[GitHub] [guacamole-client] mike-jumper commented on a diff in pull request #753: GUACAMOLE-1661: Add domain search support for KSM vault extension.

[GitBox]

mike-jumper commented on code in PR #753:
URL: https://github.com/apache/guacamole-client/pull/753#discussion_r954192034


##########
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmClient.java:
##########
@@ -250,13 +292,38 @@ private void validateCache() throws GuacamoleException {
                 String hostname = recordService.getHostname(record);
                 addRecordForHost(record, hostname);
 
-                // Store based on username ONLY if no hostname (will otherwise
-                // result in ambiguous entries for servers tied to identical
-                // accounts)
-                if (hostname == null)
-                    addRecordForLogin(record, 
recordService.getUsername(record));
+                // ... and domain
+                String domain = recordService.getDomain(record);
+                addRecordForDomain(record, domain);
+
+                // Get the username off of the record
+                String username = recordService.getUsername(record);
+
+                // If we have a username, and there isn't already a domain 
explicitly defined
+                if (username != null && domain == null
+                        && confService.getSplitWindowsUsernames()) {
 
-            });
+                    // Attempt to split out the domain of the username
+                    WindowsUsername usernameAndDomain = (
+                            
WindowsUsername.splitWindowsUsernameFromDomain(username));
+
+                    // Use the username-split domain if not already set 
explicitly
+                    if (usernameAndDomain.hasDomain())
+                        domain = usernameAndDomain.getDomain();
+                        addRecordForDomain(record, domain);
+
+                }
+
+                // If domain matching is not enabled for user records,
+                // explicitly set all domains to null to allow matching
+                // on username only
+                if (!confService.getMatchUserRecordsByDomain())
+                    domain = null;
+
+                // Store the login by username and domain
+                addRecordForLogin(record, username, domain);

Review Comment:
   You're right - I think I must have imagined an `addRecordForLogin()` call 
below `recordService.getUsername()`, but there isn't actually one there. It's 
just retrieving the username.
   
   > Everything should be working the way you suggest above.
   
   Do you think it's not worth moving the domain/username retrieval logic into 
the record service? I still find it a bit odd that record service abstracts 
away the details of retrieval for everything _but_ the splitting case, where 
the caller (in this case `KsmClient` and `KsmSecretService`) must always 
manually check and split.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org