Merge changes from patch branch back to main.

2025-09-06 05:07:41 +00:00 · 2024-10-04 14:30:52 -07:00
parent 2bf93c1305 18ea137dce
commit 3839f9c2ca
4 changed files with 151 additions and 11 deletions
--- a/extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java
+++ b/extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java
@@ -135,9 +135,6 @@ public class RestrictionVerificationService {
    public static RestrictionType allowedByHostRestrictions(String allowedHostsString,
            String deniedHostsString, String remoteAddress) {
        
-        // Convert the string to a HostName
-        HostName remoteHostName = new HostName(remoteAddress);
-        
        // If attributes do not exist or are empty then the action is allowed.
        if ((allowedHostsString == null || allowedHostsString.isEmpty()) 
                && (deniedHostsString == null || deniedHostsString.isEmpty()))
@@ -152,19 +149,27 @@ public class RestrictionVerificationService {
            return RestrictionType.IMPLICIT_DENY;
        }
        
+        // Convert the string to a HostName
+        HostName remoteHostName = new HostName(remoteAddress);
+        
        // Split denied hosts attribute and process each entry, checking them
-        // against the current remote address, and returning false if a match is
-        // found.
+        // against the current remote address, and returning a deny restriction
+        // if a match is found, or if an error occurs in processing a host in
+        // the list.
        List<HostName> deniedHosts = HostRestrictionParser.parseHostList(deniedHostsString);
        for (HostName hostName : deniedHosts) {
-            try {
-                if (hostName.isAddress() && hostName.toAddress().contains(remoteHostName.asAddress()))
-                    return RestrictionType.EXPLICIT_DENY;

-                else
+            try {
+                if (hostName.isAddress()
+                        && hostName.toAddress().contains(remoteHostName.asAddress())) {
+                    return RestrictionType.EXPLICIT_DENY;
+                }
+
+                else {
                    for (IPAddress currAddr : hostName.toAllAddresses())
                        if (currAddr.matches(remoteHostName.asAddressString()))
                            return RestrictionType.EXPLICIT_DENY;
+                }
            }
            catch (UnknownHostException | HostNameException e) {
                LOGGER.warn("Unknown or invalid host in denied hosts list: \"{}\"", hostName);
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/SSOAuthenticationProvider.java
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/SSOAuthenticationProvider.java
@@ -112,7 +112,6 @@ public abstract class SSOAuthenticationProvider extends AbstractAuthenticationPr
            protected void configure() {

                bind(AuthenticationProvider.class).toInstance(SSOAuthenticationProvider.this);
-                bind(Environment.class).toInstance(LocalEnvironment.getInstance());
                bind(SSOAuthenticationProviderService.class).to(authService);

                // Bind custom SSOResource implementation if different from