You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@guacamole.apache.org by "Michael Jumper (JIRA)" <ji...@apache.org> on 2018/04/02 05:36:00 UTC

[jira] [Commented] (GUACAMOLE-529) Despite the fact user account is disabled, user account can access to a welcome blank screen

    [ https://issues.apache.org/jira/browse/GUACAMOLE-529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16421947#comment-16421947 ] 

Michael Jumper commented on GUACAMOLE-529:
------------------------------------------

Thanks for confirming, Nick.

The issue is due to the way GUACAMOLE-284 tied the "disabled" flag to the "*-user-required" properties. You can work around the issue for the time being by setting the applicable property to true:

http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-restrict

I'm now modifying the authentication-specific part of the JDBC auth to properly check this flag. This will correct the behavior such that:

* The database auth will not authenticate a user with the "disabled" flag set.
* If a user is authenticated by other means, that user will not received data from the database auth if the "disabled" flag is set (part of GUACAMOLE-284).
* If a user is authenticated by other means, and the appropriate "*-user-required" property is set to true, the authentication attempt will be rejected entirely (GUACAMOLE-284).

> Despite the fact user account is disabled, user account can access to a welcome blank screen
> --------------------------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-529
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-529
>             Project: Guacamole
>          Issue Type: Bug
>    Affects Versions: 0.9.14, 1.0.0
>         Environment: Ubuntu 16.04.3, mysql, git version guacamole 1.0.0
> CentOS 7, PostgreSQL, Guacamole Client 0.9.14
> CentOS 7, SQL Server, Guacamole Client 1.0.0 (git)
>            Reporter: emma
>            Assignee: Michael Jumper
>            Priority: Major
>         Attachments: Account_Blank_Screen.png, Account_Disable.png
>
>
> Hi,
> I've made an upgrade from 0.9.12 to 1.0.0 git version (dev) and also an upgrade from 0.9.14 to 1.0.0 git version (dev) everything works fine without any issues then i realized than despite my users account were disabled i can logon to Guacamole and access to a welcome blank screen.
> I've also checked in mysql database and users account are Disabled '1'.
> So far when a user account was disabled, it was unable to logon and access to any screen. User got a message onto the logon screen like "invalid credential" or something similar.
> Guess that "issue" is probably due to developpement version but quite strange for that module managing credential and logon.
> Thank you



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)