safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 13:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-244: Support configuration of alias dereferencing

Browse Source
This commit is contained in:
Nick Couchman
2017-03-18 12:08:38 -04:00
parent 1a621886c6
commit 907e0edfcf
4 changed files with 61 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java
View File

@@ -223,4 +223,36 @@ public class ConfigurationService {
); );
} }
/**
* Returns whether or not LDAP aliases will be dereferenced,
* as configured with guacamole.properties.
* By default they will never be dereferenced.
*
* @return
* An integer representing the status of of alias
* dereferencing, as configured in guacamole.properties.
*
* @throws GuacamoleException
* If guacamole.properties cannot be parsed.
*/
public int getDereferenceAliases() throws GuacamoleException {
String derefAliases = environment.getProperty(
LDAPGuacamoleProperties.LDAP_DEREFERENCE_ALIASES,
"never"
);
if (derefAliases == "always")
return 3;
else if (derefAliases == "finding")
return 2;
else if (derefAliases == "searching")
return 1;
else
return 0;
}
} }

10
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java
View File

@@ -153,4 +153,14 @@ public class LDAPGuacamoleProperties {
}; };
/**
* The behavior of alias dereferncing for the LDAP connections.
*/
public static final StringGuacamoleProperty LDAP_DEREFERENCE_ALIASES = new StringGuacamoleProperty() {
@Override
public String getName() { return "ldap-dereference-aliases"; }
};
} }

15
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
View File

@@ -24,6 +24,7 @@ import com.novell.ldap.LDAPAttribute;
import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException; import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPSearchConstraints;
import com.novell.ldap.LDAPSearchResults; import com.novell.ldap.LDAPSearchResults;
import java.util.Collections; import java.util.Collections;
import java.util.Enumeration; import java.util.Enumeration;
@@ -108,6 +109,10 @@ public class ConnectionService {
// current user // current user
String connectionSearchFilter = getConnectionSearchFilter(userDN, ldapConnection); String connectionSearchFilter = getConnectionSearchFilter(userDN, ldapConnection);
// Set Search Constraints
LDAPSearchConstraints constraints = new LDAPSearchConstraints();
constraints.setDereference(confService.getDereferenceAliases());
// Find all Guacamole connections for the given user by // Find all Guacamole connections for the given user by
// looking for direct membership in the guacConfigGroup // looking for direct membership in the guacConfigGroup
// and possibly any groups the user is a member of that are // and possibly any groups the user is a member of that are
@@ -117,7 +122,8 @@ public class ConnectionService {
LDAPConnection.SCOPE_SUB, LDAPConnection.SCOPE_SUB,
connectionSearchFilter, connectionSearchFilter,
null, null,
false false,
constraints
); );
// Build token filter containing credential tokens // Build token filter containing credential tokens
@@ -234,13 +240,18 @@ public class ConnectionService {
String groupBaseDN = confService.getGroupBaseDN(); String groupBaseDN = confService.getGroupBaseDN();
if (groupBaseDN != null) { if (groupBaseDN != null) {
// Set up LDAP constraints
LDAPSearchConstraints constraints = new LDAPSearchConstraints();
constraints.setDereference(confService.getDereferenceAliases());
// Get all groups the user is a member of starting at the groupBaseDN, excluding guacConfigGroups // Get all groups the user is a member of starting at the groupBaseDN, excluding guacConfigGroups
LDAPSearchResults userRoleGroupResults = ldapConnection.search( LDAPSearchResults userRoleGroupResults = ldapConnection.search(
groupBaseDN, groupBaseDN,
LDAPConnection.SCOPE_SUB, LDAPConnection.SCOPE_SUB,
"(&(!(objectClass=guacConfigGroup))(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))", "(&(!(objectClass=guacConfigGroup))(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))",
null, null,
false false,
constraints
); );
// Append the additional user groups to the LDAP filter // Append the additional user groups to the LDAP filter

7
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java
View File

@@ -88,6 +88,7 @@ public class UserService {
// Set search limits // Set search limits
LDAPSearchConstraints constraints = new LDAPSearchConstraints(); LDAPSearchConstraints constraints = new LDAPSearchConstraints();
constraints.setMaxResults(confService.getMaxResults()); constraints.setMaxResults(confService.getMaxResults());
constraints.setDereference(confService.getDereferenceAliases());
// Find all Guacamole users underneath base DN // Find all Guacamole users underneath base DN
LDAPSearchResults results = ldapConnection.search( LDAPSearchResults results = ldapConnection.search(
@@ -247,6 +248,9 @@ public class UserService {
List<String> userDNs = new ArrayList<String>(); List<String> userDNs = new ArrayList<String>();
LDAPSearchConstraints constraints = new LDAPSearchConstraints();
constraints.setDereference(confService.getDereferenceAliases());
// Find all Guacamole users underneath base DN and matching the // Find all Guacamole users underneath base DN and matching the
// specified username // specified username
LDAPSearchResults results = ldapConnection.search( LDAPSearchResults results = ldapConnection.search(
@@ -254,7 +258,8 @@ public class UserService {
LDAPConnection.SCOPE_SUB, LDAPConnection.SCOPE_SUB,
generateLDAPQuery(username), generateLDAPQuery(username),
null, null,
false false,
constraints
); );
// Add all DNs for found users // Add all DNs for found users