Re: Get all open sessions / connections

2019-08-14 Thread Lukas Krempler 
Hey Nick!

Thanks for that input. I couldn't find any documentation about the Web API.
:/

So is it correct, there is no way to login with the Web API with TOTP?
That the user can read the active session, he must have admin privileges.
But if the user had admin rights, there is no way to disable the 2FA
authentication.

Thanks. Lukas

Am Di., 13. Aug. 2019 um 12:41 Uhr schrieb Nick Couchman :

> On Tue, Aug 13, 2019 at 4:00 AM Lukas Krempler 
> wrote:
>
>> hey everybody!
>>
>> I'm searching for an easy way to get all actual open sessions from
>> guacamole users. Like the view in the guacamole backend "Active Sessions".
>>
>> Maybe there is a way to write the open connections into the database, or
>> write a file in a specific folder.
>>
>> To parse the logfiles to get the open sessions is not my favorite way.
>>
>> I hope someone has such a good idea.
>>
>>
> The entire Guacamole Client front-end is API-driven, so all of the data
> that drives the displays, including the Active Sessions area, can be
> retrieved in JSON format from the Java back-end.  I wrote some sample
> Python code once upon a time to query things in the API and provide a
> couple of examples for how you could do this.  That (now fairly old) code
> lives here:
>
> https://github.com/necouchman/guacamole-python
>
> If you look through that you'll see the various API locations for
> retrieving active connections, connection history, etc., and some examples
> for killing active connections.
>
> -Nick
>
>>

Re: Get all open sessions / connections

2019-08-14 Thread Nick Couchman 
On Wed, Aug 14, 2019 at 05:19 Lukas Krempler  wrote:

>
> Hey Nick!
>
> Thanks for that input. I couldn't find any documentation about the Web
> API. :/
>

Yes, there is an open issue out there for documenting the API.  There isn't
much on our right now - you can either watch the Network tab in the browser
developer console to see the calls, or you can look through the Java and
Javascript code.


> So is it correct, there is no way to login with the Web API with TOTP?
>

I believe you should be able to log in to the web API with TOTP - the
AngularJS application uses the API to do this and it works fine.  You'll
just have to figure out what API calls need to be made and use then in the
code/script you're writing.

That the user can read the active session, he must have admin privileges.
> But if the user had admin rights, there is no way to disable the 2FA
> authentication.
>

Right now users can see their own active sessions, and some limited
information about other active sessions (no username), but, yes, you have
to have administrative privileges in Guacamole to see all the information
about all active sessions.

-Nick

>