From e0aedefd6f05152a5a5751cb9b5c855b369137e2 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Fri, 19 Jun 2020 14:59:20 -0400 Subject: [PATCH] GUACAMOLE-708: Add calls for auto-creating DB users when so configured. --- .../auth/jdbc/JDBCAuthenticationProviderService.java | 11 +++++++++-- .../apache/guacamole/auth/jdbc/user/UserService.java | 8 ++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java index 1bb2c68e7..a1883be2f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java @@ -27,6 +27,7 @@ import org.apache.guacamole.auth.jdbc.sharing.user.SharedAuthenticatedUser; import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.user.ModeledUser; import org.apache.guacamole.auth.jdbc.user.ModeledUserContext; +import org.apache.guacamole.auth.jdbc.user.PrivilegedModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.user.UserService; import org.apache.guacamole.language.TranslatableGuacamoleClientException; import org.apache.guacamole.net.auth.AuthenticatedUser; @@ -98,7 +99,7 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser); ModeledUserContext context = userContextProvider.get(); if (user != null && !user.isDisabled()) { - + // Enforce applicable account restrictions if (databaseRestrictionsApplicable) { @@ -126,9 +127,15 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider } // If no user account is found, and database-specific account - // restrictions do not apply, get an empty user. + // restrictions do not apply, get a skeleton user. else if (!databaseRestrictionsApplicable) { user = userService.retrieveSkeletonUser(authenticationProvider, authenticatedUser); + + // If auto account creation is enabled, add user to DB. + if(environment.autoCreateAbsentAccounts()) { + userService.createObject(new PrivilegedModeledAuthenticatedUser(user.getCurrentUser()), user); + } + } // Veto authentication result only if database-specific account diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java index 0aecd10fa..e284205b2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java @@ -52,6 +52,7 @@ import org.apache.guacamole.net.auth.ActivityRecord; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.User; +import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; @@ -407,11 +408,8 @@ public class UserService extends ModeledDirectoryObjectService>>JDBC<<< Creating skeleton user {}", authenticatedUser.getIdentifier()); + // Set up an empty user model ModeledUser user = getObjectInstance(null, new UserModel(authenticatedUser.getIdentifier()));