From 5f25558ebdd76cd207721d9db3a0157fa030346a Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 29 Jul 2015 15:23:09 -0700 Subject: [PATCH] GUAC-1213: Add date/time access restrictions to guacamole_user table. --- .../schema/001-create-schema.sql | 13 +++++++ .../schema/upgrade/upgrade-pre-0.9.8.sql | 36 +++++++++++++++++++ .../schema/001-create-schema.sql | 13 +++++++ .../schema/upgrade/upgrade-pre-0.9.8.sql | 36 +++++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.8.sql create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.8.sql diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql index d3cd2ce0d..e1a58c071 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql @@ -73,12 +73,25 @@ CREATE TABLE `guacamole_connection` ( CREATE TABLE `guacamole_user` ( `user_id` int(11) NOT NULL AUTO_INCREMENT, + + -- Username and optionally-salted password `username` varchar(128) NOT NULL, `password_hash` binary(32) NOT NULL, `password_salt` binary(32), + + -- Account disabled/expired status `disabled` boolean NOT NULL DEFAULT 0, `expired` boolean NOT NULL DEFAULT 0, + -- Time-based access restriction + `access_window_start` TIME, + `access_window_end` TIME, + `access_window_timezone` VARCHAR(64), + + -- Date-based access restriction + `valid_from` DATE, + `valid_until` DATE, + PRIMARY KEY (`user_id`), UNIQUE KEY `username` (`username`) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.8.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.8.sql new file mode 100644 index 000000000..bff3217ed --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.8.sql @@ -0,0 +1,36 @@ +-- +-- Copyright (C) 2015 Glyptodon LLC +-- +-- Permission is hereby granted, free of charge, to any person obtaining a copy +-- of this software and associated documentation files (the "Software"), to deal +-- in the Software without restriction, including without limitation the rights +-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +-- copies of the Software, and to permit persons to whom the Software is +-- furnished to do so, subject to the following conditions: +-- +-- The above copyright notice and this permission notice shall be included in +-- all copies or substantial portions of the Software. +-- +-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +-- THE SOFTWARE. +-- + +-- +-- Add per-user time-based access restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN access_window_start TIME; +ALTER TABLE guacamole_user ADD COLUMN access_window_end TIME; +ALTER TABLE guacamole_user ADD COLUMN access_window_timezone VARCHAR(64); + +-- +-- Add per-user date-based account validity restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN valid_from DATE; +ALTER TABLE guacamole_user ADD COLUMN valid_until DATE; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql index 7f14986be..bc9ab5cae 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql @@ -114,12 +114,25 @@ CREATE INDEX ON guacamole_connection(parent_id); CREATE TABLE guacamole_user ( user_id serial NOT NULL, + + -- Username and optionally-salted password username varchar(128) NOT NULL, password_hash bytea NOT NULL, password_salt bytea, + + -- Account disabled/expired status disabled boolean NOT NULL DEFAULT FALSE, expired boolean NOT NULL DEFAULT FALSE, + -- Time-based access restriction + access_window_start time, + access_window_end time, + access_window_timezone varchar(64), + + -- Date-based access restriction + valid_from date, + valid_until date, + PRIMARY KEY (user_id), CONSTRAINT username diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.8.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.8.sql new file mode 100644 index 000000000..d1aa51f1e --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.8.sql @@ -0,0 +1,36 @@ +-- +-- Copyright (C) 2015 Glyptodon LLC +-- +-- Permission is hereby granted, free of charge, to any person obtaining a copy +-- of this software and associated documentation files (the "Software"), to deal +-- in the Software without restriction, including without limitation the rights +-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +-- copies of the Software, and to permit persons to whom the Software is +-- furnished to do so, subject to the following conditions: +-- +-- The above copyright notice and this permission notice shall be included in +-- all copies or substantial portions of the Software. +-- +-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +-- THE SOFTWARE. +-- + +-- +-- Add per-user time-based access restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN access_window_start time; +ALTER TABLE guacamole_user ADD COLUMN access_window_end time; +ALTER TABLE guacamole_user ADD COLUMN access_window_timezone varchar(64); + +-- +-- Add per-user date-based account validity restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN valid_from date; +ALTER TABLE guacamole_user ADD COLUMN valid_until date;