Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-937

Failures within bindAs() may have unexpected side effects

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.1.0
    • 1.1.0
    • guacamole-auth-ldap
    • None

    Description

      The bindAs() function formerly returned null when failures prevented binding, but now throws GuacamoleInvalidCredentialsException for such failures. This change is technically incorrect:

      • GuacamoleInvalidCredentialsException specifically indicates that the Guacamole user's credentials are invalid, but bindAs() is not restricted to being used with the user's credentials. It is a generic utility function.
      • Throwing any subclass of GuacamoleUnauthorizedException from within an active Guacamole session will result in that Guacamole session being implicitly invalidated, an unexpected side effect for any caller of bindAs().

      This currently specifically affects failures to bind using the search DN, which now appear as if they are login failures and are not specifically logged, and conceivably would cause confusion in the future if bindAs() is used elsewhere.

      Attachments

        Issue Links

          is caused by

          Improvement - An improvement or enhancement to an existing feature or task. GUACAMOLE-234 Migrate from JLDAP to Apache Directory LDAP API

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              mjumper Mike Jumper
              mjumper Mike Jumper
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: