safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-08 06:01:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1661: Simplify and clarify KSM domain search code.

Browse Source
This commit is contained in:
James Muehlner
2022-08-17 18:05:41 +00:00
parent 593cfaaffe
commit e0a9364dde
3 changed files with 30 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmClient.java
View File

@@ -177,7 +177,7 @@ public class KsmClient {
* this Map, {@link #cachedAmbiguousUsers} must first be checked to * this Map, {@link #cachedAmbiguousUsers} must first be checked to
* verify that there is indeed only one record associated with that user. * verify that there is indeed only one record associated with that user.
*/ */
private final Map<UserDomain, KeeperRecord> cachedRecordsByUser = new HashMap<>(); private final Map<UserLogin, KeeperRecord> cachedRecordsByUser = new HashMap<>();
/** /**
* The set of all username/domain combos that are associated with multiple * The set of all username/domain combos that are associated with multiple
@@ -187,7 +187,7 @@ public class KsmClient {
* acquired appropriately. This Set must be checked before using a value * acquired appropriately. This Set must be checked before using a value
* retrieved from {@link #cachedRecordsByUser}. * retrieved from {@link #cachedRecordsByUser}.
*/ */
private final Set<UserDomain> cachedAmbiguousUsers = new HashSet<>(); private final Set<UserLogin> cachedAmbiguousUsers = new HashSet<>();
/** /**
* All records retrieved from Keeper Secrets Manager, where each key is the * All records retrieved from Keeper Secrets Manager, where each key is the
@@ -307,10 +307,12 @@ public class KsmClient {
WindowsUsername usernameAndDomain = ( WindowsUsername usernameAndDomain = (
WindowsUsername.splitWindowsUsernameFromDomain(username)); WindowsUsername.splitWindowsUsernameFromDomain(username));
// Use the username-split domain if not already set explicitly // Use the username-split domain if available
if (usernameAndDomain.hasDomain()) if (usernameAndDomain.hasDomain()) {
domain = usernameAndDomain.getDomain(); domain = usernameAndDomain.getDomain();
username = usernameAndDomain.getUsername();
addRecordForDomain(record, domain); addRecordForDomain(record, domain);
}
} }
@@ -407,7 +409,7 @@ public class KsmClient {
if (username == null) if (username == null)
return; return;
UserDomain userDomain = new UserDomain(username, domain); UserLogin userDomain = new UserLogin(username, domain);
KeeperRecord existing = cachedRecordsByUser.putIfAbsent( KeeperRecord existing = cachedRecordsByUser.putIfAbsent(
userDomain, record); userDomain, record);
if (existing != null && record != existing) if (existing != null && record != existing)
@@ -504,7 +506,7 @@ public class KsmClient {
* The username of the record to return. * The username of the record to return.
* *
* @param domain * @param domain
* The domain of the record to return. * The domain of the record to return, or null if no domain exists.
* *
* @return * @return
* The record associated with the given username and domain, or null * The record associated with the given username and domain, or null
@@ -519,7 +521,7 @@ public class KsmClient {
validateCache(); validateCache();
cacheLock.readLock().lock(); cacheLock.readLock().lock();
UserDomain userDomain = new UserDomain(username, domain); UserLogin userDomain = new UserLogin(username, domain);
try { try {

4
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmSecretService.java
View File

@@ -373,7 +373,9 @@ public class KsmSecretService implements VaultSecretService {
filter.filter(gatewayUsername), filter.filter(gatewayUsername),
filteredGatewayDomain)); filteredGatewayDomain));
} else { }
else {
// Retrieve and define user-specific tokens, if any // Retrieve and define user-specific tokens, if any
// NOTE that non-RDP connections do not have a domain // NOTE that non-RDP connections do not have a domain

50
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/UserDomain.java → extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/UserLogin.java
View File

@@ -19,6 +19,8 @@
package org.apache.guacamole.vault.ksm.secret; package org.apache.guacamole.vault.ksm.secret;
import java.util.Objects;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import javax.annotation.Nullable; import javax.annotation.Nullable;
@@ -29,7 +31,7 @@ import javax.annotation.Nullable;
* actually be identified by both the user and domain, if the appropriate * actually be identified by both the user and domain, if the appropriate
* settings are enabled. * settings are enabled.
*/ */
class UserDomain { class UserLogin {
/** /**
* The username associated with the user record. * The username associated with the user record.
@@ -44,17 +46,17 @@ class UserDomain {
private final String domain; private final String domain;
/** /**
* Create a new UserDomain instance with the provided username and * Create a new UserLogin instance with the provided username and
* domain. The domain may be null, but the username should never be. * domain. The domain may be null, but the username should never be.
* *
* @param username * @param username
* The username to create the UserDomain instance with. This should * The username to create the UserLogin instance with. This should
* never be null. * never be null.
* *
* @param domain * @param domain
* The domain to create the UserDomain instance with. This can be null. * The domain to create the UserLogin instance with. This can be null.
*/ */
UserDomain(@Nonnull String username, @Nullable String domain) { UserLogin(@Nonnull String username, @Nullable String domain) {
this.username = username; this.username = username;
this.domain = domain; this.domain = domain;
} }
@@ -62,13 +64,7 @@ class UserDomain {
@Override @Override
public int hashCode() { public int hashCode() {
final int prime = 31; return Objects.hash(domain, username);
int result = 1;
result = prime * result + ((domain == null) ? 0 : domain.hashCode());
result = prime * result + ((username == null) ? 0 : username.hashCode());
return result;
} }
@@ -83,33 +79,23 @@ class UserDomain {
if (obj == null) if (obj == null)
return false; return false;
// Check if the other object is also a UserDomain // Check if the other object is also a UserLogin
if (getClass() != obj.getClass()) if (getClass() != obj.getClass())
return false; return false;
// If it is a UserDomain, it must have the same username... // If the other object is also a UserLogin, it must
UserDomain other = (UserDomain) obj; // have the same username and domain
if (username == null) { UserLogin other = (UserLogin) obj;
if (other.username != null) return Objects.equals(username, other.username)
return false; && Objects.equals(domain, other.domain);
} else if (!username.equals(other.username))
return false;
// .. and the same domain
if (domain == null) {
if (other.domain != null)
return false;
} else if (!domain.equals(other.domain))
return false;
return true;
} }
/** /**
* Get the username associated with this UserDomain. * Get the username associated with this UserLogin.
* *
* @return * @return
* The username associated with this UserDomain. * The username associated with this UserLogin.
*/ */
public String getUsername() { public String getUsername() {
return username; return username;
@@ -117,10 +103,10 @@ class UserDomain {
/** /**
* Get the domain associated with this UserDomain. * Get the domain associated with this UserLogin.
* *
* @return * @return
* The domain associated with this UserDomain. * The domain associated with this UserLogin.
*/ */
public String getDomain() { public String getDomain() {
return domain; return domain;