From 10b3adcd83c247dd1b2f6023f88fb62d00a55f85 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Tue, 8 Oct 2019 12:20:25 -0400 Subject: [PATCH 1/2] GUACAMOLE-893: Fix regression in LDAP causing null filter value to be sent. --- .../guacamole/auth/ldap/ObjectQueryService.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java index ebf979274..07e713c63 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java @@ -142,16 +142,21 @@ public class ObjectQueryService { AndNode searchFilter = new AndNode(); searchFilter.addNode(filter); - // Include all attributes within OR clause if there are more than one + // If no attributes provided, we're done. + if (attributes.size() < 1) + return searchFilter; + + // Include all attributes within OR clause OrNode attributeFilter = new OrNode(); - + // Add equality comparison for each possible attribute attributes.forEach(attribute -> - attributeFilter.addNode(new EqualityNode(attribute, attributeValue)) + attributeFilter.addNode(new EqualityNode(attribute, + (attributeValue != null ? attributeValue : "*"))) ); searchFilter.addNode(attributeFilter); - + return searchFilter; } From a037146a8775cbba9f2dd4440d5427ce1d3bd17c Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Thu, 10 Oct 2019 20:53:07 -0400 Subject: [PATCH 2/2] GUACAMOLE-893: Fix issue where just checking for attribute presence. --- .../auth/ldap/ObjectQueryService.java | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java index 07e713c63..e1fa2bb45 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java @@ -37,6 +37,7 @@ import org.apache.directory.api.ldap.model.filter.AndNode; import org.apache.directory.api.ldap.model.filter.EqualityNode; import org.apache.directory.api.ldap.model.filter.ExprNode; import org.apache.directory.api.ldap.model.filter.OrNode; +import org.apache.directory.api.ldap.model.filter.PresenceNode; import org.apache.directory.api.ldap.model.message.Referral; import org.apache.directory.api.ldap.model.message.SearchRequest; import org.apache.directory.api.ldap.model.name.Dn; @@ -149,14 +150,25 @@ public class ObjectQueryService { // Include all attributes within OR clause OrNode attributeFilter = new OrNode(); - // Add equality comparison for each possible attribute - attributes.forEach(attribute -> - attributeFilter.addNode(new EqualityNode(attribute, - (attributeValue != null ? attributeValue : "*"))) - ); + // If value is defined, check each attribute for that value. + if (attributeValue != null) { + attributes.forEach(attribute -> + attributeFilter.addNode(new EqualityNode(attribute, + attributeValue)) + ); + } + + // If no value is defined, just check for presence of attribute. + else { + attributes.forEach(attribute -> + attributeFilter.addNode(new PresenceNode(attribute)) + ); + } searchFilter.addNode(attributeFilter); + logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString()); + return searchFilter; }