Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-937

Failures within bindAs() may have unexpected side effects

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.1.0
    • Fix Version/s: 1.1.0
    • Component/s: guacamole-auth-ldap
    • Labels:
      None

      Description

      The bindAs() function formerly returned null when failures prevented binding, but now throws GuacamoleInvalidCredentialsException for such failures. This change is technically incorrect:

      • GuacamoleInvalidCredentialsException specifically indicates that the Guacamole user's credentials are invalid, but bindAs() is not restricted to being used with the user's credentials. It is a generic utility function.
      • Throwing any subclass of GuacamoleUnauthorizedException from within an active Guacamole session will result in that Guacamole session being implicitly invalidated, an unexpected side effect for any caller of bindAs().

      This currently specifically affects failures to bind using the search DN, which now appear as if they are login failures and are not specifically logged, and conceivably would cause confusion in the future if bindAs() is used elsewhere.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mjumper Mike Jumper
                Reporter:
                mjumper Mike Jumper
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: