You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/01/23 06:41:00 UTC
[jira] [Assigned] (GUACAMOLE-937) Failures within bindAs() may have
unexpected side effects
[ https://issues.apache.org/jira/browse/GUACAMOLE-937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Jumper reassigned GUACAMOLE-937:
-------------------------------------
Assignee: Mike Jumper
> Failures within bindAs() may have unexpected side effects
> ---------------------------------------------------------
>
> Key: GUACAMOLE-937
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-937
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Affects Versions: 1.1.0
> Reporter: Mike Jumper
> Assignee: Mike Jumper
> Priority: Major
> Fix For: 1.1.0
>
>
> The {{bindAs()}} function formerly returned {{null}} when failures prevented binding, but now throws {{GuacamoleInvalidCredentialsException}} for such failures. This change is technically incorrect:
> * {{GuacamoleInvalidCredentialsException}} specifically indicates that the *Guacamole user's credentials* are invalid, but {{bindAs()}} is not restricted to being used with the user's credentials. It is a generic utility function.
> * Throwing any subclass of {{GuacamoleUnauthorizedException}} from within an active Guacamole session will result in that Guacamole session being implicitly invalidated, an unexpected side effect for any caller of {{bindAs()}}.
> This currently specifically affects failures to bind using the search DN, which now appear as if they are login failures and are not specifically logged, and conceivably would cause confusion in the future if {{bindAs()}} is used elsewhere.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)