safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1115: Fix NPE in password conversion.

Browse Source
This commit is contained in:
Michael Jumper
2015-10-23 15:51:22 -07:00
parent 725e7d553c
commit 529dccf675
1 changed files with 76 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java
View File

@@ -27,6 +27,7 @@ import com.google.inject.Provider;
import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException; import com.novell.ldap.LDAPException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.util.List;
import org.glyptodon.guacamole.auth.ldap.user.AuthenticatedUser; import org.glyptodon.guacamole.auth.ldap.user.AuthenticatedUser;
import org.glyptodon.guacamole.auth.ldap.user.UserContext; import org.glyptodon.guacamole.auth.ldap.user.UserContext;
import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.GuacamoleException;
@@ -74,6 +75,28 @@ public class AuthenticationProviderService {
@Inject @Inject
private Provider<UserContext> userContextProvider; private Provider<UserContext> userContextProvider;
/**
* Disconnects the given LDAP connection, logging any failure to do so
* appropriately.
*
* @param ldapConnection
* The LDAP connection to disconnect.
*/
private void disconnect(LDAPConnection ldapConnection) {
// Attempt disconnect
try {
ldapConnection.disconnect();
}
// Warn if disconnect unexpectedly fails
catch (LDAPException e) {
logger.warn("Unable to disconnect from LDAP server: {}", e.getMessage());
logger.debug("LDAP disconnect failed.", e);
}
}
/** /**
* Determines the DN which corresponds to the user having the given * Determines the DN which corresponds to the user having the given
* username. The DN will either be derived directly from the user base DN, * username. The DN will either be derived directly from the user base DN,
@@ -93,7 +116,43 @@ public class AuthenticationProviderService {
private String getUserBindDN(String username) private String getUserBindDN(String username)
throws GuacamoleException { throws GuacamoleException {
// Derive user DN from base DN // If a search DN is provided, search the LDAP directory for the DN
// corresponding to the given username
String searchBindDN = confService.getSearchBindDN();
if (searchBindDN != null) {
// Create an LDAP connection using the search account
LDAPConnection searchConnection = bindAs(
searchBindDN,
confService.getSearchBindPassword()
);
try {
// Retrieve all DNs associated with the given username
List<String> userDNs = userService.getUserDNs(searchConnection, username);
if (userDNs.isEmpty())
return null;
// Warn if multiple DNs exist for the same user
if (userDNs.size() != 1) {
logger.warn("Multiple DNs possible for user \"{}\": {}", username, userDNs);
return null;
}
// Return the single possible DN
return userDNs.get(0);
}
// Always disconnect
finally {
disconnect(searchConnection);
}
}
// Otherwise, derive user DN from base DN
return userService.deriveUserDN(username); return userService.deriveUserDN(username);
} }
@@ -137,10 +196,15 @@ public class AuthenticationProviderService {
// Bind using provided credentials // Bind using provided credentials
try { try {
// Bind as user byte[] passwordBytes;
try { try {
ldapConnection.bind(LDAPConnection.LDAP_V3, userDN,
password.getBytes("UTF-8")); // Convert password into corresponding byte array
if (password != null)
passwordBytes = password.getBytes("UTF-8");
else
passwordBytes = null;
} }
catch (UnsupportedEncodingException e) { catch (UnsupportedEncodingException e) {
logger.error("Unexpected lack of support for UTF-8: {}", e.getMessage()); logger.error("Unexpected lack of support for UTF-8: {}", e.getMessage());
@@ -148,15 +212,15 @@ public class AuthenticationProviderService {
return null; return null;
} }
// Disconnect if an error occurs during bind // Bind as user
catch (LDAPException e) { ldapConnection.bind(LDAPConnection.LDAP_V3, userDN, passwordBytes);
ldapConnection.disconnect();
throw e;
}
} }
// Disconnect if an error occurs during bind
catch (LDAPException e) { catch (LDAPException e) {
logger.debug("LDAP bind failed.", e); logger.debug("LDAP bind failed.", e);
disconnect(ldapConnection);
return null; return null;
} }
@@ -202,7 +266,7 @@ public class AuthenticationProviderService {
// Determine user DN // Determine user DN
String userDN = getUserBindDN(username); String userDN = getUserBindDN(username);
if (userDN == null) { if (userDN == null) {
logger.error("Unable to determine DN for user \"{}\".", username); logger.debug("Unable to determine DN for user \"{}\".", username);
return null; return null;
} }
@@ -255,18 +319,7 @@ public class AuthenticationProviderService {
// Always disconnect // Always disconnect
finally { finally {
disconnect(ldapConnection);
// Attempt disconnect
try {
ldapConnection.disconnect();
}
// Warn if disconnect unexpectedly fails
catch (LDAPException e) {
logger.warn("Unable to disconnect from LDAP server: {}", e.getMessage());
logger.debug("LDAP disconnect failed.", e);
}
} }
} }
@@ -305,18 +358,7 @@ public class AuthenticationProviderService {
// Always disconnect // Always disconnect
finally { finally {
disconnect(ldapConnection);
// Attempt disconnect
try {
ldapConnection.disconnect();
}
// Warn if disconnect unexpectedly fails
catch (LDAPException e) {
logger.warn("Unable to disconnect from LDAP server: {}", e.getMessage());
logger.debug("LDAP disconnect failed.", e);
}
} }
} }