From 749da7d29cf8db1db5b0bf40f8f813e210167f05 Mon Sep 17 00:00:00 2001
From: Virtually Nick <vnick@apache.org>
Date: Mon, 12 Aug 2019 09:25:48 -0400
Subject: [PATCH] GUACAMOLE-234: Fix resource leaks in new LDAP code.

---
 .../auth/ldap/LDAPConnectionService.java      | 16 ++--------
 .../auth/ldap/ObjectQueryService.java         | 29 +++++++++----------
 2 files changed, 17 insertions(+), 28 deletions(-)

diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
index ecde74c52..49a3f7c2d 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
@@ -128,10 +128,8 @@ public class LDAPConnectionService {
     public LdapNetworkConnection bindAs(Dn userDN, String password)
             throws GuacamoleException {
 
-        // Obtain appropriately-configured LdapNetworkConnection instance
-        LdapNetworkConnection ldapConnection = createLDAPConnection();
-
-        try {
+        // Get ldapConnection and try to connect and bind.
+        try (LdapNetworkConnection ldapConnection = createLDAPConnection()) {
 
             // Connect to LDAP server
             ldapConnection.connect();
@@ -140,14 +138,7 @@ public class LDAPConnectionService {
             if (confService.getEncryptionMethod() == EncryptionMethod.STARTTLS)
                 ldapConnection.startTls();
 
-        }
-        catch (LdapException e) {
-            throw new GuacamoleServerException("Error connecting to LDAP server.", e);
-        }
-
-        // Bind using provided credentials
-        try {
-
+            // Bind using provided credentials
             BindRequest bindRequest = new BindRequestImpl();
             bindRequest.setDn(userDN);
             bindRequest.setCredentials(password);
@@ -165,7 +156,6 @@ public class LDAPConnectionService {
         // Disconnect if an error occurs during bind
         catch (LdapException e) {
             logger.debug("Unable to bind to LDAP server.", e);
-            disconnect(ldapConnection);
             throw new GuacamoleInvalidCredentialsException(
                     "Unable to bind to the LDAP server.",
                     CredentialsInfo.USERNAME_PASSWORD);
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
index f9d7956a2..ebf979274 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
@@ -20,6 +20,7 @@
 package org.apache.guacamole.auth.ldap;
 
 import com.google.inject.Inject;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -188,26 +189,24 @@ public class ObjectQueryService {
 
         logger.debug("Searching \"{}\" for objects matching \"{}\".", baseDN, query);
 
-        try {
-
-            LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
+        LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
             
-            // Search within subtree of given base DN
-            SearchRequest request = ldapService.getSearchRequest(baseDN,
-                    query);
+        // Search within subtree of given base DN
+        SearchRequest request = ldapService.getSearchRequest(baseDN,
+                query);
             
-            SearchCursor results = ldapConnection.search(request);
-
-            // Produce list of all entries in the search result, automatically
-            // following referrals if configured to do so
-            List<Entry> entries = new ArrayList<>();
+        // Produce list of all entries in the search result, automatically
+        // following referrals if configured to do so
+        List<Entry> entries = new ArrayList<>();
+            
+        try (SearchCursor results = ldapConnection.search(request)) {
             while (results.next()) {
 
                 if (results.isEntry()) {
                     entries.add(results.getEntry());
                 }
                 else if (results.isReferral() && request.isFollowReferrals()) {
-                    
+
                     Referral referral = results.getReferral();
                     for (String url : referral.getLdapUrls()) {
                         LdapNetworkConnection referralConnection =
@@ -218,15 +217,15 @@ public class ObjectQueryService {
                         entries.addAll(search(referralConnection, baseDN, query,
                                 searchHop));
                     }
-                    
+
                 }
-                
+
             }
 
             return entries;
 
         }
-        catch (CursorException | LdapException e) {
+        catch (CursorException | IOException | LdapException e) {
             throw new GuacamoleServerException("Unable to query list of "
                     + "objects from LDAP directory.", e);
         }