From 735b22bcf08b8d775fc815aba0cd80f3183a3a33 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Tue, 31 Jul 2018 07:57:54 -0400 Subject: [PATCH] GUACAMOLE-593: Add documentation to new methods, properly escape attribute. --- .../guacamole/auth/ldap/ConfigurationService.java | 11 +++++++++++ .../guacamole/auth/ldap/LDAPGuacamoleProperties.java | 3 +++ .../auth/ldap/connection/ConnectionService.java | 6 ++++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index 361af039d..b52ad50d2 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -359,6 +359,17 @@ public class ConfigurationService { ); } + /** + * Returns the name of the LDAP attribute used to enumerate + * members in a group, or "member" by default. + * + * @return + * The name of the LDAP attribute to use to enumerate + * members in a group. + * + * @throws GuacamoleException + * If guacamole.properties connect be parsed. + */ public String getMemberAttribute() throws GuacamoleException { return environment.getProperty( LDAPGuacamoleProperties.LDAP_MEMBER_ATTRIBUTE, diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index e96145f1a..120b09ea2 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -216,6 +216,9 @@ public class LDAPGuacamoleProperties { }; + /** + * LDAP attribute used to enumerate members of a group in the LDAP directory. + */ public static final StringGuacamoleProperty LDAP_MEMBER_ATTRIBUTE = new StringGuacamoleProperty() { @Override diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java index 5533ff022..984e77211 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java @@ -247,7 +247,8 @@ public class ConnectionService { // Add the prefix to the search filter, prefix filter searches for guacConfigGroups with the userDN as the member attribute value connectionSearchFilter.append("(&(objectClass=guacConfigGroup)"); connectionSearchFilter.append("(|("); - connectionSearchFilter.append(confService.getMemberAttribute()); + connectionSearchFilter.append(escapingService.escapeLDAPSearchFilter( + confService.getMemberAttribute())); connectionSearchFilter.append("="); connectionSearchFilter.append(escapingService.escapeLDAPSearchFilter(userDN)); connectionSearchFilter.append(")"); @@ -261,7 +262,8 @@ public class ConnectionService { groupBaseDN, LDAPConnection.SCOPE_SUB, "(&(!(objectClass=guacConfigGroup))(" - + confService.getMemberAttribute() + + escapingService.escapeLDAPSearchFilter( + confService.getMemberAttribute()) + "=" + escapingService.escapeLDAPSearchFilter(userDN) + "))", null,