safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1239: Merge changes correcting and simplifying case sensitivity settings (single global setting).

Browse Source
This commit is contained in:
Mike Jumper
2024-11-10 10:40:34 -08:00
committed by GitHub
parent 3fcc59a8a5 f314e78c7c
commit 2e8d2f3191
130 changed files with 2166 additions and 1529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
View File

@@ -54,25 +54,4 @@ public class ConfigurationService {
); );
} }
/**
* Returns true if the usernames provided to the header authentication
* module should be treated as case-sensitive, or false if usernames
* should be treated as case-insensitive. This will default to the global
* Guacamole configuration for case-sensitivity, which defaults to true, but
* can be overridden for this extension, if desired.
*
* @return
* true if usernames should be treated as case-sensitive, otherwise
* false.
*
* @throws GuacamoleException
* If guacamole.properties cannot be parsed.
*/
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
return environment.getProperty(
HTTPHeaderGuacamoleProperties.HTTP_AUTH_CASE_SENSITIVE_USERNAMES,
environment.getCaseSensitiveUsernames()
);
}
} }

13
extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
View File

@@ -19,7 +19,6 @@
package org.apache.guacamole.auth.header; package org.apache.guacamole.auth.header;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty;
@@ -45,16 +44,4 @@ public class HTTPHeaderGuacamoleProperties {
}; };
/**
* A property used to configure whether or not usernames within the header
* module should be treated as case-sensitive.
*/
public static final BooleanGuacamoleProperty HTTP_AUTH_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "http-auth-case-sensitive-usernames"; }
};
} }

28
extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
View File

@@ -20,13 +20,9 @@
package org.apache.guacamole.auth.header.user; package org.apache.guacamole.auth.header.user;
import com.google.inject.Inject; import com.google.inject.Inject;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.header.ConfigurationService;
import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* An HTTP header implementation of AuthenticatedUser, associating a * An HTTP header implementation of AuthenticatedUser, associating a
@@ -35,11 +31,6 @@ import org.slf4j.LoggerFactory;
*/ */
public class AuthenticatedUser extends AbstractAuthenticatedUser { public class AuthenticatedUser extends AbstractAuthenticatedUser {
/**
* Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticatedUser.class);
/** /**
* Reference to the authentication provider associated with this * Reference to the authentication provider associated with this
* authenticated user. * authenticated user.
@@ -47,12 +38,6 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser {
@Inject @Inject
private AuthenticationProvider authProvider; private AuthenticationProvider authProvider;
/**
* Service for retrieving header configuration information.
*/
@Inject
private ConfigurationService confService;
/** /**
* The credentials provided when this user was authenticated. * The credentials provided when this user was authenticated.
*/ */
@@ -73,19 +58,6 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser {
setIdentifier(username.toLowerCase()); setIdentifier(username.toLowerCase());
} }
@Override
public boolean isCaseSensitive() {
try {
return confService.getCaseSensitiveUsernames();
}
catch (GuacamoleException e) {
LOGGER.error("Error when trying to retrieve header configuration: {}."
+ " Usernames comparison will be case-sensitive.", e);
LOGGER.debug("Exception caught when retrieving header configuration.", e);
return true;
}
}
@Override @Override
public AuthenticationProvider getAuthenticationProvider() { public AuthenticationProvider getAuthenticationProvider() {
return authProvider; return authProvider;

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java
View File

@@ -23,11 +23,12 @@ import com.google.inject.Inject;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel;
import org.apache.guacamole.auth.jdbc.connection.ModeledConnectionRecord; import org.apache.guacamole.auth.jdbc.connection.ModeledConnectionRecord;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.environment.LocalEnvironment;
import org.apache.guacamole.net.GuacamoleTunnel; import org.apache.guacamole.net.GuacamoleTunnel;
import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.DelegatingConnection; import org.apache.guacamole.net.auth.DelegatingConnection;
@@ -58,10 +59,9 @@ public class HistoryTrackingConnection extends DelegatingConnection {
private final ConnectionRecordMapper connectionRecordMapper; private final ConnectionRecordMapper connectionRecordMapper;
/** /**
* The Guacamole server environment. * The environment in which Guacamole is running.
*/ */
@Inject private final Environment environment = LocalEnvironment.getInstance();
private JDBCEnvironment environment;
/** /**
* Creates a new HistoryConnection that wraps the given connection, * Creates a new HistoryConnection that wraps the given connection,
@@ -106,7 +106,7 @@ public class HistoryTrackingConnection extends DelegatingConnection {
// Insert the connection history record to mark the start of this connection // Insert the connection history record to mark the start of this connection
connectionRecordMapper.insert(connectionRecordModel, connectionRecordMapper.insert(connectionRecordModel,
environment.getCaseSensitiveUsernames()); environment.getCaseSensitivity());
// Include history record UUID as token // Include history record UUID as token
ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel); ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel);

25
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
import org.apache.guacamole.auth.jdbc.user.UserModel; import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -39,15 +40,15 @@ public interface ActivityRecordMapper<ModelType> {
* @param record * @param record
* The activity record to insert. * The activity record to insert.
* *
* @param caseSensitive * @param caseSensitivity
* Whether or not string comparisons should be done in a case-sensitive * The object that contains current configuration for case sensitivity
* manner. * for usernames and group names.
* *
* @return * @return
* The number of rows inserted. * The number of rows inserted.
*/ */
int insert(@Param("record") ModelType record, int insert(@Param("record") ModelType record,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Updates the given activity record in the database, assigning an end * Updates the given activity record in the database, assigning an end
@@ -91,9 +92,9 @@ public interface ActivityRecordMapper<ModelType> {
* @param limit * @param limit
* The maximum number of records that should be returned. * The maximum number of records that should be returned.
* *
* @param caseSensitive * @param caseSensitivity
* Whether or not string comparisons should be done in a case-sensitive * The object that contains current configuration for case sensitivity
* manner. * for usernames and group names.
* *
* @return * @return
* The results of the search performed with the given parameters. * The results of the search performed with the given parameters.
@@ -103,7 +104,7 @@ public interface ActivityRecordMapper<ModelType> {
@Param("terms") Collection<ActivityRecordSearchTerm> terms, @Param("terms") Collection<ActivityRecordSearchTerm> terms,
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates, @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit, @Param("limit") int limit,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Searches for up to <code>limit</code> activity records that contain * Searches for up to <code>limit</code> activity records that contain
@@ -143,9 +144,9 @@ public interface ActivityRecordMapper<ModelType> {
* no groups are given, only permissions directly granted to the user * no groups are given, only permissions directly granted to the user
* will be used. * will be used.
* *
* @param caseSensitive * @param caseSensitivity
* Whether or not string comparisons should be done in a case-sensitive * The object that contains current configuration for case sensitivity
* manner. * for usernames and group names.
* *
* @return * @return
* The results of the search performed with the given parameters. * The results of the search performed with the given parameters.
@@ -157,6 +158,6 @@ public interface ActivityRecordMapper<ModelType> {
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates, @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit, @Param("limit") int limit,
@Param("effectiveGroups") Collection<String> effectiveGroups, @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
} }

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java
View File

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection; import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -68,6 +69,10 @@ public interface EntityMapper {
* that the database engine in question will always support (or always * that the database engine in question will always support (or always
* not support) recursive queries, this parameter may be ignored. * not support) recursive queries, this parameter may be ignored.
* *
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return * @return
* The set of identifiers of all groups that the given entity is a * The set of identifiers of all groups that the given entity is a
* member of, including those where membership is inherited through * member of, including those where membership is inherited through
@@ -75,6 +80,7 @@ public interface EntityMapper {
*/ */
Set<String> selectEffectiveGroupIdentifiers(@Param("entity") EntityModel entity, Set<String> selectEffectiveGroupIdentifiers(@Param("entity") EntityModel entity,
@Param("effectiveGroups") Collection<String> effectiveGroups, @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("recursive") boolean recursive); @Param("recursive") boolean recursive,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
} }

28
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java
View File

@@ -22,9 +22,13 @@ package org.apache.guacamole.auth.jdbc.base;
import com.google.inject.Inject; import com.google.inject.Inject;
import java.util.Collection; import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.session.SqlSession; import org.apache.ibatis.session.SqlSession;
import org.mybatis.guice.transactional.Transactional; import org.mybatis.guice.transactional.Transactional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* Service which provides convenience methods for creating, retrieving, and * Service which provides convenience methods for creating, retrieving, and
@@ -32,6 +36,11 @@ import org.mybatis.guice.transactional.Transactional;
*/ */
public class EntityService { public class EntityService {
/**
* The Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(EntityService.class);
/** /**
* The Guacamole server environment. * The Guacamole server environment.
*/ */
@@ -76,9 +85,22 @@ public class EntityService {
public Set<String> retrieveEffectiveGroups(ModeledPermissions<? extends EntityModel> entity, public Set<String> retrieveEffectiveGroups(ModeledPermissions<? extends EntityModel> entity,
Collection<String> effectiveGroups) { Collection<String> effectiveGroups) {
CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED;
try {
caseSensitivity = environment.getCaseSensitivity();
}
catch (GuacamoleException e) {
LOGGER.warn("Unable to retrieve configuration setting for group "
+ "name case sensitivity: {}. Group names will be treated "
+ "as case-sensitive.", e.getMessage());
LOGGER.debug("An exception was caught while trying to get group name"
+ "case sensitivity configuration.", e);
}
// Retrieve the effective user groups of the given entity, recursively if possible // Retrieve the effective user groups of the given entity, recursively if possible
boolean recursive = environment.isRecursiveQuerySupported(sqlSession); boolean recursive = environment.isRecursiveQuerySupported(sqlSession);
Set<String> identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), effectiveGroups, recursive); Set<String> identifiers = entityMapper.selectEffectiveGroupIdentifiers(
entity.getModel(), effectiveGroups, recursive, caseSensitivity);
// If the set of user groups retrieved was not produced recursively, // If the set of user groups retrieved was not produced recursively,
// manually repeat the query to expand the set until all effective // manually repeat the query to expand the set until all effective
@@ -87,7 +109,9 @@ public class EntityService {
Set<String> previousIdentifiers; Set<String> previousIdentifiers;
do { do {
previousIdentifiers = identifiers; previousIdentifiers = identifiers;
identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), previousIdentifiers, false); identifiers = entityMapper.selectEffectiveGroupIdentifiers(
entity.getModel(), previousIdentifiers, false,
caseSensitivity);
} while (identifiers.size() > previousIdentifiers.size()); } while (identifiers.size() > previousIdentifiers.size());
} }

32
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection; import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.UserModel; import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -61,11 +62,16 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* The identifiers of any known effective groups that should be taken * The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database. * into account, such as those defined externally to the database.
* *
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return * @return
* A Set containing all identifiers of all readable objects. * A Set containing all identifiers of all readable objects.
*/ */
Set<String> selectReadableIdentifiers(@Param("user") UserModel user, Set<String> selectReadableIdentifiers(@Param("user") UserModel user,
@Param("effectiveGroups") Collection<String> effectiveGroups); @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Selects all objects which have the given identifiers. If an identifier * Selects all objects which have the given identifiers. If an identifier
@@ -77,15 +83,15 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* @param identifiers * @param identifiers
* The identifiers of the objects to return. * The identifiers of the objects to return.
* *
* @param caseSensitive * @param caseSensitivity
* true if the query should evaluate identifiers in a case-sensitive * The object that contains current configuration for case sensitivity
* manner, otherwise false. * for usernames and group names.
* *
* @return * @return
* A Collection of all objects having the given identifiers. * A Collection of all objects having the given identifiers.
*/ */
Collection<ModelType> select(@Param("identifiers") Collection<String> identifiers, Collection<ModelType> select(@Param("identifiers") Collection<String> identifiers,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Selects all objects which have the given identifiers and are explicitly * Selects all objects which have the given identifiers and are explicitly
@@ -105,9 +111,9 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* The identifiers of any known effective groups that should be taken * The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database. * into account, such as those defined externally to the database.
* *
* @param caseSensitive * @param caseSensitivity
* true if the query should evaluate identifiers in a case-sensitive * The object that contains current configuration for case sensitivity
* manner, otherwise false. * for usernames and group names.
* *
* @return * @return
* A Collection of all objects having the given identifiers. * A Collection of all objects having the given identifiers.
@@ -115,7 +121,7 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
Collection<ModelType> selectReadable(@Param("user") UserModel user, Collection<ModelType> selectReadable(@Param("user") UserModel user,
@Param("identifiers") Collection<String> identifiers, @Param("identifiers") Collection<String> identifiers,
@Param("effectiveGroups") Collection<String> effectiveGroups, @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Inserts the given object into the database. If the object already * Inserts the given object into the database. If the object already
@@ -136,15 +142,15 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* @param identifier * @param identifier
* The identifier of the object to delete. * The identifier of the object to delete.
* *
* @param caseSensitive * @param caseSensitivity
* true if the query should evaluate the identifier in a * The case sensitivity configuration that contains information on
* case-sensitive manner, otherwise false. * whether usernames and/or group names will be treated as case-sensitive.
* *
* @return * @return
* The number of rows deleted. * The number of rows deleted.
*/ */
int delete(@Param("identifier") String identifier, int delete(@Param("identifier") String identifier,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Updates the given existing object in the database. If the object does * Updates the given existing object in the database. If the object does

36
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java
View File

@@ -27,9 +27,9 @@ import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel;
@@ -37,6 +37,7 @@ import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.net.auth.Identifiable; import org.apache.guacamole.net.auth.Identifiable;
import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
import org.mybatis.guice.transactional.Transactional; import org.mybatis.guice.transactional.Transactional;
/** /**
@@ -117,20 +118,20 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
ModelType model) throws GuacamoleException; ModelType model) throws GuacamoleException;
/** /**
* Returns whether or not identifiers for objects provided by this service * Returns the case sensitivity configuration for this service, which will
* are handled in a case-sensitive manner or not. * be used to determine whether usernames and/or group names will be treated
* as case-sensitive.
* *
* @return * @return
* "true" if identifiers handled by this object service should be * The case sensitivity configuration for this service.
* treated as case-sensitive, otherwise false.
* *
* @throws GuacamoleException * @throws GuacamoleException
* If an error occurs retrieving relevant configuration information. * If an error occurs retrieving relevant configuration information.
*/ */
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException { protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
// By default identifiers are not case-sensitive. // Retrieve the Guacamole setting.
return false; return environment.getCaseSensitivity();
} }
@@ -246,7 +247,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
Collection<ModelType> models) throws GuacamoleException { Collection<ModelType> models) throws GuacamoleException {
// Create new collection of objects by manually converting each model // Create new collection of objects by manually converting each model
Collection<InternalType> objects = new ArrayList<InternalType>(models.size()); Collection<InternalType> objects = new ArrayList<>(models.size());
for (ModelType model : models) for (ModelType model : models)
objects.add(getObjectInstance(currentUser, model)); objects.add(getObjectInstance(currentUser, model));
@@ -426,7 +427,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
boolean userIsPrivileged = user.isPrivileged(); boolean userIsPrivileged = user.isPrivileged();
boolean caseSensitive = getCaseSensitiveIdentifiers(); CaseSensitivity caseSensitivity = getCaseSensitivity();
// Process the filteredIdentifiers in batches using Lists.partition() and flatMap // Process the filteredIdentifiers in batches using Lists.partition() and flatMap
Collection<ModelType> allObjects = Lists.partition(filteredIdentifiers, batchSize).stream() Collection<ModelType> allObjects = Lists.partition(filteredIdentifiers, batchSize).stream()
@@ -435,12 +436,12 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
// Bypass permission checks if the user is privileged // Bypass permission checks if the user is privileged
if (userIsPrivileged) if (userIsPrivileged)
objects = getObjectMapper().select(chunk, caseSensitive); objects = getObjectMapper().select(chunk, caseSensitivity);
// Otherwise only return explicitly readable identifiers // Otherwise only return explicitly readable identifiers
else else
objects = getObjectMapper().selectReadable(user.getUser().getModel(), objects = getObjectMapper().selectReadable(user.getUser().getModel(),
chunk, user.getEffectiveUserGroups(), caseSensitive); chunk, user.getEffectiveUserGroups(), caseSensitivity);
return objects.stream(); return objects.stream();
}) })
@@ -513,7 +514,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
// Add implicit permissions // Add implicit permissions
Collection<ObjectPermissionModel> implicitPermissions = getImplicitPermissions(user, model); Collection<ObjectPermissionModel> implicitPermissions = getImplicitPermissions(user, model);
if (!implicitPermissions.isEmpty()) if (!implicitPermissions.isEmpty())
getPermissionMapper().insert(implicitPermissions); getPermissionMapper().insert(implicitPermissions, getCaseSensitivity());
// Add any arbitrary attributes // Add any arbitrary attributes
if (model.hasArbitraryAttributes()) if (model.hasArbitraryAttributes())
@@ -530,7 +531,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
beforeDelete(user, identifier); beforeDelete(user, identifier);
// Delete object // Delete object
getObjectMapper().delete(identifier, getCaseSensitiveIdentifiers()); getObjectMapper().delete(identifier, getCaseSensitivity());
} }
@@ -562,8 +563,11 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
// Otherwise only return explicitly readable identifiers // Otherwise only return explicitly readable identifiers
else else
return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel(), return getObjectMapper().selectReadableIdentifiers(
user.getEffectiveUserGroups()); user.getUser().getModel(),
user.getEffectiveUserGroups(),
getCaseSensitivity()
);
} }

24
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectRelationMapper.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection; import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.UserModel; import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -49,17 +50,16 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
* The identifiers of the objects on the child side of the one-to-many * The identifiers of the objects on the child side of the one-to-many
* relationship represented by the RelatedObjectSet. * relationship represented by the RelatedObjectSet.
* *
* @param caseSensitive * @param caseSensitivity
* true if child identifiers should be treated as case-sensitive when * The case sensitivity configuration, used to determine whether
* performing lookups on them, or false if the queries should be done * usernames and/or group names will be treated as case-sensitive.
* case-insensitively.
* *
* @return * @return
* The number of rows inserted. * The number of rows inserted.
*/ */
int insert(@Param("parent") ParentModelType parent, int insert(@Param("parent") ParentModelType parent,
@Param("children") Collection<String> children, @Param("children") Collection<String> children,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Deletes rows as necessary to modify the one-to-many relationship * Deletes rows as necessary to modify the one-to-many relationship
@@ -76,17 +76,16 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
* The identifiers of the objects on the child side of the one-to-many * The identifiers of the objects on the child side of the one-to-many
* relationship represented by the RelatedObjectSet. * relationship represented by the RelatedObjectSet.
* *
* @param caseSensitive * @param caseSensitivity
* true if child identifiers should be treated as case-sensitive when * The case sensitivity configuration, used to determine whether
* performing lookups on them, or false if the queries should be done * usernames and/or group names will be treated as case-sensitive.
* case-insensitively.
* *
* @return * @return
* The number of rows deleted. * The number of rows deleted.
*/ */
int delete(@Param("parent") ParentModelType parent, int delete(@Param("parent") ParentModelType parent,
@Param("children") Collection<String> children, @Param("children") Collection<String> children,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Retrieves the identifiers of all objects on the child side of the * Retrieves the identifiers of all objects on the child side of the
@@ -123,6 +122,10 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
* The identifiers of any known effective groups that should be taken * The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database. * into account, such as those defined externally to the database.
* *
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @param parent * @param parent
* The model of the object on the parent side of the one-to-many * The model of the object on the parent side of the one-to-many
* relationship represented by the RelatedObjectSet. * relationship represented by the RelatedObjectSet.
@@ -133,6 +136,7 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
*/ */
Set<String> selectReadableChildIdentifiers(@Param("user") UserModel user, Set<String> selectReadableChildIdentifiers(@Param("user") UserModel user,
@Param("effectiveGroups") Collection<String> effectiveGroups, @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity,
@Param("parent") ParentModelType parent); @Param("parent") ParentModelType parent);
} }

24
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java
View File

@@ -22,11 +22,12 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* A database implementation of RelatedObjectSet which provides access to a * A database implementation of RelatedObjectSet which provides access to a
@@ -76,21 +77,21 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
} }
/** /**
* Return "true" if identifiers within a related object set should be treated * Return the current case sensitivity setting, which can be used to
* as case-sensitive, otherwise false. * determine whether or not certain identifiers should be treated as
* case-sensitive.
* *
* @return * @return
* "true" if identifiers should be treated as case-sensitive, otherwise * The current case sensitivity setting.
* "false".
* *
* @throws GuacamoleException * @throws GuacamoleException
* If an error occurs retrieving configuration information on * If an error occurs retrieving configuration information on
* case-sensitivity. * case sensitivity.
*/ */
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException { protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
// Identifiers are not case-sensitive by default. // Identifiers are not case-sensitive by default.
return false; return CaseSensitivity.DISABLED;
} }
/** /**
@@ -189,6 +190,7 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
// Otherwise only return explicitly readable identifiers // Otherwise only return explicitly readable identifiers
return getObjectRelationMapper().selectReadableChildIdentifiers( return getObjectRelationMapper().selectReadableChildIdentifiers(
user.getUser().getModel(), user.getEffectiveUserGroups(), user.getUser().getModel(), user.getEffectiveUserGroups(),
getCaseSensitivity(),
parent.getModel()); parent.getModel());
} }
@@ -202,7 +204,8 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
// Create relations only if permission is granted // Create relations only if permission is granted
if (canAlterRelation(identifiers)) if (canAlterRelation(identifiers))
getObjectRelationMapper().insert(parent.getModel(), identifiers, getCaseSensitiveIdentifiers()); getObjectRelationMapper().insert(parent.getModel(), identifiers,
getCaseSensitivity());
// User lacks permission to add user groups // User lacks permission to add user groups
else else
@@ -219,7 +222,8 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
// Delete relations only if permission is granted // Delete relations only if permission is granted
if (canAlterRelation(identifiers)) if (canAlterRelation(identifiers))
getObjectRelationMapper().delete(parent.getModel(), identifiers, getCaseSensitiveIdentifiers()); getObjectRelationMapper().delete(parent.getModel(), identifiers,
getCaseSensitivity());
// User lacks permission to remove user groups // User lacks permission to remove user groups
else else

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.java
View File

@@ -23,6 +23,7 @@ import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.user.UserModel; import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -68,12 +69,17 @@ public interface ConnectionMapper extends ModeledDirectoryObjectMapper<Connectio
* no groups are given, only permissions directly granted to the user * no groups are given, only permissions directly granted to the user
* will be used. * will be used.
* *
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return * @return
* A Set containing all identifiers of all readable objects. * A Set containing all identifiers of all readable objects.
*/ */
Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user, Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
@Param("parentIdentifier") String parentIdentifier, @Param("parentIdentifier") String parentIdentifier,
@Param("effectiveGroups") Collection<String> effectiveGroups); @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Selects the connection within the given parent group and having the * Selects the connection within the given parent group and having the

7
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
View File

@@ -361,7 +361,8 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
else else
return connectionMapper.selectReadableIdentifiersWithin( return connectionMapper.selectReadableIdentifiersWithin(
user.getUser().getModel(), identifier, user.getUser().getModel(), identifier,
user.getEffectiveUserGroups()); user.getEffectiveUserGroups(),
getCaseSensitivity());
} }
@@ -494,7 +495,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT)) if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT))
searchResults = connectionRecordMapper.search(identifier, searchResults = connectionRecordMapper.search(identifier,
recordIdentifier, requiredContents, sortPredicates, limit, recordIdentifier, requiredContents, sortPredicates, limit,
environment.getCaseSensitiveUsernames()); getCaseSensitivity());
// Otherwise only return explicitly readable history records // Otherwise only return explicitly readable history records
else else
@@ -502,7 +503,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
user.getUser().getModel(), recordIdentifier, user.getUser().getModel(), recordIdentifier,
requiredContents, sortPredicates, limit, requiredContents, sortPredicates, limit,
user.getEffectiveUserGroups(), user.getEffectiveUserGroups(),
environment.getCaseSensitiveUsernames()); getCaseSensitivity());
return getObjectInstances(searchResults); return getObjectInstances(searchResults);

4
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
View File

@@ -23,6 +23,7 @@ import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.user.UserModel; import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -73,7 +74,8 @@ public interface ConnectionGroupMapper extends ModeledDirectoryObjectMapper<Conn
*/ */
Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user, Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
@Param("parentIdentifier") String parentIdentifier, @Param("parentIdentifier") String parentIdentifier,
@Param("effectiveGroups") Collection<String> effectiveGroups); @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Selects the connection group within the given parent group and having * Selects the connection group within the given parent group and having

3
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
View File

@@ -226,7 +226,8 @@ public class ConnectionGroupService extends ModeledChildDirectoryObjectService<M
else else
return connectionGroupMapper.selectReadableIdentifiersWithin( return connectionGroupMapper.selectReadableIdentifiersWithin(
user.getUser().getModel(), identifier, user.getUser().getModel(), identifier,
user.getEffectiveUserGroups()); user.getEffectiveUserGroups(),
getCaseSensitivity());
} }

15
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
View File

@@ -23,13 +23,14 @@ import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* Service which provides convenience methods for creating, retrieving, and * Service which provides convenience methods for creating, retrieving, and
@@ -133,10 +134,12 @@ public abstract class ModeledObjectPermissionService
// Create permissions only if user has permission to do so // Create permissions only if user has permission to do so
if (canAlterPermissions(user, targetEntity, permissions)) { if (canAlterPermissions(user, targetEntity, permissions)) {
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> { batchPermissionUpdates(permissions, permissionSubset -> {
Collection<ObjectPermissionModel> models = getModelInstances( Collection<ObjectPermissionModel> models = getModelInstances(
targetEntity, permissionSubset); targetEntity, permissionSubset);
getPermissionMapper().insert(models); getPermissionMapper().insert(models, caseSensitivity);
}); });
return; return;
@@ -156,10 +159,12 @@ public abstract class ModeledObjectPermissionService
// Delete permissions only if user has permission to do so // Delete permissions only if user has permission to do so
if (canAlterPermissions(user, targetEntity, permissions)) { if (canAlterPermissions(user, targetEntity, permissions)) {
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> { batchPermissionUpdates(permissions, permissionSubset -> {
Collection<ObjectPermissionModel> models = getModelInstances( Collection<ObjectPermissionModel> models = getModelInstances(
targetEntity, permissionSubset); targetEntity, permissionSubset);
getPermissionMapper().delete(models); getPermissionMapper().delete(models, caseSensitivity);
}); });
return; return;
@@ -179,7 +184,7 @@ public abstract class ModeledObjectPermissionService
// Retrieve permissions only if allowed // Retrieve permissions only if allowed
if (canReadPermissions(user, targetEntity)) if (canReadPermissions(user, targetEntity))
return getPermissionMapper().selectOne(targetEntity.getModel(), return getPermissionMapper().selectOne(targetEntity.getModel(),
type, identifier, effectiveGroups) != null; type, identifier, effectiveGroups, getCaseSensitivity()) != null;
// User cannot read this entity's permissions // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");
@@ -205,7 +210,7 @@ public abstract class ModeledObjectPermissionService
if (canReadPermissions(user, targetEntity)) if (canReadPermissions(user, targetEntity))
return getPermissionMapper().selectAccessibleIdentifiers( return getPermissionMapper().selectAccessibleIdentifiers(
targetEntity.getModel(), permissions, identifiers, targetEntity.getModel(), permissions, identifiers,
effectiveGroups); effectiveGroups, getCaseSensitivity());
// User cannot read this entity's permissions // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");

5
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java
View File

@@ -192,7 +192,10 @@ public abstract class ModeledPermissionService<PermissionSetType extends Permiss
// Retrieve permissions only if allowed // Retrieve permissions only if allowed
if (canReadPermissions(user, targetEntity)) if (canReadPermissions(user, targetEntity))
return getPermissionInstances(getPermissionMapper().select(targetEntity.getModel(), effectiveGroups)); return getPermissionInstances(getPermissionMapper().select(
targetEntity.getModel(),
effectiveGroups,
getCaseSensitivity()));
// User cannot read this entity's permissions // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");

17
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
View File

@@ -21,8 +21,9 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection; import java.util.Collection;
import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.ibatis.annotations.Param;
import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/** /**
* Mapper for object-related permissions. * Mapper for object-related permissions.
@@ -49,6 +50,10 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
* no groups are given, only permissions directly granted to the user * no groups are given, only permissions directly granted to the user
* will be used. * will be used.
* *
* @param caseSensitivity
* The configuration of case sensitivity, used to determine whether
* usernames and/or group names will be treated as case-sensitive.
*
* @return * @return
* The requested permission, or null if no such permission is granted * The requested permission, or null if no such permission is granted
* to the given entity for the given object. * to the given entity for the given object.
@@ -56,7 +61,8 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
ObjectPermissionModel selectOne(@Param("entity") EntityModel entity, ObjectPermissionModel selectOne(@Param("entity") EntityModel entity,
@Param("type") ObjectPermission.Type type, @Param("type") ObjectPermission.Type type,
@Param("identifier") String identifier, @Param("identifier") String identifier,
@Param("effectiveGroups") Collection<String> effectiveGroups); @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Retrieves the subset of the given identifiers for which the given entity * Retrieves the subset of the given identifiers for which the given entity
@@ -80,6 +86,10 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
* no groups are given, only permissions directly granted to the user * no groups are given, only permissions directly granted to the user
* will be used. * will be used.
* *
* @param caseSensitivity
* The configuration of case sensitivity, used to determine whether
* usernames and/or group names will be treated as case-sensitive.
*
* @return * @return
* A collection containing the subset of identifiers for which at least * A collection containing the subset of identifiers for which at least
* one of the specified permissions is granted. * one of the specified permissions is granted.
@@ -87,6 +97,7 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
Collection<String> selectAccessibleIdentifiers(@Param("entity") EntityModel entity, Collection<String> selectAccessibleIdentifiers(@Param("entity") EntityModel entity,
@Param("permissions") Collection<ObjectPermission.Type> permissions, @Param("permissions") Collection<ObjectPermission.Type> permissions,
@Param("identifiers") Collection<String> identifiers, @Param("identifiers") Collection<String> identifiers,
@Param("effectiveGroups") Collection<String> effectiveGroups); @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
} }

19
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java
View File

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection; import java.util.Collection;
import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -44,11 +45,15 @@ public interface PermissionMapper<PermissionType> {
* no groups are given, only permissions directly granted to the user * no groups are given, only permissions directly granted to the user
* will be used. * will be used.
* *
* @param caseSensitivity
* The case sensitivity configuration for usernames and group names.
*
* @return * @return
* All permissions associated with the given entity. * All permissions associated with the given entity.
*/ */
Collection<PermissionType> select(@Param("entity") EntityModel entity, Collection<PermissionType> select(@Param("entity") EntityModel entity,
@Param("effectiveGroups") Collection<String> effectiveGroups); @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Inserts the given permissions into the database. If any permissions * Inserts the given permissions into the database. If any permissions
@@ -57,10 +62,14 @@ public interface PermissionMapper<PermissionType> {
* @param permissions * @param permissions
* The permissions to insert. * The permissions to insert.
* *
* @param caseSensitivity
* The case sensitivity configuration for usernames and group names.
*
* @return * @return
* The number of rows inserted. * The number of rows inserted.
*/ */
int insert(@Param("permissions") Collection<PermissionType> permissions); int insert(@Param("permissions") Collection<PermissionType> permissions,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Deletes the given permissions from the database. If any permissions do * Deletes the given permissions from the database. If any permissions do
@@ -69,9 +78,13 @@ public interface PermissionMapper<PermissionType> {
* @param permissions * @param permissions
* The permissions to delete. * The permissions to delete.
* *
* @param caseSensitivity
* The case sensitivity configuration for usernames and group names.
*
* @return * @return
* The number of rows deleted. * The number of rows deleted.
*/ */
int delete(@Param("permissions") Collection<PermissionType> permissions); int delete(@Param("permissions") Collection<PermissionType> permissions,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
} }

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java
View File

@@ -21,12 +21,13 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection; import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.Permission; import org.apache.guacamole.net.auth.permission.Permission;
import org.apache.guacamole.net.auth.permission.PermissionSet; import org.apache.guacamole.net.auth.permission.PermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* Service which provides convenience methods for creating, retrieving, and * Service which provides convenience methods for creating, retrieving, and
@@ -43,6 +44,24 @@ import org.apache.guacamole.net.auth.permission.PermissionSet;
public interface PermissionService<PermissionSetType extends PermissionSet<PermissionType>, public interface PermissionService<PermissionSetType extends PermissionSet<PermissionType>,
PermissionType extends Permission> { PermissionType extends Permission> {
/**
* Return the current case sensitivity setting, allowing the system to
* determine if usernames and/or group names should be treated as case-
* sensitive.
*
* @return
* The current case sensitivity configuration.
*
* @throws GuacamoleException
* If an error occurs retrieving configuration information related to
* case sensitivity.
*/
default CaseSensitivity getCaseSensitivity() throws GuacamoleException {
// By default identifiers are case-sensitive.
return CaseSensitivity.ENABLED;
}
/** /**
* Returns a permission set that can be used to retrieve and manipulate the * Returns a permission set that can be used to retrieve and manipulate the
* permissions of the given entity. * permissions of the given entity.

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
View File

@@ -21,8 +21,9 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection; import java.util.Collection;
import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.ibatis.annotations.Param;
import org.apache.guacamole.net.auth.permission.SystemPermission; import org.apache.guacamole.net.auth.permission.SystemPermission;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/** /**
* Mapper for system-level permissions. * Mapper for system-level permissions.
@@ -45,12 +46,17 @@ public interface SystemPermissionMapper extends PermissionMapper<SystemPermissio
* no groups are given, only permissions directly granted to the user * no groups are given, only permissions directly granted to the user
* will be used. * will be used.
* *
* @param caseSensitivity
* The case sensitivity configuration, used to determine whether usernames
* and/or group names will be treated as case-sensitive.
*
* @return * @return
* The requested permission, or null if no such permission is granted * The requested permission, or null if no such permission is granted
* to the given entity. * to the given entity.
*/ */
SystemPermissionModel selectOne(@Param("entity") EntityModel entity, SystemPermissionModel selectOne(@Param("entity") EntityModel entity,
@Param("type") SystemPermission.Type type, @Param("type") SystemPermission.Type type,
@Param("effectiveGroups") Collection<String> effectiveGroups); @Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
} }

15
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
View File

@@ -23,13 +23,14 @@ import com.google.inject.Inject;
import com.google.inject.Provider; import com.google.inject.Provider;
import java.util.Collection; import java.util.Collection;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.GuacamoleUnsupportedException; import org.apache.guacamole.GuacamoleUnsupportedException;
import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.net.auth.permission.SystemPermission; import org.apache.guacamole.net.auth.permission.SystemPermission;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* Service which provides convenience methods for creating, retrieving, and * Service which provides convenience methods for creating, retrieving, and
@@ -98,10 +99,13 @@ public class SystemPermissionService
// system permissions // system permissions
if (user.isPrivileged()) { if (user.isPrivileged()) {
// Pull identifier case sensitivity
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> { batchPermissionUpdates(permissions, permissionSubset -> {
Collection<SystemPermissionModel> models = getModelInstances( Collection<SystemPermissionModel> models = getModelInstances(
targetEntity, permissionSubset); targetEntity, permissionSubset);
systemPermissionMapper.insert(models); systemPermissionMapper.insert(models, caseSensitivity);
}); });
return; return;
@@ -125,10 +129,13 @@ public class SystemPermissionService
if (user.getUser().getIdentifier().equals(targetEntity.getIdentifier())) if (user.getUser().getIdentifier().equals(targetEntity.getIdentifier()))
throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed."); throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed.");
// Pull case sensitivity
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> { batchPermissionUpdates(permissions, permissionSubset -> {
Collection<SystemPermissionModel> models = getModelInstances( Collection<SystemPermissionModel> models = getModelInstances(
targetEntity, permissionSubset); targetEntity, permissionSubset);
systemPermissionMapper.delete(models); systemPermissionMapper.delete(models, caseSensitivity);
}); });
return; return;
@@ -173,7 +180,7 @@ public class SystemPermissionService
// Retrieve permissions only if allowed // Retrieve permissions only if allowed
if (canReadPermissions(user, targetEntity)) if (canReadPermissions(user, targetEntity))
return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups) != null; return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups, getCaseSensitivity()) != null;
// User cannot read this entity's permissions // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");

137
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.java
View File

@@ -19,142 +19,7 @@
package org.apache.guacamole.auth.jdbc.permission; package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.ibatis.annotations.Param;
/** /**
* Mapper for user permissions. * Mapper for user permissions.
*/ */
public interface UserPermissionMapper extends ObjectPermissionMapper { public interface UserPermissionMapper extends ObjectPermissionMapper {}
/**
* Deletes the given permissions from the database. If any permissions do
* not exist, they will be ignored.
*
* @param permissions
* The permissions to delete.
*
* @param caseSensitive
* Whether or not string comparisons for usernames will be done in a
* case-sensitive manner.
*
* @return
* The number of rows deleted.
*/
int delete(@Param("permissions") Collection<ObjectPermission.Type> permissions,
@Param("caseSensitive") boolean caseSensitive);
/**
* Inserts the given permissions into the database. If any permissions
* already exist, they will be ignored.
*
* @param permissions
* The permissions to insert.
*
* @param caseSensitive
* Whether or not string comparisons for usernames will be done in a
* case-sensitive manner.
*
* @return
* The number of rows inserted.
*/
int insert(@Param("permissions") Collection<ObjectPermission.Type> permissions,
@Param("caseSensitive") boolean caseSensitive);
/**
* Retrieves all permissions associated with the given entity (user or user
* group).
*
* @param entity
* The entity to retrieve permissions for.
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
* when determining the permissions effectively granted to the user. If
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* Whether or not string comparisons for usernames will be done in a
* case-sensitive manner.
*
* @return
* All permissions associated with the given entity.
*/
Collection<ObjectPermission.Type> select(@Param("entity") EntityModel entity,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
/**
* Retrieve the permission of the given type associated with the given
* entity and object, if it exists. If no such permission exists, null is
* returned.
*
* @param entity
* The entity to retrieve permissions for.
*
* @param type
* The type of permission to return.
*
* @param identifier
* The identifier of the object affected by the permission to return.
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
* when determining the permissions effectively granted to the user. If
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* Whether or not string comparisons for usernames will be done in a
* case-sensitive manner.
*
* @return
* The requested permission, or null if no such permission is granted
* to the given entity for the given object.
*/
ObjectPermissionModel selectOne(@Param("entity") EntityModel entity,
@Param("type") ObjectPermission.Type type,
@Param("identifier") String identifier,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
/**
* Retrieves the subset of the given identifiers for which the given entity
* has at least one of the given permissions.
*
* @param entity
* The entity to check permissions of.
*
* @param permissions
* The permissions to check. An identifier will be included in the
* resulting collection if at least one of these permissions is granted
* for the associated object
*
* @param identifiers
* The identifiers of the objects affected by the permissions being
* checked.
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
* when determining the permissions effectively granted to the user. If
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* Whether or not string comparisons for usernames will be done in a
* case-sensitive manner.
*
* @return
* A collection containing the subset of identifiers for which at least
* one of the specified permissions is granted.
*/
Collection<String> selectAccessibleIdentifiers(@Param("entity") EntityModel entity,
@Param("permissions") Collection<ObjectPermission.Type> permissions,
@Param("identifiers") Collection<String> identifiers,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
}

15
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java
View File

@@ -22,10 +22,12 @@ package org.apache.guacamole.auth.jdbc.permission;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Provider; import com.google.inject.Provider;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* Service which provides convenience methods for creating, retrieving, and * Service which provides convenience methods for creating, retrieving, and
@@ -46,6 +48,17 @@ public class UserPermissionService extends ModeledObjectPermissionService {
@Inject @Inject
private Provider<UserPermissionSet> userPermissionSetProvider; private Provider<UserPermissionSet> userPermissionSetProvider;
/**
* The server environment for retrieving configuration data.
*/
@Inject
private JDBCEnvironment environment;
@Override
public CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override @Override
protected ObjectPermissionMapper getPermissionMapper() { protected ObjectPermissionMapper getPermissionMapper() {
return userPermissionMapper; return userPermissionMapper;

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java
View File

@@ -145,7 +145,7 @@ public class PasswordPolicyService {
// Check password against all recorded hashes // Check password against all recorded hashes
List<PasswordRecordModel> history = passwordRecordMapper.select(username, List<PasswordRecordModel> history = passwordRecordMapper.select(username,
historySize, environment.getCaseSensitiveUsernames()); historySize, environment.getCaseSensitivity());
for (PasswordRecordModel record : history) { for (PasswordRecordModel record : history) {
byte[] hash = encryptionService.createPasswordHash(password, record.getPasswordSalt()); byte[] hash = encryptionService.createPasswordHash(password, record.getPasswordSalt());

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java
View File

@@ -67,6 +67,7 @@ import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMode
import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser; import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser;
import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration; import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration;
import org.apache.guacamole.protocol.FailoverGuacamoleSocket; import org.apache.guacamole.protocol.FailoverGuacamoleSocket;
import org.apache.guacamole.properties.CaseSensitivity;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -479,7 +480,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
try { try {
// This MUST happen before getUUID() is invoked, to ensure the ID driving the UUID exists // This MUST happen before getUUID() is invoked, to ensure the ID driving the UUID exists
connectionRecordMapper.insert(activeConnection.getModel(), connectionRecordMapper.insert(activeConnection.getModel(),
environment.getCaseSensitiveUsernames()); environment.getCaseSensitivity());
activeTunnels.put(activeConnection.getUUID().toString(), activeConnection); activeTunnels.put(activeConnection.getUUID().toString(), activeConnection);
} }
@@ -637,8 +638,21 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
if (connectionGroup.isSessionAffinityEnabled()) if (connectionGroup.isSessionAffinityEnabled())
identifiers = getPreferredConnections(user, identifiers); identifiers = getPreferredConnections(user, identifiers);
CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED;
try {
caseSensitivity = environment.getCaseSensitivity();
}
catch (GuacamoleException e) {
logger.warn("Error trying to retrieve case sensitivity configuration: {}."
+ "Both usernames and group names will be treated as case-"
+ "sensitive.", e.getMessage());
logger.debug("An exception was received while trying to retrieve the "
+ "case sensitivity configuration.", e);
}
// Retrieve all children // Retrieve all children
Collection<ConnectionModel> models = connectionMapper.select(identifiers, false); Collection<ConnectionModel> models = connectionMapper.select(identifiers,
caseSensitivity);
List<ModeledConnection> connections = new ArrayList<ModeledConnection>(models.size()); List<ModeledConnection> connections = new ArrayList<ModeledConnection>(models.size());
// Convert each retrieved model to a modeled connection // Convert each retrieved model to a modeled connection
@@ -679,7 +693,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
// Produce collection of readable connection identifiers // Produce collection of readable connection identifiers
Collection<ConnectionModel> connections = Collection<ConnectionModel> connections =
connectionMapper.selectReadable(user.getUser().getModel(), connectionMapper.selectReadable(user.getUser().getModel(),
identifiers, user.getEffectiveUserGroups(), false); identifiers, user.getEffectiveUserGroups(),
environment.getCaseSensitivity());
// Ensure set contains only identifiers of readable connections // Ensure set contains only identifiers of readable connections
identifiers.clear(); identifiers.clear();

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
View File

@@ -792,12 +792,14 @@ public class ModeledUser extends ModeledPermissions<UserModel> implements User {
@Override @Override
public boolean isCaseSensitive() { public boolean isCaseSensitive() {
try { try {
return environment.getCaseSensitiveUsernames(); return environment.getCaseSensitivity().caseSensitiveUsernames();
} }
catch (GuacamoleException e) { catch (GuacamoleException e) {
logger.error("Failed to retrieve the configuration for case-sensitive usernames: {}." logger.error("Failed to retrieve the configuration for case sensitivity: {}. "
+ " Usernames comparisons will be case-sensitive.", e.getMessage()); + "Username comparisons will be case-sensitive.",
logger.debug("Exception caught when attempting to read the configuration.", e); e.getMessage());
logger.debug("An exception was caught when attempting to retrieve the "
+ "case sensitivity configuration.", e);
return true; return true;
} }
} }

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java
View File

@@ -194,7 +194,7 @@ public class ModeledUserContext extends RestrictedObject
userRecord.setRemoteHost(getCurrentUser().getCredentials().getRemoteAddress()); userRecord.setRemoteHost(getCurrentUser().getCredentials().getRemoteAddress());
// Insert record representing login // Insert record representing login
userRecordMapper.insert(userRecord, environment.getCaseSensitiveUsernames()); userRecordMapper.insert(userRecord, environment.getCaseSensitivity());
} }

9
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java
View File

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.user;
import java.util.List; import java.util.List;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -39,9 +40,9 @@ public interface PasswordRecordMapper extends ModeledDirectoryObjectMapper<UserM
* @param maxHistorySize * @param maxHistorySize
* The maximum number of records to maintain for each user. * The maximum number of records to maintain for each user.
* *
* @param caseSensitive * @param caseSensitivity
* true if the username being queried should be evaluated in a * The object that contains current configuration for case sensitivity
* case-sensitive manner, otherwise false. * for usernames and group names.
* *
* @return * @return
* A collection of all password records associated with the user having * A collection of all password records associated with the user having
@@ -50,7 +51,7 @@ public interface PasswordRecordMapper extends ModeledDirectoryObjectMapper<UserM
*/ */
List<PasswordRecordModel> select(@Param("username") String username, List<PasswordRecordModel> select(@Param("username") String username,
@Param("maxHistorySize") int maxHistorySize, @Param("maxHistorySize") int maxHistorySize,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
/** /**
* Inserts the given password record. Old records exceeding the maximum * Inserts the given password record. Old records exceeding the maximum

9
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java
View File

@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.jdbc.user; package org.apache.guacamole.auth.jdbc.user;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -34,14 +35,14 @@ public interface UserMapper extends ModeledDirectoryObjectMapper<UserModel> {
* @param username * @param username
* The username of the user to return. * The username of the user to return.
* *
* @param caseSensitive * @param caseSensitivity
* true if the search should evaluate the username in a case-sensitive * The object that contains current configuration for case sensitivity
* manner, otherwise false. * for usernames and group names.
* *
* @return * @return
* The user having the given username, or null if no such user exists. * The user having the given username, or null if no such user exists.
*/ */
UserModel selectOne(@Param("username") String username, UserModel selectOne(@Param("username") String username,
@Param("caseSensitive") boolean caseSensitive); @Param("caseSensitivity") CaseSensitivity caseSensitivity);
} }

25
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
View File

@@ -27,12 +27,11 @@ import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleClientException;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleUnsupportedException; import org.apache.guacamole.GuacamoleUnsupportedException;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ActivityRecordModel; import org.apache.guacamole.auth.jdbc.base.ActivityRecordModel;
import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm; import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm;
@@ -51,12 +50,14 @@ import org.apache.guacamole.language.TranslatableGuacamoleInsufficientCredential
import org.apache.guacamole.net.auth.ActivityRecord; import org.apache.guacamole.net.auth.ActivityRecord;
import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.net.auth.permission.SystemPermission; import org.apache.guacamole.net.auth.permission.SystemPermission;
import org.apache.guacamole.net.auth.permission.SystemPermissionSet; import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -219,8 +220,8 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
} }
@Override @Override
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException { protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitiveUsernames(); return environment.getCaseSensitivity();
} }
@Override @Override
@@ -254,7 +255,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Do not create duplicate users // Do not create duplicate users
Collection<UserModel> existing = userMapper.select(Collections.singleton( Collection<UserModel> existing = userMapper.select(Collections.singleton(
model.getIdentifier()), environment.getCaseSensitiveUsernames()); model.getIdentifier()), getCaseSensitivity());
if (!existing.isEmpty()) if (!existing.isEmpty())
throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists."); throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists.");
@@ -291,7 +292,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Check whether such a user is already present // Check whether such a user is already present
UserModel existing = userMapper.selectOne(model.getIdentifier(), UserModel existing = userMapper.selectOne(model.getIdentifier(),
environment.getCaseSensitiveUsernames()); getCaseSensitivity());
if (existing != null) { if (existing != null) {
// Do not rename to existing user // Do not rename to existing user
@@ -359,7 +360,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
beforeDelete(user, identifier); beforeDelete(user, identifier);
// Delete object // Delete object
userMapper.delete(identifier, environment.getCaseSensitiveUsernames()); userMapper.delete(identifier, getCaseSensitivity());
} }
@@ -401,7 +402,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Retrieve corresponding user model, if such a user exists // Retrieve corresponding user model, if such a user exists
UserModel userModel = userMapper.selectOne(username, UserModel userModel = userMapper.selectOne(username,
environment.getCaseSensitiveUsernames()); getCaseSensitivity());
if (userModel == null) if (userModel == null)
return null; return null;
@@ -443,7 +444,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Retrieve corresponding user model, if such a user exists // Retrieve corresponding user model, if such a user exists
UserModel userModel = userMapper.selectOne(authenticatedUser.getIdentifier(), UserModel userModel = userMapper.selectOne(authenticatedUser.getIdentifier(),
environment.getCaseSensitiveUsernames()); getCaseSensitivity());
if (userModel == null) if (userModel == null)
return null; return null;
@@ -642,7 +643,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT)) if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT))
searchResults = userRecordMapper.search(username, recordIdentifier, searchResults = userRecordMapper.search(username, recordIdentifier,
requiredContents, sortPredicates, limit, requiredContents, sortPredicates, limit,
environment.getCaseSensitiveUsernames()); getCaseSensitivity());
// Otherwise only return explicitly readable history records // Otherwise only return explicitly readable history records
else else
@@ -650,7 +651,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
user.getUser().getModel(), recordIdentifier, user.getUser().getModel(), recordIdentifier,
requiredContents, sortPredicates, limit, requiredContents, sortPredicates, limit,
user.getEffectiveUserGroups(), user.getEffectiveUserGroups(),
environment.getCaseSensitiveUsernames()); getCaseSensitivity());
return getObjectInstances(searchResults); return getObjectInstances(searchResults);

30
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java
View File

@@ -28,6 +28,7 @@ import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.form.BooleanField; import org.apache.guacamole.form.BooleanField;
@@ -35,6 +36,8 @@ import org.apache.guacamole.form.Field;
import org.apache.guacamole.form.Form; import org.apache.guacamole.form.Form;
import org.apache.guacamole.net.auth.RelatedObjectSet; import org.apache.guacamole.net.auth.RelatedObjectSet;
import org.apache.guacamole.net.auth.UserGroup; import org.apache.guacamole.net.auth.UserGroup;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* An implementation of the UserGroup object which is backed by a database model. * An implementation of the UserGroup object which is backed by a database model.
@@ -42,6 +45,11 @@ import org.apache.guacamole.net.auth.UserGroup;
public class ModeledUserGroup extends ModeledPermissions<UserGroupModel> public class ModeledUserGroup extends ModeledPermissions<UserGroupModel>
implements UserGroup { implements UserGroup {
/**
* The Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(ModeledUserGroup.class);
/** /**
* All possible attributes of user groups organized as individual, * All possible attributes of user groups organized as individual,
* logical forms. * logical forms.
@@ -75,6 +83,13 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel>
@Inject @Inject
private Provider<UserGroupMemberUserGroupSet> memberUserGroupSetProvider; private Provider<UserGroupMemberUserGroupSet> memberUserGroupSetProvider;
/**
* The environment associated with this instance of the JDBC authentication
* module.
*/
@Inject
private JDBCEnvironment environment;
/** /**
* Whether attributes which control access restrictions should be exposed * Whether attributes which control access restrictions should be exposed
* via getAttributes() or allowed to be set via setAttributes(). * via getAttributes() or allowed to be set via setAttributes().
@@ -188,4 +203,19 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel>
return memberUserGroupSet; return memberUserGroupSet;
} }
@Override
public boolean isCaseSensitive() {
try {
return environment.getCaseSensitivity().caseSensitiveGroupNames();
}
catch (GuacamoleException e) {
LOGGER.error("Error while retrieving case sensitivity configuration: {}. "
+ "Group names comparisons will be case-sensitive.",
e.getMessage());
LOGGER.debug("An exception was caught when attempting to retrieve the "
+ "case sensitivity configuration.", e);
return true;
}
}
} }

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java
View File

@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.jdbc.usergroup; package org.apache.guacamole.auth.jdbc.usergroup;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
/** /**
@@ -34,9 +35,14 @@ public interface UserGroupMapper extends ModeledDirectoryObjectMapper<UserGroupM
* @param name * @param name
* The name of the group to return. * The name of the group to return.
* *
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return * @return
* The group having the given name, or null if no such group exists. * The group having the given name, or null if no such group exists.
*/ */
UserGroupModel selectOne(@Param("name") String name); UserGroupModel selectOne(@Param("name") String name,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
} }

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupSet.java
View File

@@ -21,9 +21,11 @@ package org.apache.guacamole.auth.jdbc.usergroup;
import com.google.inject.Inject; import com.google.inject.Inject;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet; import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* RelatedObjectSet implementation which represents the one-to-many * RelatedObjectSet implementation which represents the one-to-many
@@ -37,6 +39,17 @@ public class UserGroupMemberUserGroupSet extends RelatedObjectSet<ModeledUserGro
@Inject @Inject
private UserGroupMemberUserGroupMapper userGroupMemberUserGroupMapper; private UserGroupMemberUserGroupMapper userGroupMemberUserGroupMapper;
/**
* The server environment for retrieving configuration.
*/
@Inject
private JDBCEnvironment environment;
@Override
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override @Override
protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() { protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() {
return userGroupMemberUserGroupMapper; return userGroupMemberUserGroupMapper;

18
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java
View File

@@ -25,6 +25,7 @@ import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet; import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* RelatedObjectSet implementation which represents the one-to-many * RelatedObjectSet implementation which represents the one-to-many
@@ -32,21 +33,22 @@ import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
*/ */
public class UserGroupMemberUserSet extends RelatedObjectSet<ModeledUserGroup, UserGroupModel> { public class UserGroupMemberUserSet extends RelatedObjectSet<ModeledUserGroup, UserGroupModel> {
/**
* The environment of the running server, used for retrieving server
* configuration information.
*/
@Inject
private JDBCEnvironment environment;
/** /**
* Mapper for the relation between user groups and their user members. * Mapper for the relation between user groups and their user members.
*/ */
@Inject @Inject
private UserGroupMemberUserMapper userGroupMemberUserMapper; private UserGroupMemberUserMapper userGroupMemberUserMapper;
/**
* The server environment for retrieving configuration information.
*/
@Inject
private JDBCEnvironment environment;
@Override @Override
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException { protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitiveUsernames(); return environment.getCaseSensitivity();
} }
@Override @Override

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupSet.java
View File

@@ -21,9 +21,11 @@ package org.apache.guacamole.auth.jdbc.usergroup;
import com.google.inject.Inject; import com.google.inject.Inject;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet; import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/** /**
* RelatedObjectSet implementation which represents the one-to-many * RelatedObjectSet implementation which represents the one-to-many
@@ -38,6 +40,17 @@ public class UserGroupParentUserGroupSet extends RelatedObjectSet<ModeledUserGro
@Inject @Inject
private UserGroupParentUserGroupMapper userGroupParentUserGroupMapper; private UserGroupParentUserGroupMapper userGroupParentUserGroupMapper;
/**
* The server environment for retrieving configuration.
*/
@Inject
private JDBCEnvironment environment;
@Override
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override @Override
protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() { protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() {
return userGroupParentUserGroupMapper; return userGroupParentUserGroupMapper;

17
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java
View File

@@ -21,10 +21,11 @@ package org.apache.guacamole.auth.jdbc.usergroup;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Provider; import com.google.inject.Provider;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleClientException;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.auth.jdbc.base.EntityMapper; import org.apache.guacamole.auth.jdbc.base.EntityMapper;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.apache.guacamole.auth.jdbc.permission.UserGroupPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.UserGroupPermissionMapper;
@@ -47,6 +48,12 @@ public class UserGroupService extends ModeledDirectoryObjectService<ModeledUserG
@Inject @Inject
private EntityMapper entityMapper; private EntityMapper entityMapper;
/**
* The Guacamole server configuration environment.
*/
@Inject
private JDBCEnvironment environment;
/** /**
* Mapper for accessing user groups. * Mapper for accessing user groups.
*/ */
@@ -145,7 +152,8 @@ public class UserGroupService extends ModeledDirectoryObjectService<ModeledUserG
throw new GuacamoleClientException("The group name must not be blank."); throw new GuacamoleClientException("The group name must not be blank.");
// Do not create duplicate user groups // Do not create duplicate user groups
UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier()); UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier(),
environment.getCaseSensitivity());
if (existing != null) if (existing != null)
throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists."); throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists.");
@@ -166,7 +174,8 @@ public class UserGroupService extends ModeledDirectoryObjectService<ModeledUserG
// Do not allow groups to be renamed if the name collides with that of // Do not allow groups to be renamed if the name collides with that of
// another, existing group // another, existing group
UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier()); UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier(),
environment.getCaseSensitivity());
if (existing != null && !existing.getObjectID().equals(model.getObjectID())) if (existing != null && !existing.getObjectID().equals(model.getObjectID()))
throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists."); throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists.");

16
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java
View File

@@ -29,6 +29,7 @@ import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.mysql.conf.MySQLDriver; import org.apache.guacamole.auth.mysql.conf.MySQLDriver;
import org.apache.guacamole.auth.mysql.conf.MySQLEnvironment; import org.apache.guacamole.auth.mysql.conf.MySQLEnvironment;
import org.apache.guacamole.auth.mysql.conf.MySQLSSLMode; import org.apache.guacamole.auth.mysql.conf.MySQLSSLMode;
import org.apache.guacamole.properties.CaseSensitivity;
import org.mybatis.guice.datasource.helper.JdbcHelper; import org.mybatis.guice.datasource.helper.JdbcHelper;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -129,14 +130,15 @@ public class MySQLAuthenticationProviderModule implements Module {
if (serverTz != null) if (serverTz != null)
driverProperties.setProperty("serverTimezone", serverTz.getID()); driverProperties.setProperty("serverTimezone", serverTz.getID());
// Check for case-sensitivity and warn admin // Check for case sensitivity and warn admin
if (environment.getCaseSensitiveUsernames()) if (environment.getCaseSensitivity() != CaseSensitivity.DISABLED)
LOGGER.warn("The MySQL module is currently configured to support " LOGGER.warn("The MySQL module is currently configured to support "
+ "case-sensitive username comparisons, however, the default " + "case-sensitive username and/or group name comparisons, "
+ "collations for MySQL databases do not support " + "however, the default collations for MySQL databases do "
+ "case-sensitive string comparisons. If you want usernames " + "not support case-sensitive string comparisons. If you "
+ "within Guacamole to be treated as case-sensitive, further " + "want identifiers within Guacamole to be treated as "
+ "database configuration may be required."); + "case-sensitive, further database configuration may be "
+ "required.");
} }

11
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java
View File

@@ -443,15 +443,4 @@ public class MySQLEnvironment extends JDBCEnvironment {
); );
} }
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// Return the configured value for the property, or the global value.
return getProperty(
MySQLGuacamoleProperties.MYSQL_CASE_SENSITIVE_USERNAMES,
super.getCaseSensitiveUsernames()
);
}
} }

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java
View File

@@ -303,18 +303,4 @@ public class MySQLGuacamoleProperties {
}; };
/**
* A property used to configure whether or not usernames within the MySQL
* JDBC module should be treated as case-sensitive. Be aware that MySQL's
* default database collations do not do case-sensitive comparisons, so in
* many cases they will effectively be case-insensitive.
*/
public static final BooleanGuacamoleProperty MYSQL_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "mysql-case-sensitive-usernames"; }
};
} }

89
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
View File

@@ -51,11 +51,24 @@
JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
type = 'USER_GROUP' type = 'USER_GROUP'
AND name IN AND
<foreach collection="${groups}" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} name IN
</foreach> <foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND disabled = false AND disabled = false
) )
</if> </if>
@@ -83,20 +96,44 @@
JOIN guacamole_entity member_entity ON guacamole_user_group_member.member_entity_id = member_entity.entity_id JOIN guacamole_entity member_entity ON guacamole_user_group_member.member_entity_id = member_entity.entity_id
WHERE WHERE
guacamole_user_group.disabled = false guacamole_user_group.disabled = false
AND member_entity.type = 'USER_GROUP' AND member_entity.name IN AND member_entity.type = 'USER_GROUP' AND
<foreach collection="effectiveGroups" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} member_entity.name IN
</foreach> <foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(member_entity.name) IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
UNION SELECT UNION SELECT
guacamole_entity.name guacamole_entity.name
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE type = 'USER_GROUP' AND name IN WHERE type = 'USER_GROUP' AND
<foreach collection="effectiveGroups" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} name IN
</foreach> <foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</if> </if>
</if> </if>
@@ -117,11 +154,23 @@
JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
type = 'USER_GROUP' type = 'USER_GROUP'
AND name IN AND
<foreach collection="effectiveGroups" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} name IN
</foreach> <foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND guacamole_user_group.disabled = false AND guacamole_user_group.disabled = false
</if> </if>
UNION UNION

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
View File

@@ -82,9 +82,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -194,8 +195,9 @@
</foreach> </foreach>
AND guacamole_connection.connection_id IN ( AND guacamole_connection.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
GROUP BY guacamole_connection.connection_id; GROUP BY guacamole_connection.connection_id;
@@ -209,8 +211,9 @@
</foreach> </foreach>
AND guacamole_sharing_profile.sharing_profile_id IN ( AND guacamole_sharing_profile.sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -226,8 +229,9 @@
</foreach> </foreach>
AND guacamole_connection_attribute.connection_id IN ( AND guacamole_connection_attribute.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

16
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -62,7 +62,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{record.username,jdbcType=VARCHAR} guacamole_entity.name = #{record.username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -121,7 +121,7 @@
FROM guacamole_user FROM guacamole_user
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
</when> </when>
<otherwise> <otherwise>
@@ -190,16 +190,18 @@
<!-- Restrict to readable connections --> <!-- Restrict to readable connections -->
AND guacamole_connection_history.connection_id IN ( AND guacamole_connection_history.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
<!-- Restrict to readable users --> <!-- Restrict to readable users -->
AND guacamole_connection_history.user_id IN ( AND guacamole_connection_history.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
@@ -216,7 +218,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0
</when> </when>
<otherwise> <otherwise>

37
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
View File

@@ -83,9 +83,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -93,8 +94,9 @@
<!-- Select identifiers of all readable connection groups --> <!-- Select identifiers of all readable connection groups -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -116,8 +118,9 @@
<if test="parentIdentifier == null">parent_id IS NULL</if> <if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_group_id IN ( AND connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
</select> </select>
@@ -190,8 +193,9 @@
</foreach> </foreach>
AND guacamole_connection_group.connection_group_id IN ( AND guacamole_connection_group.connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -204,8 +208,9 @@
</foreach> </foreach>
AND guacamole_connection_group.connection_group_id IN ( AND guacamole_connection_group.connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -218,8 +223,9 @@
</foreach> </foreach>
AND guacamole_connection.connection_id IN ( AND guacamole_connection.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -235,8 +241,9 @@
</foreach> </foreach>
AND guacamole_connection_group_attribute.connection_group_id IN ( AND guacamole_connection_group_attribute.connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND connection_group_id = #{identifier,jdbcType=VARCHAR} AND connection_group_id = #{identifier,jdbcType=VARCHAR}
@@ -74,9 +76,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND connection_group_id IN AND connection_group_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND connection_id = #{identifier,jdbcType=VARCHAR} AND connection_id = #{identifier,jdbcType=VARCHAR}
@@ -74,9 +76,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND connection_id IN AND connection_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND sharing_profile_id = #{identifier,jdbcType=VARCHAR} AND sharing_profile_id = #{identifier,jdbcType=VARCHAR}
@@ -74,9 +76,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND sharing_profile_id IN AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
View File

@@ -39,9 +39,10 @@
FROM guacamole_system_permission FROM guacamole_system_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -55,9 +56,10 @@
FROM guacamole_system_permission FROM guacamole_system_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}

98
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml
View File

@@ -43,9 +43,10 @@
JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_group_permission.entity_id"/> <property name="column" value="guacamole_user_group_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER_GROUP' AND affected_entity.type = 'USER_GROUP'
@@ -63,13 +64,22 @@
JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_group_permission.entity_id"/> <property name="column" value="guacamole_user_group_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND affected_entity.name = #{identifier,jdbcType=VARCHAR}
AND affected_entity.type = 'USER_GROUP' AND affected_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</select> </select>
@@ -82,21 +92,35 @@
JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_group_permission.entity_id"/> <property name="column" value="guacamole_user_group_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.name IN AND affected_entity.type = 'USER_GROUP'
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(affected_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND permission IN AND permission IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR} #{permission,jdbcType=VARCHAR}
</foreach> </foreach>
AND affected_entity.type = 'USER_GROUP'
</select> </select>
@@ -108,14 +132,28 @@
JOIN guacamole_user_group affected_group ON guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id JOIN guacamole_user_group affected_group ON guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id
JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
(guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN affected_entity.type = 'USER_GROUP'
<foreach collection="permissions" item="permission" AND
open="(" separator="," close=")"> <choose>
(#{permission.entityID,jdbcType=INTEGER}, <when test="caseSensitivity.caseSensitiveGroupNames()">
#{permission.type,jdbcType=VARCHAR}, (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN
#{permission.objectIdentifier,jdbcType=VARCHAR}) <foreach collection="permissions" item="permission"
</foreach> open="(" separator="," close=")">
AND affected_entity.type = 'USER_GROUP' (#{permission.entityID,jdbcType=INTEGER},
#{permission.type,jdbcType=VARCHAR},
#{permission.objectIdentifier,jdbcType=VARCHAR})
</foreach>
</when>
<otherwise>
(guacamole_user_group_permission.entity_id, permission, LOWER(affected_entity.name)) IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
(#{permission.entityID,jdbcType=INTEGER},
#{permission.type,jdbcType=VARCHAR},
LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR}))
</foreach>
</otherwise>
</choose>
</delete> </delete>
@@ -140,8 +178,16 @@
</foreach> </foreach>
AS permissions AS permissions
JOIN guacamole_entity affected_entity ON JOIN guacamole_entity affected_entity ON
affected_entity.name = permissions.affected_name affected_entity.type = 'USER_GROUP'
AND affected_entity.type = 'USER_GROUP' AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = permissions.affected_name
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(permissions.affected_name)
</otherwise>
</choose>
JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id
</insert> </insert>

33
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
View File

@@ -43,9 +43,10 @@
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/> <property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER' AND affected_entity.type = 'USER'
@@ -63,14 +64,15 @@
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/> <property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR} affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -90,13 +92,15 @@
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/> <property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER'
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name IN affected_entity.name IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
@@ -116,7 +120,6 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR} #{permission,jdbcType=VARCHAR}
</foreach> </foreach>
AND affected_entity.type = 'USER'
</select> </select>
@@ -129,7 +132,7 @@
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
(guacamole_user_permission.entity_id, permission, affected_entity.name) IN (guacamole_user_permission.entity_id, permission, affected_entity.name) IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
@@ -139,7 +142,7 @@
</foreach> </foreach>
</when> </when>
<otherwise> <otherwise>
AND (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
(#{permission.entityID,jdbcType=INTEGER}, (#{permission.entityID,jdbcType=INTEGER},
@@ -174,7 +177,7 @@
AS permissions AS permissions
JOIN guacamole_entity affected_entity ON JOIN guacamole_entity affected_entity ON
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = permissions.affected_name affected_entity.name = permissions.affected_name
</when> </when>
<otherwise> <otherwise>

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -66,9 +66,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -76,8 +77,9 @@
<!-- Select identifiers of all readable sharing profiles --> <!-- Select identifiers of all readable sharing profiles -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -125,8 +127,9 @@
</foreach> </foreach>
AND guacamole_sharing_profile.sharing_profile_id IN ( AND guacamole_sharing_profile.sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -142,8 +145,9 @@
</foreach> </foreach>
AND guacamole_sharing_profile_attribute.sharing_profile_id IN ( AND guacamole_sharing_profile_attribute.sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml
View File

@@ -44,7 +44,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{username,jdbcType=VARCHAR} guacamole_entity.name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>

44
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
View File

@@ -82,9 +82,10 @@
FROM guacamole_user_permission FROM guacamole_user_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -97,8 +98,9 @@
WHERE WHERE
guacamole_user.user_id IN ( guacamole_user.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_entity.type = 'USER' AND guacamole_entity.type = 'USER'
@@ -132,7 +134,7 @@
LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -143,7 +145,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -163,7 +165,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -174,7 +176,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -214,7 +216,7 @@
LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -225,7 +227,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -236,8 +238,9 @@
AND guacamole_entity.type = 'USER' AND guacamole_entity.type = 'USER'
AND guacamole_user.user_id IN ( AND guacamole_user.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
@@ -251,7 +254,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -262,7 +265,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -273,8 +276,9 @@
AND guacamole_entity.type = 'USER' AND guacamole_entity.type = 'USER'
AND guacamole_user.user_id IN ( AND guacamole_user.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -308,7 +312,7 @@
LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{username,jdbcType=VARCHAR} guacamole_entity.name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -327,7 +331,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{username,jdbcType=VARCHAR} guacamole_entity.name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -343,7 +347,7 @@
DELETE FROM guacamole_entity DELETE FROM guacamole_entity
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
name = #{identifier,jdbcType=VARCHAR} name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>

47
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml
View File

@@ -43,8 +43,9 @@
WHERE WHERE
guacamole_user_group.user_group_id IN ( guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
@@ -60,10 +61,26 @@
WHERE WHERE
member_entity_id = #{parent.entityID,jdbcType=INTEGER} member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND guacamole_entity.type = 'USER_GROUP' AND guacamole_entity.type = 'USER_GROUP'
AND guacamole_entity.name IN AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
</delete> </delete>
@@ -79,12 +96,28 @@
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
guacamole_entity.name IN guacamole_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier}
</when>
<otherwise>
LOWER(#{identifier})
</otherwise>
</choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER_GROUP'
AND guacamole_user_group.user_group_id NOT IN ( AND guacamole_user_group.user_group_id NOT IN (
SELECT guacamole_user_group_member.user_group_id SELECT guacamole_user_group_member.user_group_id
FROM guacamole_user_group_member FROM guacamole_user_group_member

11
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
View File

@@ -50,7 +50,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{record.username,jdbcType=VARCHAR} guacamole_entity.name = #{record.username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -89,7 +89,7 @@
<if test="identifier != null"> <if test="identifier != null">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_user_history.username = #{identifier,jdbcType=VARCHAR} guacamole_user_history.username = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -107,7 +107,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0
</when> </when>
<otherwise> <otherwise>
@@ -163,13 +163,14 @@
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
<if test="identifier != null"> <if test="identifier != null">
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{identifier,jdbcType=VARCHAR} guacamole_entity.name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -187,7 +188,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0
</when> </when>
<otherwise> <otherwise>

154
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
View File

@@ -68,9 +68,10 @@
FROM guacamole_user_group_permission FROM guacamole_user_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -83,8 +84,9 @@
WHERE WHERE
guacamole_user_group.user_group_id IN ( guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_entity.type = 'USER_GROUP' AND guacamole_entity.type = 'USER_GROUP'
@@ -101,12 +103,30 @@
disabled disabled
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE
guacamole_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER_GROUP'; ;
SELECT SELECT
guacamole_user_group_attribute.user_group_id, guacamole_user_group_attribute.user_group_id,
@@ -115,12 +135,30 @@
FROM guacamole_user_group_attribute FROM guacamole_user_group_attribute
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE
guacamole_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER_GROUP'; ;
</select> </select>
@@ -135,16 +173,34 @@
disabled disabled
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE
guacamole_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER_GROUP'
AND guacamole_user_group.user_group_id IN ( AND guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -155,16 +211,34 @@
FROM guacamole_user_group_attribute FROM guacamole_user_group_attribute
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE
guacamole_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER_GROUP' AND guacamole_user_group.user_group_id IN (
AND guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -182,7 +256,14 @@
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
guacamole_entity.name = #{name,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
AND guacamole_entity.type = 'USER_GROUP'; AND guacamole_entity.type = 'USER_GROUP';
SELECT SELECT
@@ -193,8 +274,16 @@
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
guacamole_entity.name = #{name,jdbcType=VARCHAR} guacamole_entity.type = 'USER_GROUP'
AND guacamole_entity.type = 'USER_GROUP' AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
</select> </select>
@@ -202,8 +291,15 @@
<delete id="delete"> <delete id="delete">
DELETE FROM guacamole_entity DELETE FROM guacamole_entity
WHERE WHERE
name = #{identifier,jdbcType=VARCHAR} type = 'USER_GROUP'
AND type = 'USER_GROUP' <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</delete> </delete>
<!-- Insert single group --> <!-- Insert single group -->

53
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml
View File

@@ -40,14 +40,15 @@
JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group_member.member_entity_id JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group_member.member_entity_id
JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
guacamole_user_group.user_group_id IN ( guacamole_entity.type = 'USER_GROUP'
AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND guacamole_entity.type = 'USER_GROUP'
</select> </select>
<!-- Delete member groups by name --> <!-- Delete member groups by name -->
@@ -58,10 +59,26 @@
WHERE WHERE
user_group_id = #{parent.objectID,jdbcType=INTEGER} user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND guacamole_entity.type = 'USER_GROUP' AND guacamole_entity.type = 'USER_GROUP'
AND guacamole_entity.name IN AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
</delete> </delete>
@@ -76,12 +93,28 @@
guacamole_entity.entity_id guacamole_entity.entity_id
FROM guacamole_entity FROM guacamole_entity
WHERE WHERE
guacamole_entity.name IN guacamole_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caesSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier}
</when>
<otherwise>
LOWER(#{identifier})
</otherwise>
</choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER_GROUP'
AND guacamole_entity.entity_id NOT IN ( AND guacamole_entity.entity_id NOT IN (
SELECT guacamole_user_group_member.member_entity_id SELECT guacamole_user_group_member.member_entity_id
FROM guacamole_user_group_member FROM guacamole_user_group_member

16
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml
View File

@@ -44,6 +44,7 @@
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER}
@@ -60,7 +61,7 @@
AND guacamole_entity.type = 'USER' AND guacamole_entity.type = 'USER'
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -71,7 +72,7 @@
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -92,8 +93,10 @@
guacamole_entity.entity_id guacamole_entity.entity_id
FROM guacamole_entity FROM guacamole_entity
WHERE WHERE
guacamole_entity.type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -104,15 +107,14 @@
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER(#{identifier}) LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER'
AND guacamole_entity.entity_id NOT IN ( AND guacamole_entity.entity_id NOT IN (
SELECT guacamole_user_group_member.member_entity_id SELECT guacamole_user_group_member.member_entity_id
FROM guacamole_user_group_member FROM guacamole_user_group_member

53
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml
View File

@@ -41,14 +41,15 @@
JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id
JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id
WHERE WHERE
guacamole_user_group.user_group_id IN ( guacamole_entity.type = 'USER_GROUP'
AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND guacamole_entity.type = 'USER_GROUP'
</select> </select>
<!-- Delete parent groups by name --> <!-- Delete parent groups by name -->
@@ -60,10 +61,26 @@
WHERE WHERE
member_entity_id = #{parent.entityID,jdbcType=INTEGER} member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND guacamole_entity.type = 'USER_GROUP' AND guacamole_entity.type = 'USER_GROUP'
AND guacamole_entity.name IN AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
</delete> </delete>
@@ -79,12 +96,28 @@
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
guacamole_entity.name IN guacamole_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name
</when>
<otherwise>
LOWER(guacamole_entity.name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR} <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER_GROUP'
AND guacamole_user_group.user_group_id NOT IN ( AND guacamole_user_group.user_group_id NOT IN (
SELECT guacamole_user_group_member.user_group_id SELECT guacamole_user_group_member.user_group_id
FROM guacamole_user_group_member FROM guacamole_user_group_member

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java
View File

@@ -22,8 +22,6 @@ package org.apache.guacamole.auth.postgresql.conf;
import java.io.File; import java.io.File;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.guacamole.auth.jdbc.security.PasswordPolicy; import org.apache.guacamole.auth.jdbc.security.PasswordPolicy;
import org.apache.ibatis.session.SqlSession; import org.apache.ibatis.session.SqlSession;
@@ -33,11 +31,6 @@ import org.apache.ibatis.session.SqlSession;
*/ */
public class PostgreSQLEnvironment extends JDBCEnvironment { public class PostgreSQLEnvironment extends JDBCEnvironment {
/**
* Logger for this class.
*/
private static final Logger logger = LoggerFactory.getLogger(PostgreSQLEnvironment.class);
/** /**
* The default host to connect to, if POSTGRESQL_HOSTNAME is not specified. * The default host to connect to, if POSTGRESQL_HOSTNAME is not specified.
*/ */
@@ -399,19 +392,4 @@ public class PostgreSQLEnvironment extends JDBCEnvironment {
true); true);
} }
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// By default, PostgreSQL does perform case-sensitive string comparisons.
// Even though usernames are generally not case-sensitive across
// most authenticaiton systems, we've elected to maintain case-
// sensitivity in this module in order to avoid surprising anyone who
// may be relying upon it.
return getProperty(
PostgreSQLGuacamoleProperties.POSTGRESQL_CASE_SENSITIVE_USERNAMES,
super.getCaseSensitiveUsernames()
);
}
} }

44
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
View File

@@ -51,11 +51,23 @@
JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
type = 'USER_GROUP'::guacamole_entity_type type = 'USER_GROUP'::guacamole_entity_type
AND name IN AND
<foreach collection="${groups}" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} name IN
</foreach> <foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND disabled = false AND disabled = false
) )
</if> </if>
@@ -81,11 +93,23 @@
JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE
type = 'USER_GROUP'::guacamole_entity_type type = 'USER_GROUP'::guacamole_entity_type
AND name IN AND
<foreach collection="effectiveGroups" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} name IN
</foreach> <foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND guacamole_user_group.disabled = false AND guacamole_user_group.disabled = false
</if> </if>
UNION UNION

32
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
View File

@@ -82,9 +82,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -92,8 +93,9 @@
<!-- Select identifiers of all readable connections --> <!-- Select identifiers of all readable connections -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -115,8 +117,9 @@
<if test="parentIdentifier == null">parent_id IS NULL</if> <if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_id IN ( AND connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
</select> </select>
@@ -194,8 +197,9 @@
</foreach> </foreach>
AND guacamole_connection.connection_id IN ( AND guacamole_connection.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
GROUP BY guacamole_connection.connection_id; GROUP BY guacamole_connection.connection_id;
@@ -209,8 +213,9 @@
</foreach> </foreach>
AND guacamole_sharing_profile.sharing_profile_id IN ( AND guacamole_sharing_profile.sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -226,8 +231,9 @@
</foreach> </foreach>
AND guacamole_connection_attribute.connection_id IN ( AND guacamole_connection_attribute.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

16
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -62,7 +62,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{record.username,jdbcType=VARCHAR} guacamole_entity.name = #{record.username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -119,7 +119,7 @@
FROM guacamole_user FROM guacamole_user
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
</when> </when>
<otherwise> <otherwise>
@@ -188,16 +188,18 @@
<!-- Restrict to readable connections --> <!-- Restrict to readable connections -->
AND guacamole_connection_history.connection_id IN ( AND guacamole_connection_history.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
<!-- Restrict to readable users --> <!-- Restrict to readable users -->
AND guacamole_connection_history.user_id IN ( AND guacamole_connection_history.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
@@ -214,7 +216,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0
</when> </when>
<otherwise> <otherwise>

37
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
View File

@@ -83,9 +83,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -93,8 +94,9 @@
<!-- Select identifiers of all readable connection groups --> <!-- Select identifiers of all readable connection groups -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -116,8 +118,9 @@
<if test="parentIdentifier == null">parent_id IS NULL</if> <if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_group_id IN ( AND connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
</select> </select>
@@ -190,8 +193,9 @@
</foreach> </foreach>
AND guacamole_connection_group.connection_group_id IN ( AND guacamole_connection_group.connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -204,8 +208,9 @@
</foreach> </foreach>
AND guacamole_connection_group.connection_group_id IN ( AND guacamole_connection_group.connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -218,8 +223,9 @@
</foreach> </foreach>
AND guacamole_connection.connection_id IN ( AND guacamole_connection.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -235,8 +241,9 @@
</foreach> </foreach>
AND guacamole_connection_group_attribute.connection_group_id IN ( AND guacamole_connection_group_attribute.connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer
@@ -74,9 +76,10 @@
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND connection_group_id IN AND connection_group_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_id = #{identifier,jdbcType=INTEGER}::integer AND connection_id = #{identifier,jdbcType=INTEGER}::integer
@@ -74,9 +76,10 @@
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND connection_id IN AND connection_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
@@ -74,9 +76,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND sharing_profile_id IN AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
View File

@@ -39,9 +39,10 @@
FROM guacamole_system_permission FROM guacamole_system_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -55,9 +56,10 @@
FROM guacamole_system_permission FROM guacamole_system_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type

85
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml
View File

@@ -43,9 +43,10 @@
JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_group_permission.entity_id"/> <property name="column" value="guacamole_user_group_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type
@@ -63,13 +64,22 @@
JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_group_permission.entity_id"/> <property name="column" value="guacamole_user_group_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND affected_entity.name = #{identifier,jdbcType=VARCHAR}
AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</select> </select>
@@ -82,21 +92,34 @@
JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_group_permission.entity_id"/> <property name="column" value="guacamole_user_group_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.name IN AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(affected_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND permission IN AND permission IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}::guacamole_object_permission_type #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type
</foreach> </foreach>
AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type
</select> </select>
@@ -108,12 +131,29 @@
WHERE WHERE
guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id
AND affected_group.entity_id = affected_entity.entity_id AND affected_group.entity_id = affected_entity.entity_id
AND (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
(guacamole_user_group_permission.entity_id, permission, affected_entity.name)
</when>
<otherwise>
(guacamole_user_group_permission.entity_id, permission, LOWER(affected_entity.name))
</otherwise>
</choose>
IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
(#{permission.entityID,jdbcType=INTEGER}, (#{permission.entityID,jdbcType=INTEGER},
#{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
#{permission.objectIdentifier,jdbcType=INTEGER}) <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
#{permission.objectIdentifier,jdbcType=INTEGER}
</when>
<otherwise>
LOWER(#{permission.objectIdentifier,jdbcType=INTEGER})
</otherwise>
</choose>
)
</foreach> </foreach>
AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type
@@ -140,7 +180,14 @@
</foreach> </foreach>
AS permissions AS permissions
JOIN guacamole_entity affected_entity ON JOIN guacamole_entity affected_entity ON
affected_entity.name = permissions.affected_name <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = permissions.affected_name
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(permissions.affected_name)
</otherwise>
</choose>
AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type
JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id
WHERE (permissions.entity_id, permissions.permission, affected_group.user_group_id) NOT IN ( WHERE (permissions.entity_id, permissions.permission, affected_group.user_group_id) NOT IN (

44
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
View File

@@ -43,9 +43,10 @@
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/> <property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER'::guacamole_entity_type AND affected_entity.type = 'USER'::guacamole_entity_type
@@ -63,14 +64,16 @@
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/> <property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND affected_entity.type = 'USER'::guacamole_entity_type
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR} affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -78,8 +81,6 @@
</otherwise> </otherwise>
</choose> </choose>
AND affected_entity.type = 'USER'::guacamole_entity_type
</select> </select>
<!-- Select identifiers accessible by the given entity for the given permissions --> <!-- Select identifiers accessible by the given entity for the given permissions -->
@@ -91,13 +92,15 @@
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/> <property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER'::guacamole_entity_type
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name IN affected_entity.name IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
@@ -117,7 +120,6 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}::guacamole_object_permission_type #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type
</foreach> </foreach>
AND affected_entity.type = 'USER'::guacamole_entity_type
</select> </select>
@@ -129,9 +131,11 @@
WHERE WHERE
guacamole_user_permission.affected_user_id = affected_user.user_id guacamole_user_permission.affected_user_id = affected_user.user_id
AND affected_user.entity_id = affected_entity.entity_id AND affected_user.entity_id = affected_entity.entity_id
AND affected_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
AND (guacamole_user_permission.entity_id, permission, affected_entity.name) IN (guacamole_user_permission.entity_id, permission, affected_entity.name) IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
(#{permission.entityID,jdbcType=INTEGER}, (#{permission.entityID,jdbcType=INTEGER},
@@ -140,7 +144,7 @@
</foreach> </foreach>
</when> </when>
<otherwise> <otherwise>
AND (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
(#{permission.entityID,jdbcType=INTEGER}, (#{permission.entityID,jdbcType=INTEGER},
@@ -149,7 +153,6 @@
</foreach> </foreach>
</otherwise> </otherwise>
</choose> </choose>
AND affected_entity.type = 'USER'::guacamole_entity_type
</delete> </delete>
@@ -174,15 +177,16 @@
</foreach> </foreach>
AS permissions AS permissions
JOIN guacamole_entity affected_entity ON JOIN guacamole_entity affected_entity ON
affected_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = permissions.affected_name affected_entity.name = permissions.affected_name
</when> </when>
<otherwise> <otherwise>
LOWER(affected_entity.name) = LOWER(permissions.affected_name) LOWER(affected_entity.name) = LOWER(permissions.affected_name)
</otherwise> </otherwise>
</choose> </choose>
AND affected_entity.type = 'USER'::guacamole_entity_type
JOIN guacamole_user affected_user ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_user affected_user ON affected_user.entity_id = affected_entity.entity_id
WHERE (permissions.entity_id, permissions.permission, affected_user.user_id) NOT IN ( WHERE (permissions.entity_id, permissions.permission, affected_user.user_id) NOT IN (
SELECT SELECT

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -66,9 +66,10 @@
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -76,8 +77,9 @@
<!-- Select identifiers of all readable sharing profiles --> <!-- Select identifiers of all readable sharing profiles -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -125,8 +127,9 @@
</foreach> </foreach>
AND guacamole_sharing_profile.sharing_profile_id IN ( AND guacamole_sharing_profile.sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -142,8 +145,9 @@
</foreach> </foreach>
AND guacamole_sharing_profile_attribute.sharing_profile_id IN ( AND guacamole_sharing_profile_attribute.sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml
View File

@@ -44,7 +44,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{username,jdbcType=VARCHAR} guacamole_entity.name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>

78
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
View File

@@ -82,9 +82,10 @@
FROM guacamole_user_permission FROM guacamole_user_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -94,14 +95,14 @@
SELECT guacamole_entity.name SELECT guacamole_entity.name
FROM guacamole_user FROM guacamole_user
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER'::guacamole_entity_type
guacamole_user.user_id IN ( AND guacamole_user.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_entity.type = 'USER'::guacamole_entity_type
</select> </select>
<!-- Select multiple users by username --> <!-- Select multiple users by username -->
@@ -130,9 +131,10 @@
FROM guacamole_user FROM guacamole_user
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id
WHERE WHERE guacamole_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -143,7 +145,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -151,7 +153,6 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
SELECT SELECT
@@ -161,9 +162,10 @@
FROM guacamole_user_attribute FROM guacamole_user_attribute
JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -174,7 +176,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -182,7 +184,7 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type; ;
</select> </select>
@@ -212,9 +214,10 @@
FROM guacamole_user FROM guacamole_user
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id
WHERE WHERE guacamole_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -225,7 +228,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -233,11 +236,11 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user.user_id IN ( AND guacamole_user.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
@@ -249,9 +252,10 @@
FROM guacamole_user_attribute FROM guacamole_user_attribute
JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -262,7 +266,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -270,11 +274,11 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user.user_id IN ( AND guacamole_user.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -306,16 +310,16 @@
FROM guacamole_user FROM guacamole_user
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id
WHERE WHERE guacamole_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{username,jdbcType=VARCHAR} guacamole_entity.name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR}) LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
SELECT SELECT
@@ -325,31 +329,31 @@
FROM guacamole_user_attribute FROM guacamole_user_attribute
JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{username,jdbcType=VARCHAR} guacamole_entity.name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR}) LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
</select> </select>
<!-- Delete single user by username --> <!-- Delete single user by username -->
<delete id="delete"> <delete id="delete">
DELETE FROM guacamole_entity DELETE FROM guacamole_entity
WHERE WHERE type = 'USER'::guacamole_entity_type
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
name = #{identifier,jdbcType=VARCHAR} name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
AND type = 'USER'::guacamole_entity_type
</delete> </delete>
<!-- Insert single user --> <!-- Insert single user -->

54
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml
View File

@@ -43,8 +43,9 @@
WHERE WHERE
guacamole_user_group.user_group_id IN ( guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
@@ -60,11 +61,24 @@
AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
AND guacamole_entity.entity_id = guacamole_user_group.entity_id AND guacamole_entity.entity_id = guacamole_user_group.entity_id
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
AND guacamole_entity.name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR} guacamole_entity.name IN
</foreach> <foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete> </delete>
<!-- Insert parent groups by name --> <!-- Insert parent groups by name -->
@@ -78,13 +92,25 @@
#{parent.entityID,jdbcType=INTEGER} #{parent.entityID,jdbcType=INTEGER}
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
guacamole_entity.name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR} guacamole_entity.name IN
</foreach> <foreach collection="children" item="identifier"
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND guacamole_user_group.user_group_id NOT IN ( AND guacamole_user_group.user_group_id NOT IN (
SELECT guacamole_user_group_member.user_group_id SELECT guacamole_user_group_member.user_group_id
FROM guacamole_user_group_member FROM guacamole_user_group_member

15
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
View File

@@ -50,7 +50,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{record.username,jdbcType=VARCHAR} guacamole_entity.name = #{record.username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -89,7 +89,7 @@
<if test="identifier != null"> <if test="identifier != null">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_user_history.username = #{identifier,jdbcType=VARCHAR} guacamole_user_history.username = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -107,7 +107,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0
</when> </when>
<otherwise> <otherwise>
@@ -161,15 +161,16 @@
<!-- Restrict to readable users --> <!-- Restrict to readable users -->
guacamole_connection_history.user_id IN ( guacamole_connection_history.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
<if test="identifier != null"> <if test="identifier != null">
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name = #{identifier,jdbcType=VARCHAR} guacamole_entity.name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -187,7 +188,7 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0
</when> </when>
<otherwise> <otherwise>

167
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
View File

@@ -68,9 +68,10 @@
FROM guacamole_user_group_permission FROM guacamole_user_group_permission
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -80,14 +81,14 @@
SELECT guacamole_entity.name SELECT guacamole_entity.name
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
guacamole_user_group.user_group_id IN ( AND guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
</select> </select>
<!-- Select multiple groups by name --> <!-- Select multiple groups by name -->
@@ -101,12 +102,25 @@
disabled disabled
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> guacamole_entity.name IN
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
;
SELECT SELECT
guacamole_user_group_attribute.user_group_id, guacamole_user_group_attribute.user_group_id,
@@ -115,12 +129,25 @@
FROM guacamole_user_group_attribute FROM guacamole_user_group_attribute
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> guacamole_entity.name IN
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
;
</select> </select>
@@ -135,16 +162,29 @@
disabled disabled
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> guacamole_entity.name IN
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND guacamole_user_group.user_group_id IN ( AND guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -155,16 +195,29 @@
FROM guacamole_user_group_attribute FROM guacamole_user_group_attribute
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE guacamole_entity.name IN WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> guacamole_entity.name IN
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND guacamole_user_group.user_group_id IN ( AND guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -181,9 +234,17 @@
disabled disabled
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
guacamole_entity.name = #{name,jdbcType=VARCHAR} AND
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
;
SELECT SELECT
guacamole_user_group_attribute.user_group_id, guacamole_user_group_attribute.user_group_id,
@@ -192,18 +253,34 @@
FROM guacamole_user_group_attribute FROM guacamole_user_group_attribute
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
guacamole_entity.name = #{name,jdbcType=VARCHAR} AND
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
guacamole_entity.name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
;
</select> </select>
<!-- Delete single group by name --> <!-- Delete single group by name -->
<delete id="delete"> <delete id="delete">
DELETE FROM guacamole_entity DELETE FROM guacamole_entity
WHERE WHERE type = 'USER_GROUP'::guacamole_entity_type
name = #{identifier,jdbcType=VARCHAR} AND
AND type = 'USER_GROUP'::guacamole_entity_type <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</delete> </delete>
<!-- Insert single group --> <!-- Insert single group -->

53
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml
View File

@@ -42,8 +42,9 @@
WHERE WHERE
guacamole_user_group.user_group_id IN ( guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER}
@@ -58,11 +59,24 @@
user_group_id = #{parent.objectID,jdbcType=INTEGER} user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND guacamole_entity.entity_id = member_entity_id AND guacamole_entity.entity_id = member_entity_id
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
AND guacamole_entity.name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR} guacamole_entity.name IN
</foreach> <foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete> </delete>
<!-- Insert member groups by name --> <!-- Insert member groups by name -->
@@ -75,13 +89,24 @@
#{parent.objectID,jdbcType=INTEGER}, #{parent.objectID,jdbcType=INTEGER},
guacamole_entity.entity_id guacamole_entity.entity_id
FROM guacamole_entity FROM guacamole_entity
WHERE WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
guacamole_entity.name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier} guacamole_entity.name IN
</foreach> <foreach collection="children" item="identifier"
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type open="(" separator="," close=")">
#{identifier}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier})
</foreach>
</otherwise>
</choose>
AND guacamole_entity.entity_id NOT IN ( AND guacamole_entity.entity_id NOT IN (
SELECT guacamole_user_group_member.member_entity_id SELECT guacamole_user_group_member.member_entity_id
FROM guacamole_user_group_member FROM guacamole_user_group_member

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml
View File

@@ -42,8 +42,9 @@
WHERE WHERE
guacamole_user.user_id IN ( guacamole_user.user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER}
@@ -60,7 +61,7 @@
AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -71,7 +72,7 @@
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -93,7 +94,7 @@
FROM guacamole_entity FROM guacamole_entity
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
guacamole_entity.name guacamole_entity.name
</when> </when>
<otherwise> <otherwise>
@@ -104,7 +105,7 @@
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier} #{identifier}
</when> </when>
<otherwise> <otherwise>

53
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml
View File

@@ -43,8 +43,9 @@
WHERE WHERE
guacamole_user_group.user_group_id IN ( guacamole_user_group.user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
@@ -60,11 +61,24 @@
AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
AND guacamole_entity.entity_id = guacamole_user_group.entity_id AND guacamole_entity.entity_id = guacamole_user_group.entity_id
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
AND guacamole_entity.name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR} guacamole_entity.name IN
</foreach> <foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete> </delete>
<!-- Insert parent groups by name --> <!-- Insert parent groups by name -->
@@ -78,13 +92,24 @@
#{parent.entityID,jdbcType=INTEGER} #{parent.entityID,jdbcType=INTEGER}
FROM guacamole_user_group FROM guacamole_user_group
JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
WHERE WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
guacamole_entity.name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR} guacamole_entity.name IN
</foreach> <foreach collection="children" item="identifier"
AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(guacamole_entity.name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND guacamole_user_group.user_group_id NOT IN ( AND guacamole_user_group.user_group_id NOT IN (
SELECT guacamole_user_group_member.user_group_id SELECT guacamole_user_group_member.user_group_id
FROM guacamole_user_group_member FROM guacamole_user_group_member

5
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java
View File

@@ -27,6 +27,7 @@ import java.util.Properties;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.sqlserver.conf.SQLServerDriver; import org.apache.guacamole.auth.sqlserver.conf.SQLServerDriver;
import org.apache.guacamole.auth.sqlserver.conf.SQLServerEnvironment; import org.apache.guacamole.auth.sqlserver.conf.SQLServerEnvironment;
import org.apache.guacamole.properties.CaseSensitivity;
import org.mybatis.guice.datasource.helper.JdbcHelper; import org.mybatis.guice.datasource.helper.JdbcHelper;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -96,8 +97,8 @@ public class SQLServerAuthenticationProviderModule implements Module {
// Capture which driver to use for the connection. // Capture which driver to use for the connection.
this.sqlServerDriver = environment.getSQLServerDriver(); this.sqlServerDriver = environment.getSQLServerDriver();
// Check for case-sensitivity and warn admin. // Check for case sensitivity and warn admin.
if (environment.getCaseSensitiveUsernames()) if (environment.getCaseSensitivity() != CaseSensitivity.DISABLED)
LOGGER.warn("The SQL Server module is currently configured to support " LOGGER.warn("The SQL Server module is currently configured to support "
+ "case-sensitive username comparisons, however, the default " + "case-sensitive username comparisons, however, the default "
+ "collations for SQL Server databases do not support " + "collations for SQL Server databases do not support "

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java
View File

@@ -329,18 +329,4 @@ public class SQLServerEnvironment extends JDBCEnvironment {
false); false);
} }
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// Get the configured or default value of the property.
boolean caseSensitiveUsernames = getProperty(
SQLServerGuacamoleProperties.SQLSERVER_CASE_SENSITIVE_USERNAMES,
super.getCaseSensitiveUsernames()
);
// Return as configured
return caseSensitiveUsernames;
}
} }

15
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java
View File

@@ -258,19 +258,4 @@ public class SQLServerGuacamoleProperties {
}; };
/**
* A property used to configure whether or not usernames within the SQL
* Server JDBC module should be treated as case-sensitive. While Guacamole
* will treat usernames as case-sensitive by default, SQL Server's default
* database collations do not do case-sensitive string comparisons, so in
* many cases this will effectively result in case-insensitive usernames.
*/
public static final BooleanGuacamoleProperty SQLSERVER_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-case-sensitive-usernames" ; }
};
} }

44
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
View File

@@ -51,11 +51,23 @@
JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE WHERE
type = 'USER_GROUP' type = 'USER_GROUP'
AND name IN AND
<foreach collection="${groups}" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} name IN
</foreach> <foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND disabled = 0 AND disabled = 0
) )
</if> </if>
@@ -83,11 +95,23 @@
JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE WHERE
type = 'USER_GROUP' type = 'USER_GROUP'
AND name IN AND
<foreach collection="effectiveGroups" item="effectiveGroup" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{effectiveGroup,jdbcType=VARCHAR} name IN
</foreach> <foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].disabled = 0 AND [guacamole_user_group].disabled = 0
</if> </if>
UNION ALL UNION ALL

32
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
View File

@@ -82,9 +82,10 @@
FROM [guacamole_connection_permission] FROM [guacamole_connection_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -92,8 +93,9 @@
<!-- Select identifiers of all readable connections --> <!-- Select identifiers of all readable connections -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -115,8 +117,9 @@
<if test="parentIdentifier == null">parent_id IS NULL</if> <if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_id IN ( AND connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
</select> </select>
@@ -199,8 +202,9 @@
</foreach> </foreach>
AND [guacamole_connection].connection_id IN ( AND [guacamole_connection].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -213,8 +217,9 @@
</foreach> </foreach>
AND [guacamole_sharing_profile].sharing_profile_id IN ( AND [guacamole_sharing_profile].sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -230,8 +235,9 @@
</foreach> </foreach>
AND [guacamole_connection_attribute].connection_id IN ( AND [guacamole_connection_attribute].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

16
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -69,7 +69,7 @@
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{record.username,jdbcType=VARCHAR} [guacamole_entity].name = #{record.username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -119,7 +119,7 @@
FROM [guacamole_user] FROM [guacamole_user]
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN username) > 0 CHARINDEX(#{term.term,jdbcType=VARCHAR} IN username) > 0
</when> </when>
<otherwise> <otherwise>
@@ -186,16 +186,18 @@
<!-- Restrict to readable connections --> <!-- Restrict to readable connections -->
AND [guacamole_connection_history].connection_id IN ( AND [guacamole_connection_history].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
<!-- Restrict to readable users --> <!-- Restrict to readable users -->
AND [guacamole_connection_history].user_id IN ( AND [guacamole_connection_history].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
@@ -212,7 +214,7 @@
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
<choose> <choose>
<hen test="caseSensitive"> <hen test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0
</when> </when>
<otherwise> <otherwise>

37
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
View File

@@ -83,9 +83,10 @@
FROM [guacamole_connection_group_permission] FROM [guacamole_connection_group_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -93,8 +94,9 @@
<!-- Select identifiers of all readable connection groups --> <!-- Select identifiers of all readable connection groups -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -116,8 +118,9 @@
<if test="parentIdentifier == null">parent_id IS NULL</if> <if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_group_id IN ( AND connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
</select> </select>
@@ -190,8 +193,9 @@
</foreach> </foreach>
AND [guacamole_connection_group].connection_group_id IN ( AND [guacamole_connection_group].connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -204,8 +208,9 @@
</foreach> </foreach>
AND [guacamole_connection_group].connection_group_id IN ( AND [guacamole_connection_group].connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -218,8 +223,9 @@
</foreach> </foreach>
AND [guacamole_connection].connection_id IN ( AND [guacamole_connection].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -235,8 +241,9 @@
</foreach> </foreach>
AND [guacamole_connection_group_attribute].connection_group_id IN ( AND [guacamole_connection_group_attribute].connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM [guacamole_connection_group_permission] FROM [guacamole_connection_group_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM [guacamole_connection_group_permission] FROM [guacamole_connection_group_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND connection_group_id = #{identifier,jdbcType=INTEGER} AND connection_group_id = #{identifier,jdbcType=INTEGER}
@@ -74,9 +76,10 @@
FROM [guacamole_connection_group_permission] FROM [guacamole_connection_group_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND connection_group_id IN AND connection_group_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM [guacamole_connection_permission] FROM [guacamole_connection_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM [guacamole_connection_permission] FROM [guacamole_connection_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND connection_id = #{identifier,jdbcType=INTEGER} AND connection_id = #{identifier,jdbcType=INTEGER}
@@ -74,9 +76,10 @@
FROM [guacamole_connection_permission] FROM [guacamole_connection_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND connection_id IN AND connection_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
View File

@@ -41,9 +41,10 @@
FROM [guacamole_sharing_profile_permission] FROM [guacamole_sharing_profile_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -58,9 +59,10 @@
FROM [guacamole_sharing_profile_permission] FROM [guacamole_sharing_profile_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND sharing_profile_id = #{identifier,jdbcType=INTEGER} AND sharing_profile_id = #{identifier,jdbcType=INTEGER}
@@ -74,9 +76,10 @@
FROM [guacamole_sharing_profile_permission] FROM [guacamole_sharing_profile_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND sharing_profile_id IN AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
View File

@@ -39,9 +39,10 @@
FROM [guacamole_system_permission] FROM [guacamole_system_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -55,9 +56,10 @@
FROM [guacamole_system_permission] FROM [guacamole_system_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}

81
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml
View File

@@ -43,9 +43,10 @@
JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_group_permission].entity_id"/> <property name="column" value="[guacamole_user_group_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER_GROUP' AND affected_entity.type = 'USER_GROUP'
@@ -63,13 +64,22 @@
JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_group_permission].entity_id"/> <property name="column" value="[guacamole_user_group_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = #{type,jdbcType=VARCHAR}
AND affected_entity.name = #{identifier,jdbcType=VARCHAR}
AND affected_entity.type = 'USER_GROUP' AND affected_entity.type = 'USER_GROUP'
AND permission = #{type,jdbcType=VARCHAR}
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</select> </select>
@@ -82,21 +92,34 @@
JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_group_permission].entity_id"/> <property name="column" value="[guacamole_user_group_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.name IN AND affected_entity.type = 'USER_GROUP'
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(affected_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND permission IN AND permission IN
<foreach collection="permissions" item="permission" <foreach collection="permissions" item="permission"
open="(" separator="," close=")"> open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR} #{permission,jdbcType=VARCHAR}
</foreach> </foreach>
AND affected_entity.type = 'USER_GROUP'
</select> </select>
@@ -112,8 +135,16 @@
open="(" separator=" OR " close=")"> open="(" separator=" OR " close=")">
([guacamole_user_group_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND ([guacamole_user_group_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND permission = #{permission.type,jdbcType=VARCHAR} AND
affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER_GROUP'
affected_entity.type = 'USER_GROUP') <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR})
</otherwise>
</choose>
)
</foreach> </foreach>
</delete> </delete>
@@ -139,8 +170,16 @@
</foreach> </foreach>
AS permissions AS permissions
JOIN [guacamole_entity] affected_entity ON JOIN [guacamole_entity] affected_entity ON
affected_entity.name = permissions.affected_name affected_entity.type = 'USER_GROUP'
AND affected_entity.type = 'USER_GROUP' AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = permissions.affected_name
</when>
<test>
LOWER(affected_entity.name) = LOWER(permissions.affected_name)
</test>
</choose>
JOIN [guacamole_user_group] affected_group ON affected_group.entity_id = affected_entity.entity_id JOIN [guacamole_user_group] affected_group ON affected_group.entity_id = affected_entity.entity_id
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_group_permission] WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_group_permission]
WHERE [guacamole_user_group_permission].entity_id = permissions.entity_id WHERE [guacamole_user_group_permission].entity_id = permissions.entity_id

39
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
View File

@@ -42,12 +42,14 @@
JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id
JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
affected_entity.type = 'USER'
AND
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_permission].entity_id"/> <property name="column" value="[guacamole_user_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER'
</select> </select>
@@ -63,21 +65,22 @@
JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_permission].entity_id"/> <property name="column" value="[guacamole_user_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER'
AND permission = #{type,jdbcType=VARCHAR} AND permission = #{type,jdbcType=VARCHAR}
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR} affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
AND affected_entity.type = 'USER'
</select> </select>
@@ -90,13 +93,15 @@
JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_permission].entity_id"/> <property name="column" value="[guacamole_user_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND affected_entity.type = 'USER'
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name IN affected_entity.name IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
@@ -116,7 +121,6 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR} #{permission,jdbcType=VARCHAR}
</foreach> </foreach>
AND affected_entity.type = 'USER'
</select> </select>
@@ -133,7 +137,7 @@
([guacamole_user_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND ([guacamole_user_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND permission = #{permission.type,jdbcType=VARCHAR} AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -167,15 +171,16 @@
</foreach> </foreach>
AS permissions AS permissions
JOIN [guacamole_entity] affected_entity ON JOIN [guacamole_entity] affected_entity ON
affected_entity.type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = permissions.affected_name affected_entity.name = permissions.affected_name
</when> </when>
<otherwise> <otherwise>
LOWER(affected_entity.name) = LOWER(permissions.affected_name) LOWER(affected_entity.name) = LOWER(permissions.affected_name)
</otherwise> </otherwise>
</choose> </choose>
AND affected_entity.type = 'USER'
JOIN [guacamole_user] affected_user ON affected_user.entity_id = affected_entity.entity_id JOIN [guacamole_user] affected_user ON affected_user.entity_id = affected_entity.entity_id
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_permission] WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_permission]
WHERE [guacamole_user_permission].entity_id = permissions.entity_id WHERE [guacamole_user_permission].entity_id = permissions.entity_id

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -66,9 +66,10 @@
FROM [guacamole_sharing_profile_permission] FROM [guacamole_sharing_profile_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -76,8 +77,9 @@
<!-- Select identifiers of all readable sharing profiles --> <!-- Select identifiers of all readable sharing profiles -->
<select id="selectReadableIdentifiers" resultType="string"> <select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
</select> </select>
@@ -125,8 +127,9 @@
</foreach> </foreach>
AND [guacamole_sharing_profile].sharing_profile_id IN ( AND [guacamole_sharing_profile].sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -142,8 +145,9 @@
</foreach> </foreach>
AND [guacamole_sharing_profile_attribute].sharing_profile_id IN ( AND [guacamole_sharing_profile_attribute].sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml
View File

@@ -44,7 +44,7 @@
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{username,jdbcType=VARCHAR} [guacamole_entity].name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>

63
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
View File

@@ -82,9 +82,10 @@
FROM [guacamole_user_permission] FROM [guacamole_user_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -97,8 +98,9 @@
WHERE WHERE
[guacamole_user].user_id IN ( [guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND [guacamole_entity].type = 'USER' AND [guacamole_entity].type = 'USER'
@@ -134,8 +136,10 @@
FROM [guacamole_user] FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_entity].type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name [guacamole_entity].name
</when> </when>
<otherwise> <otherwise>
@@ -146,7 +150,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -154,7 +158,7 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND [guacamole_entity].type = 'USER'; ;
SELECT SELECT
[guacamole_user_attribute].user_id, [guacamole_user_attribute].user_id,
@@ -164,8 +168,10 @@
JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_entity].type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name [guacamole_entity].name
</when> </when>
<otherwise> <otherwise>
@@ -176,7 +182,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -184,7 +190,7 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND [guacamole_entity].type = 'USER'; ;
</select> </select>
@@ -218,8 +224,10 @@
FROM [guacamole_user] FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_entity].type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name [guacamole_entity].name
</when> </when>
<otherwise> <otherwise>
@@ -230,7 +238,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -238,7 +246,6 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND [guacamole_entity].type = 'USER'
AND [guacamole_user].user_id IN ( AND [guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
@@ -254,8 +261,10 @@
JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_entity].type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name [guacamole_entity].name
</when> </when>
<otherwise> <otherwise>
@@ -266,7 +275,7 @@
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -274,11 +283,11 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND [guacamole_entity].type = 'USER'
AND [guacamole_user].user_id IN ( AND [guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -314,15 +323,17 @@
FROM [guacamole_user] FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_entity].type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{username,jdbcType=VARCHAR} [guacamole_entity].name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR}) LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
AND [guacamole_entity].type = 'USER'; ;
SELECT SELECT
[guacamole_user_attribute].user_id, [guacamole_user_attribute].user_id,
@@ -332,15 +343,16 @@
JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_entity].type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{username,jdbcType=VARCHAR} [guacamole_entity].name = #{username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR}) LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
AND [guacamole_entity].type = 'USER'
</select> </select>
@@ -348,15 +360,16 @@
<delete id="delete"> <delete id="delete">
DELETE FROM [guacamole_entity] DELETE FROM [guacamole_entity]
WHERE WHERE
type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
name = #{identifier,jdbcType=VARCHAR} name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise> </otherwise>
</choose> </choose>
AND type = 'USER'
</delete> </delete>
<!-- Insert single user --> <!-- Insert single user -->

53
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml
View File

@@ -43,8 +43,9 @@
WHERE WHERE
[guacamole_user_group].user_group_id IN ( [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER}
@@ -60,11 +61,24 @@
WHERE WHERE
member_entity_id = #{parent.entityID,jdbcType=INTEGER} member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP' AND [guacamole_entity].type = 'USER_GROUP'
AND [guacamole_entity].name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR} [guacamole_entity].name IN
</foreach> <foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete> </delete>
<!-- Insert parent groups by name --> <!-- Insert parent groups by name -->
@@ -79,12 +93,25 @@
FROM [guacamole_user_group] FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_entity].name IN [guacamole_entity].type = 'USER_GROUP'
<foreach collection="children" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> [guacamole_entity].name IN
AND [guacamole_entity].type = 'USER_GROUP' <foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].user_group_id NOT IN ( AND [guacamole_user_group].user_group_id NOT IN (
SELECT [guacamole_user_group_member].user_group_id SELECT [guacamole_user_group_member].user_group_id
FROM [guacamole_user_group_member] FROM [guacamole_user_group_member]

15
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
View File

@@ -50,7 +50,7 @@
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{record.username,jdbcType=VARCHAR} [guacamole_entity].name = #{record.username,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -89,7 +89,7 @@
<if test="identifier != null"> <if test="identifier != null">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_user_history].username = #{identifier,jdbcType=VARCHAR} [guacamole_user_history].username = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -107,7 +107,7 @@
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0
</when> </when>
<otherwise> <otherwise>
@@ -159,15 +159,16 @@
<!-- Restrict to readable users --> <!-- Restrict to readable users -->
[guacamole_connection_history].user_id IN ( [guacamole_connection_history].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
<if test="identifier != null"> <if test="identifier != null">
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{identifier,jdbcType=VARCHAR} [guacamole_entity].name = #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -185,7 +186,7 @@
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE WHERE
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0
</when> </when>
<otherwise> <otherwise>

153
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
View File

@@ -68,9 +68,10 @@
FROM [guacamole_user_group_permission] FROM [guacamole_user_group_permission]
WHERE WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/> <property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/> <property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/> <property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
AND permission = 'READ' AND permission = 'READ'
</sql> </sql>
@@ -81,13 +82,14 @@
FROM [guacamole_user_group] FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE WHERE
[guacamole_user_group].user_group_id IN ( [guacamole_entity].type = 'USER_GROUP'
AND [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND [guacamole_entity].type = 'USER_GROUP'
</select> </select>
<!-- Select multiple groups by name --> <!-- Select multiple groups by name -->
@@ -101,12 +103,26 @@
disabled disabled
FROM [guacamole_user_group] FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].name IN WHERE [guacamole_entity].type = 'USER_GROUP'
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> [guacamole_entity].name IN
AND [guacamole_entity].type = 'USER_GROUP'; <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
;
SELECT SELECT
[guacamole_user_group_attribute].user_group_id, [guacamole_user_group_attribute].user_group_id,
@@ -115,12 +131,26 @@
FROM [guacamole_user_group_attribute] FROM [guacamole_user_group_attribute]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].name IN WHERE [guacamole_entity].type = 'USER_GROUP'
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> [guacamole_entity].name IN
AND [guacamole_entity].type = 'USER_GROUP'; <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
;
</select> </select>
@@ -135,16 +165,29 @@
disabled disabled
FROM [guacamole_user_group] FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].name IN WHERE [guacamole_entity].type = 'USER_GROUP'
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> [guacamole_entity].name IN
AND [guacamole_entity].type = 'USER_GROUP' <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].user_group_id IN ( AND [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -155,16 +198,29 @@
FROM [guacamole_user_group_attribute] FROM [guacamole_user_group_attribute]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].name IN WHERE [guacamole_entity].type = 'USER_GROUP'
<foreach collection="identifiers" item="identifier" AND
open="(" separator="," close=")"> <choose>
#{identifier,jdbcType=VARCHAR} <when test="caseSensitivity.caseSensitiveGroupNames()">
</foreach> [guacamole_entity].name IN
AND [guacamole_entity].type = 'USER_GROUP' <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].user_group_id IN ( AND [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
); );
@@ -181,9 +237,17 @@
disabled disabled
FROM [guacamole_user_group] FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE WHERE [guacamole_entity].type = 'USER_GROUP'
[guacamole_entity].name = #{name,jdbcType=VARCHAR} AND
AND [guacamole_entity].type = 'USER_GROUP'; <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
;
SELECT SELECT
[guacamole_user_group_attribute].user_group_id, [guacamole_user_group_attribute].user_group_id,
@@ -192,9 +256,16 @@
FROM [guacamole_user_group_attribute] FROM [guacamole_user_group_attribute]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE WHERE [guacamole_entity].type = 'USER_GROUP'
[guacamole_entity].name = #{name,jdbcType=VARCHAR} AND
AND [guacamole_entity].type = 'USER_GROUP' <choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
</select> </select>

54
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml
View File

@@ -42,8 +42,9 @@
WHERE WHERE
[guacamole_user_group].user_group_id IN ( [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER} AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
@@ -58,11 +59,24 @@
WHERE WHERE
user_group_id = #{parent.objectID,jdbcType=INTEGER} user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP' AND [guacamole_entity].type = 'USER_GROUP'
AND [guacamole_entity].name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier,jdbcType=VARCHAR} [guacamole_entity].name IN
</foreach> <foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete> </delete>
<!-- Insert member groups by name --> <!-- Insert member groups by name -->
@@ -75,13 +89,25 @@
#{parent.objectID,jdbcType=INTEGER}, #{parent.objectID,jdbcType=INTEGER},
[guacamole_entity].entity_id [guacamole_entity].entity_id
FROM [guacamole_entity] FROM [guacamole_entity]
WHERE WHERE [guacamole_entity].type = 'USER_GROUP'
[guacamole_entity].name IN AND
<foreach collection="children" item="identifier" <choose>
open="(" separator="," close=")"> <when test="caseSensitivity.caseSensitiveGroupNames()">
#{identifier} [guacamole_entity].name IN
</foreach> <foreach collection="children" item="identifier"
AND [guacamole_entity].type = 'USER_GROUP' open="(" separator="," close=")">
#{identifier}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier})
</foreach>
</otherwise>
</choose>
AND [guacamole_entity].entity_id NOT IN ( AND [guacamole_entity].entity_id NOT IN (
SELECT [guacamole_user_group_member].member_entity_id SELECT [guacamole_user_group_member].member_entity_id
FROM [guacamole_user_group_member] FROM [guacamole_user_group_member]

17
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml
View File

@@ -42,8 +42,9 @@
WHERE WHERE
[guacamole_user].user_id IN ( [guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include> </include>
) )
AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER} AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
@@ -60,7 +61,7 @@
AND [guacamole_entity].type = 'USER' AND [guacamole_entity].type = 'USER'
AND AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name [guacamole_entity].name
</when> </when>
<otherwise> <otherwise>
@@ -71,7 +72,7 @@
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</when> </when>
<otherwise> <otherwise>
@@ -91,9 +92,10 @@
#{parent.objectID,jdbcType=INTEGER}, #{parent.objectID,jdbcType=INTEGER},
[guacamole_entity].entity_id [guacamole_entity].entity_id
FROM [guacamole_entity] FROM [guacamole_entity]
WHERE WHERE [guacamole_entity].type = 'USER'
AND
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name [guacamole_entity].name
</when> </when>
<otherwise> <otherwise>
@@ -104,7 +106,7 @@
<foreach collection="children" item="identifier" <foreach collection="children" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">
<choose> <choose>
<when test="caseSensitive"> <when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier} #{identifier}
</when> </when>
<otherwise> <otherwise>
@@ -112,7 +114,6 @@
</otherwise> </otherwise>
</choose> </choose>
</foreach> </foreach>
AND [guacamole_entity].type = 'USER'
AND [guacamole_entity].entity_id NOT IN ( AND [guacamole_entity].entity_id NOT IN (
SELECT [guacamole_user_group_member].member_entity_id SELECT [guacamole_user_group_member].member_entity_id
FROM [guacamole_user_group_member] FROM [guacamole_user_group_member]

Some files were not shown because too many files have changed in this diff Show More