From 61f6c8ceb13671316c9e5f13d7a67273793be6c9 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Sat, 12 Oct 2024 16:16:39 -0400 Subject: [PATCH 1/8] GUACAMOLE-1239: Add case-sensitivity settings to permissions mappers and services. --- .../base/ModeledDirectoryObjectService.java | 2 +- .../permission/AbstractPermissionService.java | 2 +- .../ModeledObjectPermissionService.java | 12 +- .../permission/ModeledPermissionService.java | 5 +- .../permission/ObjectPermissionMapper.java | 14 +- .../jdbc/permission/PermissionMapper.java | 21 ++- .../jdbc/permission/PermissionService.java | 18 +++ .../permission/SystemPermissionService.java | 10 +- .../jdbc/permission/UserPermissionMapper.java | 137 +----------------- .../permission/UserPermissionService.java | 12 ++ 10 files changed, 83 insertions(+), 150 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java index e7e04e5e7..94c7407da 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java @@ -513,7 +513,7 @@ public abstract class ModeledDirectoryObjectService implicitPermissions = getImplicitPermissions(user, model); if (!implicitPermissions.isEmpty()) - getPermissionMapper().insert(implicitPermissions); + getPermissionMapper().insert(implicitPermissions, getCaseSensitiveIdentifiers()); // Add any arbitrary attributes if (model.hasArbitraryAttributes()) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java index eb320bdb3..90dec2f9d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java @@ -42,7 +42,7 @@ import org.apache.guacamole.net.auth.permission.PermissionSet; public abstract class AbstractPermissionService, PermissionType extends Permission> implements PermissionService { - + /** * Returns the ObjectPermissionSet related to the type of the given entity. * If the given entity represents a user, then the ObjectPermissionSet diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java index fd70f6ac1..f9d55c14d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java @@ -133,10 +133,12 @@ public abstract class ModeledObjectPermissionService // Create permissions only if user has permission to do so if (canAlterPermissions(user, targetEntity, permissions)) { + boolean caseSensitive = getCaseSensitiveIdentifiers(); + batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - getPermissionMapper().insert(models); + getPermissionMapper().insert(models, caseSensitive); }); return; @@ -156,10 +158,12 @@ public abstract class ModeledObjectPermissionService // Delete permissions only if user has permission to do so if (canAlterPermissions(user, targetEntity, permissions)) { + boolean caseSensitive = getCaseSensitiveIdentifiers(); + batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - getPermissionMapper().delete(models); + getPermissionMapper().delete(models, caseSensitive); }); return; @@ -179,7 +183,7 @@ public abstract class ModeledObjectPermissionService // Retrieve permissions only if allowed if (canReadPermissions(user, targetEntity)) return getPermissionMapper().selectOne(targetEntity.getModel(), - type, identifier, effectiveGroups) != null; + type, identifier, effectiveGroups, getCaseSensitiveIdentifiers()) != null; // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); @@ -205,7 +209,7 @@ public abstract class ModeledObjectPermissionService if (canReadPermissions(user, targetEntity)) return getPermissionMapper().selectAccessibleIdentifiers( targetEntity.getModel(), permissions, identifiers, - effectiveGroups); + effectiveGroups, getCaseSensitiveIdentifiers()); // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java index 6f8c09f73..ee35c44e1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java @@ -192,7 +192,10 @@ public abstract class ModeledPermissionService effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitive") boolean caseSensitive); /** * Retrieves the subset of the given identifiers for which the given entity @@ -79,6 +84,10 @@ public interface ObjectPermissionMapper extends PermissionMapper selectAccessibleIdentifiers(@Param("entity") EntityModel entity, @Param("permissions") Collection permissions, @Param("identifiers") Collection identifiers, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitive") boolean caseSensitive); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java index edd66f494..92746e4f3 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java @@ -43,12 +43,17 @@ public interface PermissionMapper { * when determining the permissions effectively granted to the user. If * no groups are given, only permissions directly granted to the user * will be used. + * + * @param caseSensitive + * "true" if identifiers should be treated as case-sensitive, otherwise + * "false". * * @return * All permissions associated with the given entity. */ Collection select(@Param("entity") EntityModel entity, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitive") boolean caseSensitive); /** * Inserts the given permissions into the database. If any permissions @@ -56,11 +61,16 @@ public interface PermissionMapper { * * @param permissions * The permissions to insert. + * + * @param caseSensitive + * "true" if identifiers should be treated as case-sensitive, otherwise + * "false". * * @return * The number of rows inserted. */ - int insert(@Param("permissions") Collection permissions); + int insert(@Param("permissions") Collection permissions, + @Param("caseSensitive") boolean caseSensitive); /** * Deletes the given permissions from the database. If any permissions do @@ -68,10 +78,15 @@ public interface PermissionMapper { * * @param permissions * The permissions to delete. + * + * @param caseSensitive + * "true" if identifiers should be treated as case-sensitive, otherwise + * "false". * * @return * The number of rows deleted. */ - int delete(@Param("permissions") Collection permissions); + int delete(@Param("permissions") Collection permissions, + @Param("caseSensitive") boolean caseSensitive); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java index a48157ebc..63584c032 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java @@ -43,6 +43,24 @@ import org.apache.guacamole.net.auth.permission.PermissionSet; public interface PermissionService, PermissionType extends Permission> { + /** + * Return "true" if identifiers should be treated as case-sensitive, + * otherwise "false". + * + * @return + * "true" if identifiers should be treated as case-sensitive, otherwise + * "false". + * + * @throws GuacamoleException + * If an error occurs retrieving configuration information related to + * case-sensitivity. + */ + default boolean getCaseSensitiveIdentifiers() throws GuacamoleException { + + // By default identifiers are case-insensitive. + return false; + } + /** * Returns a permission set that can be used to retrieve and manipulate the * permissions of the given entity. diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java index 1a0f1523c..63bd8b3bf 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java @@ -98,10 +98,13 @@ public class SystemPermissionService // system permissions if (user.isPrivileged()) { + // Pull identifier case sensitivity + boolean caseSensitive = getCaseSensitiveIdentifiers(); + batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - systemPermissionMapper.insert(models); + systemPermissionMapper.insert(models, caseSensitive); }); return; @@ -125,10 +128,13 @@ public class SystemPermissionService if (user.getUser().getIdentifier().equals(targetEntity.getIdentifier())) throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed."); + // Pull case sensitivity + boolean caseSensitive = getCaseSensitiveIdentifiers(); + batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - systemPermissionMapper.delete(models); + systemPermissionMapper.delete(models, caseSensitive); }); return; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.java index daa3c0263..b093bdbd1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.java @@ -19,142 +19,7 @@ package org.apache.guacamole.auth.jdbc.permission; -import java.util.Collection; -import org.apache.guacamole.auth.jdbc.base.EntityModel; -import org.apache.guacamole.net.auth.permission.ObjectPermission; -import org.apache.ibatis.annotations.Param; - /** * Mapper for user permissions. */ -public interface UserPermissionMapper extends ObjectPermissionMapper { - - /** - * Deletes the given permissions from the database. If any permissions do - * not exist, they will be ignored. - * - * @param permissions - * The permissions to delete. - * - * @param caseSensitive - * Whether or not string comparisons for usernames will be done in a - * case-sensitive manner. - * - * @return - * The number of rows deleted. - */ - int delete(@Param("permissions") Collection permissions, - @Param("caseSensitive") boolean caseSensitive); - - /** - * Inserts the given permissions into the database. If any permissions - * already exist, they will be ignored. - * - * @param permissions - * The permissions to insert. - * - * @param caseSensitive - * Whether or not string comparisons for usernames will be done in a - * case-sensitive manner. - * - * @return - * The number of rows inserted. - */ - int insert(@Param("permissions") Collection permissions, - @Param("caseSensitive") boolean caseSensitive); - - /** - * Retrieves all permissions associated with the given entity (user or user - * group). - * - * @param entity - * The entity to retrieve permissions for. - * - * @param effectiveGroups - * The identifiers of all groups that should be taken into account - * when determining the permissions effectively granted to the user. If - * no groups are given, only permissions directly granted to the user - * will be used. - * - * @param caseSensitive - * Whether or not string comparisons for usernames will be done in a - * case-sensitive manner. - * - * @return - * All permissions associated with the given entity. - */ - Collection select(@Param("entity") EntityModel entity, - @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); - - /** - * Retrieve the permission of the given type associated with the given - * entity and object, if it exists. If no such permission exists, null is - * returned. - * - * @param entity - * The entity to retrieve permissions for. - * - * @param type - * The type of permission to return. - * - * @param identifier - * The identifier of the object affected by the permission to return. - * - * @param effectiveGroups - * The identifiers of all groups that should be taken into account - * when determining the permissions effectively granted to the user. If - * no groups are given, only permissions directly granted to the user - * will be used. - * - * @param caseSensitive - * Whether or not string comparisons for usernames will be done in a - * case-sensitive manner. - * - * @return - * The requested permission, or null if no such permission is granted - * to the given entity for the given object. - */ - ObjectPermissionModel selectOne(@Param("entity") EntityModel entity, - @Param("type") ObjectPermission.Type type, - @Param("identifier") String identifier, - @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); - - /** - * Retrieves the subset of the given identifiers for which the given entity - * has at least one of the given permissions. - * - * @param entity - * The entity to check permissions of. - * - * @param permissions - * The permissions to check. An identifier will be included in the - * resulting collection if at least one of these permissions is granted - * for the associated object - * - * @param identifiers - * The identifiers of the objects affected by the permissions being - * checked. - * - * @param effectiveGroups - * The identifiers of all groups that should be taken into account - * when determining the permissions effectively granted to the user. If - * no groups are given, only permissions directly granted to the user - * will be used. - * - * @param caseSensitive - * Whether or not string comparisons for usernames will be done in a - * case-sensitive manner. - * - * @return - * A collection containing the subset of identifiers for which at least - * one of the specified permissions is granted. - */ - Collection selectAccessibleIdentifiers(@Param("entity") EntityModel entity, - @Param("permissions") Collection permissions, - @Param("identifiers") Collection identifiers, - @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); - -} +public interface UserPermissionMapper extends ObjectPermissionMapper {} \ No newline at end of file diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java index ed8689a7f..11b453754 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java @@ -24,6 +24,7 @@ import com.google.inject.Provider; import java.util.Set; import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; @@ -46,6 +47,17 @@ public class UserPermissionService extends ModeledObjectPermissionService { @Inject private Provider userPermissionSetProvider; + /** + * The server environment for retrieving configuration data. + */ + @Inject + private JDBCEnvironment environment; + + @Override + public boolean getCaseSensitiveIdentifiers() throws GuacamoleException { + return environment.getCaseSensitiveUsernames(); + } + @Override protected ObjectPermissionMapper getPermissionMapper() { return userPermissionMapper; From 2c5414aee24383774f76cbb783e1ff9b9882d04c Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Mon, 14 Oct 2024 11:16:06 -0400 Subject: [PATCH 2/8] GUACAMOLE-1239: Fix issue with records added by non-JDBC connections. --- .../guacamole/auth/jdbc/HistoryTrackingConnection.java | 8 +------- .../auth/jdbc/permission/AbstractPermissionService.java | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java index cdd50e3bc..c8aea8536 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java @@ -56,12 +56,6 @@ public class HistoryTrackingConnection extends DelegatingConnection { * established connections. */ private final ConnectionRecordMapper connectionRecordMapper; - - /** - * The Guacamole server environment. - */ - @Inject - private JDBCEnvironment environment; /** * Creates a new HistoryConnection that wraps the given connection, @@ -106,7 +100,7 @@ public class HistoryTrackingConnection extends DelegatingConnection { // Insert the connection history record to mark the start of this connection connectionRecordMapper.insert(connectionRecordModel, - environment.getCaseSensitiveUsernames()); + currentUser.isCaseSensitive()); // Include history record UUID as token ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java index 90dec2f9d..eb320bdb3 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java @@ -42,7 +42,7 @@ import org.apache.guacamole.net.auth.permission.PermissionSet; public abstract class AbstractPermissionService, PermissionType extends Permission> implements PermissionService { - + /** * Returns the ObjectPermissionSet related to the type of the given entity. * If the given entity represents a user, then the ObjectPermissionSet From b26c37eba6459e74174bb4571513f437142359e9 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Fri, 18 Oct 2024 07:29:10 -0400 Subject: [PATCH 3/8] GUACAMOLE-1239: Update case-sensitivity logic for AbstractIdentifiable --- .../apache/guacamole/net/auth/AbstractIdentifiable.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java index f0cd2ed1a..c7b8a950c 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java @@ -73,11 +73,12 @@ public abstract class AbstractIdentifiable implements Identifiable { if (otherIdentifier == null) return identifier == null; - // If this identifier is case-sensitive, evaluate with case-sensitivity. - if (isCaseSensitive()) + // If either this identifier or the one we're comparing to is + // case-sensitive, evaluate with case-sensitivity. + if (isCaseSensitive() || ((AbstractIdentifiable) other).isCaseSensitive()) return otherIdentifier.equals(identifier); - // The identifier should not be evaluated in a case-sensitive manner. + // Both identifiers can be evaluated in a case-insensitive manner. return otherIdentifier.equalsIgnoreCase(identifier); } From d3da20ff54c90fa455fb6c86502adcaa7c571b85 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Sun, 27 Oct 2024 22:28:40 -0400 Subject: [PATCH 4/8] GUACAMOLE-1239: Correct comment in Identifiable case sensitive method. --- .../main/java/org/apache/guacamole/net/auth/Identifiable.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Identifiable.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Identifiable.java index b5e0136c2..0bfd6caf8 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Identifiable.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Identifiable.java @@ -46,8 +46,8 @@ public interface Identifiable { /** * Whether or not this identifier should be evaluated in a case-sensitive - * manner or not. By default this returns true and the identifier will - * be evaluated in a case-sensitive manner. + * manner. By default this returns true and the identifier will be + * evaluated in a case-sensitive manner. * * @return * True if the comparisons of this identifier should be case-sensitive, From 240dcd9a523a0438f57894a05c24f0c3070e5cee Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Sun, 27 Oct 2024 22:29:12 -0400 Subject: [PATCH 5/8] GUACAMOLE-1239: JDBC module should pull case-sensitivity from authentcated user when possible. --- .../jdbc/connection/ConnectionService.java | 4 ++-- .../tunnel/AbstractGuacamoleTunnelService.java | 2 +- .../auth/jdbc/user/ModeledUserContext.java | 2 +- .../guacamole/auth/jdbc/user/UserService.java | 18 +++++++++--------- .../jdbc/usergroup/UserGroupMemberUserSet.java | 8 +------- 5 files changed, 14 insertions(+), 20 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java index e08d13b0c..2561e1508 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java @@ -494,7 +494,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService getObjectMapper() { return userMapper; @@ -254,7 +254,7 @@ public class UserService extends ModeledDirectoryObjectService existing = userMapper.select(Collections.singleton( - model.getIdentifier()), environment.getCaseSensitiveUsernames()); + model.getIdentifier()), user.isCaseSensitive()); if (!existing.isEmpty()) throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists."); @@ -291,7 +291,7 @@ public class UserService extends ModeledDirectoryObjectService Date: Thu, 31 Oct 2024 13:30:46 -0400 Subject: [PATCH 6/8] GUACAMOLE-1239: Remove per-extension configuration for case-sensitivity, retaining only global configuration. --- .../auth/header/ConfigurationService.java | 21 ------------ .../header/HTTPHeaderGuacamoleProperties.java | 13 ------- .../auth/header/user/AuthenticatedUser.java | 28 --------------- .../auth/mysql/conf/MySQLEnvironment.java | 11 ------ .../mysql/conf/MySQLGuacamoleProperties.java | 14 -------- .../conf/PostgreSQLEnvironment.java | 22 ------------ .../sqlserver/conf/SQLServerEnvironment.java | 14 -------- .../conf/SQLServerGuacamoleProperties.java | 15 -------- .../auth/json/ConfigurationService.java | 34 ------------------- .../auth/json/user/AuthenticatedUser.java | 22 ------------ .../auth/ldap/ConnectedLDAPConfiguration.java | 5 --- .../ldap/conf/DefaultLDAPConfiguration.java | 13 ------- .../conf/EnvironmentLDAPConfiguration.java | 14 -------- .../ldap/conf/JacksonLDAPConfiguration.java | 6 ---- .../auth/ldap/conf/LDAPConfiguration.java | 16 --------- .../ldap/conf/LDAPGuacamoleProperties.java | 12 ------- .../auth/ldap/user/LDAPAuthenticatedUser.java | 24 ------------- .../radius/conf/ConfigurationService.java | 21 ------------ .../conf/RadiusGuacamoleProperties.java | 13 ------- .../auth/radius/user/AuthenticatedUser.java | 15 +------- .../auth/sso/user/SSOAuthenticatedUser.java | 32 ----------------- .../auth/cas/conf/CASEnvironment.java | 14 -------- .../auth/cas/conf/CASGuacamoleProperties.java | 13 ------- .../openid/conf/ConfigurationService.java | 13 ------- .../auth/openid/conf/OpenIDEnvironment.java | 14 -------- .../auth/saml/conf/ConfigurationService.java | 12 ------- .../auth/saml/conf/SAMLEnvironment.java | 14 -------- .../auth/ssl/conf/ConfigurationService.java | 12 ------- .../auth/ssl/conf/SSLEnvironment.java | 13 ------- .../net/auth/AbstractAuthenticatedUser.java | 31 +++++++++++++++++ .../guacamole/net/auth/DelegatingUser.java | 5 +++ 31 files changed, 37 insertions(+), 469 deletions(-) diff --git a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java index d9f49813c..2ab1350dc 100644 --- a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java +++ b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java @@ -53,26 +53,5 @@ public class ConfigurationService { "REMOTE_USER" ); } - - /** - * Returns true if the usernames provided to the header authentication - * module should be treated as case-sensitive, or false if usernames - * should be treated as case-insensitive. This will default to the global - * Guacamole configuration for case-sensitivity, which defaults to true, but - * can be overridden for this extension, if desired. - * - * @return - * true if usernames should be treated as case-sensitive, otherwise - * false. - * - * @throws GuacamoleException - * If guacamole.properties cannot be parsed. - */ - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return environment.getProperty( - HTTPHeaderGuacamoleProperties.HTTP_AUTH_CASE_SENSITIVE_USERNAMES, - environment.getCaseSensitiveUsernames() - ); - } } diff --git a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java index acf514a75..bdc3dfd68 100644 --- a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java +++ b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java @@ -19,7 +19,6 @@ package org.apache.guacamole.auth.header; -import org.apache.guacamole.properties.BooleanGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty; @@ -44,17 +43,5 @@ public class HTTPHeaderGuacamoleProperties { public String getName() { return "http-auth-header"; } }; - - /** - * A property used to configure whether or not usernames within the header - * module should be treated as case-sensitive. - */ - public static final BooleanGuacamoleProperty HTTP_AUTH_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "http-auth-case-sensitive-usernames"; } - - }; } diff --git a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java index d498c5c4d..9686eac6a 100644 --- a/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java @@ -20,13 +20,9 @@ package org.apache.guacamole.auth.header.user; import com.google.inject.Inject; -import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.auth.header.ConfigurationService; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * An HTTP header implementation of AuthenticatedUser, associating a @@ -34,11 +30,6 @@ import org.slf4j.LoggerFactory; * provider. */ public class AuthenticatedUser extends AbstractAuthenticatedUser { - - /** - * Logger for this class. - */ - private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticatedUser.class); /** * Reference to the authentication provider associated with this @@ -46,12 +37,6 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { */ @Inject private AuthenticationProvider authProvider; - - /** - * Service for retrieving header configuration information. - */ - @Inject - private ConfigurationService confService; /** * The credentials provided when this user was authenticated. @@ -72,19 +57,6 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { this.credentials = credentials; setIdentifier(username.toLowerCase()); } - - @Override - public boolean isCaseSensitive() { - try { - return confService.getCaseSensitiveUsernames(); - } - catch (GuacamoleException e) { - LOGGER.error("Error when trying to retrieve header configuration: {}." - + " Usernames comparison will be case-sensitive.", e); - LOGGER.debug("Exception caught when retrieving header configuration.", e); - return true; - } - } @Override public AuthenticationProvider getAuthenticationProvider() { diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java index c26317332..4fb7b6c8d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java @@ -442,16 +442,5 @@ public class MySQLEnvironment extends JDBCEnvironment { true ); } - - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // Return the configured value for the property, or the global value. - return getProperty( - MySQLGuacamoleProperties.MYSQL_CASE_SENSITIVE_USERNAMES, - super.getCaseSensitiveUsernames() - ); - - } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java index bbb1a29b0..c7385db81 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java @@ -303,18 +303,4 @@ public class MySQLGuacamoleProperties { }; - /** - * A property used to configure whether or not usernames within the MySQL - * JDBC module should be treated as case-sensitive. Be aware that MySQL's - * default database collations do not do case-sensitive comparisons, so in - * many cases they will effectively be case-insensitive. - */ - public static final BooleanGuacamoleProperty MYSQL_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "mysql-case-sensitive-usernames"; } - - }; - } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java index d620521fb..8e79168ea 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java @@ -22,8 +22,6 @@ package org.apache.guacamole.auth.postgresql.conf; import java.io.File; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.apache.guacamole.auth.jdbc.security.PasswordPolicy; import org.apache.ibatis.session.SqlSession; @@ -33,11 +31,6 @@ import org.apache.ibatis.session.SqlSession; */ public class PostgreSQLEnvironment extends JDBCEnvironment { - /** - * Logger for this class. - */ - private static final Logger logger = LoggerFactory.getLogger(PostgreSQLEnvironment.class); - /** * The default host to connect to, if POSTGRESQL_HOSTNAME is not specified. */ @@ -398,20 +391,5 @@ public class PostgreSQLEnvironment extends JDBCEnvironment { PostgreSQLGuacamoleProperties.POSTGRESQL_ENFORCE_ACCESS_WINDOWS_FOR_ACTIVE_SESSIONS, true); } - - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // By default, PostgreSQL does perform case-sensitive string comparisons. - // Even though usernames are generally not case-sensitive across - // most authenticaiton systems, we've elected to maintain case- - // sensitivity in this module in order to avoid surprising anyone who - // may be relying upon it. - return getProperty( - PostgreSQLGuacamoleProperties.POSTGRESQL_CASE_SENSITIVE_USERNAMES, - super.getCaseSensitiveUsernames() - ); - - } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java index 68568d658..498479d79 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java @@ -328,19 +328,5 @@ public class SQLServerEnvironment extends JDBCEnvironment { SQLServerGuacamoleProperties.SQLSERVER_TRUST_ALL_SERVER_CERTIFICATES, false); } - - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // Get the configured or default value of the property. - boolean caseSensitiveUsernames = getProperty( - SQLServerGuacamoleProperties.SQLSERVER_CASE_SENSITIVE_USERNAMES, - super.getCaseSensitiveUsernames() - ); - - // Return as configured - return caseSensitiveUsernames; - - } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java index 8a4e1ee28..c4df81381 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java @@ -257,20 +257,5 @@ public class SQLServerGuacamoleProperties { public String getName() { return "sqlserver-trust-all-server-certificates"; } }; - - /** - * A property used to configure whether or not usernames within the SQL - * Server JDBC module should be treated as case-sensitive. While Guacamole - * will treat usernames as case-sensitive by default, SQL Server's default - * database collations do not do case-sensitive string comparisons, so in - * many cases this will effectively result in case-insensitive usernames. - */ - public static final BooleanGuacamoleProperty SQLSERVER_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "sqlserver-case-sensitive-usernames" ; } - - }; } diff --git a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/ConfigurationService.java b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/ConfigurationService.java index 6fb2cd403..fd4d5d72f 100644 --- a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/ConfigurationService.java +++ b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/ConfigurationService.java @@ -24,7 +24,6 @@ import java.util.Collection; import java.util.Collections; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.environment.Environment; -import org.apache.guacamole.properties.BooleanGuacamoleProperty; import org.apache.guacamole.properties.ByteArrayProperty; import org.apache.guacamole.properties.StringGuacamoleProperty; @@ -39,20 +38,6 @@ public class ConfigurationService { */ @Inject private Environment environment; - - /** - * A property used to configure whether or not usernames within the JSON - * module should be treated as case-sensitive. - */ - private static final BooleanGuacamoleProperty JSON_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { - return "json-case-sensitive-usernames"; - } - - }; /** * The encryption key to use for all decryption and signature verification. @@ -79,25 +64,6 @@ public class ConfigurationService { } }; - - /** - * Returns true if the usernames provided to the JSON authentication - * module should be treated as case-sensitive, or false if usernames - * should be treated as case-insensitive. The default will be taken from - * the global Guacamole configuration, which defaults to true, but - * can be overridden for this extension. - * - * @return - * true if usernames should be treated as case-sensitive, otherwise - * false. - * - * @throws GuacamoleException - * If guacamole.properties cannot be parsed. - */ - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return environment.getProperty(JSON_CASE_SENSITIVE_USERNAMES, - environment.getCaseSensitiveUsernames()); - } /** * Returns the symmetric key which will be used to encrypt and sign all diff --git a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/AuthenticatedUser.java b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/AuthenticatedUser.java index 0eeab697a..82d81c406 100644 --- a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/AuthenticatedUser.java @@ -20,8 +20,6 @@ package org.apache.guacamole.auth.json.user; import com.google.inject.Inject; -import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.auth.json.ConfigurationService; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; @@ -46,13 +44,6 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { */ @Inject private AuthenticationProvider authProvider; - - /** - * Reference to the configuration service associated with this - * authentication provider. - */ - @Inject - private ConfigurationService confService; /** * The credentials provided when this user was authenticated. @@ -82,19 +73,6 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { this.userData = userData; setIdentifier(userData.getUsername()); } - - @Override - public boolean isCaseSensitive() { - try { - return confService.getCaseSensitiveUsernames(); - } - catch (GuacamoleException e) { - LOGGER.error("Error when attempting to get the JSON configuration: {}. " - + "Username comparisons will be case-sensitive.", e.getMessage()); - LOGGER.debug("Exception caught while retrieving JSON configuration.", e); - return true; - } - } @Override public AuthenticationProvider getAuthenticationProvider() { diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConnectedLDAPConfiguration.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConnectedLDAPConfiguration.java index 3f555ce5d..c41114c02 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConnectedLDAPConfiguration.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConnectedLDAPConfiguration.java @@ -223,10 +223,5 @@ public class ConnectedLDAPConfiguration implements LDAPConfiguration, AutoClosea public MemberAttributeType getMemberAttributeType() throws GuacamoleException { return config.getMemberAttributeType(); } - - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return config.getCaseSensitiveUsernames(); - } } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/DefaultLDAPConfiguration.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/DefaultLDAPConfiguration.java index 63cd64ab1..217964382 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/DefaultLDAPConfiguration.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/DefaultLDAPConfiguration.java @@ -19,7 +19,6 @@ package org.apache.guacamole.auth.ldap.conf; -import com.google.inject.Inject; import java.util.Collections; import java.util.List; import org.apache.directory.api.ldap.model.filter.ExprNode; @@ -28,7 +27,6 @@ import org.apache.directory.api.ldap.model.message.AliasDerefMode; import org.apache.directory.api.ldap.model.name.Dn; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleServerException; -import org.apache.guacamole.environment.Environment; /** * LDAPConfiguration implementation that returns the default values for all @@ -36,12 +34,6 @@ import org.apache.guacamole.environment.Environment; * required (such as {@link #getUserBaseDN()}), an exception is thrown. */ public class DefaultLDAPConfiguration implements LDAPConfiguration { - - /** - * The environment in which Guacamole is running. - */ - @Inject - private Environment environment; @Override public String appliesTo(String username) { @@ -158,10 +150,5 @@ public class DefaultLDAPConfiguration implements LDAPConfiguration { throws GuacamoleException { return MemberAttributeType.DN; } - - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return environment.getCaseSensitiveUsernames(); - } } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/EnvironmentLDAPConfiguration.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/EnvironmentLDAPConfiguration.java index 44a946417..5ffeb203b 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/EnvironmentLDAPConfiguration.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/EnvironmentLDAPConfiguration.java @@ -233,19 +233,5 @@ public class EnvironmentLDAPConfiguration implements LDAPConfiguration { DEFAULT.getMemberAttributeType() ); } - - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // Most LDAP directories do not factor in case when comparing usernames, - // however, in order to avoid surprising anyone who may rely on this - // behavior in Guacamole, this is currently defaulted the overall - // Guacamole configuration (default of true), but can be over-ridden - // for the LDAP extension specifically, if desired. - return environment.getProperty( - LDAPGuacamoleProperties.LDAP_CASE_SENSITIVE_USERNAMES, - environment.getCaseSensitiveUsernames() - ); - } } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java index bb9b474ee..d4ac0bc2e 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java @@ -446,11 +446,5 @@ public class JacksonLDAPConfiguration implements LDAPConfiguration { return withDefault(LDAPGuacamoleProperties.LDAP_MEMBER_ATTRIBUTE_TYPE, memberAttributeType, defaultConfig::getMemberAttributeType); } - - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return withDefault(LDAPGuacamoleProperties.LDAP_CASE_SENSITIVE_USERNAMES, - caseSensitiveUsernames, defaultConfig::getCaseSensitiveUsernames); - } } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPConfiguration.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPConfiguration.java index 31a847566..abbf9103a 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPConfiguration.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPConfiguration.java @@ -333,21 +333,5 @@ public interface LDAPConfiguration { * retrieved. */ MemberAttributeType getMemberAttributeType() throws GuacamoleException; - - /** - * Returns true if the usernames provided to the LDAP authentication - * module should be treated as case-sensitive, or false if usernames - * should be treated as case-insensitive. The default is true, usernames - * will be case-sensitive in keeping with the past behavior of Guacamole - * prior to the addition of this option. - * - * @return - * true if usernames should be treated as case-sensitive, otherwise - * false. - * - * @throws GuacamoleException - * If guacamole.properties cannot be parsed. - */ - boolean getCaseSensitiveUsernames() throws GuacamoleException; } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java index 072128ecf..7349356b9 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java @@ -306,17 +306,5 @@ public class LDAPGuacamoleProperties { public String getName() { return "ldap-member-attribute-type"; } }; - - /** - * A property used to configure whether or not usernames within the LDAP - * module should be treated as case-sensitive. - */ - public static final BooleanGuacamoleProperty LDAP_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "ldap-case-sensitive-usernames"; } - - }; } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java index f934afd57..24438f0ec 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java @@ -29,8 +29,6 @@ import org.apache.guacamole.auth.ldap.ConnectedLDAPConfiguration; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * An LDAP-specific implementation of AuthenticatedUser, associating a @@ -38,11 +36,6 @@ import org.slf4j.LoggerFactory; */ public class LDAPAuthenticatedUser extends AbstractAuthenticatedUser { - /** - * The logger for this class. - */ - private static final Logger LOGGER = LoggerFactory.getLogger(LDAPAuthenticatedUser.class); - /** * Reference to the authentication provider associated with this * authenticated user. @@ -143,23 +136,6 @@ public class LDAPAuthenticatedUser extends AbstractAuthenticatedUser { return config; } - @Override - public boolean isCaseSensitive() { - try { - return config.getCaseSensitiveUsernames(); - } - catch (GuacamoleException e) { - // LDAP authentication is almost universally case-insensitive, - // however, we're maintaining case-sensitivity within Guacamole - // at the moment in order to avoid surprising anyone with this change. - // Case-sensitivity can be disabled as a configuration option. - LOGGER.error("Error retrieving configuration for username case-sensitivity: {}. " - + "Username comparisons will be done case-sensitively.", e.getMessage()); - LOGGER.debug("Caught exception when retrieving case-sensitivity configuration.", e); - return true; - } - } - @Override public AuthenticationProvider getAuthenticationProvider() { return authProvider; diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/ConfigurationService.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/ConfigurationService.java index 614464142..78738ed53 100644 --- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/ConfigurationService.java +++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/ConfigurationService.java @@ -362,26 +362,5 @@ public class ConfigurationService { throw new GuacamoleServerException("Unknown host specified for NAS IP.", e); } } - - /** - * Returns true if the usernames provided to the RADIUS authentication - * module should be treated as case-sensitive, or false if usernames - * should be treated as case-insensitive. The default value is read from - * Guacamole's global configuration, which defaults to true, but can be - * overridden for the RADIUS extension, if desired. - * - * @return - * true if usernames should be treated as case-sensitive, otherwise - * false. - * - * @throws GuacamoleException - * If guacamole.properties cannot be parsed. - */ - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return environment.getProperty( - RadiusGuacamoleProperties.RADIUS_CASE_SENSITIVE_USERNAMES, - environment.getCaseSensitiveUsernames() - ); - } } diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/RadiusGuacamoleProperties.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/RadiusGuacamoleProperties.java index 459dc5859..19200e1c5 100644 --- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/RadiusGuacamoleProperties.java +++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/conf/RadiusGuacamoleProperties.java @@ -204,18 +204,5 @@ public class RadiusGuacamoleProperties { public String getName() { return "radius-nas-ip"; } }; - - /** - * A property used to configure whether or not usernames within the RADIUS - * module should be treated as case-sensitive. - */ - public static final BooleanGuacamoleProperty RADIUS_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "radius-case-sensitive-usernames"; } - - }; - } diff --git a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/user/AuthenticatedUser.java b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/user/AuthenticatedUser.java index ddedb860d..95792eedd 100644 --- a/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/user/AuthenticatedUser.java @@ -63,7 +63,7 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { */ public void init(Credentials credentials) { this.credentials = credentials; - setIdentifier(credentials.getUsername().toLowerCase()); + setIdentifier(credentials.getUsername()); } @Override @@ -75,18 +75,5 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { public Credentials getCredentials() { return credentials; } - - @Override - public boolean isCaseSensitive() { - try { - return confService.getCaseSensitiveUsernames(); - } - catch (GuacamoleException e) { - LOGGER.error("Error retrieving configuration for username case sensiivity. " - + "Usernames will be processed as case-sensitive."); - LOGGER.debug("Exception caught while retrieving RADIUS configuration.", e); - return true; - } - } } diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/user/SSOAuthenticatedUser.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/user/SSOAuthenticatedUser.java index 5f3e5d07a..25e0fc96b 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/user/SSOAuthenticatedUser.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/user/SSOAuthenticatedUser.java @@ -23,13 +23,9 @@ import com.google.inject.Inject; import java.util.Collections; import java.util.Map; import java.util.Set; -import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.environment.Environment; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * An AuthenticatedUser whose identity has been supplied by an arbitrary SSO @@ -38,11 +34,6 @@ import org.slf4j.LoggerFactory; * by that user. */ public class SSOAuthenticatedUser extends AbstractAuthenticatedUser { - - /** - * Logger for this class. - */ - private static final Logger LOGGER = LoggerFactory.getLogger(SSOAuthenticatedUser.class); /** * Reference to the authentication provider associated with this @@ -50,12 +41,6 @@ public class SSOAuthenticatedUser extends AbstractAuthenticatedUser { */ @Inject private AuthenticationProvider authProvider; - - /** - * The environment in which this instance of Guacamole is running. - */ - @Inject - private Environment environment; /** * The credentials provided when this user was authenticated. @@ -127,22 +112,5 @@ public class SSOAuthenticatedUser extends AbstractAuthenticatedUser { public Set getEffectiveUserGroups() { return effectiveGroups; } - - @Override - public boolean isCaseSensitive() { - try { - return environment.getCaseSensitiveUsernames(); - } - catch (GuacamoleException e) { - // Most SSO systems do not consider usernames to be case-sensitive; - // however, in order to avoid any surprises created by the introduction - // of case-sensitivity, we've opted to continue to evaluate these - // usernames in a case-sensitive manner by default. - LOGGER.error("Error occurred when trying to retrieve case-sensitivity configuration: {}. " - + "Usernames comparisons will be done in a case-sensitive manner.", e.getMessage()); - LOGGER.debug("Exception caught when trying to access the case-sensitivity property.", e); - return true; - } - } } diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASEnvironment.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASEnvironment.java index 45973f3fc..1c76d854a 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASEnvironment.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASEnvironment.java @@ -19,7 +19,6 @@ package org.apache.guacamole.auth.cas.conf; -import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.environment.DelegatingEnvironment; import org.apache.guacamole.environment.LocalEnvironment; @@ -37,17 +36,4 @@ public class CASEnvironment extends DelegatingEnvironment { super(LocalEnvironment.getInstance()); } - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // While most SSO systems do not consider usernames case-sensitive, - // this defaults to the global Guacamole configuration, which defaults - // to true, in order to avoid surprising or breaking environments that - // may rely on this behavior. This can be overridden for the entire - // Guacamole instance or for this extension. - return getProperty(CASGuacamoleProperties.CAS_CASE_SENSITIVE_USERNAMES, - super.getCaseSensitiveUsernames()); - - } - } diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java index cb40b9740..7bb363f9c 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java @@ -20,7 +20,6 @@ package org.apache.guacamole.auth.cas.conf; import org.apache.guacamole.auth.cas.group.GroupFormat; -import org.apache.guacamole.properties.BooleanGuacamoleProperty; import org.apache.guacamole.properties.EnumGuacamoleProperty; import org.apache.guacamole.properties.URIGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty; @@ -118,17 +117,5 @@ public class CASGuacamoleProperties { public String getName() { return "cas-group-ldap-attribute"; } }; - - /** - * A property used to configure whether or not usernames within the CAS SSO - * module should be treated as case-sensitive. - */ - public static final BooleanGuacamoleProperty CAS_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "cas-case-sensitive-usernames"; } - - }; } diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java index 58204277a..96c6426f5 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java @@ -26,7 +26,6 @@ import java.util.Collections; import java.util.List; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.environment.Environment; -import org.apache.guacamole.properties.BooleanGuacamoleProperty; import org.apache.guacamole.properties.IntegerGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty; import org.apache.guacamole.properties.URIGuacamoleProperty; @@ -220,18 +219,6 @@ public class ConfigurationService { public String getName() { return "openid-redirect-uri"; } }; - - /** - * A property used to configure whether or not usernames within the OpenID - * SSO module should be treated as case-sensitive. - */ - public static final BooleanGuacamoleProperty OPENID_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "openid-case-sensitive-usernames"; } - - }; /** * The Guacamole server environment. diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/OpenIDEnvironment.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/OpenIDEnvironment.java index a8ea4d081..440463081 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/OpenIDEnvironment.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/OpenIDEnvironment.java @@ -19,7 +19,6 @@ package org.apache.guacamole.auth.openid.conf; -import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.environment.DelegatingEnvironment; import org.apache.guacamole.environment.LocalEnvironment; @@ -37,17 +36,4 @@ public class OpenIDEnvironment extends DelegatingEnvironment { super(LocalEnvironment.getInstance()); } - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // While most SSO systems do not consider usernames case-sensitive, - // this defaults to the global Guacamole configuration, which defaults - // to true, in order to avoid surprising or breaking environments that - // may rely on this behavior. This can be overridden for the entire - // Guacamole instance or for this extension. - return getProperty(ConfigurationService.OPENID_CASE_SENSITIVE_USERNAMES, - super.getCaseSensitiveUsernames()); - - } - } diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java index 8419658ec..47ead8820 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java @@ -189,18 +189,6 @@ public class ConfigurationService { public String getName() { return "saml-private-key-path"; } }; - - /** - * A property used to configure whether or not usernames within the SAML SSO - * module should be treated as case-sensitive. - */ - public static final BooleanGuacamoleProperty SAML_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "saml-case-sensitive-usernames"; } - - }; /** * The Guacamole server environment. diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/SAMLEnvironment.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/SAMLEnvironment.java index b294db528..8704069c4 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/SAMLEnvironment.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/SAMLEnvironment.java @@ -19,7 +19,6 @@ package org.apache.guacamole.auth.saml.conf; -import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.environment.DelegatingEnvironment; import org.apache.guacamole.environment.LocalEnvironment; @@ -37,17 +36,4 @@ public class SAMLEnvironment extends DelegatingEnvironment { super(LocalEnvironment.getInstance()); } - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // While most SSO systems do not consider usernames case-sensitive, - // this defaults to the global Guacamole configuration, which defaults - // to true, in order to avoid surprising or breaking environments that - // may rely on this behavior. This can be overridden for the entire - // Guacamole instance or for this extension. - return getProperty(ConfigurationService.SAML_CASE_SENSITIVE_USERNAMES, - super.getCaseSensitiveUsernames()); - - } - } diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/ConfigurationService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/ConfigurationService.java index 9a165cbcc..9f9c4a49e 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/ConfigurationService.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/ConfigurationService.java @@ -187,18 +187,6 @@ public class ConfigurationService { public String getName() { return "ssl-max-domain-validity"; } }; - - /** - * A property used to configure whether or not usernames within the SSL SSO - * module should be treated as case-sensitive. - */ - public static final BooleanGuacamoleProperty SSL_CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "ssl-case-sensitive-usernames"; } - - }; /** * The Guacamole server environment. diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/SSLEnvironment.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/SSLEnvironment.java index bf544dd0d..29d5d80f2 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/SSLEnvironment.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/SSLEnvironment.java @@ -37,17 +37,4 @@ public class SSLEnvironment extends DelegatingEnvironment { super(LocalEnvironment.getInstance()); } - @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - - // While most SSO systems do not consider usernames case-sensitive, - // this defaults to the global Guacamole configuration, which defaults - // to true, in order to avoid surprising or breaking environments that - // may rely on this behavior. This can be overridden for the entire - // Guacamole instance or for this extension. - return getProperty(ConfigurationService.SSL_CASE_SENSITIVE_USERNAMES, - super.getCaseSensitiveUsernames()); - - } - } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java index 36c4571e0..ae9bc48ea 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java @@ -21,6 +21,11 @@ package org.apache.guacamole.net.auth; import java.util.Collections; import java.util.Set; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.environment.LocalEnvironment; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Basic implementation of an AuthenticatedUser which uses the username to @@ -29,6 +34,17 @@ import java.util.Set; public abstract class AbstractAuthenticatedUser extends AbstractIdentifiable implements AuthenticatedUser { + /** + * The logger for this class. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(AbstractAuthenticatedUser.class); + + /** + * The server environment in which this Guacamole Client instance is + * running. + */ + private final Environment environment = LocalEnvironment.getInstance(); + // Prior functionality now resides within AbstractIdentifiable @Override @@ -36,6 +52,21 @@ public abstract class AbstractAuthenticatedUser extends AbstractIdentifiable return Collections.emptySet(); } + @Override + public boolean isCaseSensitive() { + try { + return environment.getCaseSensitiveUsernames(); + } + catch (GuacamoleException e) { + LOGGER.warn("Exception attempting to read the Guacamole configuration, " + + "usernames will be treated as case-sensitive.", e.getMessage()); + LOGGER.debug("Received GuacamoleException attempting to retrieve the " + + "case-sensitivity setting for usernames. Defaulting to" + + "case-sensitive usernames.", e); + return true; + } + } + @Override public void invalidate() { // Nothing to invalidate diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/DelegatingUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/DelegatingUser.java index 9f2d93b23..0777081f6 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/DelegatingUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/DelegatingUser.java @@ -83,6 +83,11 @@ public class DelegatingUser implements User { return user.isDisabled(); } + @Override + public boolean isCaseSensitive() { + return user.isCaseSensitive(); + } + @Override public void setDisabled(boolean disabled) { user.setDisabled(disabled); From cdc452475144a7c22d4017a8d77f6837aeb20be2 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Sun, 3 Nov 2024 07:40:07 -0500 Subject: [PATCH 7/8] GUACAMOLE-1239: Correct query error in UserPermissionMapper. --- .../guacamole/auth/jdbc/permission/UserPermissionMapper.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index f4cfab502..37203bcf5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -139,7 +139,7 @@ - AND (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN + (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN (#{permission.entityID,jdbcType=INTEGER}, From f314e78c7cf7a41f1d709f18e0bfc3d58b440b92 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Mon, 4 Nov 2024 20:29:51 -0500 Subject: [PATCH 8/8] GUACAMOLE-1239: Add case-sensitivity configuration for UserGroup objects and remove per-extension configuration. --- .../auth/jdbc/HistoryTrackingConnection.java | 10 +- .../auth/jdbc/base/ActivityRecordMapper.java | 25 +-- .../auth/jdbc/base/EntityMapper.java | 8 +- .../auth/jdbc/base/EntityService.java | 28 ++- .../base/ModeledDirectoryObjectMapper.java | 32 ++-- .../base/ModeledDirectoryObjectService.java | 36 ++-- .../auth/jdbc/base/ObjectRelationMapper.java | 24 +-- .../auth/jdbc/base/RelatedObjectSet.java | 24 +-- .../jdbc/connection/ConnectionMapper.java | 8 +- .../jdbc/connection/ConnectionService.java | 7 +- .../ConnectionGroupMapper.java | 4 +- .../ConnectionGroupService.java | 3 +- .../ModeledObjectPermissionService.java | 15 +- .../permission/ModeledPermissionService.java | 2 +- .../permission/ObjectPermissionMapper.java | 19 +- .../jdbc/permission/PermissionMapper.java | 22 ++- .../jdbc/permission/PermissionService.java | 19 +- .../permission/SystemPermissionMapper.java | 10 +- .../permission/SystemPermissionService.java | 13 +- .../permission/UserPermissionService.java | 7 +- .../jdbc/security/PasswordPolicyService.java | 2 +- .../AbstractGuacamoleTunnelService.java | 21 ++- .../guacamole/auth/jdbc/user/ModeledUser.java | 10 +- .../auth/jdbc/user/ModeledUserContext.java | 2 +- .../auth/jdbc/user/PasswordRecordMapper.java | 9 +- .../guacamole/auth/jdbc/user/UserMapper.java | 9 +- .../guacamole/auth/jdbc/user/UserService.java | 25 +-- .../auth/jdbc/usergroup/ModeledUserGroup.java | 30 ++++ .../auth/jdbc/usergroup/UserGroupMapper.java | 8 +- .../UserGroupMemberUserGroupSet.java | 13 ++ .../usergroup/UserGroupMemberUserSet.java | 12 +- .../UserGroupParentUserGroupSet.java | 13 ++ .../auth/jdbc/usergroup/UserGroupService.java | 19 +- .../MySQLAuthenticationProviderModule.java | 16 +- .../guacamole/auth/jdbc/base/EntityMapper.xml | 89 +++++++--- .../auth/jdbc/connection/ConnectionMapper.xml | 22 ++- .../connection/ConnectionRecordMapper.xml | 16 +- .../connectiongroup/ConnectionGroupMapper.xml | 37 ++-- .../ConnectionGroupPermissionMapper.xml | 21 ++- .../permission/ConnectionPermissionMapper.xml | 21 ++- .../SharingProfilePermissionMapper.xml | 21 ++- .../permission/SystemPermissionMapper.xml | 14 +- .../permission/UserGroupPermissionMapper.xml | 100 ++++++++--- .../jdbc/permission/UserPermissionMapper.xml | 31 ++-- .../sharingprofile/SharingProfileMapper.xml | 22 ++- .../auth/jdbc/user/PasswordRecordMapper.xml | 2 +- .../guacamole/auth/jdbc/user/UserMapper.xml | 44 ++--- .../jdbc/user/UserParentUserGroupMapper.xml | 47 ++++- .../auth/jdbc/user/UserRecordMapper.xml | 11 +- .../auth/jdbc/usergroup/UserGroupMapper.xml | 154 +++++++++++++--- .../UserGroupMemberUserGroupMapper.xml | 53 ++++-- .../usergroup/UserGroupMemberUserMapper.xml | 16 +- .../UserGroupParentUserGroupMapper.xml | 53 ++++-- .../guacamole/auth/jdbc/base/EntityMapper.xml | 44 +++-- .../auth/jdbc/connection/ConnectionMapper.xml | 32 ++-- .../connection/ConnectionRecordMapper.xml | 16 +- .../connectiongroup/ConnectionGroupMapper.xml | 37 ++-- .../ConnectionGroupPermissionMapper.xml | 21 ++- .../permission/ConnectionPermissionMapper.xml | 21 ++- .../SharingProfilePermissionMapper.xml | 21 ++- .../permission/SystemPermissionMapper.xml | 14 +- .../permission/UserGroupPermissionMapper.xml | 85 +++++++-- .../jdbc/permission/UserPermissionMapper.xml | 46 ++--- .../sharingprofile/SharingProfileMapper.xml | 22 ++- .../auth/jdbc/user/PasswordRecordMapper.xml | 2 +- .../guacamole/auth/jdbc/user/UserMapper.xml | 80 +++++---- .../jdbc/user/UserParentUserGroupMapper.xml | 54 ++++-- .../auth/jdbc/user/UserRecordMapper.xml | 15 +- .../auth/jdbc/usergroup/UserGroupMapper.xml | 167 +++++++++++++----- .../UserGroupMemberUserGroupMapper.xml | 53 ++++-- .../usergroup/UserGroupMemberUserMapper.xml | 13 +- .../UserGroupParentUserGroupMapper.xml | 53 ++++-- ...SQLServerAuthenticationProviderModule.java | 5 +- .../guacamole/auth/jdbc/base/EntityMapper.xml | 44 +++-- .../auth/jdbc/connection/ConnectionMapper.xml | 32 ++-- .../connection/ConnectionRecordMapper.xml | 16 +- .../connectiongroup/ConnectionGroupMapper.xml | 37 ++-- .../ConnectionGroupPermissionMapper.xml | 21 ++- .../permission/ConnectionPermissionMapper.xml | 21 ++- .../SharingProfilePermissionMapper.xml | 21 ++- .../permission/SystemPermissionMapper.xml | 14 +- .../permission/UserGroupPermissionMapper.xml | 83 ++++++--- .../jdbc/permission/UserPermissionMapper.xml | 45 ++--- .../sharingprofile/SharingProfileMapper.xml | 22 ++- .../auth/jdbc/user/PasswordRecordMapper.xml | 2 +- .../guacamole/auth/jdbc/user/UserMapper.xml | 65 ++++--- .../jdbc/user/UserParentUserGroupMapper.xml | 53 ++++-- .../auth/jdbc/user/UserRecordMapper.xml | 15 +- .../auth/jdbc/usergroup/UserGroupMapper.xml | 155 +++++++++++----- .../UserGroupMemberUserGroupMapper.xml | 54 ++++-- .../usergroup/UserGroupMemberUserMapper.xml | 17 +- .../UserGroupParentUserGroupMapper.xml | 53 ++++-- .../ldap/conf/JacksonLDAPConfiguration.java | 7 - .../environment/DelegatingEnvironment.java | 5 +- .../guacamole/environment/Environment.java | 35 ++-- .../net/auth/AbstractAuthenticatedUser.java | 12 +- .../net/auth/AbstractIdentifiable.java | 4 +- .../guacamole/net/auth/AbstractUserGroup.java | 30 ++++ .../guacamole/properties/CaseSensitivity.java | 92 ++++++++++ 99 files changed, 2091 insertions(+), 944 deletions(-) create mode 100644 guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java index c8aea8536..87de9eb5b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java @@ -23,11 +23,12 @@ import com.google.inject.Inject; import java.util.Date; import java.util.HashMap; import java.util.Map; - import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel; import org.apache.guacamole.auth.jdbc.connection.ModeledConnectionRecord; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.environment.LocalEnvironment; import org.apache.guacamole.net.GuacamoleTunnel; import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.DelegatingConnection; @@ -56,6 +57,11 @@ public class HistoryTrackingConnection extends DelegatingConnection { * established connections. */ private final ConnectionRecordMapper connectionRecordMapper; + + /** + * The environment in which Guacamole is running. + */ + private final Environment environment = LocalEnvironment.getInstance(); /** * Creates a new HistoryConnection that wraps the given connection, @@ -100,7 +106,7 @@ public class HistoryTrackingConnection extends DelegatingConnection { // Insert the connection history record to mark the start of this connection connectionRecordMapper.insert(connectionRecordModel, - currentUser.isCaseSensitive()); + environment.getCaseSensitivity()); // Include history record UUID as token ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java index 17b4571ed..a86094969 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java @@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base; import java.util.Collection; import java.util.List; import org.apache.guacamole.auth.jdbc.user.UserModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -39,15 +40,15 @@ public interface ActivityRecordMapper { * @param record * The activity record to insert. * - * @param caseSensitive - * Whether or not string comparisons should be done in a case-sensitive - * manner. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The number of rows inserted. */ int insert(@Param("record") ModelType record, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Updates the given activity record in the database, assigning an end @@ -91,9 +92,9 @@ public interface ActivityRecordMapper { * @param limit * The maximum number of records that should be returned. * - * @param caseSensitive - * Whether or not string comparisons should be done in a case-sensitive - * manner. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The results of the search performed with the given parameters. @@ -103,7 +104,7 @@ public interface ActivityRecordMapper { @Param("terms") Collection terms, @Param("sortPredicates") List sortPredicates, @Param("limit") int limit, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Searches for up to limit activity records that contain @@ -143,9 +144,9 @@ public interface ActivityRecordMapper { * no groups are given, only permissions directly granted to the user * will be used. * - * @param caseSensitive - * Whether or not string comparisons should be done in a case-sensitive - * manner. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The results of the search performed with the given parameters. @@ -157,6 +158,6 @@ public interface ActivityRecordMapper { @Param("sortPredicates") List sortPredicates, @Param("limit") int limit, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java index dbe7cb4d0..499171be8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java @@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.base; import java.util.Collection; import java.util.Set; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -67,6 +68,10 @@ public interface EntityMapper { * depth and may need to be executed multiple times. If it is known * that the database engine in question will always support (or always * not support) recursive queries, this parameter may be ignored. + * + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The set of identifiers of all groups that the given entity is a @@ -75,6 +80,7 @@ public interface EntityMapper { */ Set selectEffectiveGroupIdentifiers(@Param("entity") EntityModel entity, @Param("effectiveGroups") Collection effectiveGroups, - @Param("recursive") boolean recursive); + @Param("recursive") boolean recursive, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java index cc2a9aaf9..d1f9b5ca1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java @@ -22,9 +22,13 @@ package org.apache.guacamole.auth.jdbc.base; import com.google.inject.Inject; import java.util.Collection; import java.util.Set; +import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.session.SqlSession; import org.mybatis.guice.transactional.Transactional; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Service which provides convenience methods for creating, retrieving, and @@ -32,6 +36,11 @@ import org.mybatis.guice.transactional.Transactional; */ public class EntityService { + /** + * The Logger for this class. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(EntityService.class); + /** * The Guacamole server environment. */ @@ -76,9 +85,22 @@ public class EntityService { public Set retrieveEffectiveGroups(ModeledPermissions entity, Collection effectiveGroups) { + CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED; + try { + caseSensitivity = environment.getCaseSensitivity(); + } + catch (GuacamoleException e) { + LOGGER.warn("Unable to retrieve configuration setting for group " + + "name case sensitivity: {}. Group names will be treated " + + "as case-sensitive.", e.getMessage()); + LOGGER.debug("An exception was caught while trying to get group name" + + "case sensitivity configuration.", e); + } + // Retrieve the effective user groups of the given entity, recursively if possible boolean recursive = environment.isRecursiveQuerySupported(sqlSession); - Set identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), effectiveGroups, recursive); + Set identifiers = entityMapper.selectEffectiveGroupIdentifiers( + entity.getModel(), effectiveGroups, recursive, caseSensitivity); // If the set of user groups retrieved was not produced recursively, // manually repeat the query to expand the set until all effective @@ -87,7 +109,9 @@ public class EntityService { Set previousIdentifiers; do { previousIdentifiers = identifiers; - identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), previousIdentifiers, false); + identifiers = entityMapper.selectEffectiveGroupIdentifiers( + entity.getModel(), previousIdentifiers, false, + caseSensitivity); } while (identifiers.size() > previousIdentifiers.size()); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java index 5ff8edf15..971ae462f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java @@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base; import java.util.Collection; import java.util.Set; import org.apache.guacamole.auth.jdbc.user.UserModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -60,12 +61,17 @@ public interface ModeledDirectoryObjectMapper { * @param effectiveGroups * The identifiers of any known effective groups that should be taken * into account, such as those defined externally to the database. + * + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * A Set containing all identifiers of all readable objects. */ Set selectReadableIdentifiers(@Param("user") UserModel user, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects all objects which have the given identifiers. If an identifier @@ -77,15 +83,15 @@ public interface ModeledDirectoryObjectMapper { * @param identifiers * The identifiers of the objects to return. * - * @param caseSensitive - * true if the query should evaluate identifiers in a case-sensitive - * manner, otherwise false. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * A Collection of all objects having the given identifiers. */ Collection select(@Param("identifiers") Collection identifiers, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects all objects which have the given identifiers and are explicitly @@ -105,9 +111,9 @@ public interface ModeledDirectoryObjectMapper { * The identifiers of any known effective groups that should be taken * into account, such as those defined externally to the database. * - * @param caseSensitive - * true if the query should evaluate identifiers in a case-sensitive - * manner, otherwise false. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * A Collection of all objects having the given identifiers. @@ -115,7 +121,7 @@ public interface ModeledDirectoryObjectMapper { Collection selectReadable(@Param("user") UserModel user, @Param("identifiers") Collection identifiers, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Inserts the given object into the database. If the object already @@ -136,15 +142,15 @@ public interface ModeledDirectoryObjectMapper { * @param identifier * The identifier of the object to delete. * - * @param caseSensitive - * true if the query should evaluate the identifier in a - * case-sensitive manner, otherwise false. + * @param caseSensitivity + * The case sensitivity configuration that contains information on + * whether usernames and/or group names will be treated as case-sensitive. * * @return * The number of rows deleted. */ int delete(@Param("identifier") String identifier, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Updates the given existing object in the database. If the object does diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java index 94c7407da..0adcfbe2f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java @@ -27,9 +27,9 @@ import java.util.Collections; import java.util.List; import java.util.Set; import java.util.stream.Collectors; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel; @@ -37,6 +37,7 @@ import org.apache.guacamole.auth.jdbc.user.UserModel; import org.apache.guacamole.net.auth.Identifiable; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; import org.mybatis.guice.transactional.Transactional; /** @@ -117,20 +118,20 @@ public abstract class ModeledDirectoryObjectService models) throws GuacamoleException { // Create new collection of objects by manually converting each model - Collection objects = new ArrayList(models.size()); + Collection objects = new ArrayList<>(models.size()); for (ModelType model : models) objects.add(getObjectInstance(currentUser, model)); @@ -426,7 +427,7 @@ public abstract class ModeledDirectoryObjectService allObjects = Lists.partition(filteredIdentifiers, batchSize).stream() @@ -435,12 +436,12 @@ public abstract class ModeledDirectoryObjectService implicitPermissions = getImplicitPermissions(user, model); if (!implicitPermissions.isEmpty()) - getPermissionMapper().insert(implicitPermissions, getCaseSensitiveIdentifiers()); + getPermissionMapper().insert(implicitPermissions, getCaseSensitivity()); // Add any arbitrary attributes if (model.hasArbitraryAttributes()) @@ -530,7 +531,7 @@ public abstract class ModeledDirectoryObjectService { * The identifiers of the objects on the child side of the one-to-many * relationship represented by the RelatedObjectSet. * - * @param caseSensitive - * true if child identifiers should be treated as case-sensitive when - * performing lookups on them, or false if the queries should be done - * case-insensitively. + * @param caseSensitivity + * The case sensitivity configuration, used to determine whether + * usernames and/or group names will be treated as case-sensitive. * * @return * The number of rows inserted. */ int insert(@Param("parent") ParentModelType parent, @Param("children") Collection children, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Deletes rows as necessary to modify the one-to-many relationship @@ -76,17 +76,16 @@ public interface ObjectRelationMapper { * The identifiers of the objects on the child side of the one-to-many * relationship represented by the RelatedObjectSet. * - * @param caseSensitive - * true if child identifiers should be treated as case-sensitive when - * performing lookups on them, or false if the queries should be done - * case-insensitively. + * @param caseSensitivity + * The case sensitivity configuration, used to determine whether + * usernames and/or group names will be treated as case-sensitive. * * @return * The number of rows deleted. */ int delete(@Param("parent") ParentModelType parent, @Param("children") Collection children, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Retrieves the identifiers of all objects on the child side of the @@ -122,6 +121,10 @@ public interface ObjectRelationMapper { * @param effectiveGroups * The identifiers of any known effective groups that should be taken * into account, such as those defined externally to the database. + * + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @param parent * The model of the object on the parent side of the one-to-many @@ -133,6 +136,7 @@ public interface ObjectRelationMapper { */ Set selectReadableChildIdentifiers(@Param("user") UserModel user, @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity, @Param("parent") ParentModelType parent); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java index b661c3bf5..541afc793 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java @@ -22,11 +22,12 @@ package org.apache.guacamole.auth.jdbc.base; import java.util.Collection; import java.util.Collections; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; /** * A database implementation of RelatedObjectSet which provides access to a @@ -76,21 +77,21 @@ public abstract class RelatedObjectSet selectReadableIdentifiersWithin(@Param("user") UserModel user, @Param("parentIdentifier") String parentIdentifier, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects the connection within the given parent group and having the diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java index 2561e1508..3297d7fab 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java @@ -361,7 +361,8 @@ public class ConnectionService extends ModeledChildDirectoryObjectService selectReadableIdentifiersWithin(@Param("user") UserModel user, @Param("parentIdentifier") String parentIdentifier, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects the connection group within the given parent group and having diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java index dbf7793ec..0c106c286 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java @@ -226,7 +226,8 @@ public class ConnectionGroupService extends ModeledChildDirectoryObjectService { Collection models = getModelInstances( targetEntity, permissionSubset); - getPermissionMapper().insert(models, caseSensitive); + getPermissionMapper().insert(models, caseSensitivity); }); return; @@ -158,12 +159,12 @@ public abstract class ModeledObjectPermissionService // Delete permissions only if user has permission to do so if (canAlterPermissions(user, targetEntity, permissions)) { - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - getPermissionMapper().delete(models, caseSensitive); + getPermissionMapper().delete(models, caseSensitivity); }); return; @@ -183,7 +184,7 @@ public abstract class ModeledObjectPermissionService // Retrieve permissions only if allowed if (canReadPermissions(user, targetEntity)) return getPermissionMapper().selectOne(targetEntity.getModel(), - type, identifier, effectiveGroups, getCaseSensitiveIdentifiers()) != null; + type, identifier, effectiveGroups, getCaseSensitivity()) != null; // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); @@ -209,7 +210,7 @@ public abstract class ModeledObjectPermissionService if (canReadPermissions(user, targetEntity)) return getPermissionMapper().selectAccessibleIdentifiers( targetEntity.getModel(), permissions, identifiers, - effectiveGroups, getCaseSensitiveIdentifiers()); + effectiveGroups, getCaseSensitivity()); // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java index ee35c44e1..577b71374 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java @@ -195,7 +195,7 @@ public abstract class ModeledPermissionService effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Retrieves the subset of the given identifiers for which the given entity @@ -85,9 +86,9 @@ public interface ObjectPermissionMapper extends PermissionMapper permissions, @Param("identifiers") Collection identifiers, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java index 92746e4f3..9d9525b8b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java @@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.permission; import java.util.Collection; import org.apache.guacamole.auth.jdbc.base.EntityModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -44,16 +45,15 @@ public interface PermissionMapper { * no groups are given, only permissions directly granted to the user * will be used. * - * @param caseSensitive - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * @param caseSensitivity + * The case sensitivity configuration for usernames and group names. * * @return * All permissions associated with the given entity. */ Collection select(@Param("entity") EntityModel entity, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Inserts the given permissions into the database. If any permissions @@ -62,15 +62,14 @@ public interface PermissionMapper { * @param permissions * The permissions to insert. * - * @param caseSensitive - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * @param caseSensitivity + * The case sensitivity configuration for usernames and group names. * * @return * The number of rows inserted. */ int insert(@Param("permissions") Collection permissions, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Deletes the given permissions from the database. If any permissions do @@ -79,14 +78,13 @@ public interface PermissionMapper { * @param permissions * The permissions to delete. * - * @param caseSensitive - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * @param caseSensitivity + * The case sensitivity configuration for usernames and group names. * * @return * The number of rows deleted. */ int delete(@Param("permissions") Collection permissions, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java index 63584c032..6791c26a1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java @@ -21,12 +21,13 @@ package org.apache.guacamole.auth.jdbc.permission; import java.util.Collection; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.net.auth.permission.Permission; import org.apache.guacamole.net.auth.permission.PermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; /** * Service which provides convenience methods for creating, retrieving, and @@ -44,21 +45,21 @@ public interface PermissionService { /** - * Return "true" if identifiers should be treated as case-sensitive, - * otherwise "false". + * Return the current case sensitivity setting, allowing the system to + * determine if usernames and/or group names should be treated as case- + * sensitive. * * @return - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * The current case sensitivity configuration. * * @throws GuacamoleException * If an error occurs retrieving configuration information related to - * case-sensitivity. + * case sensitivity. */ - default boolean getCaseSensitiveIdentifiers() throws GuacamoleException { + default CaseSensitivity getCaseSensitivity() throws GuacamoleException { - // By default identifiers are case-insensitive. - return false; + // By default identifiers are case-sensitive. + return CaseSensitivity.ENABLED; } /** diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java index c676b72b1..e80f54897 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java @@ -21,8 +21,9 @@ package org.apache.guacamole.auth.jdbc.permission; import java.util.Collection; import org.apache.guacamole.auth.jdbc.base.EntityModel; -import org.apache.ibatis.annotations.Param; import org.apache.guacamole.net.auth.permission.SystemPermission; +import org.apache.guacamole.properties.CaseSensitivity; +import org.apache.ibatis.annotations.Param; /** * Mapper for system-level permissions. @@ -44,6 +45,10 @@ public interface SystemPermissionMapper extends PermissionMapper effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java index 63bd8b3bf..8a5bf07d1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java @@ -23,13 +23,14 @@ import com.google.inject.Inject; import com.google.inject.Provider; import java.util.Collection; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleUnsupportedException; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.net.auth.permission.SystemPermission; +import org.apache.guacamole.properties.CaseSensitivity; /** * Service which provides convenience methods for creating, retrieving, and @@ -99,12 +100,12 @@ public class SystemPermissionService if (user.isPrivileged()) { // Pull identifier case sensitivity - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - systemPermissionMapper.insert(models, caseSensitive); + systemPermissionMapper.insert(models, caseSensitivity); }); return; @@ -129,12 +130,12 @@ public class SystemPermissionService throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed."); // Pull case sensitivity - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - systemPermissionMapper.delete(models, caseSensitive); + systemPermissionMapper.delete(models, caseSensitivity); }); return; @@ -179,7 +180,7 @@ public class SystemPermissionService // Retrieve permissions only if allowed if (canReadPermissions(user, targetEntity)) - return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups) != null; + return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups, getCaseSensitivity()) != null; // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java index 11b453754..ae35ba356 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java @@ -22,11 +22,12 @@ package org.apache.guacamole.auth.jdbc.permission; import com.google.inject.Inject; import com.google.inject.Provider; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; +import org.apache.guacamole.properties.CaseSensitivity; /** * Service which provides convenience methods for creating, retrieving, and @@ -54,8 +55,8 @@ public class UserPermissionService extends ModeledObjectPermissionService { private JDBCEnvironment environment; @Override - public boolean getCaseSensitiveIdentifiers() throws GuacamoleException { - return environment.getCaseSensitiveUsernames(); + public CaseSensitivity getCaseSensitivity() throws GuacamoleException { + return environment.getCaseSensitivity(); } @Override diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java index 639ed5e43..3a0ccb3a0 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java @@ -145,7 +145,7 @@ public class PasswordPolicyService { // Check password against all recorded hashes List history = passwordRecordMapper.select(username, - historySize, environment.getCaseSensitiveUsernames()); + historySize, environment.getCaseSensitivity()); for (PasswordRecordModel record : history) { byte[] hash = encryptionService.createPasswordHash(password, record.getPasswordSalt()); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java index ecb7c97ec..18525723a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java @@ -67,6 +67,7 @@ import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMode import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser; import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration; import org.apache.guacamole.protocol.FailoverGuacamoleSocket; +import org.apache.guacamole.properties.CaseSensitivity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -479,7 +480,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS try { // This MUST happen before getUUID() is invoked, to ensure the ID driving the UUID exists connectionRecordMapper.insert(activeConnection.getModel(), - activeConnection.getUser().isCaseSensitive()); + environment.getCaseSensitivity()); activeTunnels.put(activeConnection.getUUID().toString(), activeConnection); } @@ -637,8 +638,21 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS if (connectionGroup.isSessionAffinityEnabled()) identifiers = getPreferredConnections(user, identifiers); + CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED; + try { + caseSensitivity = environment.getCaseSensitivity(); + } + catch (GuacamoleException e) { + logger.warn("Error trying to retrieve case sensitivity configuration: {}." + + "Both usernames and group names will be treated as case-" + + "sensitive.", e.getMessage()); + logger.debug("An exception was received while trying to retrieve the " + + "case sensitivity configuration.", e); + } + // Retrieve all children - Collection models = connectionMapper.select(identifiers, false); + Collection models = connectionMapper.select(identifiers, + caseSensitivity); List connections = new ArrayList(models.size()); // Convert each retrieved model to a modeled connection @@ -679,7 +693,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS // Produce collection of readable connection identifiers Collection connections = connectionMapper.selectReadable(user.getUser().getModel(), - identifiers, user.getEffectiveUserGroups(), false); + identifiers, user.getEffectiveUserGroups(), + environment.getCaseSensitivity()); // Ensure set contains only identifiers of readable connections identifiers.clear(); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index 3b0ae67f4..8cd74905b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -792,12 +792,14 @@ public class ModeledUser extends ModeledPermissions implements User { @Override public boolean isCaseSensitive() { try { - return environment.getCaseSensitiveUsernames(); + return environment.getCaseSensitivity().caseSensitiveUsernames(); } catch (GuacamoleException e) { - logger.error("Failed to retrieve the configuration for case-sensitive usernames: {}." - + " Usernames comparisons will be case-sensitive.", e.getMessage()); - logger.debug("Exception caught when attempting to read the configuration.", e); + logger.error("Failed to retrieve the configuration for case sensitivity: {}. " + + "Username comparisons will be case-sensitive.", + e.getMessage()); + logger.debug("An exception was caught when attempting to retrieve the " + + "case sensitivity configuration.", e); return true; } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java index d61eaccb9..6064ddaf2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java @@ -194,7 +194,7 @@ public class ModeledUserContext extends RestrictedObject userRecord.setRemoteHost(getCurrentUser().getCredentials().getRemoteAddress()); // Insert record representing login - userRecordMapper.insert(userRecord, getCurrentUser().isCaseSensitive()); + userRecordMapper.insert(userRecord, environment.getCaseSensitivity()); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java index c505afcc9..a44329cbd 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java @@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.user; import java.util.List; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -39,9 +40,9 @@ public interface PasswordRecordMapper extends ModeledDirectoryObjectMapper select(@Param("username") String username, @Param("maxHistorySize") int maxHistorySize, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Inserts the given password record. Old records exceeding the maximum diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java index f9e63a6e5..8d7e5ad8d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java @@ -20,6 +20,7 @@ package org.apache.guacamole.auth.jdbc.user; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -34,14 +35,14 @@ public interface UserMapper extends ModeledDirectoryObjectMapper { * @param username * The username of the user to return. * - * @param caseSensitive - * true if the search should evaluate the username in a case-sensitive - * manner, otherwise false. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The user having the given username, or null if no such user exists. */ UserModel selectOne(@Param("username") String username, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java index b1256c9b2..4ffa850ac 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java @@ -27,12 +27,11 @@ import java.util.Collection; import java.util.Collections; import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.guacamole.net.auth.Credentials; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleUnsupportedException; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.ActivityRecordModel; import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm; @@ -51,12 +50,14 @@ import org.apache.guacamole.language.TranslatableGuacamoleInsufficientCredential import org.apache.guacamole.net.auth.ActivityRecord; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; +import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.SystemPermission; import org.apache.guacamole.net.auth.permission.SystemPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -219,8 +220,8 @@ public class UserService extends ModeledDirectoryObjectService existing = userMapper.select(Collections.singleton( - model.getIdentifier()), user.isCaseSensitive()); + model.getIdentifier()), getCaseSensitivity()); if (!existing.isEmpty()) throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists."); @@ -291,7 +292,7 @@ public class UserService extends ModeledDirectoryObjectService implements UserGroup { + /** + * The Logger for this class. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(ModeledUserGroup.class); + /** * All possible attributes of user groups organized as individual, * logical forms. @@ -74,6 +82,13 @@ public class ModeledUserGroup extends ModeledPermissions */ @Inject private Provider memberUserGroupSetProvider; + + /** + * The environment associated with this instance of the JDBC authentication + * module. + */ + @Inject + private JDBCEnvironment environment; /** * Whether attributes which control access restrictions should be exposed @@ -187,5 +202,20 @@ public class ModeledUserGroup extends ModeledPermissions memberUserGroupSet.init(getCurrentUser(), this); return memberUserGroupSet; } + + @Override + public boolean isCaseSensitive() { + try { + return environment.getCaseSensitivity().caseSensitiveGroupNames(); + } + catch (GuacamoleException e) { + LOGGER.error("Error while retrieving case sensitivity configuration: {}. " + + "Group names comparisons will be case-sensitive.", + e.getMessage()); + LOGGER.debug("An exception was caught when attempting to retrieve the " + + "case sensitivity configuration.", e); + return true; + } + } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java index 7c048f7f5..268bfcb0c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java @@ -20,6 +20,7 @@ package org.apache.guacamole.auth.jdbc.usergroup; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -33,10 +34,15 @@ public interface UserGroupMapper extends ModeledDirectoryObjectMapper getObjectRelationMapper() { return userGroupMemberUserGroupMapper; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java index 87613f355..3aa807930 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java @@ -25,6 +25,7 @@ import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; /** * RelatedObjectSet implementation which represents the one-to-many @@ -32,6 +33,13 @@ import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; */ public class UserGroupMemberUserSet extends RelatedObjectSet { + /** + * The environment of the running server, used for retrieving server + * configuration information. + */ + @Inject + private JDBCEnvironment environment; + /** * Mapper for the relation between user groups and their user members. */ @@ -39,8 +47,8 @@ public class UserGroupMemberUserSet extends RelatedObjectSet getObjectRelationMapper() { diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java index 547b15997..525233fc4 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java @@ -21,10 +21,11 @@ package org.apache.guacamole.auth.jdbc.usergroup; import com.google.inject.Inject; import com.google.inject.Provider; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.JDBCEnvironment; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.auth.jdbc.base.EntityMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.UserGroupPermissionMapper; @@ -46,6 +47,12 @@ public class UserGroupService extends ModeledDirectoryObjectService userGroupProvider; - + @Override protected ModeledDirectoryObjectMapper getObjectMapper() { return userGroupMapper; @@ -145,7 +152,8 @@ public class UserGroupService extends ModeledDirectoryObjectService - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + + AND disabled = false ) @@ -83,20 +96,44 @@ JOIN guacamole_entity member_entity ON guacamole_user_group_member.member_entity_id = member_entity.entity_id WHERE guacamole_user_group.disabled = false - AND member_entity.type = 'USER_GROUP' AND member_entity.name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND member_entity.type = 'USER_GROUP' AND + + + member_entity.name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(member_entity.name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + UNION SELECT guacamole_entity.name FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE type = 'USER_GROUP' AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + WHERE type = 'USER_GROUP' AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + @@ -117,11 +154,23 @@ JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE type = 'USER_GROUP' - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND guacamole_user_group.disabled = false UNION diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml index d42b47a1f..ccbc19e73 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = 'READ' @@ -194,8 +195,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ) GROUP BY guacamole_connection.connection_id; @@ -209,8 +211,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -226,8 +229,9 @@ AND guacamole_connection_attribute.connection_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index f9e2e600c..c6e878480 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -62,7 +62,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -121,7 +121,7 @@ FROM guacamole_user WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0 @@ -190,16 +190,18 @@ AND guacamole_connection_history.connection_id IN ( - - + + + ) AND guacamole_connection_history.user_id IN ( - - + + + ) @@ -216,7 +218,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index 7274f79ae..bf92810f1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -83,9 +83,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -93,8 +94,9 @@ @@ -116,8 +118,9 @@ parent_id IS NULL AND connection_group_id IN ( - - + + + ) @@ -190,8 +193,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -204,8 +208,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -218,8 +223,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ); @@ -235,8 +241,9 @@ AND guacamole_connection_group_attribute.connection_group_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index ad8076c85..b9ea64037 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -41,9 +41,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_group_id = #{identifier,jdbcType=VARCHAR} @@ -74,9 +76,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND connection_group_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_id = #{identifier,jdbcType=VARCHAR} @@ -74,9 +76,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND connection_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND sharing_profile_id = #{identifier,jdbcType=VARCHAR} @@ -74,9 +76,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND sharing_profile_id IN - - - + + + + @@ -55,9 +56,10 @@ FROM guacamole_system_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml index dab3804eb..fdc148b4a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER_GROUP' @@ -63,13 +64,22 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} - AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name = #{identifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -82,21 +92,35 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND affected_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(affected_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + AND permission IN #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER_GROUP' @@ -108,15 +132,29 @@ JOIN guacamole_user_group affected_group ON guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN - - (#{permission.entityID,jdbcType=INTEGER}, - #{permission.type,jdbcType=VARCHAR}, - #{permission.objectIdentifier,jdbcType=VARCHAR}) - - AND affected_entity.type = 'USER_GROUP' - + affected_entity.type = 'USER_GROUP' + AND + + + (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN + + (#{permission.entityID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}, + #{permission.objectIdentifier,jdbcType=VARCHAR}) + + + + (guacamole_user_group_permission.entity_id, permission, LOWER(affected_entity.name)) IN + + (#{permission.entityID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}, + LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR})) + + + + @@ -140,8 +178,16 @@ AS permissions JOIN guacamole_entity affected_entity ON - affected_entity.name = permissions.affected_name - AND affected_entity.type = 'USER_GROUP' + affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name = permissions.affected_name + + + LOWER(affected_entity.name) = LOWER(permissions.affected_name) + + JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index 37203bcf5..3dbc3b3a3 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER' @@ -63,14 +64,15 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND - + affected_entity.name = #{identifier,jdbcType=VARCHAR} @@ -90,13 +92,15 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER' AND - + affected_entity.name IN @@ -116,7 +120,6 @@ open="(" separator="," close=")"> #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER' @@ -129,7 +132,7 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - + (guacamole_user_permission.entity_id, permission, affected_entity.name) IN @@ -174,7 +177,7 @@ AS permissions JOIN guacamole_entity affected_entity ON - + affected_entity.name = permissions.affected_name diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index eb80c1bf8..4a9115cba 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -66,9 +66,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = 'READ' @@ -76,8 +77,9 @@ @@ -125,8 +127,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -142,8 +145,9 @@ AND guacamole_sharing_profile_attribute.sharing_profile_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml index 30f6bc676..a475c7ceb 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml @@ -44,7 +44,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index e6e613f4c..07be80f45 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_user_permission WHERE - - - + + + + AND permission = 'READ' @@ -97,8 +98,9 @@ WHERE guacamole_user.user_id IN ( - - + + + ) AND guacamole_entity.type = 'USER' @@ -132,7 +134,7 @@ LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id WHERE - + guacamole_entity.name @@ -143,7 +145,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -163,7 +165,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name @@ -174,7 +176,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -214,7 +216,7 @@ LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id WHERE - + guacamole_entity.name @@ -225,7 +227,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -236,8 +238,9 @@ AND guacamole_entity.type = 'USER' AND guacamole_user.user_id IN ( - - + + + ) GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; @@ -251,7 +254,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name @@ -262,7 +265,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -273,8 +276,9 @@ AND guacamole_entity.type = 'USER' AND guacamole_user.user_id IN ( - - + + + ); @@ -308,7 +312,7 @@ LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} @@ -327,7 +331,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} @@ -343,7 +347,7 @@ DELETE FROM guacamole_entity WHERE - + name = #{identifier,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml index 764213e6d..1624dfa98 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,10 +61,26 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_entity.name IN + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -79,12 +96,28 @@ FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name IN + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier} + + + LOWER(#{identifier}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index 69d6a0162..a070a3a7d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -50,7 +50,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -89,7 +89,7 @@ - + guacamole_user_history.username = #{identifier,jdbcType=VARCHAR} @@ -107,7 +107,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 @@ -163,13 +163,14 @@ + ) AND - + guacamole_entity.name = #{identifier,jdbcType=VARCHAR} @@ -187,7 +188,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml index 4d68da754..1c521e8d4 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml @@ -68,9 +68,10 @@ FROM guacamole_user_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -83,8 +84,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_entity.type = 'USER_GROUP' @@ -101,12 +103,30 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + open="(" separator="," close=")"> + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP'; + ; SELECT guacamole_user_group_attribute.user_group_id, @@ -115,12 +135,30 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + open="(" separator="," close=")"> + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP'; + ; @@ -135,16 +173,34 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -155,16 +211,34 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_user_group.user_group_id IN ( + AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -182,7 +256,14 @@ FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + AND guacamole_entity.type = 'USER_GROUP'; SELECT @@ -193,8 +274,16 @@ JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} - AND guacamole_entity.type = 'USER_GROUP' + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + @@ -202,8 +291,15 @@ DELETE FROM guacamole_entity WHERE - name = #{identifier,jdbcType=VARCHAR} - AND type = 'USER_GROUP' + type = 'USER_GROUP' + + + name = #{identifier,jdbcType=VARCHAR} + + + LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml index bfcd6c647..e589a8501 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml @@ -40,14 +40,15 @@ JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group_member.member_entity_id JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_user_group.user_group_id IN ( + guacamole_entity.type = 'USER_GROUP' + AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} + AND guacamole_user_group.user_group_id IN ( - - + + + ) - AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} - AND guacamole_entity.type = 'USER_GROUP' @@ -58,10 +59,26 @@ WHERE user_group_id = #{parent.objectID,jdbcType=INTEGER} AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_entity.name IN + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -76,12 +93,28 @@ guacamole_entity.entity_id FROM guacamole_entity WHERE - guacamole_entity.name IN + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier} + + + #{identifier} + + + LOWER(#{identifier}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_entity.entity_id NOT IN ( SELECT guacamole_user_group_member.member_entity_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml index c5f7030b9..776059c63 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml @@ -44,6 +44,7 @@ + ) AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -60,7 +61,7 @@ AND guacamole_entity.type = 'USER' AND - + guacamole_entity.name @@ -71,7 +72,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -92,8 +93,10 @@ guacamole_entity.entity_id FROM guacamole_entity WHERE + guacamole_entity.type = 'USER' + AND - + guacamole_entity.name @@ -104,15 +107,14 @@ - - #{identifier} + + #{identifier,jdbcType=VARCHAR} - LOWER(#{identifier}) + LOWER(#{identifier,jdbcType=VARCHAR}) - AND guacamole_entity.type = 'USER' AND guacamole_entity.entity_id NOT IN ( SELECT guacamole_user_group_member.member_entity_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml index 9fa81b91e..531a4e5dd 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml @@ -41,14 +41,15 @@ JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id WHERE - guacamole_user_group.user_group_id IN ( + guacamole_entity.type = 'USER_GROUP' + AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} + AND guacamole_user_group.user_group_id IN ( - - + + + ) - AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} - AND guacamole_entity.type = 'USER_GROUP' @@ -60,10 +61,26 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_entity.name IN + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -79,12 +96,28 @@ FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name IN + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml index ca779a218..37b6b439b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml @@ -51,11 +51,23 @@ JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE type = 'USER_GROUP'::guacamole_entity_type - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND disabled = false ) @@ -81,11 +93,23 @@ JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE type = 'USER_GROUP'::guacamole_entity_type - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND guacamole_user_group.disabled = false UNION diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml index 05c4f61ce..32f325d7c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = 'READ' @@ -92,8 +93,9 @@ @@ -115,8 +117,9 @@ parent_id IS NULL AND connection_id IN ( - - + + + ) @@ -194,8 +197,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ) GROUP BY guacamole_connection.connection_id; @@ -209,8 +213,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -226,8 +231,9 @@ AND guacamole_connection_attribute.connection_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index 0889485f8..09a21d150 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -62,7 +62,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -119,7 +119,7 @@ FROM guacamole_user WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0 @@ -188,16 +188,18 @@ AND guacamole_connection_history.connection_id IN ( - - + + + ) AND guacamole_connection_history.user_id IN ( - - + + + ) @@ -214,7 +216,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index dd2dbabb2..a26c80b3a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -83,9 +83,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -93,8 +94,9 @@ @@ -116,8 +118,9 @@ parent_id IS NULL AND connection_group_id IN ( - - + + + ) @@ -190,8 +193,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -204,8 +208,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -218,8 +223,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ); @@ -235,8 +241,9 @@ AND guacamole_connection_group_attribute.connection_group_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index b67f3b46c..c0e0cfbda 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -41,9 +41,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer @@ -74,9 +76,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND connection_group_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND connection_id = #{identifier,jdbcType=INTEGER}::integer @@ -74,9 +76,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND connection_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer @@ -74,9 +76,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND sharing_profile_id IN - - - + + + + @@ -55,9 +56,10 @@ FROM guacamole_system_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml index fd86d9d04..8251901d7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -63,13 +64,22 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type - AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + affected_entity.name = #{identifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -82,21 +92,34 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND affected_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + affected_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(affected_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND permission IN #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type - AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -108,12 +131,29 @@ WHERE guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id AND affected_group.entity_id = affected_entity.entity_id - AND (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN + AND + + + (guacamole_user_group_permission.entity_id, permission, affected_entity.name) + + + (guacamole_user_group_permission.entity_id, permission, LOWER(affected_entity.name)) + + + IN (#{permission.entityID,jdbcType=INTEGER}, #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, - #{permission.objectIdentifier,jdbcType=INTEGER}) + + + #{permission.objectIdentifier,jdbcType=INTEGER} + + + LOWER(#{permission.objectIdentifier,jdbcType=INTEGER}) + + + ) AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -140,7 +180,14 @@ AS permissions JOIN guacamole_entity affected_entity ON - affected_entity.name = permissions.affected_name + + + affected_entity.name = permissions.affected_name + + + LOWER(affected_entity.name) = LOWER(permissions.affected_name) + + AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id WHERE (permissions.entity_id, permissions.permission, affected_group.user_group_id) NOT IN ( diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index f96cc16a5..0ca81fb7f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER'::guacamole_entity_type @@ -63,22 +64,22 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type + AND affected_entity.type = 'USER'::guacamole_entity_type AND - + affected_entity.name = #{identifier,jdbcType=VARCHAR} LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) - - AND affected_entity.type = 'USER'::guacamole_entity_type @@ -91,13 +92,15 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER'::guacamole_entity_type AND - + affected_entity.name IN @@ -117,8 +120,7 @@ open="(" separator="," close=")"> #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type - AND affected_entity.type = 'USER'::guacamole_entity_type - + @@ -129,9 +131,11 @@ WHERE guacamole_user_permission.affected_user_id = affected_user.user_id AND affected_user.entity_id = affected_entity.entity_id + AND affected_entity.type = 'USER'::guacamole_entity_type + AND - - AND (guacamole_user_permission.entity_id, permission, affected_entity.name) IN + + (guacamole_user_permission.entity_id, permission, affected_entity.name) IN (#{permission.entityID,jdbcType=INTEGER}, @@ -140,7 +144,7 @@ - AND (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN + (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN (#{permission.entityID,jdbcType=INTEGER}, @@ -149,7 +153,6 @@ - AND affected_entity.type = 'USER'::guacamole_entity_type @@ -174,15 +177,16 @@ AS permissions JOIN guacamole_entity affected_entity ON + affected_entity.type = 'USER'::guacamole_entity_type + AND - + affected_entity.name = permissions.affected_name LOWER(affected_entity.name) = LOWER(permissions.affected_name) - AND affected_entity.type = 'USER'::guacamole_entity_type JOIN guacamole_user affected_user ON affected_user.entity_id = affected_entity.entity_id WHERE (permissions.entity_id, permissions.permission, affected_user.user_id) NOT IN ( SELECT diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index 71fec72dc..e92d58fea 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -66,9 +66,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = 'READ' @@ -76,8 +77,9 @@ @@ -125,8 +127,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -142,8 +145,9 @@ AND guacamole_sharing_profile_attribute.sharing_profile_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml index 0e03a3616..a85a3889b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml @@ -44,7 +44,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index d70a3cb9e..0e3ccf563 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_user_permission WHERE - - - + + + + AND permission = 'READ' @@ -94,14 +95,14 @@ SELECT guacamole_entity.name FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE - guacamole_user.user_id IN ( + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND guacamole_user.user_id IN ( - - + + + ) - AND guacamole_entity.type = 'USER'::guacamole_entity_type @@ -130,9 +131,10 @@ FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -143,15 +145,14 @@ - + #{identifier,jdbcType=VARCHAR} LOWER(#{identifier,jdbcType=VARCHAR}) - - AND guacamole_entity.type = 'USER'::guacamole_entity_type + GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; SELECT @@ -161,9 +162,10 @@ FROM guacamole_user_attribute JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -174,7 +176,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -182,7 +184,7 @@ - AND guacamole_entity.type = 'USER'::guacamole_entity_type; + ; @@ -212,9 +214,10 @@ FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -225,7 +228,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -233,11 +236,11 @@ - AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_user.user_id IN ( - - + + + ) GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; @@ -249,9 +252,10 @@ FROM guacamole_user_attribute JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -262,7 +266,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -270,11 +274,11 @@ - AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_user.user_id IN ( - - + + + ); @@ -306,16 +310,16 @@ FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name = #{username,jdbcType=VARCHAR} LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR}) - AND guacamole_entity.type = 'USER'::guacamole_entity_type GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; SELECT @@ -325,31 +329,31 @@ FROM guacamole_user_attribute JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name = #{username,jdbcType=VARCHAR} LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR}) - AND guacamole_entity.type = 'USER'::guacamole_entity_type DELETE FROM guacamole_entity - WHERE + WHERE type = 'USER'::guacamole_entity_type + AND - + name = #{identifier,jdbcType=VARCHAR} LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) - AND type = 'USER'::guacamole_entity_type diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml index ef7dc425c..b92b03c1e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id AND guacamole_entity.entity_id = guacamole_user_group.entity_id AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type - AND guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -78,13 +92,25 @@ #{parent.entityID,jdbcType=INTEGER} FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index e13a2d2a4..5184fec70 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -50,7 +50,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -89,7 +89,7 @@ - + guacamole_user_history.username = #{identifier,jdbcType=VARCHAR} @@ -107,7 +107,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 @@ -161,15 +161,16 @@ guacamole_connection_history.user_id IN ( - - + + + ) AND - + guacamole_entity.name = #{identifier,jdbcType=VARCHAR} @@ -187,7 +188,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml index 88232ad11..fac917279 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml @@ -68,9 +68,10 @@ FROM guacamole_user_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -80,14 +81,14 @@ SELECT guacamole_entity.name FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_user_group.user_group_id IN ( + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND guacamole_user_group.user_group_id IN ( - - + + + ) - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -101,12 +102,25 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + ; SELECT guacamole_user_group_attribute.user_group_id, @@ -115,12 +129,25 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + ; @@ -135,16 +162,29 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -155,16 +195,29 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -181,9 +234,17 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + + ; SELECT guacamole_user_group_attribute.user_group_id, @@ -192,18 +253,34 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + + ; DELETE FROM guacamole_entity - WHERE - name = #{identifier,jdbcType=VARCHAR} - AND type = 'USER_GROUP'::guacamole_entity_type + WHERE type = 'USER_GROUP'::guacamole_entity_type + AND + + + name = #{identifier,jdbcType=VARCHAR} + + + LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + + diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml index 09f12b2bf..074322b4d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml @@ -42,8 +42,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -58,11 +59,24 @@ user_group_id = #{parent.objectID,jdbcType=INTEGER} AND guacamole_entity.entity_id = member_entity_id AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type - AND guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -75,13 +89,24 @@ #{parent.objectID,jdbcType=INTEGER}, guacamole_entity.entity_id FROM guacamole_entity - WHERE - guacamole_entity.name IN - - #{identifier} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier}) + + + AND guacamole_entity.entity_id NOT IN ( SELECT guacamole_user_group_member.member_entity_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml index 5e74d4b8a..9e500b88e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml @@ -42,8 +42,9 @@ WHERE guacamole_user.user_id IN ( - - + + + ) AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -60,7 +61,7 @@ AND guacamole_entity.type = 'USER'::guacamole_entity_type AND - + guacamole_entity.name @@ -71,7 +72,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -93,7 +94,7 @@ FROM guacamole_entity WHERE - + guacamole_entity.name @@ -104,7 +105,7 @@ - + #{identifier} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml index 9fec628d3..14d317d55 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id AND guacamole_entity.entity_id = guacamole_user_group.entity_id AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type - AND guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -78,13 +92,24 @@ #{parent.entityID,jdbcType=INTEGER} FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java index f2f5e45cd..8d9c164ef 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java @@ -27,6 +27,7 @@ import java.util.Properties; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.sqlserver.conf.SQLServerDriver; import org.apache.guacamole.auth.sqlserver.conf.SQLServerEnvironment; +import org.apache.guacamole.properties.CaseSensitivity; import org.mybatis.guice.datasource.helper.JdbcHelper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -96,8 +97,8 @@ public class SQLServerAuthenticationProviderModule implements Module { // Capture which driver to use for the connection. this.sqlServerDriver = environment.getSQLServerDriver(); - // Check for case-sensitivity and warn admin. - if (environment.getCaseSensitiveUsernames()) + // Check for case sensitivity and warn admin. + if (environment.getCaseSensitivity() != CaseSensitivity.DISABLED) LOGGER.warn("The SQL Server module is currently configured to support " + "case-sensitive username comparisons, however, the default " + "collations for SQL Server databases do not support " diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml index a13279ed5..b58938dff 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml @@ -51,11 +51,23 @@ JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE type = 'USER_GROUP' - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND disabled = 0 ) @@ -83,11 +95,23 @@ JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE type = 'USER_GROUP' - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].disabled = 0 UNION ALL diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml index 7b1adae8e..d811139c7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml @@ -82,9 +82,10 @@ FROM [guacamole_connection_permission] WHERE - - - + + + + AND permission = 'READ' @@ -92,8 +93,9 @@ @@ -115,8 +117,9 @@ parent_id IS NULL AND connection_id IN ( - - + + + ) @@ -199,8 +202,9 @@ AND [guacamole_connection].connection_id IN ( - - + + + ); @@ -213,8 +217,9 @@ AND [guacamole_sharing_profile].sharing_profile_id IN ( - - + + + ); @@ -230,8 +235,9 @@ AND [guacamole_connection_attribute].connection_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index 0a67bf31c..7bbfe21f9 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -69,7 +69,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + [guacamole_entity].name = #{record.username,jdbcType=VARCHAR} @@ -119,7 +119,7 @@ FROM [guacamole_user] WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN username) > 0 @@ -186,16 +186,18 @@ AND [guacamole_connection_history].connection_id IN ( - - + + + ) AND [guacamole_connection_history].user_id IN ( - - + + + ) @@ -212,7 +214,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index 4bc8a2796..e0d3368f2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -83,9 +83,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + AND permission = 'READ' @@ -93,8 +94,9 @@ @@ -116,8 +118,9 @@ parent_id IS NULL AND connection_group_id IN ( - - + + + ) @@ -190,8 +193,9 @@ AND [guacamole_connection_group].connection_group_id IN ( - - + + + ); @@ -204,8 +208,9 @@ AND [guacamole_connection_group].connection_group_id IN ( - - + + + ); @@ -218,8 +223,9 @@ AND [guacamole_connection].connection_id IN ( - - + + + ); @@ -235,8 +241,9 @@ AND [guacamole_connection_group_attribute].connection_group_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index 23cef25e3..6ed0a46eb 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -41,9 +41,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + @@ -58,9 +59,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_group_id = #{identifier,jdbcType=INTEGER} @@ -74,9 +76,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + AND connection_group_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM [guacamole_connection_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_id = #{identifier,jdbcType=INTEGER} @@ -74,9 +76,10 @@ FROM [guacamole_connection_permission] WHERE - - - + + + + AND connection_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM [guacamole_sharing_profile_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND sharing_profile_id = #{identifier,jdbcType=INTEGER} @@ -74,9 +76,10 @@ FROM [guacamole_sharing_profile_permission] WHERE - - - + + + + AND sharing_profile_id IN - - - + + + + @@ -55,9 +56,10 @@ FROM [guacamole_system_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml index 8c7ff2797..2a7be87f0 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER_GROUP' @@ -63,13 +64,22 @@ JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND permission = #{type,jdbcType=VARCHAR} - AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER_GROUP' + AND permission = #{type,jdbcType=VARCHAR} + AND + + + affected_entity.name = #{identifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -82,22 +92,35 @@ JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND affected_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(affected_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND permission IN #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER_GROUP' - + @@ -112,8 +135,16 @@ open="(" separator=" OR " close=")"> ([guacamole_user_group_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND permission = #{permission.type,jdbcType=VARCHAR} AND - affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} AND - affected_entity.type = 'USER_GROUP') + affected_entity.type = 'USER_GROUP' + + + affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR}) + + + ) @@ -139,8 +170,16 @@ AS permissions JOIN [guacamole_entity] affected_entity ON - affected_entity.name = permissions.affected_name - AND affected_entity.type = 'USER_GROUP' + affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name = permissions.affected_name + + + LOWER(affected_entity.name) = LOWER(permissions.affected_name) + + JOIN [guacamole_user_group] affected_group ON affected_group.entity_id = affected_entity.entity_id WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_group_permission] WHERE [guacamole_user_group_permission].entity_id = permissions.entity_id diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index a2f9ff8ad..279d35162 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -42,12 +42,14 @@ JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE + affected_entity.type = 'USER' + AND - - - - - AND affected_entity.type = 'USER' + + + + + @@ -63,21 +65,22 @@ JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER' AND permission = #{type,jdbcType=VARCHAR} AND - + affected_entity.name = #{identifier,jdbcType=VARCHAR} LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) - AND affected_entity.type = 'USER' @@ -90,13 +93,15 @@ JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER' AND - + affected_entity.name IN @@ -116,8 +121,7 @@ open="(" separator="," close=")"> #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER' - + @@ -133,7 +137,7 @@ ([guacamole_user_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND permission = #{permission.type,jdbcType=VARCHAR} AND - + affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} @@ -167,15 +171,16 @@ AS permissions JOIN [guacamole_entity] affected_entity ON + affected_entity.type = 'USER' + AND - + affected_entity.name = permissions.affected_name LOWER(affected_entity.name) = LOWER(permissions.affected_name) - - AND affected_entity.type = 'USER' + JOIN [guacamole_user] affected_user ON affected_user.entity_id = affected_entity.entity_id WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_permission] WHERE [guacamole_user_permission].entity_id = permissions.entity_id diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index 34d9b58f7..222c73700 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -66,9 +66,10 @@ FROM [guacamole_sharing_profile_permission] WHERE - - - + + + + AND permission = 'READ' @@ -76,8 +77,9 @@ @@ -125,8 +127,9 @@ AND [guacamole_sharing_profile].sharing_profile_id IN ( - - + + + ); @@ -142,8 +145,9 @@ AND [guacamole_sharing_profile_attribute].sharing_profile_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml index da453d44d..4aad5d647 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml @@ -44,7 +44,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + [guacamole_entity].name = #{username,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index a4530335a..2b7e01e22 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -82,9 +82,10 @@ FROM [guacamole_user_permission] WHERE - - - + + + + AND permission = 'READ' @@ -97,8 +98,9 @@ WHERE [guacamole_user].user_id IN ( - - + + + ) AND [guacamole_entity].type = 'USER' @@ -134,8 +136,10 @@ FROM [guacamole_user] JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -146,7 +150,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -154,7 +158,7 @@ - AND [guacamole_entity].type = 'USER'; + ; SELECT [guacamole_user_attribute].user_id, @@ -164,8 +168,10 @@ JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -176,7 +182,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -184,7 +190,7 @@ - AND [guacamole_entity].type = 'USER'; + ; @@ -218,8 +224,10 @@ FROM [guacamole_user] JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -230,7 +238,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -238,7 +246,6 @@ - AND [guacamole_entity].type = 'USER' AND [guacamole_user].user_id IN ( @@ -253,9 +260,11 @@ FROM [guacamole_user_attribute] JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id - WHERE + WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -266,7 +275,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -274,11 +283,11 @@ - AND [guacamole_entity].type = 'USER' AND [guacamole_user].user_id IN ( - - + + + ); @@ -314,15 +323,17 @@ FROM [guacamole_user] JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name = #{username,jdbcType=VARCHAR} LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR}) - AND [guacamole_entity].type = 'USER'; + ; SELECT [guacamole_user_attribute].user_id, @@ -332,15 +343,16 @@ JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name = #{username,jdbcType=VARCHAR} LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR}) - AND [guacamole_entity].type = 'USER' @@ -348,15 +360,16 @@ DELETE FROM [guacamole_entity] WHERE + type = 'USER' + AND - + name = #{identifier,jdbcType=VARCHAR} LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) - AND type = 'USER' diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml index ee67931ad..c914994a8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE [guacamole_user_group].user_group_id IN ( - - + + + ) AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND [guacamole_entity].type = 'USER_GROUP' - AND [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -79,12 +93,25 @@ FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE - [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + AND [guacamole_user_group].user_group_id NOT IN ( SELECT [guacamole_user_group_member].user_group_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index 5bcc3b95f..d104c903a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -50,7 +50,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + [guacamole_entity].name = #{record.username,jdbcType=VARCHAR} @@ -89,7 +89,7 @@ - + [guacamole_user_history].username = #{identifier,jdbcType=VARCHAR} @@ -107,7 +107,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 @@ -159,15 +159,16 @@ [guacamole_connection_history].user_id IN ( - - + + + ) AND - + [guacamole_entity].name = #{identifier,jdbcType=VARCHAR} @@ -185,7 +186,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml index 21c776aa1..ccbec3ee5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml @@ -68,9 +68,10 @@ FROM [guacamole_user_group_permission] WHERE - - - + + + + AND permission = 'READ' @@ -81,13 +82,14 @@ FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE - [guacamole_user_group].user_group_id IN ( + [guacamole_entity].type = 'USER_GROUP' + AND [guacamole_user_group].user_group_id IN ( - - + + + - ) - AND [guacamole_entity].type = 'USER_GROUP' + ) @@ -101,12 +103,26 @@ disabled FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP'; + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + + ; SELECT [guacamole_user_group_attribute].user_group_id, @@ -115,12 +131,26 @@ FROM [guacamole_user_group_attribute] JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP'; + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + + ; @@ -135,16 +165,29 @@ disabled FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOOWER(#{identifier,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].user_group_id IN ( - - + + + ); @@ -155,16 +198,29 @@ FROM [guacamole_user_group_attribute] JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].user_group_id IN ( - - + + + ); @@ -181,9 +237,17 @@ disabled FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE - [guacamole_entity].name = #{name,jdbcType=VARCHAR} - AND [guacamole_entity].type = 'USER_GROUP'; + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name = #{name,jdbcType=VARCHAR} + + + LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR}) + + + ; SELECT [guacamole_user_group_attribute].user_group_id, @@ -192,9 +256,16 @@ FROM [guacamole_user_group_attribute] JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE - [guacamole_entity].name = #{name,jdbcType=VARCHAR} - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name = #{name,jdbcType=VARCHAR} + + + LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR}) + + diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml index b11a3c529..a45719108 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml @@ -42,8 +42,9 @@ WHERE [guacamole_user_group].user_group_id IN ( - - + + + ) AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -58,11 +59,24 @@ WHERE user_group_id = #{parent.objectID,jdbcType=INTEGER} AND [guacamole_entity].type = 'USER_GROUP' - AND [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -75,13 +89,25 @@ #{parent.objectID,jdbcType=INTEGER}, [guacamole_entity].entity_id FROM [guacamole_entity] - WHERE - [guacamole_entity].name IN - - #{identifier} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier}) + + + + AND [guacamole_entity].entity_id NOT IN ( SELECT [guacamole_user_group_member].member_entity_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml index 70fe520da..6073c150c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml @@ -42,8 +42,9 @@ WHERE [guacamole_user].user_id IN ( - - + + + ) AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -60,7 +61,7 @@ AND [guacamole_entity].type = 'USER' AND - + [guacamole_entity].name @@ -71,7 +72,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -91,9 +92,10 @@ #{parent.objectID,jdbcType=INTEGER}, [guacamole_entity].entity_id FROM [guacamole_entity] - WHERE + WHERE [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -104,7 +106,7 @@ - + #{identifier} @@ -112,7 +114,6 @@ - AND [guacamole_entity].type = 'USER' AND [guacamole_entity].entity_id NOT IN ( SELECT [guacamole_user_group_member].member_entity_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml index 198a6244d..e791ffa9c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE [guacamole_user_group].user_group_id IN ( - - + + + ) AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND [guacamole_entity].type = 'USER_GROUP' - AND [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -78,13 +92,24 @@ #{parent.entityID,jdbcType=INTEGER} FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE - [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].user_group_id NOT IN ( SELECT [guacamole_user_group_member].user_group_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java index d4ac0bc2e..bddccd871 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java @@ -203,13 +203,6 @@ public class JacksonLDAPConfiguration implements LDAPConfiguration { */ @JsonProperty("member-attribute-type") private String memberAttributeType; - - /** - * The raw YAML value of {@link LDAPGuacamoleProperties#LDAP_USERNAMES_CASE_SENSITIVE}. - * If not set within the YAML, this will currently default to true. - */ - @JsonProperty("case-sensitive-usernames") - private String caseSensitiveUsernames; /** * The default configuration options for all parameters. diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java b/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java index 5dc3266c4..593d7f74b 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java @@ -24,6 +24,7 @@ import java.util.Collection; import java.util.Map; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.guacamole.properties.GuacamoleProperties; import org.apache.guacamole.properties.GuacamoleProperty; import org.apache.guacamole.protocols.ProtocolInfo; @@ -115,8 +116,8 @@ public class DelegatingEnvironment implements Environment { } @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return environment.getCaseSensitiveUsernames(); + public CaseSensitivity getCaseSensitivity() throws GuacamoleException { + return environment.getCaseSensitivity(); } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java b/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java index e6154a17c..572ad3d2e 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java @@ -28,6 +28,8 @@ import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleUnsupportedException; import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration; import org.apache.guacamole.properties.BooleanGuacamoleProperty; +import org.apache.guacamole.properties.CaseSensitivity; +import org.apache.guacamole.properties.EnumGuacamoleProperty; import org.apache.guacamole.properties.GuacamoleProperty; import org.apache.guacamole.properties.IntegerGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty; @@ -71,15 +73,16 @@ public interface Environment { }; /** - * A property that configures whether or not Guacamole will take case - * into account when comparing and processing usernames. + * A property that configures how Guacamole handles case sensitivity - it + * can be enabled for both usernames and group names, just usernames, just + * group names, or disabled for both. */ - public static final BooleanGuacamoleProperty CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - + public static final EnumGuacamoleProperty CASE_SENSITIVITY = + new EnumGuacamoleProperty(CaseSensitivity.class) { + @Override - public String getName() { return "case-sensitive-usernames"; } - + public String getName() { return "case-sensitivity"; } + }; /** @@ -381,21 +384,19 @@ public interface Environment { } /** - * Returns true if Guacamole should consider case when comparing and - * processing usernames (case-sensitive), or false if case should not be - * considered (case-insensitive). Because the past behavior of Guacamole, - * prior to the introduction of this option, was case-sensitive, the default - * value is true. + * Returns the case sensitivity configuration for Guacamole as defined + * in guacamole.properties, or the default of enabling case sensitivity + * for both usernames and group names. * * @return - * true if Guacamole should consider usernames case-sensitive, otherwise - * false. + * The case sensitivity setting as configured in guacamole.properties, + * or the default of enabling case sensitivity. * * @throws GuacamoleException - * If guacamole.properties cannot be parsed. + * If guacamole.properties cannot be read or parsed. */ - public default boolean getCaseSensitiveUsernames() throws GuacamoleException { - return getProperty(CASE_SENSITIVE_USERNAMES, true); + public default CaseSensitivity getCaseSensitivity() throws GuacamoleException { + return getProperty(CASE_SENSITIVITY, CaseSensitivity.ENABLED); } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java index ae9bc48ea..0fa477cca 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java @@ -55,14 +55,14 @@ public abstract class AbstractAuthenticatedUser extends AbstractIdentifiable @Override public boolean isCaseSensitive() { try { - return environment.getCaseSensitiveUsernames(); + return environment.getCaseSensitivity().caseSensitiveUsernames(); } catch (GuacamoleException e) { - LOGGER.warn("Exception attempting to read the Guacamole configuration, " - + "usernames will be treated as case-sensitive.", e.getMessage()); - LOGGER.debug("Received GuacamoleException attempting to retrieve the " - + "case-sensitivity setting for usernames. Defaulting to" - + "case-sensitive usernames.", e); + LOGGER.error("Failed to retrieve the configuration for case sensitivity: {}. " + + "Username comparisons will be case-sensitive.", + e.getMessage()); + LOGGER.debug("An exception was caught when attempting to retrieve the " + + "case sensitivity configuration.", e); return true; } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java index c7b8a950c..73728b4ab 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java @@ -73,8 +73,8 @@ public abstract class AbstractIdentifiable implements Identifiable { if (otherIdentifier == null) return identifier == null; - // If either this identifier or the one we're comparing to is - // case-sensitive, evaluate with case-sensitivity. + // If either this identifier or the one we're comparing to is + // case-sensitive, evaluate with case sensitivity. if (isCaseSensitive() || ((AbstractIdentifiable) other).isCaseSensitive()) return otherIdentifier.equals(identifier); diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java index 2c89cb050..306d34f97 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java @@ -22,8 +22,12 @@ package org.apache.guacamole.net.auth; import java.util.Collections; import java.util.Map; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.environment.LocalEnvironment; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.SystemPermissionSet; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Base implementation of UserGroup which provides default implementations of @@ -31,6 +35,17 @@ import org.apache.guacamole.net.auth.permission.SystemPermissionSet; */ public abstract class AbstractUserGroup extends AbstractIdentifiable implements UserGroup { + /** + * The logger for this class. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(AbstractUserGroup.class); + + /** + * The server environment in which this Guacamole Client instance is + * running. + */ + private final Environment environment = LocalEnvironment.getInstance(); + /** * {@inheritDoc} * @@ -179,5 +194,20 @@ public abstract class AbstractUserGroup extends AbstractIdentifiable implements public RelatedObjectSet getMemberUserGroups() throws GuacamoleException { return RelatedObjectSet.EMPTY_SET; } + + @Override + public boolean isCaseSensitive() { + try { + return environment.getCaseSensitivity().caseSensitiveGroupNames(); + } + catch (GuacamoleException e) { + LOGGER.warn("Unable to retrieve server configuration, group names " + + "will default to case-sensitive."); + LOGGER.debug("Received an exception attempting to retrieve the " + + "property for group name case sensitivity, group names" + + "will be treated as case-sensitive.", e); + return true; + } + } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java new file mode 100644 index 000000000..8c5ca6b62 --- /dev/null +++ b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.properties; + +import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue; + +/** + * An enum that supports configuring various user and group case sensitivity + * settings. + */ +public enum CaseSensitivity { + + /** + * Case sensitivity enabled for both usernames and group names. + */ + @PropertyValue("enabled") + ENABLED(true, true), + + /** + * Case sensitivity enabled for usernames but disabled for group names. + */ + @PropertyValue("usernames") + USERS(true, false), + + /** + * Case sensitivity disabled for usernames but enabled for group names. + */ + @PropertyValue("group-names") + GROUPS(false, true), + + /** + * Case sensitivity disabled for both usernames and group names. + */ + @PropertyValue("disabled") + DISABLED(false, false); + + /** + * Whether or not case sensitivity should be enabled for usernames. + */ + private final boolean usernames; + + /** + * Whether or not case sensitivity should be enabled for group names. + */ + private final boolean groupNames; + + CaseSensitivity(boolean usernames, boolean groupNames) { + this.usernames = usernames; + this.groupNames = groupNames; + } + + /** + * Return "true" if case sensitivity is enabled for usernames, otherwise + * "false". + * + * @return + * "true" if case sensitivity is enabled for usernames, otherwise "false". + */ + public boolean caseSensitiveUsernames() { + return usernames; + } + + /** + * Return "true" if case sensitivity is enabled group names, otherwise + * "false". + * + * @return + * "true" if case sensitivity is enabled for group names, otherwise + * "false". + */ + public boolean caseSensitiveGroupNames() { + return groupNames; + } + +}