From 907e0edfcfa23eab3da12c7c3d8ff945b5470830 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sat, 18 Mar 2017 12:08:38 -0400 Subject: [PATCH 1/9] GUACAMOLE-244: Support configuration of alias dereferencing --- .../auth/ldap/ConfigurationService.java | 32 +++++++++++++++++++ .../auth/ldap/LDAPGuacamoleProperties.java | 10 ++++++ .../ldap/connection/ConnectionService.java | 15 +++++++-- .../guacamole/auth/ldap/user/UserService.java | 7 +++- 4 files changed, 61 insertions(+), 3 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index a13eb9715..f29d8f106 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -223,4 +223,36 @@ public class ConfigurationService { ); } + /** + * Returns whether or not LDAP aliases will be dereferenced, + * as configured with guacamole.properties. + * By default they will never be dereferenced. + * + * @return + * An integer representing the status of of alias + * dereferencing, as configured in guacamole.properties. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + public int getDereferenceAliases() throws GuacamoleException { + String derefAliases = environment.getProperty( + LDAPGuacamoleProperties.LDAP_DEREFERENCE_ALIASES, + "never" + ); + + if (derefAliases == "always") + return 3; + + else if (derefAliases == "finding") + return 2; + + else if (derefAliases == "searching") + return 1; + + else + return 0; + + } + } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index bc684e32c..8e7d574a9 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -153,4 +153,14 @@ public class LDAPGuacamoleProperties { }; + /** + * The behavior of alias dereferncing for the LDAP connections. + */ + public static final StringGuacamoleProperty LDAP_DEREFERENCE_ALIASES = new StringGuacamoleProperty() { + + @Override + public String getName() { return "ldap-dereference-aliases"; } + + }; + } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java index b13207a15..0ec5ebe4e 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java @@ -24,6 +24,7 @@ import com.novell.ldap.LDAPAttribute; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; +import com.novell.ldap.LDAPSearchConstraints; import com.novell.ldap.LDAPSearchResults; import java.util.Collections; import java.util.Enumeration; @@ -108,6 +109,10 @@ public class ConnectionService { // current user String connectionSearchFilter = getConnectionSearchFilter(userDN, ldapConnection); + // Set Search Constraints + LDAPSearchConstraints constraints = new LDAPSearchConstraints(); + constraints.setDereference(confService.getDereferenceAliases()); + // Find all Guacamole connections for the given user by // looking for direct membership in the guacConfigGroup // and possibly any groups the user is a member of that are @@ -117,7 +122,8 @@ public class ConnectionService { LDAPConnection.SCOPE_SUB, connectionSearchFilter, null, - false + false, + constraints ); // Build token filter containing credential tokens @@ -234,13 +240,18 @@ public class ConnectionService { String groupBaseDN = confService.getGroupBaseDN(); if (groupBaseDN != null) { + // Set up LDAP constraints + LDAPSearchConstraints constraints = new LDAPSearchConstraints(); + constraints.setDereference(confService.getDereferenceAliases()); + // Get all groups the user is a member of starting at the groupBaseDN, excluding guacConfigGroups LDAPSearchResults userRoleGroupResults = ldapConnection.search( groupBaseDN, LDAPConnection.SCOPE_SUB, "(&(!(objectClass=guacConfigGroup))(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))", null, - false + false, + constraints ); // Append the additional user groups to the LDAP filter diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java index cae1599ef..c4f6ce097 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java @@ -88,6 +88,7 @@ public class UserService { // Set search limits LDAPSearchConstraints constraints = new LDAPSearchConstraints(); constraints.setMaxResults(confService.getMaxResults()); + constraints.setDereference(confService.getDereferenceAliases()); // Find all Guacamole users underneath base DN LDAPSearchResults results = ldapConnection.search( @@ -247,6 +248,9 @@ public class UserService { List userDNs = new ArrayList(); + LDAPSearchConstraints constraints = new LDAPSearchConstraints(); + constraints.setDereference(confService.getDereferenceAliases()); + // Find all Guacamole users underneath base DN and matching the // specified username LDAPSearchResults results = ldapConnection.search( @@ -254,7 +258,8 @@ public class UserService { LDAPConnection.SCOPE_SUB, generateLDAPQuery(username), null, - false + false, + constraints ); // Add all DNs for found users From c0a1b692d1151162df87a2a3749e53f27833db14 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sun, 19 Mar 2017 20:45:52 -0400 Subject: [PATCH 2/9] GUACAMOLE-102: Fix issue with string comparison, and fully check values for ldap-dereference-aliases. --- .../guacamole/auth/ldap/ConfigurationService.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index f29d8f106..e546414d6 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -241,17 +241,23 @@ public class ConfigurationService { "never" ); - if (derefAliases == "always") + if (derefAliases.equals("always")) return 3; - else if (derefAliases == "finding") + else if (derefAliases.equals("finding")) return 2; - else if (derefAliases == "searching") + else if (derefAliases.equals("searching")) return 1; - else + else if (derefAliases.equals("never")) return 0; + + else { + logger.error("Invalid value given for ldap-dereference-aliases."); + logger.debug("Received {} but expected one of the following: always, finding, searching, never.", derefAliases); + throw new GuacamoleException("Invalid valid for ldap-dereference-aliases."); + } } From b9271aac56384352aba2a8b8679eaad80df516e8 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sun, 19 Mar 2017 20:50:30 -0400 Subject: [PATCH 3/9] GUACAMOLE-102: Clearer comments on the function for the config values for dereferencing aliases. --- .../guacamole/auth/ldap/ConfigurationService.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index e546414d6..b5e55554e 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -225,12 +225,15 @@ public class ConfigurationService { /** * Returns whether or not LDAP aliases will be dereferenced, - * as configured with guacamole.properties. - * By default they will never be dereferenced. + * as configured with guacamole.properties. The default + * behavior if not explicityly defined is to never + * dereference them. * * @return - * An integer representing the status of of alias - * dereferencing, as configured in guacamole.properties. + * An integer value that maps to the JLDAP constants + * for dereferencing - 0 is DEREF_NEVER, 1 is DEREF_SEARCHING, + * 2 is DEREF_FINDING, and 3 is DEREF_ALWAYS - as configured + * in guacamole.properties. * * @throws GuacamoleException * If guacamole.properties cannot be parsed. From b7fd01e02d84d63f8e9c8eb9e2dbb9ff366f8c50 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sun, 19 Mar 2017 20:53:05 -0400 Subject: [PATCH 4/9] GUACAMOLE-102: Correct spelling mistake. --- .../org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index 8e7d574a9..9d3a4d5ec 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -154,7 +154,7 @@ public class LDAPGuacamoleProperties { }; /** - * The behavior of alias dereferncing for the LDAP connections. + * The behavior of alias dereferencing for the LDAP connections. */ public static final StringGuacamoleProperty LDAP_DEREFERENCE_ALIASES = new StringGuacamoleProperty() { From d1635ce28c52eebd2d99fad1b387dae82f1feb15 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sun, 19 Mar 2017 21:04:32 -0400 Subject: [PATCH 5/9] GUACAMOLE-102: Create a more global LDAPSearchConstraints in the ConfigurationService. --- .../auth/ldap/ConfigurationService.java | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index b5e55554e..af67e2be2 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -20,16 +20,24 @@ package org.apache.guacamole.auth.ldap; import com.google.inject.Inject; +import com.novell.ldap.LDAPSearchConstraints; import java.util.Collections; import java.util.List; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.environment.Environment; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Service for retrieving configuration information regarding the LDAP server. */ public class ConfigurationService { + /** + * Logger for this class. + */ + private final Logger logger = LoggerFactory.getLogger(ConfigurationService.class); + /** * The Guacamole server environment. */ @@ -264,4 +272,30 @@ public class ConfigurationService { } + /** + * Returns a set of LDAPSearchConstraints to apply globally + * to all LDAP searches rather than having various instances + * dispersed throughout the code. Currently contains the + * maximum number of LDAP results to return in a search, as + * well as whether or not aliases should be dereferenced + * during LDAP operations. + * + * @return + * A LDAPSearchConstraints object containing constraints + * to be applied to all LDAP search operations. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + public LDAPSearchConstraints getLDAPSearchConstraints() throws GuacamoleException { + + LDAPSearchConstraints constraints = new LDAPSearchConstraints(); + + constraints.setMaxResults(getMaxResults()); + constraints.setDereference(getDereferenceAliases()); + + return constraints; + + } + } From b816836e4910bafd8bf0c84ddc9c63db07ac0ba5 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sun, 19 Mar 2017 21:09:00 -0400 Subject: [PATCH 6/9] GUACAMOLE-102: Change LDAP searches to use global LDAPSearchConstraints instead of instantiating their own each time. --- .../auth/ldap/connection/ConnectionService.java | 13 ++----------- .../guacamole/auth/ldap/user/UserService.java | 12 ++---------- 2 files changed, 4 insertions(+), 21 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java index 0ec5ebe4e..d256ebb3b 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java @@ -24,7 +24,6 @@ import com.novell.ldap.LDAPAttribute; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; -import com.novell.ldap.LDAPSearchConstraints; import com.novell.ldap.LDAPSearchResults; import java.util.Collections; import java.util.Enumeration; @@ -109,10 +108,6 @@ public class ConnectionService { // current user String connectionSearchFilter = getConnectionSearchFilter(userDN, ldapConnection); - // Set Search Constraints - LDAPSearchConstraints constraints = new LDAPSearchConstraints(); - constraints.setDereference(confService.getDereferenceAliases()); - // Find all Guacamole connections for the given user by // looking for direct membership in the guacConfigGroup // and possibly any groups the user is a member of that are @@ -123,7 +118,7 @@ public class ConnectionService { connectionSearchFilter, null, false, - constraints + confService.getLDAPSearchConstraints() ); // Build token filter containing credential tokens @@ -240,10 +235,6 @@ public class ConnectionService { String groupBaseDN = confService.getGroupBaseDN(); if (groupBaseDN != null) { - // Set up LDAP constraints - LDAPSearchConstraints constraints = new LDAPSearchConstraints(); - constraints.setDereference(confService.getDereferenceAliases()); - // Get all groups the user is a member of starting at the groupBaseDN, excluding guacConfigGroups LDAPSearchResults userRoleGroupResults = ldapConnection.search( groupBaseDN, @@ -251,7 +242,7 @@ public class ConnectionService { "(&(!(objectClass=guacConfigGroup))(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))", null, false, - constraints + confService.getLDAPSearchConstraints() ); // Append the additional user groups to the LDAP filter diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java index c4f6ce097..f7c571678 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java @@ -25,7 +25,6 @@ import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; import com.novell.ldap.LDAPSearchResults; -import com.novell.ldap.LDAPSearchConstraints; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -85,10 +84,6 @@ public class UserService { String usernameAttribute) throws GuacamoleException { try { - // Set search limits - LDAPSearchConstraints constraints = new LDAPSearchConstraints(); - constraints.setMaxResults(confService.getMaxResults()); - constraints.setDereference(confService.getDereferenceAliases()); // Find all Guacamole users underneath base DN LDAPSearchResults results = ldapConnection.search( @@ -97,7 +92,7 @@ public class UserService { "(&(objectClass=*)(" + escapingService.escapeLDAPSearchFilter(usernameAttribute) + "=*))", null, false, - constraints + confService.getLDAPSearchConstraints() ); // Read all visible users @@ -248,9 +243,6 @@ public class UserService { List userDNs = new ArrayList(); - LDAPSearchConstraints constraints = new LDAPSearchConstraints(); - constraints.setDereference(confService.getDereferenceAliases()); - // Find all Guacamole users underneath base DN and matching the // specified username LDAPSearchResults results = ldapConnection.search( @@ -259,7 +251,7 @@ public class UserService { generateLDAPQuery(username), null, false, - constraints + confService.getLDAPSearchConstraints() ); // Add all DNs for found users From daf4e9d2624cfb22f3588b7334301f8f0cc5f28d Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Mon, 20 Mar 2017 07:51:00 -0400 Subject: [PATCH 7/9] GUACAMOLE-244: Implement custom property type to handle alias dereferencing configuration. --- .../auth/ldap/ConfigurationService.java | 32 ++------- .../auth/ldap/DereferenceAliases.java | 71 +++++++++++++++++++ .../auth/ldap/DereferenceAliasesProperty.java | 61 ++++++++++++++++ .../auth/ldap/LDAPGuacamoleProperties.java | 2 +- 4 files changed, 139 insertions(+), 27 deletions(-) create mode 100644 extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java create mode 100644 extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index af67e2be2..c33e3204f 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -238,38 +238,18 @@ public class ConfigurationService { * dereference them. * * @return - * An integer value that maps to the JLDAP constants - * for dereferencing - 0 is DEREF_NEVER, 1 is DEREF_SEARCHING, - * 2 is DEREF_FINDING, and 3 is DEREF_ALWAYS - as configured - * in guacamole.properties. + * The behavior for handling dereferencing of aliases + * as configured in guacamole.properties. * * @throws GuacamoleException * If guacamole.properties cannot be parsed. */ - public int getDereferenceAliases() throws GuacamoleException { - String derefAliases = environment.getProperty( + public DereferenceAliases getDereferenceAliases() throws GuacamoleException { + return environment.getProperty( LDAPGuacamoleProperties.LDAP_DEREFERENCE_ALIASES, - "never" + DereferenceAliases.NEVER ); - if (derefAliases.equals("always")) - return 3; - - else if (derefAliases.equals("finding")) - return 2; - - else if (derefAliases.equals("searching")) - return 1; - - else if (derefAliases.equals("never")) - return 0; - - else { - logger.error("Invalid value given for ldap-dereference-aliases."); - logger.debug("Received {} but expected one of the following: always, finding, searching, never.", derefAliases); - throw new GuacamoleException("Invalid valid for ldap-dereference-aliases."); - } - } /** @@ -292,7 +272,7 @@ public class ConfigurationService { LDAPSearchConstraints constraints = new LDAPSearchConstraints(); constraints.setMaxResults(getMaxResults()); - constraints.setDereference(getDereferenceAliases()); + constraints.setDereference(getDereferenceAliases().DEREF_VALUE); return constraints; diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java new file mode 100644 index 000000000..5c339d6f8 --- /dev/null +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.ldap; + +/** + * Acceptable values for configuring the dereferencing of aliases in + * talking to LDAP servers. + */ +public enum DereferenceAliases { + + /** + * Never dereference aliases. This is the default. + */ + NEVER(0), + + /** + * Aliases are dereferenced below the base object, but not to locate + * the base object itself. So, if the base object is itself an alias + * the search will not complete. + */ + SEARCHING(1), + + /** + * Aliases are only dereferenced to locate the base object, but not + * after that. So, a search against a base object that is an alias will + * find any subordinates of the real object the aliase references, but + * further aliases in the search will not be dereferenced. + */ + FINDING(2), + + /** + * Aliases will always be dereferenced, both to locate the base object + * and when handling results returned by the search. + */ + ALWAYS(3); + + /** + * The integer value that the enum represents, which is used in + * configuring the JLDAP library. + */ + public final int DEREF_VALUE; + + /** + * Initializes the dereference aliases object with the integer + * value the setting maps to per the JLDAP implementation. + * + * @param derefValue + * The value associated with this dereference setting + */ + private DereferenceAliases(int derefValue) { + this.DEREF_VALUE = derefValue; + } + +} diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java new file mode 100644 index 000000000..61a8944ca --- /dev/null +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.ldap; + +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleServerException; +import org.apache.guacamole.properties.GuacamoleProperty; + +/** + * A GuacamoleProperty with a value of DereferenceAliases. The possible strings + * "never", "searching", "finding", and "always" are mapped to their values as a + * DereferenceAliases enum. Anything else results in a parse error. + */ +public abstract class DereferenceAliasesProperty implements GuacamoleProperty { + + @Override + public DereferenceAliases parseValue(String value) throws GuacamoleException { + + // No value provided, so return null. + if (value == null) + return null; + + // Never dereference aliases + if (value.equals("never")) + return DereferenceAliases.NEVER; + + // Dereference aliases during search operations, but not at base + if (value.equals("searching")) + return DereferenceAliases.SEARCHING; + + // Dereference aliases to locate base, but not during searches + if (value.equals("finding")) + return DereferenceAliases.FINDING; + + // Always dereference aliases + if (value.equals("always")) + return DereferenceAliases.ALWAYS; + + // Anything else is invalid and results in an error + throw new GuacamoleServerException("Dereference aliases must be one of \"never\", \"searching\", \"finding\", or \"always\"."); + + } + +} diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index 9d3a4d5ec..9a8af589e 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -156,7 +156,7 @@ public class LDAPGuacamoleProperties { /** * The behavior of alias dereferencing for the LDAP connections. */ - public static final StringGuacamoleProperty LDAP_DEREFERENCE_ALIASES = new StringGuacamoleProperty() { + public static final DereferenceAliasesProperty LDAP_DEREFERENCE_ALIASES = new DereferenceAliasesProperty() { @Override public String getName() { return "ldap-dereference-aliases"; } From f2b4053192c9ccd236e33361bf55456836d22ac7 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Mon, 20 Mar 2017 20:24:46 -0400 Subject: [PATCH 8/9] GUACAMOLE-244: Rename DereferenceAliases class to DereferenceAliasesMode, fix several comment issues and spelling mistakes. --- .../auth/ldap/ConfigurationService.java | 14 ++++------- ...iases.java => DereferenceAliasesMode.java} | 25 +++++++++++-------- .../auth/ldap/DereferenceAliasesProperty.java | 12 ++++----- .../auth/ldap/LDAPGuacamoleProperties.java | 3 ++- 4 files changed, 27 insertions(+), 27 deletions(-) rename extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/{DereferenceAliases.java => DereferenceAliasesMode.java} (72%) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index c33e3204f..3d9ea64bf 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -224,7 +224,7 @@ public class ConfigurationService { * @throws GuacamoleException * If guacamole.properties cannot be parsed. */ - public int getMaxResults() throws GuacamoleException { + private int getMaxResults() throws GuacamoleException { return environment.getProperty( LDAPGuacamoleProperties.LDAP_MAX_SEARCH_RESULTS, 1000 @@ -234,7 +234,7 @@ public class ConfigurationService { /** * Returns whether or not LDAP aliases will be dereferenced, * as configured with guacamole.properties. The default - * behavior if not explicityly defined is to never + * behavior if not explicitly defined is to never * dereference them. * * @return @@ -244,21 +244,17 @@ public class ConfigurationService { * @throws GuacamoleException * If guacamole.properties cannot be parsed. */ - public DereferenceAliases getDereferenceAliases() throws GuacamoleException { + private DereferenceAliasesMode getDereferenceAliases() throws GuacamoleException { return environment.getProperty( LDAPGuacamoleProperties.LDAP_DEREFERENCE_ALIASES, - DereferenceAliases.NEVER + DereferenceAliasesMode.NEVER ); } /** * Returns a set of LDAPSearchConstraints to apply globally - * to all LDAP searches rather than having various instances - * dispersed throughout the code. Currently contains the - * maximum number of LDAP results to return in a search, as - * well as whether or not aliases should be dereferenced - * during LDAP operations. + * to all LDAP searches. * * @return * A LDAPSearchConstraints object containing constraints diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesMode.java similarity index 72% rename from extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java rename to extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesMode.java index 5c339d6f8..406c2478c 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesMode.java @@ -19,41 +19,44 @@ package org.apache.guacamole.auth.ldap; +import com.novell.ldap.LDAPSearchConstraints; + /** - * Acceptable values for configuring the dereferencing of aliases in - * talking to LDAP servers. + * Data type that handles acceptable values for configuring + * alias dereferencing behavior when querying LDAP servers. */ -public enum DereferenceAliases { +public enum DereferenceAliasesMode { /** * Never dereference aliases. This is the default. */ - NEVER(0), + NEVER(LDAPSearchConstraints.DEREF_NEVER), /** * Aliases are dereferenced below the base object, but not to locate * the base object itself. So, if the base object is itself an alias * the search will not complete. */ - SEARCHING(1), + SEARCHING(LDAPSearchConstraints.DEREF_SEARCHING), /** * Aliases are only dereferenced to locate the base object, but not * after that. So, a search against a base object that is an alias will - * find any subordinates of the real object the aliase references, but + * find any subordinates of the real object the alias references, but * further aliases in the search will not be dereferenced. */ - FINDING(2), + FINDING(LDAPSearchConstraints.DEREF_FINDING), /** * Aliases will always be dereferenced, both to locate the base object * and when handling results returned by the search. */ - ALWAYS(3); + ALWAYS(LDAPSearchConstraints.DEREF_ALWAYS); /** - * The integer value that the enum represents, which is used in - * configuring the JLDAP library. + * The integer constant as defined in the JLDAP library that + * the LDAPSearchConstraints class uses to define the + * dereferencing behavior during search operations. */ public final int DEREF_VALUE; @@ -64,7 +67,7 @@ public enum DereferenceAliases { * @param derefValue * The value associated with this dereference setting */ - private DereferenceAliases(int derefValue) { + private DereferenceAliasesMode(int derefValue) { this.DEREF_VALUE = derefValue; } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java index 61a8944ca..7888347b1 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java @@ -28,10 +28,10 @@ import org.apache.guacamole.properties.GuacamoleProperty; * "never", "searching", "finding", and "always" are mapped to their values as a * DereferenceAliases enum. Anything else results in a parse error. */ -public abstract class DereferenceAliasesProperty implements GuacamoleProperty { +public abstract class DereferenceAliasesProperty implements GuacamoleProperty { @Override - public DereferenceAliases parseValue(String value) throws GuacamoleException { + public DereferenceAliasesMode parseValue(String value) throws GuacamoleException { // No value provided, so return null. if (value == null) @@ -39,19 +39,19 @@ public abstract class DereferenceAliasesProperty implements GuacamoleProperty Date: Tue, 21 Mar 2017 07:33:21 -0400 Subject: [PATCH 9/9] GUACAMOLE-244: Minor style tweaks in comments. --- .../apache/guacamole/auth/ldap/ConfigurationService.java | 5 ++--- .../apache/guacamole/auth/ldap/DereferenceAliasesMode.java | 6 +++--- .../guacamole/auth/ldap/DereferenceAliasesProperty.java | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index 3d9ea64bf..f0988a741 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -233,8 +233,8 @@ public class ConfigurationService { /** * Returns whether or not LDAP aliases will be dereferenced, - * as configured with guacamole.properties. The default - * behavior if not explicitly defined is to never + * as configured with guacamole.properties. The default + * behavior if not explicitly defined is to never * dereference them. * * @return @@ -249,7 +249,6 @@ public class ConfigurationService { LDAPGuacamoleProperties.LDAP_DEREFERENCE_ALIASES, DereferenceAliasesMode.NEVER ); - } /** diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesMode.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesMode.java index 406c2478c..1fd1bea41 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesMode.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesMode.java @@ -28,20 +28,20 @@ import com.novell.ldap.LDAPSearchConstraints; public enum DereferenceAliasesMode { /** - * Never dereference aliases. This is the default. + * Never dereference aliases. This is the default. */ NEVER(LDAPSearchConstraints.DEREF_NEVER), /** * Aliases are dereferenced below the base object, but not to locate - * the base object itself. So, if the base object is itself an alias + * the base object itself. So, if the base object is itself an alias * the search will not complete. */ SEARCHING(LDAPSearchConstraints.DEREF_SEARCHING), /** * Aliases are only dereferenced to locate the base object, but not - * after that. So, a search against a base object that is an alias will + * after that. So, a search against a base object that is an alias will * find any subordinates of the real object the alias references, but * further aliases in the search will not be dereferenced. */ diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java index 7888347b1..60b89c4b6 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java @@ -26,7 +26,7 @@ import org.apache.guacamole.properties.GuacamoleProperty; /** * A GuacamoleProperty with a value of DereferenceAliases. The possible strings * "never", "searching", "finding", and "always" are mapped to their values as a - * DereferenceAliases enum. Anything else results in a parse error. + * DereferenceAliases enum. Anything else results in a parse error. */ public abstract class DereferenceAliasesProperty implements GuacamoleProperty {