


http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/protocol/ConfiguredGuacamoleSocket.html

- Mike


Re: INITIAL-PROGRAM not working in the Congiguratuions

2017-08-14 Thread Mike Jumper
On Aug 14, 2017 09:03, "Amarjeet Singh"  wrote:

Hi Team,

I have used *initial-program* settings to open *internet explorer* after
the RDP starts.
I have done the following configurations :-

File : *guacamole.properties*

# Hostname and port of guacamole proxy
> guacd-hostname: localhost
> guacd-port: 4822
> resize-method:display-update
> initial-program:C:\Program Files (x86)\Internet Explorer\iexplore.exe


but it is not working. Please help me to resolve this issue.


"initial-program" and "resize-method" are not properties. They are
configuration parameters which are specified on a per-connection basis.

- Mike


Re: What are some tips for debugging no audio heard?

2017-08-06 Thread Mike Jumper
On Sat, Aug 5, 2017 at 1:16 PM, christopherbalz  wrote:
> About the first question:
> - For guacd, have you linked the necessary Guacamole libraries into the
> FreeRDP lib directory?  The following thread should help you with that - the
> guacdr.so and guacsnd.so files are the ones you're interested in.
> https://sourceforge.net/p/guacamole/discussion/1110834/thread/76764d35/?limit=25
> A: The guacdr-client.so and guacsnd-client.so files have been linked.
>
> We want to first make a clean picture of the system we are running and see
> if it answers your other questions:
> - We have one EC2 with Ubuntu 16.04 LTS installed. We have deployed
> Guacamole in this machine.
> - We can use both VNC viewer as well as browsers (like Chrome or Firefox) to
> load the remote desktop via our laptops. Our laptops are also running Ubuntu
> and the sound system is working perfectly in these laptops.

Are you saying that Guacamole has been installed on the same machine
as the VNC server?

> - Connecting a local PulseAudio sound server directly to the PulseAudio
> server on the remote instance actually does deliver sound that we can hear
> on our local laptop.
> - We've double-checked the enable-audio setting, the added line in
> /etc/pulse/default.pa, and the `netstat -ln | grep 4713` result.

If Guacamole is running on the same machine as the VNC server, have
you tried specifying "localhost" for the PulseAudio server name in the
configuration of the Guacamole connection?

If not, have you tried specifying the IP address of the VNC server?

- Mike


Re: guacamole server 0.9.12-incubating does not compile after upgrading debian jessie to debian stretch

2017-08-06 Thread Mike Jumper
It is compatible - that's what the previously-posted JIRA issue dealt with:

https://issues.apache.org/jira/browse/GUACAMOLE-205

If you try building the 0.9.13-incubating release, which has the above
changes, you will not see these errors.

- Mike


On Sun, Aug 6, 2017 at 10:37 AM, Daniel Nguyen  wrote:
> I found what's going on.
>
> libssl1.0-dev must be used instead of libssl-dev. Guacamole seems
> incompatible with libssl-dev in debian stretch, although ./configure does
> not complain.
>
> Regards
> Daniel Nguyen
>
> W dniu 31.07.2017 o 22:20, Daniel Nguyen pisze:
>
> Hi :)
>
> Guacamole server 0.9.12-incubating does not compile after upgrading debian
> jessie to debian stretch. It compiled before on jessie.
>
> ssh.c:70:13: error: ‘guac_common_ssh_openssl_locking_callback’ defined but
> not used [-Werror=unused-function]
>  static void guac_common_ssh_openssl_locking_callback(int mode, int n,
>  ^~~~
> cc1: all warnings being treated as errors
>
>
>
> 
> guacamole-server version 0.9.12-incubating
> 
>
>Library status:
>
>  freerdp . yes
>  pango ... yes
>  libavcodec .. yes
>  libavutil ... yes
>  libssh2 . yes
>  libssl .. yes
>  libswscale .. yes
>  libtelnet ... yes
>  libVNCServer  yes
>  libvorbis ... yes
>  libpulse  yes
>  libwebp . yes
>
>Protocol support:
>
>   RDP ... yes
>   SSH ... yes
>   Telnet  yes
>   VNC ... yes
>
>Services / tools:
>
>   guacd .. yes
>   guacenc  yes
>
>Init scripts: no
>
> Type "make" to compile guacamole-server.
>
> lucky:~/download/guacamole-server-0.9.12-incubating# make
> make  all-recursive
> make[1]: Wejście do katalogu
> '/root/download/guacamole-server-0.9.12-incubating'
> Making all in src/libguac
> make[2]: Wejście do katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/libguac'
> make[2]: Nie ma nic do zrobienia w 'all'.
> make[2]: Opuszczenie katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/libguac'
> Making all in src/common
> make[2]: Wejście do katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/common'
> make[2]: Nie ma nic do zrobienia w 'all'.
> make[2]: Opuszczenie katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/common'
> Making all in src/libguacd
> make[2]: Wejście do katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/libguacd'
> make[2]: Nie ma nic do zrobienia w 'all'.
> make[2]: Opuszczenie katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/libguacd'
> Making all in tests
> make[2]: Wejście do katalogu
> '/root/download/guacamole-server-0.9.12-incubating/tests'
> make[2]: Nie ma nic do zrobienia w 'all'.
> make[2]: Opuszczenie katalogu
> '/root/download/guacamole-server-0.9.12-incubating/tests'
> Making all in src/common-ssh
> make[2]: Wejście do katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/common-ssh'
>   CC   libguac_common_ssh_la-ssh.lo
> ssh.c:89:22: error: ‘guac_common_ssh_openssl_id_callback’ defined but not
> used [-Werror=unused-function]
>  static unsigned long guac_common_ssh_openssl_id_callback() {
>   ^~~
> ssh.c:70:13: error: ‘guac_common_ssh_openssl_locking_callback’ defined but
> not used [-Werror=unused-function]
>  static void guac_common_ssh_openssl_locking_callback(int mode, int n,
>  ^~~~
> cc1: all warnings being treated as errors
> Makefile:488: polecenia dla obiektu 'libguac_common_ssh_la-ssh.lo' nie
> powiodły się
> make[2]: *** [libguac_common_ssh_la-ssh.lo] Błąd 1
> make[2]: Opuszczenie katalogu
> '/root/download/guacamole-server-0.9.12-incubating/src/common-ssh'
> Makefile:494: polecenia dla obiektu 'all-recursive' nie powiodły się
> make[1]: *** [all-recursive] Błąd 1
> make[1]: Opuszczenie katalogu
> '/root/download/guacamole-server-0.9.12-incubating'
> Makefile:426: polecenia dla obiektu 'all' nie powiodły się
> make: *** [all] Błąd 2
>
> Regards
> Daniel Nguyen
>


Re: Server Out Of Memory

2017-08-03 Thread Mike Jumper
On Thu, Aug 3, 2017 at 6:54 PM, Mike Jumper  wrote:
> On Thu, Aug 3, 2017 at 6:50 PM, James Fraser
>  wrote:
>> Hi Nick
>>
>> Thanks for your response.
>>
>> After sending off this message I did some digging.
>>
>> I am using JDBC and LDAP auth together.
>>
>> I was digging around the Server Heap error and think that you are on the
>> right track with Xmx value.
>>
>> It was out of the box (from apt-get) set to -Xmx128m, I have adjusted this
>> to 1024m for now and will monitor
>>
>> We concurrently have around 7 users, each user may be accessing 4-5 VM’s at
>> once.
>>
>
> Would you be able to take a heap dump to see what is using up so much space?
>
> 7 users is relatively light, and having to manually increase the heap
> shouldn't be necessary in practice. In past versions of Java, they can
> cause more problems than they solve (lengthy GCs), and recent versions
> of Java will ignore these options.
>

Correction: it's permgen that vanished in recent versions of Java, not
heap limits.

My other points still stand though. ;)


Re: Server Out Of Memory

2017-08-03 Thread Mike Jumper
On Thu, Aug 3, 2017 at 6:50 PM, James Fraser
 wrote:
> Hi Nick
>
> Thanks for your response.
>
> After sending off this message I did some digging.
>
> I am using JDBC and LDAP auth together.
>
> I was digging around the Server Heap error and think that you are on the
> right track with Xmx value.
>
> It was out of the box (from apt-get) set to -Xmx128m, I have adjusted this
> to 1024m for now and will monitor
>
> We concurrently have around 7 users, each user may be accessing 4-5 VM’s at
> once.
>

Would you be able to take a heap dump to see what is using up so much space?

7 users is relatively light, and having to manually increase the heap
shouldn't be necessary in practice. In past versions of Java, they can
cause more problems than they solve (lengthy GCs), and recent versions
of Java will ignore these options.

- Mike


Re: Fwd: Unable to Connect to GUACD Server on Linux

2017-08-03 Thread Mike Jumper
On Aug 3, 2017 03:54, "Amarjeet Singh"  wrote:

...

Configuration in *guacamole.properties*

*# Hostname and port of guacamole proxy*
*guacd-hostname:172.15.9.56*
*guacd-port:4822*

*# Auth provider class (authenticates user/pass combination, needed if
using the provided login screen)*
* auth-provider: net.sourceforge.guacamole.net
.basic.BasicFileAuthenticationProvider*
* basic-user-mapping: user-mapping.xml*


Beware that the "auth-provider" property was deprecated in 0.9.7 and
removed entirely as of 0.9.10-incubating. It has no effect.


*# NoAuth properties*
*# noauth-config: noauth-config.xml*


I want to use NoAuthenticatorProvider.jar to directly get the RDP.


Beware that the NoAuth extension is deprecated as of the most recent
release (0.9.13-incubating). It still exists to ease migration, but should
not be used for new deployments.

- Mike


Re: Fwd: Unable to Connect to GUACD Server on Linux

2017-08-03 Thread Mike Jumper
On Aug 3, 2017 06:38, "Nick Couchman"  wrote:

Amarjeet,

I'm not sure why the 0.0.0.0 option does not work - I will have to dig into
that.  Glad it is working for you, though.


My guess would be that guacd is already running. Since the wildcard address
would result in guacd listening on all interfaces, that's guaranteed to
conflict with any instance of guacd listening on any interface.

- Mike


Re: [ANNOUNCE] Apache Guacamole 0.9.13-incubating released

2017-08-01 Thread Mike Jumper
On Tue, Aug 1, 2017 at 10:10 AM, Giorgio  wrote:
> Works perfectly fine in all aspects. Thank you.
>
> Is there any example on how to implement the CAS single sign-on ?

Hi Giorgio,

This is an announcement thread, and isn't meant as a central hub for
questions related to the recent release. If you have a question
regarding Guacamole, it would be much better to ask that question in a
new thread.

Thanks,

- Mike


[ANNOUNCE] Apache Guacamole 0.9.13-incubating released

2017-08-01 Thread Mike Jumper
The Apache Guacamole community is proud to announce the release of Apache
Guacamole 0.9.13-incubating.

Apache Guacamole (incubating) is a clientless remote desktop gateway which
supports standard protocols like VNC, RDP, and SSH. We call it "clientless"
because no plugins or client software are required; once Guacamole is
installed on a server, all you need to access your desktops is a web
browser.

The 0.9.13-incubating release features new support for CAS single sign-on,
automatic failover to connections within the same connection group, and
fixes for issues in all supported protocols. The JavaScript API has also
been extended to provide for in-browser playback of screen recordings, and
the extension API now allows custom REST services to be defined.

A full list of the changes in this release, along with links to downloads
and updated documentation, can be found in the release notes:

http://guacamole.incubator.apache.org/releases/0.9.13-incubating/

For more information on Apache Guacamole, please see:

http://guacamole.incubator.apache.org/

Thanks!

The Apache Guacamole (incubating) Community



DISCLAIMER:

Apache Guacamole is an effort undergoing Incubation at The Apache Software
Foundation (ASF), sponsored by the Incubator. Incubation is required of all
newly accepted projects until a further review indicates that the
infrastructure, communications, and decision making process have stabilized
in a manner consistent with other successful ASF projects. While incubation
status is not necessarily a reflection of the completeness or stability of
the code, it does indicate that the project has yet to be fully endorsed by
the ASF.


Re: guacamole server 0.9.12-incubating does not compile after upgrading debian jessie to debian stretch

2017-07-31 Thread Mike Jumper
On Mon, Jul 31, 2017 at 1:34 PM, Valentin BRICE  wrote:

> Hi Daniel,
>
> If I may, you issue here a common compilation error. It seems that the
> flag -Werror as been set in the Makefile. You may suppress the error
> removing the flag in the Makefile.
>
>
As a matter of practice, I strongly advise against ignoring the warnings.
In this case, those functions deal with threadsafety, so the fact that
they're turning up unused with your version of OpenSSL doesn't necessarily
mean it's safe to leave them out, even if the compiler wouldn't normally
consider that an error.

This particular issue should be fixed on master and in 0.9.13-incubating:

https://issues.apache.org/jira/browse/GUACAMOLE-205

I suggest instead waiting for the 0.9.13-incubating release to be announced
and published. It should be soon.

- Mike


Re: RemoteFX & Session Sharing

2017-07-31 Thread Mike Jumper
On Fri, Jul 21, 2017 at 6:01 AM, Herzog  wrote:
> I would be more than interested, too!
>
> Mike, is the MIT licensed "poorly implemented" version publicly available?
> Could you publicize it otherwise?
>

No, this is incorrect.

If it were MIT-licensed, yes, we could indeed do as you suggest. The
main reason the code cannot be used is because its license status is
unknown. The author made his changes to MIT-licensed code, yes, but
that does not mean his changes are under the same license. Without the
explicit permission of the author, and without a license giving us
permission, we cannot legally include his code.

> Maybe we could use that as a starting point (regarding the lack of
> documentation, some could would surely help).
>

The only legal route is to start from scratch, without referencing his
code in any way whatsoever. Doing otherwise risks creating a
derivative work and running afoul of copyright law.

It would be safe to consult the FreeRDP source itself, particularly
the X11 client implementation. In fact, since FreeRDP has no API
documentation, walking through the code is very often the only way to
determine what the various functions/parameters/structures actually
do. It's fairly painful, but it is doable, and in this case it's
simply the only option.

Thanks,

- Mike


Re: Upgrade strategy for Guacamole

2017-07-31 Thread Mike Jumper
On Mon, Jul 31, 2017 at 6:12 AM, Nick Couchman  wrote:
> I would do them in this order:
> 1) guacd
> 2) Postgres
> 3) WAR/Extensions
>
> guacd should be completely backward-compatible, so you shouldn't have any
> problem using older Guacamole client with newer guacd (in general).
> Updating the Postgres DB schema before upgrading the WAR and extensions also
> should not cause any problems.
>

There have been cases where the schema has changed in such a way that
the older version of the webapp would fail to execute certain queries.
In general, the above will likely work, but as upgrading guacd
necessitates restarting guacd (which will kick off all active
connections), and upgrading the webapp requires restarting Tomcat
(which will log off all users), I'm not sure it makes any sense to try
to keep things running during the upgrade.

For any upgrade, I'd recommend the following as good practice:

* Schedule the upgrade during a maintenance window when you can
stop/restart Guacamole-related services with minimal impact.
* Backup your database, so you can safely revert if things do not go as planned.

As for the process itself:

1) Stop the Tomcat and guacd services.
2) Install the latest version of the webapp and guacd, overwriting
what is currently installed.
3) Apply the database upgrade script, if provided with the release.
4) Start the Tomcat and guacd services.
5) Do a quick run through and make sure things work.

With the services stopped, the process is predictable and order of
upgrade does not matter.

If you are going for absolutely zero downtime, the safe method would
be to serve Guacamole through a reverse proxy, clone the Guacamole
server, perform the upgrade on the clone only, and then switch the
reverse proxy to point to the new server once it's confirmed working.
Active users will still be logged out and disconnected, but the
service itself remains continuously available.

- Mike


Re: Close browser tab on RDP disconnect

2017-07-31 Thread Mike Jumper
On Mon, Jul 31, 2017 at 7:50 AM, timofcourse  wrote:
> For a bit more context, we use Guacamole through a third party solution -
> users launch guac RDP sessions directly from the third party app's
> interface.
>
> As a result, the "Home" button on the Disconnected dialog isn't applicable
> to our setup, since users should never end up at the Guac home. Adding a
> Close button to the dialog (which after further thought, we would prefer to
> simply auto-closing upon log off) would provide a bit more of an intuitive
> way to get back to the third party apps "home" (the page where the guac RDP
> session was launched from).
>
> We'd gladly open a JIRA request for this, but being pretty new to Guacamole
> and this process, curious what you think is the best way to request this.
> Should I add a single request to "Add customization options to Disconnected
> dialog" and include the details on removing Home and adding Close to the
> description? Or should I create 2 tickets - 1 to add Close option and
> another to have the option to remove the Home button?
>

IMHO, neither of these modifications would make sense upstream. The
best way to go about this would be to write your own web application
leveraging the Guacamole API, as you would then be able to dictate the
entire user experience:

http://guacamole.incubator.apache.org/doc/gug/writing-you-own-guacamole-app.html

- Mike


Re: NoAuth failing to load?

2017-07-31 Thread Mike Jumper
On Mon, Jul 31, 2017 at 9:03 AM, tako  wrote:

> Hi, I'm trying to test out Apache Guacamole to see if it'd be suitable for
> my
> environment. I have it set up and running in a RHEL6 VM. I was able to
> compile everything, set up Tomcat, etc. When I tried to switch over to
> NoAuth (for testing purposes, I just need to confirm that the software
> works
> as intended).
>
>
If you're just trying to confirm that things work, the best method for
doing so would be the built-in authentication mechanism
("user-mapping.xml"). That method requires no extensions whatsoever:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#basic-auth

NoAuth is being deprecated and should not be used for new deployments.

When loading the page (localhost:8080/guacamole), I receive the error listed
> below.
>
> Note that tomcat:tomcat owns *EVERYTHING* related to Guacamole.
> GUACAMOLE_HOME is /home/tomcat/apache/.guacamole
>
> the noauth jar is in both GUACAMOLE_HOME/extensions and WEB_INF/lib (or
> whatever the path is)
>
>
Do not place extensions anywhere but GUACAMOLE_HOME/extensions/. That is
the only correct location for extensions. Placing them elsewhere will
either have no effect or, as in the case of WEB-INF/lib, will cause the
extensions to be loaded by multiple overlapping classloaders.

See:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#guacamole-home

- Mike


  1   2   3   4   5   6   >