safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ticket #263: Fixed permissions to use identifiers instead of names.

Browse Source
This commit is contained in:
James Muehlner
2013-08-07 22:43:08 -07:00
parent 52490ca8ab
commit a631180699
6 changed files with 71 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
View File

@@ -330,6 +330,12 @@ public class ConnectionDirectory implements Directory<String, Connection>{
// Verify permission to update the to connection group // Verify permission to update the to connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(this.user_id,
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE); toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify that no connection already exists with this name.
MySQLConnection previousConnection =
connectionService.retrieveConnection(mySQLConnection.getName(), user_id, parentID);
if(previousConnection != null)
throw new GuacamoleClientException("That connection name is already in use.");
// Update the connection // Update the connection
mySQLConnection.setParentID(toConnectionGroupID); mySQLConnection.setParentID(toConnectionGroupID);

8
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
View File

@@ -274,12 +274,16 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
// Verify permission to update the to connection group // Verify permission to update the to connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(this.user_id,
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE); toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify that no connection already exists with this name.
MySQLConnectionGroup previousConnectionGroup =
connectionGroupService.retrieveConnectionGroup(mySQLConnectionGroup.getName(), user_id, parentID);
if(previousConnectionGroup != null)
throw new GuacamoleClientException("That connection group name is already in use.");
// Update the connection // Update the connection
mySQLConnectionGroup.setParentID(toConnectionGroupID); mySQLConnectionGroup.setParentID(toConnectionGroupID);
connectionGroupService.updateConnectionGroup(mySQLConnectionGroup); connectionGroupService.updateConnectionGroup(mySQLConnectionGroup);
} }
} }

53
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
View File

@@ -38,6 +38,7 @@ package net.sourceforge.guacamole.net.auth.mysql;
* ***** END LICENSE BLOCK ***** */ * ***** END LICENSE BLOCK ***** */
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import com.google.inject.Inject; import com.google.inject.Inject;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
@@ -419,24 +420,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return; return;
// Get list of administerable connection IDs // Get list of administerable connection IDs
List<Integer> administerableConnectionIDs = Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionIDs(this.user_id, permissionCheckService.retrieveConnectionIDs(this.user_id,
MySQLConstants.CONNECTION_ADMINISTER); MySQLConstants.CONNECTION_ADMINISTER));
// Get set of names corresponding to administerable connections
Map<String, Integer> administerableConnections =
connectionService.translateNames(administerableConnectionIDs);
// Insert all given permissions // Insert all given permissions
for (ConnectionPermission permission : permissions) { for (ConnectionPermission permission : permissions) {
// Get original ID // Get original ID
Integer connection_id = Integer connection_id = Integer.valueOf(permission.getObjectIdentifier());
administerableConnections.get(permission.getObjectIdentifier());
// Throw exception if permission to administer this connection // Throw exception if permission to administer this connection
// is not granted // is not granted
if (connection_id == null) if (!administerableConnectionIDs.contains(connection_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + this.user_id
+ " does not have permission to administrate connection " + " does not have permission to administrate connection "
@@ -472,24 +468,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return; return;
// Get list of administerable connection group IDs // Get list of administerable connection group IDs
List<Integer> administerableConnectionGroupIDs = Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionGroupIDs(this.user_id, permissionCheckService.retrieveConnectionGroupIDs(this.user_id,
MySQLConstants.CONNECTION_GROUP_ADMINISTER); MySQLConstants.CONNECTION_GROUP_ADMINISTER));
// Get set of names corresponding to administerable connection groups
Map<String, Integer> administerableConnectionGroups =
connectionGroupService.translateNames(administerableConnectionGroupIDs);
// Insert all given permissions // Insert all given permissions
for (ConnectionGroupPermission permission : permissions) { for (ConnectionGroupPermission permission : permissions) {
// Get original ID // Get original ID
Integer connection_group_id = Integer connection_group_id = Integer.valueOf(permission.getObjectIdentifier());
administerableConnectionGroups.get(permission.getObjectIdentifier());
// Throw exception if permission to administer this connection group // Throw exception if permission to administer this connection group
// is not granted // is not granted
if (connection_group_id == null) if (!administerableConnectionGroupIDs.contains(connection_group_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + this.user_id
+ " does not have permission to administrate connection group" + " does not have permission to administrate connection group"
@@ -524,24 +515,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return; return;
// Get list of administerable connection IDs // Get list of administerable connection IDs
List<Integer> administerableConnectionIDs = Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionIDs(this.user_id, permissionCheckService.retrieveConnectionIDs(this.user_id,
MySQLConstants.CONNECTION_ADMINISTER); MySQLConstants.CONNECTION_ADMINISTER));
// Get set of names corresponding to administerable connections
Map<String, Integer> administerableConnections =
connectionService.translateNames(administerableConnectionIDs);
// Delete requested permissions // Delete requested permissions
for (ConnectionPermission permission : permissions) { for (ConnectionPermission permission : permissions) {
// Get original ID // Get original ID
Integer connection_id = Integer connection_id = Integer.valueOf(permission.getObjectIdentifier());
administerableConnections.get(permission.getObjectIdentifier());
// Verify that the user actually has permission to administrate // Verify that the user actually has permission to administrate
// every one of these connections // every one of these connections
if (connection_id == null) if (!administerableConnectionIDs.contains(connection_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + this.user_id
+ " does not have permission to administrate connection " + " does not have permission to administrate connection "
@@ -576,24 +562,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return; return;
// Get list of administerable connection group IDs // Get list of administerable connection group IDs
List<Integer> administerableConnectionGroupIDs = Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionGroupIDs(this.user_id, permissionCheckService.retrieveConnectionGroupIDs(this.user_id,
MySQLConstants.CONNECTION_GROUP_ADMINISTER); MySQLConstants.CONNECTION_GROUP_ADMINISTER));
// Get set of names corresponding to administerable connection groups
Map<String, Integer> administerableConnectionGroups =
connectionGroupService.translateNames(administerableConnectionGroupIDs);
// Delete requested permissions // Delete requested permissions
for (ConnectionGroupPermission permission : permissions) { for (ConnectionGroupPermission permission : permissions) {
// Get original ID // Get original ID
Integer connection_group_id = Integer connection_group_id = Integer.valueOf(permission.getObjectIdentifier());
administerableConnectionGroups.get(permission.getObjectIdentifier());
// Verify that the user actually has permission to administrate // Verify that the user actually has permission to administrate
// every one of these connection groups // every one of these connection groups
if (connection_group_id == null) if (!administerableConnectionGroupIDs.contains(connection_group_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + this.user_id
+ " does not have permission to administrate connection group" + " does not have permission to administrate connection group"

111
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
View File

@@ -161,87 +161,6 @@ public class ConnectionGroupService {
GuacamoleClientInformation info, int userID) { GuacamoleClientInformation info, int userID) {
throw new UnsupportedOperationException("Not yet implemented"); throw new UnsupportedOperationException("Not yet implemented");
} }
/**
* Retrieves a map of all connection group names for the given IDs.
*
* @param ids The IDs of the connection groups to retrieve the names of.
* @return A map containing the names of all connection groups and their
* corresponding IDs.
*/
public Map<Integer, String> retrieveNames(Collection<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<Integer, String> names = new HashMap<Integer, String>();
// Get all connection groups having the given IDs
ConnectionGroupExample example = new ConnectionGroupExample();
example.createCriteria().andConnection_group_idIn(Lists.newArrayList(ids));
List<ConnectionGroup> connectionGroups = connectionGroupDAO.selectByExample(example);
// Produce set of names
for (ConnectionGroup connectionGroup : connectionGroups)
names.put(connectionGroup.getConnection_group_id(),
connectionGroup.getConnection_group_name());
return names;
}
/**
* Get the names of all the connection groups defined in the system.
*
* @return A Set of names of all the connection groups defined in the system.
*/
public Set<String> getAllConnectionGroupNames() {
// Set of all present connection group names
Set<String> names = new HashSet<String>();
// Query all connection group names
List<ConnectionGroup> connectionGroups =
connectionGroupDAO.selectByExample(new ConnectionGroupExample());
for (ConnectionGroup connectionGroup : connectionGroups)
names.add(connectionGroup.getConnection_group_name());
return names;
}
/**
* Retrieves a translation map of connection group names to their
* corresponding IDs.
*
* @param ids The IDs of the connection groups to retrieve the names of.
* @return A map containing the names of all connection groups and their
* corresponding IDs.
*/
public Map<String, Integer> translateNames(List<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<String, Integer> names = new HashMap<String, Integer>();
// Get all connections having the given IDs
ConnectionGroupExample example = new ConnectionGroupExample();
example.createCriteria().andConnection_group_idIn(ids);
List<ConnectionGroup> connectionGroups = connectionGroupDAO.selectByExample(example);
// Produce set of names
for (ConnectionGroup connectionGroup : connectionGroups)
names.put(connectionGroup.getConnection_group_name(),
connectionGroup.getConnection_group_id());
return names;
}
/** /**
* Returns a list of the IDs of all connection groups with a given parent ID. * Returns a list of the IDs of all connection groups with a given parent ID.
@@ -272,6 +191,36 @@ public class ConnectionGroupService {
return connectionGroupIDs; return connectionGroupIDs;
} }
/**
* Get the identifiers of all the connection groups defined in the system
* with a certain parentID.
*
* @return A Set of identifiers of all the connection groups defined
* in the system with the given parentID.
*/
public Set<String> getAllConnectionGroupIdentifiers(Integer parentID) {
// Set of all present connection identifiers
Set<String> identifiers = new HashSet<String>();
// Set up Criteria
ConnectionGroupExample example = new ConnectionGroupExample();
Criteria criteria = example.createCriteria();
if(parentID != null)
criteria.andParent_idEqualTo(parentID);
else
criteria.andParent_idIsNull();
// Query connection identifiers
List<ConnectionGroup> connectionGroups =
connectionGroupDAO.selectByExample(example);
for (ConnectionGroup connectionGroup : connectionGroups)
identifiers.add(String.valueOf(connectionGroup.getConnection_group_id()));
return identifiers;
}
/** /**
* Convert the given database-retrieved Connection into a MySQLConnection. * Convert the given database-retrieved Connection into a MySQLConnection.
* The parameters of the given connection will be read and added to the * The parameters of the given connection will be read and added to the

77
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
View File

@@ -201,67 +201,6 @@ public class ConnectionService {
// Otherwise, return found connection // Otherwise, return found connection
return toMySQLConnection(connection, userID); return toMySQLConnection(connection, userID);
} }
/**
* Retrieves a translation map of connection names to their corresponding
* IDs.
*
* @param ids The IDs of the connections to retrieve the names of.
* @return A map containing the names of all connections and their
* corresponding IDs.
*/
public Map<String, Integer> translateNames(List<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<String, Integer> names = new HashMap<String, Integer>();
// Get all connections having the given IDs
ConnectionExample example = new ConnectionExample();
example.createCriteria().andConnection_idIn(ids);
List<Connection> connections = connectionDAO.selectByExample(example);
// Produce set of names
for (Connection connection : connections)
names.put(connection.getConnection_name(),
connection.getConnection_id());
return names;
}
/**
* Retrieves a map of all connection names for the given IDs.
*
* @param ids The IDs of the connections to retrieve the names of.
* @return A map containing the names of all connections and their
* corresponding IDs.
*/
public Map<Integer, String> retrieveNames(Collection<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<Integer, String> names = new HashMap<Integer, String>();
// Get all connections having the given IDs
ConnectionExample example = new ConnectionExample();
example.createCriteria().andConnection_idIn(Lists.newArrayList(ids));
List<Connection> connections = connectionDAO.selectByExample(example);
// Produce set of names
for (Connection connection : connections)
names.put(connection.getConnection_id(),
connection.getConnection_name());
return names;
}
/** /**
* Returns a list of the IDs of all connections with a given parent ID. * Returns a list of the IDs of all connections with a given parent ID.
@@ -483,16 +422,16 @@ public class ConnectionService {
} }
/** /**
* Get the names of all the connections defined in the system * Get the identifiers of all the connections defined in the system
* with a certain parentID. * with a certain parentID.
* *
* @return A Set of names of all the connections defined in the system * @return A Set of identifiers of all the connections defined in the system
* with the given parentID. * with the given parentID.
*/ */
public Set<String> getAllConnectionNames(Integer parentID) { public Set<String> getAllConnectionIdentifiers(Integer parentID) {
// Set of all present connection names // Set of all present connection identifiers
Set<String> names = new HashSet<String>(); Set<String> identifiers = new HashSet<String>();
// Set up Criteria // Set up Criteria
ConnectionExample example = new ConnectionExample(); ConnectionExample example = new ConnectionExample();
@@ -502,13 +441,13 @@ public class ConnectionService {
else else
criteria.andParent_idIsNull(); criteria.andParent_idIsNull();
// Query connection names // Query connection identifiers
List<Connection> connections = List<Connection> connections =
connectionDAO.selectByExample(example); connectionDAO.selectByExample(example);
for (Connection connection : connections) for (Connection connection : connections)
names.add(connection.getConnection_name()); identifiers.add(String.valueOf(connection.getConnection_id()));
return names; return identifiers;
} }

26
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
View File

@@ -577,7 +577,7 @@ public class PermissionCheckService {
// A system administrator has access to all connections. // A system administrator has access to all connections.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(userID))
return connectionService.getAllConnectionNames(parentID); return connectionService.getAllConnectionIdentifiers(parentID);
// List of all connection IDs for which this user has access // List of all connection IDs for which this user has access
List<Integer> connectionIDs = List<Integer> connectionIDs =
@@ -607,7 +607,7 @@ public class PermissionCheckService {
// A system administrator has access to all connections. // A system administrator has access to all connections.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(userID))
return connectionService.getAllConnectionNames(parentID); return connectionGroupService.getAllConnectionGroupIdentifiers(parentID);
// List of all connection group IDs for which this user has access // List of all connection group IDs for which this user has access
List<Integer> connectionGroupIDs = List<Integer> connectionGroupIDs =
@@ -686,22 +686,13 @@ public class PermissionCheckService {
List<ConnectionPermissionKey> connectionPermissions = List<ConnectionPermissionKey> connectionPermissions =
connectionPermissionDAO.selectByExample(connectionPermissionExample); connectionPermissionDAO.selectByExample(connectionPermissionExample);
// Get list of affected connection IDs
List<Integer> connectionIDs = new ArrayList<Integer>();
for(ConnectionPermissionKey connectionPermission : connectionPermissions)
connectionIDs.add(connectionPermission.getConnection_id());
// Get corresponding names
Map<Integer, String> affectedConnections =
connectionService.retrieveNames(connectionIDs);
// Add connection permissions // Add connection permissions
for(ConnectionPermissionKey connectionPermission : connectionPermissions) { for(ConnectionPermissionKey connectionPermission : connectionPermissions) {
// Construct permission from data // Construct permission from data
ConnectionPermission permission = new ConnectionPermission( ConnectionPermission permission = new ConnectionPermission(
ConnectionPermission.Type.valueOf(connectionPermission.getPermission()), ConnectionPermission.Type.valueOf(connectionPermission.getPermission()),
affectedConnections.get(connectionPermission.getConnection_id()) String.valueOf(connectionPermission.getConnection_id())
); );
// Add to set // Add to set
@@ -732,22 +723,13 @@ public class PermissionCheckService {
List<ConnectionGroupPermissionKey> connectionGroupPermissions = List<ConnectionGroupPermissionKey> connectionGroupPermissions =
connectionGroupPermissionDAO.selectByExample(connectionGroupPermissionExample); connectionGroupPermissionDAO.selectByExample(connectionGroupPermissionExample);
// Get list of affected connection IDs
List<Integer> connectionGroupIDs = new ArrayList<Integer>();
for(ConnectionGroupPermissionKey connectionGroupPermission : connectionGroupPermissions)
connectionGroupIDs.add(connectionGroupPermission.getConnection_group_id());
// Get corresponding names
Map<Integer, String> affectedConnectionGroups =
connectionGroupService.retrieveNames(connectionGroupIDs);
// Add connection permissions // Add connection permissions
for(ConnectionGroupPermissionKey connectionGroupPermission : connectionGroupPermissions) { for(ConnectionGroupPermissionKey connectionGroupPermission : connectionGroupPermissions) {
// Construct permission from data // Construct permission from data
ConnectionGroupPermission permission = new ConnectionGroupPermission( ConnectionGroupPermission permission = new ConnectionGroupPermission(
ConnectionGroupPermission.Type.valueOf(connectionGroupPermission.getPermission()), ConnectionGroupPermission.Type.valueOf(connectionGroupPermission.getPermission()),
affectedConnectionGroups.get(connectionGroupPermission.getConnection_group_id()) String.valueOf(connectionGroupPermission.getConnection_group_id())
); );
// Add to set // Add to set