safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-30 16:43:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,567 Commits 1 Branch 0 Tags
fac646b8e08fd3158e5c7181c474c5e0ab86b5ca
Commit Graph

49 Commits

Author SHA1 Message Date
James Muehlner
a1c6ca745a GUACAMOLE-1795: Support new private key field name for KSM Pam User. 2023-05-24 23:02:29 +00:00
James Muehlner
f355c5cfee Merge 1.5.2 changes back to master. 2023-05-17 23:57:32 +00:00
Mike Jumper
0631ff9689 GUACAMOLE-1785: Bump version numbers to 1.5.2. 2023-05-17 16:43:01 -07:00
Mike Jumper
9548e15651 Merge 1.5.2 changes back to master. 2023-04-13 14:22:18 -07:00
Michael Jumper
486fe6f42a GUACAMOLE-1769: Handle case that KSM's getCustom() returns null. 2023-04-13 13:38:53 -07:00
Virtually Nick
56c6e5022d Merge 1.5.1 changes back to master. 2023-04-10 10:22:47 -04:00
Mike Jumper
0b4468ba24 GUACAMOLE-1752: Bump version numbers to 1.5.1. 2023-04-09 19:54:19 -07:00
Mike Jumper
9f176ed489 Merge 1.5.0 changes back to master. 2023-01-10 21:52:26 -08:00
Mike Jumper
5ecee2efaa GUACAMOLE-1604: Bump version numbers of all projects to 1.5.0. 2023-01-10 16:40:19 -08:00
James Muehlner
b9044caf65 GUACAMOLE-1772: Allow user configuration of KSM API call timeout. 2022-11-30 16:37:44 +00:00
James Muehlner
c82ca370e2 GUACAMOLE-1656: Fix user preferences permissioning. 2022-11-22 20:32:18 +00:00
James Muehlner
b8d2a9edc1 GUACAMOLE-1656: Check if user KSM config is null before constructing a client. 2022-09-29 03:12:20 +00:00
James Muehlner
06d321fe5d GUCAMOLE-1656: Do not expose the KSM config blob through the REST API. 2022-09-28 21:55:32 +00:00
James Muehlner
8a7bde8e9c GUACAMOLE-1656: Simplify, clean up, and improve documentation of KSM code. 2022-09-23 23:19:41 +00:00
James Muehlner
3790d76fc9 GUACAMOLE-1656: Force refresh the user context on updateUserContext to ensure that any modified user attributes are picked up. 2022-08-26 18:12:21 +00:00
James Muehlner
33f2b499ef GUACAMOLE-1656: Fall back to user KSM config for single value fetch. 2022-08-26 18:11:40 +00:00
James Muehlner
e4c65cba19 GUACAMOLE-1656: Add per-user KSM vault functionality. 2022-08-26 18:07:43 +00:00
James Muehlner
c7bb1cb50c GUACAMOLE-1661: Parse config only once when iterating records. 2022-08-25 00:03:18 +00:00
James Muehlner
2b997a9992 GUACAMOLE-1661: Restore logic to not index records by login if hostname is already defined. 2022-08-24 19:03:16 +00:00
James Muehlner
e0a9364dde GUACAMOLE-1661: Simplify and clarify KSM domain search code. 2022-08-24 18:53:21 +00:00
James Muehlner
593cfaaffe GUACAMOLE-1661: Match by both user and domain when using KEEPER_USER_ tokens. 2022-08-10 23:49:59 +00:00
James Muehlner
aa06c81f29 GUACAMOLE-1661: Add domain search support for KSM vault extension. 2022-08-10 17:36:44 +00:00
James Muehlner
67b5db77e1 GUACAMOLE-1629: Keep track of iterated identifiers when recursing connection group tree looking for KSM attribute to ensure no infinite loop. 2022-07-26 21:39:07 +00:00
James Muehlner
d599ad317c GUACAMOLE-1643: Ensure that the KSM config attribute is always visible for connection groups. 2022-07-21 23:26:25 +00:00
James Muehlner
492dbf48d6 GUACAMOLE-1643: Ensure connection groups with an empty KSM config attribute fall back to the global config. 2022-07-21 23:25:25 +00:00
James Muehlner
b8058e7561 GUACAMOLE-1643: Validate/translate KSM configs and one-time tokens on connection group save. 2022-07-21 17:38:31 +00:00
James Muehlner
0585ab5e5b GUACAMOLE-1629: Fix client/cache confusion in comments. 2022-07-06 19:01:33 +00:00
James Muehlner
5b69bf405d GUACAMOLE-1629: Use TextField for KSM configuration since it's always one line. 2022-07-06 17:31:22 +00:00
James Muehlner
fee2f8b416 GUACAMOLE-1629: Hook KSM vault code into base vault code and clean up. 2022-07-01 20:14:34 +00:00
James Muehlner
16efc0cdc1 GUACAMOLE-1629: Implement multiple-vault support for KSM codebase. 2022-06-29 21:36:53 +00:00
James Muehlner
f7d90a641e GUACAMOLE-1629: Add configuration properties and associated translations. 2022-06-29 21:36:22 +00:00
James Muehlner
647cfa6a0c GUACAMOLE-1623: Extract domain field directly from the vault, or split out of username. 2022-06-22 22:42:30 +00:00
Michael Jumper
837a0360be GUACAMOLE-641: Clarify that null will also be returned if the List actually contains null. 2022-04-27 22:01:01 +00:00
Michael Jumper
741cf481d6 GUACAMOLE-641: Ensure empty strings within KSM record fields are handled as if the field value is absent. 2022-04-27 19:22:04 +00:00
Michael Jumper
ed14fa3ecf GUACAMOLE-641: Use "KeyPair" typed field for private key only if non-empty. 
An SSH server record in KSM has an associated "KeyPair" field, but this
field need not be set. If unset, the current logic ignores the rest of
the record and assumes there is no private key at all. Instead, the
standard fallbacks of locating an attached PEM file, locating an
alternative password field, etc. should be used.
 2022-01-30 11:33:14 -08:00
Michael Jumper
e89a65586c GUACAMOLE-641: Alternatively download .pem files for private keys. 2022-01-22 22:25:05 -08:00
Michael Jumper
86d1de5f2c GUACAMOLE-641: Automatically pull Guacamole properties from vault. 2022-01-22 22:25:05 -08:00
Michael Jumper
46501f4b63 GUACAMOLE-641: Correct standard vs. custom field logic for complex retrievals. 
When retrieving a contextual field like "passphrase", which does not
have a typed representation different from "password" or "hidden", the
contexts where the field's identity is truly known should be preferred
("password" field of a record with a "keypair" field, which MUST be the
key passphrase). When venturing outside well-known contexts, custom
fields should be preferred when their standard counterparts would
already have well-established meanings that differ from the requested
secret (again: "password" of a record with "keypair").

If this is not done, things like retrieving the private key from a
"Login" record fail, as one of the possible storage mechanisms for a
private key is a hidden or password field, which pulls the user's
password instead of their key. In this case, the correct behavior is
to pull the typed value ("keypair") if available, and use custom fields
ONLY otherwise, as those fields have labels that can establish context.
In no other case would it be reliable to assume that a hidden/password
field actually contains a private key.
 2022-01-22 22:25:05 -08:00
Michael Jumper
1cfd2ee835 GUACAMOLE-641: Index records by username ONLY if not related to a hostname. 
Doing otherwise would mean that a particular user would never be able
to be associated with a specific password/key by their username if they
have any explicit server-specific account.
 2022-01-22 22:25:05 -08:00
Michael Jumper
87b26fe2c8 GUACAMOLE-641: Use record service to resolve hostname/username of records for later lookup. 2022-01-22 22:25:04 -08:00
Michael Jumper
55b7e6f867 GUACAMOLE-641: Additionally match against KSM custom fields based on labels. 2022-01-22 22:25:04 -08:00
Michael Jumper
f8f0779d7a GUACAMOLE-641: Manually extract password value from KeeperRecord. 
Simply calling getPassword() does not currently work correctly, as the
implementation of getPassword() assumes there will be at least one
value if the field is present. This results in an
ArrayIndexOutOfBoundsException for records with empty passwords:

java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
 at java.util.ArrayList.rangeCheck(ArrayList.java:659)
 at java.util.ArrayList.get(ArrayList.java:435)
 at com.keepersecurity.secretsManager.core.KeeperRecord.getPassword(SecretsManager.kt:134)
 ...
 2022-01-22 22:25:04 -08:00
Michael Jumper
62863f8a0b GUACAMOLE-641: Log possible ambiguous record retrievals at debug level. 2022-01-22 22:25:04 -08:00
Michael Jumper
c5ae027225 GUACAMOLE-641: Add user- and gateway-specific tokens. 2022-01-22 22:25:04 -08:00
Michael Jumper
b655866057 GUACAMOLE-641: Consider existing tokens when injecting tokens from vault. 2022-01-22 22:25:04 -08:00
Michael Jumper
d2f5596015 GUACAMOLE-641: Automatically provide KEEPER_SERVER_* tokens based on connection parameters. 2022-01-22 22:25:04 -08:00
Michael Jumper
30f24de808 GUACAMOLE-641: Allow vault implementations to automatically provide tokens based on connection parameters (without YAML mapping). 2022-01-22 22:25:04 -08:00
Michael Jumper
d0bd4b52d6 GUACAMOLE-641: Add general service for retrieving data from Keeper records. 2022-01-22 22:25:04 -08:00
Michael Jumper
8bedbe746c GUACAMOLE-641: Add initial draft implementation of KSM vault support for Guacamole. 2022-01-22 22:25:04 -08:00