fix #2605 add ldap.allow.empty.permission

2021-12-01 21:29:40 +09:00 · 2021-12-01 21:29:40 +09:00 · 00297eb14e
commit 00297eb14e
parent fb7e40e421
3 changed files with 45 additions and 4 deletions
--- a/src/main/java/org/codelibs/fess/ldap/LdapManager.java
+++ b/src/main/java/org/codelibs/fess/ldap/LdapManager.java
@ -161,10 +161,17 @@ public class LdapManager {
        final Hashtable<String, String> env = createSearchEnv(username, password);
        try (DirContextHolder holder = getDirContext(() -> env)) {
            final DirContext context = holder.get();
-            if (logger.isDebugEnabled()) {
-                logger.debug("Logged in.", context);
+            final LdapUser ldapUser = createLdapUser(username, env);
+            if (!fessConfig.isLdapAllowEmptyPermission() && ldapUser.getPermissions().length == 0) {
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Login failed. No permissions. {}", context);
+                }
+                return OptionalEntity.empty();
            }
-            return OptionalEntity.of(createLdapUser(username, env));
+            if (logger.isDebugEnabled()) {
+                logger.debug("Logged in. {}", context);
+            }
+            return OptionalEntity.of(ldapUser);
        } catch (final Exception e) {
            logger.debug("Login failed.", e);
        }
@ -175,10 +182,17 @@ public class LdapManager {
        final Hashtable<String, String> env = createSearchEnv();
        try (DirContextHolder holder = getDirContext(() -> env)) {
            final DirContext context = holder.get();
+            final LdapUser ldapUser = createLdapUser(username, env);
+            if (!fessConfig.isLdapAllowEmptyPermission() && ldapUser.getPermissions().length == 0) {
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Login failed. No permissions. {}", context);
+                }
+                return OptionalEntity.empty();
+            }
            if (logger.isDebugEnabled()) {
                logger.debug("Logged in.", context);
            }
-            return OptionalEntity.of(createLdapUser(username, env));
+            return OptionalEntity.of(ldapUser);
        } catch (final Exception e) {
            logger.debug("Login failed.", e);
        }
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
@ -1583,6 +1583,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
    /** The key of the configuration. e.g. false */
    String LDAP_LOWERCASE_PERMISSION_NAME = "ldap.lowercase.permission.name";

+    /** The key of the configuration. e.g. true */
+    String LDAP_ALLOW_EMPTY_PERMISSION = "ldap.allow.empty.permission";
+
    /** The key of the configuration. e.g. true */
    String LDAP_ROLE_SEARCH_USER_ENABLED = "ldap.role.search.user.enabled";

@ -6829,6 +6832,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     */
    boolean isLdapLowercasePermissionName();

+    /**
+     * Get the value for the key 'ldap.allow.empty.permission'. <br>
+     * The value is, e.g. true <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getLdapAllowEmptyPermission();
+
+    /**
+     * Is the property for the key 'ldap.allow.empty.permission' true? <br>
+     * The value is, e.g. true <br>
+     * @return The determination, true or false. (if not found, exception but basically no way)
+     */
+    boolean isLdapAllowEmptyPermission();
+
    /**
     * Get the value for the key 'ldap.role.search.user.enabled'. <br>
     * The value is, e.g. true <br>
@ -9839,6 +9856,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
            return is(FessConfig.LDAP_LOWERCASE_PERMISSION_NAME);
        }

+        public String getLdapAllowEmptyPermission() {
+            return get(FessConfig.LDAP_ALLOW_EMPTY_PERMISSION);
+        }
+
+        public boolean isLdapAllowEmptyPermission() {
+            return is(FessConfig.LDAP_ALLOW_EMPTY_PERMISSION);
+        }
+
        public String getLdapRoleSearchUserEnabled() {
            return get(FessConfig.LDAP_ROLE_SEARCH_USER_ENABLED);
        }
@ -10495,6 +10520,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
            defaultMap.put(FessConfig.LDAP_IGNORE_NETBIOS_NAME, "true");
            defaultMap.put(FessConfig.LDAP_GROUP_NAME_WITH_UNDERSCORES, "false");
            defaultMap.put(FessConfig.LDAP_LOWERCASE_PERMISSION_NAME, "false");
+            defaultMap.put(FessConfig.LDAP_ALLOW_EMPTY_PERMISSION, "true");
            defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_USER_ENABLED, "true");
            defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_GROUP_ENABLED, "true");
            defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_ROLE_ENABLED, "true");
--- a/src/main/resources/fess_config.properties
+++ b/src/main/resources/fess_config.properties
@ -818,6 +818,7 @@ ldap.max.username.length=-1
 ldap.ignore.netbios.name=true
 ldap.group.name.with.underscores=false
 ldap.lowercase.permission.name=false
+ldap.allow.empty.permission=true

 ldap.role.search.user.enabled=true
 ldap.role.search.group.enabled=true