From user-return-6421-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Thu Jun 13 14:06:51 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id E149118064E for ; Thu, 13 Jun 2019 16:06:50 +0200 (CEST) Received: (qmail 10705 invoked by uid 500); 13 Jun 2019 14:06:50 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: ; Thu, 13 Jun 2019 14:06:49 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.906 X-Spam-Level: * X-Spam-Status: No, score=1.906 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_EXCESS_BASE64=0.105, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 589KJOZunaCr for ; Thu, 13 Jun 2019 14:06:46 +0000 (UTC) Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id DB6985F1BE for ; Thu, 13 Jun 2019 14:06:45 +0000 (UTC) Received: by mail-lj1-f177.google.com with SMTP id h10so12808675ljg.0 for ; Thu, 13 Jun 2019 07:06:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=2ahVk/WOGg9F1y55JyYCY42e62DdjkqbS/UmAOBm/RQ=; b=qDC4rD/eqYgLs2Q2r0WOfCb0OOE0mWraxRqWCZ+X7QmzbAebwkfYnYH2riArFym3yj bBke9Y/xosGibME0OrYFvQFwoKhbG20hkXV96iQ7dJYr58jG40dWS1r0uoBpwYwKNW4m pcUPGuvs6knVOd+b7NKz2sLgUeVxItMLUfQewoAjh75k34OVHyl8VPgX+TZODAV5A4az HddGPryxRImtqL5tJ1mU67ELtPeLeP9lyBhHzGjxZFcrmYvzVwSdarSU7u8QOqFDH9Ta P+fYNPDR7PMHGrI/X9wnAN8TpLhrScVECG+AVHGpEI6pYbZvTtI4E/f9FcLI4JYEU0NO B5yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=2ahVk/WOGg9F1y55JyYCY42e62DdjkqbS/UmAOBm/RQ=; b=pLhFS/OcfxbSgPSIAqJAyoMAZMavBGAjA5aPNGUgacx4ntUEc9ISeqWBrV5LHy9Ta7 dxLstGVz+YnY/CYAQYKl8YC+qS8wzhKHgOhIEMRrp1lN1SEQU60J4syPxKG59++nTBi+ XCr3vxYsoRk36mjqcVZycFYBsTj+vDBtjH8hOng+5JVBnO7GVtwhzOJMd8rGpbKXHWnP /XLkK5m4AtpcJLlGz+kjgNpOYCv/t9ENmmY2rKuEKwg/P97/8LQxwErLL+vHi7SPS9+6 HMlJZdw2fuyxQdYw7eleMRmoVH5M5GMc10LnzMKm8sW71Jzjx/Cf3gr5A0WURTfv0cYT /APQ== X-Gm-Message-State: APjAAAVcBpF8FcLDU0TJ1dgcXSJOsG3uh5Suz5uGBFro/9eRN0SXhjmZ MkCb0zKuw0cp9cOfhW7dyxJNZPiZ+zwEN/3gPCA+pCrO X-Google-Smtp-Source: APXvYqy2sF52+iXu6Vo3DaFNGtC/TPoCx3ECMXO44IB5zIeY48g4PDjrva2w+Km6NVN36zwhofxFFHSaH534EfjOUjA= X-Received: by 2002:a2e:2f13:: with SMTP id v19mr40366406ljv.203.1560434804969; Thu, 13 Jun 2019 07:06:44 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?B?THVrw6HFoSBSYcWha2E=?= Date: Thu, 13 Jun 2019 16:06:36 +0200 Message-ID: Subject: Re: Unable to specify upload directory in file stream To: user@guacamole.apache.org Content-Type: multipart/alternative; boundary="0000000000003ed46d058b350a12" --0000000000003ed46d058b350a12 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, st 12. 6. 2019 v 19:51 odes=C3=ADlatel Mike Jumper nap= sal: > On Wed, Jun 12, 2019, 09:17 Luk=C3=A1=C5=A1 Ra=C5=A1ka w= rote: > >> Hello, >> so after digging through guacd source, I found out it can be controller >> via 482201 console code, >> > > Or via the guacctl utility provided to send those codes: > > https://github.com/apache/guacamole-server/blob/master/bin/guacctl > > Yup, I noticed that and tested the functionality with guacctl so I don't have to type those codes myself. > but it seems it's not configurable via protocol API and seems to affect >> sftp file transport (couldn't see it in guac_rdp_upload_file_handler, >> but haven't tested on Windows yet). >> >> Are there any plans to unify this behaviour (maybe allow setting the >> directory with custom protocol and use it for other transports as well)? >> > > The Guacamole protocol does allow for uploading to specific directories > leveraging the filesystem object. You can see this done in practice in th= e > file browser within the Guacamole menu. > > Quick fix for my usecase is to ignore filesystem->upload_path in >> guac_common_ssh_sftp_handle_file_stream, but that does make it dependent= on >> this non-upstream change. >> > > If you are stripping away the code that ensures paths are not included in > the uploaded filename, you may well be introducing a security vulnerabili= ty > that will allow users to write files anywhere on disk. Upload location is > intentionally tightly controlled. > > Yeah, that was why I wanted to avoid this in first place. It could be very easy to introduce some security issue with seemingly irrelevant changes. > Or is there any other option how to set the upload_path variable which I'= m >> missing? >> > > It's done through the filesystem object and "put" streams: > > > http://guacamole.apache.org/doc/guacamole-common-js/Guacamole.Client.html= #event:onfilesystem > > http://guacamole.apache.org/doc/guacamole-common-js/Guacamole.Object.html > > (See createOutputStream() in particular) > > Underlying, low-level protocol: > > > http://guacamole.apache.org/doc/gug/protocol-reference.html#filesystem-ob= ject-instruction > > > http://guacamole.apache.org/doc/gug/protocol-reference.html#put-object-in= struction > > The nature of object stream names is described for "get": > > > http://guacamole.apache.org/doc/gug/protocol-reference.html#get-object-in= struction > > Thanks a lot, that works like a charm. createOutputStream() handles the stream creation, so our backend can now send chunks with blob instruction. > - Mike > > --=20 Best Regards Luk=C3=A1=C5=A1 Ra=C5=A1ka --0000000000003ed46d058b350a12 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

st 12. 6. 2019 v=C2=A019:51 odes=C3=ADlatel Mike J= umper <mjumper@apache.org> = napsal:
On Wed, Jun 12, 2019, 09:17 Luk=C3=A1=C5=A1 Ra=C5=A1ka <lukas@raska.me> wrote:
<= /div>
Hello,
so after digging through guacd source, I found out= it can be controller via=C2=A0482201 console code,
<= /div>

Or via the guacctl utili= ty provided to send those codes:



Yup, I noticed that and tested the functionali= ty with guacctl so I don't have to type those codes myself.
<= br>
=C2=A0
but it seems it's not configurable via protocol API and seems to = affect sftp file transport (couldn't see it in guac_rdp_upload_f= ile_handler, but haven't tested on Windows yet).

Are there any plans to unify thi= s behaviour (maybe allow setting the directory with custom protocol and use= it for other transports as well)?

The Guacamole protoc= ol does allow for uploading to specific directories leveraging the filesyst= em object. You can see this done in practice in the file browser within the= Guacamole menu.

Quick fix for my usecase is to ignore filesystem->u= pload_path in guac_common_ssh_sftp_handle_file_stream, but that does make i= t dependent on this non-upstream change.

If you are stripping = away the code that ensures paths are not included in the uploaded filename,= you may well be introducing a security vulnerability that will allow users= to write files anywhere on disk. Upload location is intentionally tightly = controlled.


Yeah, that was why I wanted to avoid this in first place. It could= be very easy to introduce some security issue with seemingly irrelevant ch= anges.

=C2=A0
Or is there any other option h= ow to set the upload_path variable which I'm missing?
=

It&#= 39;s done through the filesystem object and "put" streams:
<= div dir=3D"auto">

Thanks a lot, that works lik= e a charm. createOutputStream() handles the stream creation, so our backend= can now send chunks with blob instruction.

=C2=A0=
<= div dir=3D"auto">
- Mike

=


--
Best Regards<= /div>

Luk=C3=A1=C5=A1 Ra=C5=A1ka
--0000000000003ed46d058b350a12--