On Mon, May 16, 2022 at 12:23 PM Dmitry Katsubo <[email protected]> wrote:
> Dear Guacamole users, > Dear Nick, > > Sorry I decided to resurrect the 4-years old challenge. I have rebased my > changes on the latest codebase. Not so many changes are required to allow > the user authenticated via auth-header extension to be provided > authentication information / connection settings from user-mapping.xml. > Without the changes the settings are not picked up from user-mapping.xml. > Is there a specific reason that you cannot use the database? It's intended for what you describe, intended for production use, and will work with header auth. > Please check my commit b0aa658 > <https://github.com/dmak/guacamole-client/commit/b0aa658043689b8ff37d18db49a75ac443b4cc12>. > If that is OK, then I would provide few unit tests for it. Otherwise let me > know what is missing, preferably in terms so that I can implement a test. > Looking at your commit, I see that one of the primary changes here is changing the prototype and visibility of the getAuthorizedConfigurations() function. This will break API and ABI compatibility, and I do not think we should do this. For the built-in support for user-mapping.xml to be able to accept the authentication results of other installed extensions, it will need to be modified to use the less-simple API and implement AuthenticationProvider and UserContext (rather than use SimpleAuthenticationProvider). With user-mapping.xml really being intended for testing only, and with these changes aimed at allowing user-mapping.xml to be used in a more complex configuration aimed at production use, I think these changes really would need to be coupled with a move to a user-mapping variant that *is* intended for production (proper salted hashes for passwords instead of intentionally-simplified-for-testing hashes, the ability to define a user/connection association that requires auth from some other extension and otherwise has no password, etc.). - Mike
