GUACAMOLE-1020: Relocate HostName conversion and clean up formatting.

2025-09-06 05:07:41 +00:00 · 2024-10-03 14:15:37 -04:00
parent 02138fb208
commit 06786ff565
1 changed files with 14 additions and 9 deletions
--- a/extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java
+++ b/extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java
@@ -135,9 +135,6 @@ public class RestrictionVerificationService {
    public static RestrictionType allowedByHostRestrictions(String allowedHostsString,
            String deniedHostsString, String remoteAddress) {
        
-        // Convert the string to a HostName
-        HostName remoteHostName = new HostName(remoteAddress);
-        
        // If attributes do not exist or are empty then the action is allowed.
        if ((allowedHostsString == null || allowedHostsString.isEmpty()) 
                && (deniedHostsString == null || deniedHostsString.isEmpty()))
@@ -152,20 +149,28 @@ public class RestrictionVerificationService {
            return RestrictionType.IMPLICIT_DENY;
        }
        
+        // Convert the string to a HostName
+        HostName remoteHostName = new HostName(remoteAddress);
+        
        // Split denied hosts attribute and process each entry, checking them
-        // against the current remote address, and returning false if a match is
-        // found.
+        // against the current remote address, and returning a deny restriction
+        // if a match is found, or if an error occurs in processing a host in
+        // the list.
        List<HostName> deniedHosts = HostRestrictionParser.parseHostList(deniedHostsString);
        for (HostName hostName : deniedHosts) {
-            try {
-                if (hostName.isAddress() && hostName.toAddress().contains(remoteHostName.asAddress()))
-                    return RestrictionType.EXPLICIT_DENY;

-                else
+            try {
+                if (hostName.isAddress()
+                        && hostName.toAddress().contains(remoteHostName.asAddress())) {
+                    return RestrictionType.EXPLICIT_DENY;
+                }
+
+                else {
                    for (IPAddress currAddr : hostName.toAllAddresses())
                        if (currAddr.matches(remoteHostName.asAddressString()))
                            return RestrictionType.EXPLICIT_DENY;
                }
+            }
            catch (UnknownHostException | HostNameException e) {
                LOGGER.warn("Unknown or invalid host in denied hosts list: \"{}\"", hostName);
                LOGGER.debug("Exception while trying to resolve host: \"{}\"", hostName, e);