safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-27 15:13:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-363: Merge support for SQL Server databases.

Browse Source
This commit is contained in:
Michael Jumper
2017-09-30 19:05:08 -07:00
parent 81ffa5c8e1 56bce8dbe7
commit d808f7fbbd
31 changed files with 3582 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-dist/pom.xml
View File

@@ -109,6 +109,13 @@
<version>0.9.13-incubating</version>
</dependency>
<!-- SQL Server Authentication Extension -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-jdbc-sqlserver</artifactId>
<version>0.9.13-incubating</version>
</dependency>
</dependencies>
</project>

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-dist/project-assembly.xml
View File

@@ -49,6 +49,14 @@
</includes>
</dependencySet>
<!-- SQL Server extension .jar -->
<dependencySet>
<outputDirectory>sqlserver</outputDirectory>
<includes>
<include>org.apache.guacamole:guacamole-auth-jdbc-sqlserver</include>
</includes>
</dependencySet>
</dependencySets>
<!-- Include extension schema scripts -->
@@ -72,6 +80,12 @@
<directory>../guacamole-auth-jdbc-postgresql/schema</directory>
</fileSet>
<!-- SQL Server schema scripts -->
<fileSet>
<outputDirectory>sqlserver/schema</outputDirectory>
<directory>../guacamole-auth-jdbc-sqlserver/schema</directory>
</fileSet>
</fileSets>
</assembly>

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
target/
*~

128
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/pom.xml Normal file
View File

@@ -0,0 +1,128 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-jdbc-sqlserver</artifactId>
<packaging>jar</packaging>
<name>guacamole-auth-jdbc-sqlserver</name>
<url>http://guacamole.incubator.apache.org/</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<parent>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-jdbc</artifactId>
<version>0.9.13-incubating</version>
<relativePath>../../</relativePath>
</parent>
<build>
<plugins>
<!-- Written for 1.6 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
<compilerArgs>
<arg>-Xlint:all</arg>
<arg>-Werror</arg>
</compilerArgs>
<fork>true</fork>
</configuration>
</plugin>
<!-- Copy dependencies prior to packaging -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.10</version>
<executions>
<execution>
<id>unpack-dependencies</id>
<phase>prepare-package</phase>
<goals>
<goal>unpack-dependencies</goal>
</goals>
<configuration>
<includeScope>runtime</includeScope>
<outputDirectory>${project.build.directory}/classes</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<!-- Verify format using Apache RAT -->
<plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
<version>0.12</version>
<configuration>
<excludes>
<exclude>**/*.json</exclude>
</excludes>
</configuration>
<!-- Bind RAT to validate phase -->
<executions>
<execution>
<id>validate</id>
<phase>validate</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<!-- Guacamole Extension API -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-ext</artifactId>
<scope>provided</scope>
</dependency>
<!-- Guacamole JDBC Authentication -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-jdbc-base</artifactId>
<version>0.9.13-incubating</version>
</dependency>
</dependencies>
</project>

467
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/schema/001-create-schema.sql Normal file
View File

@@ -0,0 +1,467 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* Turn on ANSI_NULLS for the entire DB to make it ISO-compliant.
*/
ALTER DATABASE CURRENT SET ANSI_NULLS ON;
GO;
/**
* Turn on QUOTED_IDENTIFIER for the entire DB.
*/
ALTER DATABASE CURRENT SET QUOTED_IDENTIFIER ON;
/**
* List for permission data type.
*/
CREATE RULE [guacamole_permission_list]
AS
@list IN ('READ','UPDATE','DELETE','ADMINISTER');
GO;
/**
* List for system permission data type.
*/
CREATE RULE [guacamole_system_permission_list]
AS
@list IN ('CREATE_CONNECTION',
'CREATE_CONNECTION_GROUP',
'CREATE_SHARING_PROFILE',
'CREATE_USER',
'ADMINISTER');
GO;
/**
* The permission data type.
*/
CREATE TYPE [guacamole_permission] FROM [nvarchar](10) NOT NULL;
EXEC sp_bindrule 'guacamole_permission_list','guacamole_permission';
/**
* The system permission data type.
*/
CREATE TYPE [guacamole_system_permission] FROM [nvarchar](32) NOT NULL;
EXEC sp_bindrule 'guacamole_system_permission_list','guacamole_system_permission';
GO;
/**
* The connection_group table stores organizational and balancing groups.
*/
CREATE TABLE [guacamole_connection_group](
[connection_group_id] [int] IDENTITY(1,1) NOT NULL,
[parent_id] [int] NULL,
[connection_group_name] [nvarchar](128) NOT NULL,
[type] [nvarchar](32) NOT NULL,
[max_connections] [int] NULL,
[max_connections_per_user] [int] NULL,
[enable_session_affinity] [bit] NOT NULL,
CONSTRAINT [PK_guacmaole_connection_group] PRIMARY KEY CLUSTERED
([connection_group_id] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for connection_group table.
*/
ALTER TABLE [guacamole_connection_group]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_group_connection_group_id] FOREIGN KEY([parent_id])
REFERENCES [guacamole_connection_group] ([connection_group_id]);
ALTER TABLE [guacamole_connection_group]
CHECK CONSTRAINT [FK_guacamole_connection_group_connection_group_id];
ALTER TABLE [guacamole_connection_group]
WITH CHECK ADD CONSTRAINT [CK_guacamole_connection_group_type]
CHECK (([type]='BALANCING' OR [type]='ORGANIZATIONAL'));
ALTER TABLE [guacamole_connection_group]
CHECK CONSTRAINT [CK_guacamole_connection_group_type];
/**
* Default values for connection_group table.
*/
ALTER TABLE [guacamole_connection_group]
ADD CONSTRAINT [DF_guacamole_connection_group_type] DEFAULT (N'ORGANIZATIONAL') FOR [type];
ALTER TABLE [guacamole_connection_group]
ADD CONSTRAINT [DF_guacamole_connection_group_enable_session_affinity] DEFAULT ((0)) FOR [enable_session_affinity];
GO;
/**
* The connection table, for storing connections and attributes.
*/
CREATE TABLE [guacamole_connection](
[connection_id] [int] IDENTITY(1,1) NOT NULL,
[connection_name] [nvarchar](128) NOT NULL,
[parent_id] [int] NULL,
[protocol] [nvarchar](32) NOT NULL,
[proxy_port] [int] NULL,
[proxy_hostname] [nvarchar](512) NULL,
[proxy_encryption_method] [nvarchar](4) NULL,
[max_connections] [int] NULL,
[max_connections_per_user] [int] NULL,
[connection_weight] [int] NULL,
[failover_only] [bit] NOT NULL,
CONSTRAINT [PK_guacamole_connection] PRIMARY KEY CLUSTERED
([connection_id] ASC) ON [PRIMARY]
) ON [PRIMARY];
ALTER TABLE [guacamole_connection]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_connection_group] FOREIGN KEY([parent_id])
REFERENCES [guacamole_connection_group] ([connection_group_id]);
ALTER TABLE [guacamole_connection]
CHECK CONSTRAINT [FK_guacamole_connection_connection_group];
ALTER TABLE [guacamole_connection]
WITH CHECK ADD CONSTRAINT [CK_proxy_encryption_method]
CHECK (([proxy_encryption_method]='SSL' OR [proxy_encryption_method]='NONE'));
ALTER TABLE [guacamole_connection]
CHECK CONSTRAINT [CK_proxy_encryption_method];
ALTER TABLE [guacamole_connection]
ADD CONSTRAINT [DF_guacamole_connection_failover_only] DEFAULT ((0)) FOR [failover_only];
GO;
/**
* The user table stores user accounts, passwords, and properties.
*/
CREATE TABLE [guacamole_user](
[user_id] [int] IDENTITY(1,1) NOT NULL,
[username] [nvarchar](128) NOT NULL,
[password_hash] [binary](32) NOT NULL,
[password_salt] [binary](32) NULL,
[password_date] [datetime] NOT NULL,
[disabled] [bit] NOT NULL,
[expired] [bit] NOT NULL,
[access_window_start] [time](7) NULL,
[access_window_end] [time](7) NULL,
[valid_from] [date] NULL,
[valid_until] [date] NULL,
[timezone] [nvarchar](64) NULL,
[full_name] [nvarchar](256) NULL,
[email_address] [nvarchar](256) NULL,
[organization] [nvarchar](256) NULL,
[organizational_role] [nvarchar](256) NULL,
CONSTRAINT [PK_guacamole_user] PRIMARY KEY CLUSTERED
([user_id] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Defaults for user table
*/
ALTER TABLE [guacamole_user]
ADD CONSTRAINT [DF_guacamole_user_disabled] DEFAULT ((0)) FOR [disabled];
ALTER TABLE [guacamole_user]
ADD CONSTRAINT [DF_guacamole_user_expired] DEFAULT ((0)) FOR [expired];
GO;
/**
* The sharing_profile table stores profiles that allow
* connections to be shared amongst multiple users.
*/
CREATE TABLE [guacamole_sharing_profile](
[sharing_profile_id] [int] IDENTITY(1,1) NOT NULL,
[sharing_profile_name] [nvarchar](128) NOT NULL,
[primary_connection_id] [int] NOT NULL,
CONSTRAINT [PK_guacamole_sharing_profile] PRIMARY KEY CLUSTERED
([sharing_profile_id] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for sharing_profile table.
*/
ALTER TABLE [guacamole_sharing_profile]
WITH CHECK ADD CONSTRAINT [FK_guacamole_sharing_profile_connection] FOREIGN KEY([primary_connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_sharing_profile]
CHECK CONSTRAINT [FK_guacamole_sharing_profile_connection];
GO;
/**
* The connection_parameter table stores parameters for
* connection objects.
*/
CREATE TABLE [guacamole_connection_parameter](
[connection_id] [int] NOT NULL,
[parameter_name] [nvarchar](128) NOT NULL,
[parameter_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_connection_parameter] PRIMARY KEY CLUSTERED
([connection_id] ASC, [parameter_name] ASC) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY];
/**
* Foreign keys for the connection_parameter table.
*/
ALTER TABLE [guacamole_connection_parameter]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_parameter_connection] FOREIGN KEY([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_connection_parameter]
CHECK CONSTRAINT [FK_guacamole_connection_parameter_connection];
GO;
/**
* The sharing_profile_parameter table stores parameters
* for sharing_profile objects.
*/
CREATE TABLE [guacamole_sharing_profile_parameter](
[sharing_profile_id] [int] NOT NULL,
[parameter_name] [nvarchar](128) NOT NULL,
[parameter_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_sharing_profile_parameter] PRIMARY KEY CLUSTERED
([sharing_profile_id] ASC, [parameter_name] ASC) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY];
/**
* Foreign keys for the sharing_profile_parameter
* table.
*/
ALTER TABLE [guacamole_sharing_profile_parameter]
WITH CHECK ADD CONSTRAINT [FK_guacamole_sharing_profile_parameter_sharing_profile] FOREIGN KEY([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_sharing_profile_parameter]
CHECK CONSTRAINT [FK_guacamole_sharing_profile_parameter_sharing_profile];
GO;
/**
* The connection_permission table stores permission
* mappings for connection objects.
*/
CREATE TABLE [guacamole_connection_permission](
[user_id] [int] NOT NULL,
[connection_id] [int] NOT NULL,
[permission] [guacamole_permission] NOT NULL,
CONSTRAINT [PK_guacamole_connection_permission] PRIMARY KEY CLUSTERED
([user_id] ASC, [connection_id] ASC, [permission] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for the connection_permission table.
*/
ALTER TABLE [guacamole_connection_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_permission_connection1] FOREIGN KEY([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_connection_permission]
CHECK CONSTRAINT [FK_guacamole_connection_permission_connection1];
ALTER TABLE [guacamole_connection_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_permission_user1] FOREIGN KEY([user_id])
REFERENCES [guacamole_user] ([user_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_connection_permission]
CHECK CONSTRAINT [FK_guacamole_connection_permission_user1];
GO;
/**
* The connection_group_permission table stores permission mappings for
* connection_group objects.
*/
CREATE TABLE [guacamole_connection_group_permission](
[user_id] [int] NOT NULL,
[connection_group_id] [int] NOT NULL,
[permission] [guacamole_permission] NOT NULL,
CONSTRAINT [PK_guacamole_connection_group_permission] PRIMARY KEY CLUSTERED
([user_id] ASC, [connection_group_id] ASC, [permission] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for the connection_group_permission table.
*/
ALTER TABLE [guacamole_connection_group_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_group_permission_connection_group] FOREIGN KEY([connection_group_id])
REFERENCES [guacamole_connection_group] ([connection_group_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_connection_group_permission]
CHECK CONSTRAINT [FK_guacamole_connection_group_permission_connection_group];
ALTER TABLE [guacamole_connection_group_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_group_permission_user] FOREIGN KEY([user_id])
REFERENCES [guacamole_user] ([user_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_connection_group_permission]
CHECK CONSTRAINT [FK_guacamole_connection_group_permission_user];
GO;
/**
* The sharing_profile_permission table stores permission
* mappings for sharing_profile objects.
*/
CREATE TABLE [guacamole_sharing_profile_permission](
[user_id] [int] NOT NULL,
[sharing_profile_id] [int] NOT NULL,
[permission] [guacamole_permission] NOT NULL,
CONSTRAINT [PK_guacamole_sharing_profile_permission] PRIMARY KEY CLUSTERED
([user_id] ASC, [sharing_profile_id] ASC, [permission] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for the sharing_profile_permission table.
*/
ALTER TABLE [guacamole_sharing_profile_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_sharing_profile_permission_sharing_profile] FOREIGN KEY([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_sharing_profile_permission]
CHECK CONSTRAINT [FK_guacamole_sharing_profile_permission_sharing_profile];
ALTER TABLE [guacamole_sharing_profile_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_sharing_profile_permission_user] FOREIGN KEY([user_id])
REFERENCES [guacamole_user] ([user_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_sharing_profile_permission]
CHECK CONSTRAINT [FK_guacamole_sharing_profile_permission_user];
GO;
/**
* The system_permission table stores permission mappings
* for system-level operations.
*/
CREATE TABLE [guacamole_system_permission](
[user_id] [int] NOT NULL,
[permission] [guacamole_system_permission] NOT NULL,
CONSTRAINT [PK_guacamole_system_permission] PRIMARY KEY CLUSTERED
([user_id] ASC, [permission] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for system_permission table.
*/
ALTER TABLE [guacamole_system_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_system_permission_user] FOREIGN KEY([user_id])
REFERENCES [guacamole_user] ([user_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_system_permission]
CHECK CONSTRAINT [FK_guacamole_system_permission_user];
GO;
/**
* The user_permission table stores permission mappings
* for users to other users.
*/
CREATE TABLE [guacamole_user_permission](
[user_id] [int] NOT NULL,
[affected_user_id] [int] NOT NULL,
[permission] [guacamole_permission] NOT NULL,
CONSTRAINT [PK_guacamole_user_permission] PRIMARY KEY CLUSTERED
([user_id] ASC, [affected_user_id] ASC, [permission] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for user_permission table.
*/
ALTER TABLE [guacamole_user_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_user_permission_user] FOREIGN KEY([user_id])
REFERENCES [guacamole_user] ([user_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_user_permission]
CHECK CONSTRAINT [FK_guacamole_user_permission_user];
ALTER TABLE [guacamole_user_permission]
WITH CHECK ADD CONSTRAINT [FK_guacamole_user_permission_user1] FOREIGN KEY([affected_user_id])
REFERENCES [guacamole_user] ([user_id]);
ALTER TABLE [guacamole_user_permission]
CHECK CONSTRAINT [FK_guacamole_user_permission_user1];
GO;
/**
* The connection_history table stores records for historical
* connections.
*/
CREATE TABLE [guacamole_connection_history](
[history_id] [int] IDENTITY(1,1) NOT NULL,
[user_id] [int] NULL,
[username] [nvarchar](128) NOT NULL,
[remote_host] [nvarchar](256) NULL,
[connection_id] [int] NULL,
[connection_name] [nvarchar](128) NOT NULL,
[sharing_profile_id] [int] NULL,
[sharing_profile_name] [nvarchar](128) NULL,
[start_date] [datetime] NOT NULL,
[end_date] [datetime] NULL,
CONSTRAINT [PK_guacamole_connection_history] PRIMARY KEY CLUSTERED
([history_id] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for connection_history table
*/
ALTER TABLE [guacamole_connection_history]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_history_connection] FOREIGN KEY([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON UPDATE CASCADE
ON DELETE SET NULL;
ALTER TABLE [guacamole_connection_history]
CHECK CONSTRAINT [FK_guacamole_connection_history_connection];
ALTER TABLE [guacamole_connection_history]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_history_sharing_profile] FOREIGN KEY([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id]);
ALTER TABLE [guacamole_connection_history]
CHECK CONSTRAINT [FK_guacamole_connection_history_sharing_profile];
ALTER TABLE [guacamole_connection_history]
WITH CHECK ADD CONSTRAINT [FK_guacamole_connection_history_user] FOREIGN KEY([user_id])
REFERENCES [guacamole_user] ([user_id])
ON UPDATE CASCADE
ON DELETE SET NULL;
ALTER TABLE [guacamole_connection_history]
CHECK CONSTRAINT [FK_guacamole_connection_history_user];
GO;
/**
* The user_password_history table stores password history
* for users, allowing for enforcing rules associated with
* reuse of passwords.
*/
CREATE TABLE [guacamole_user_password_history](
[password_history_id] [int] IDENTITY(1,1) NOT NULL,
[user_id] [int] NOT NULL,
[password_hash] [binary](32) NOT NULL,
[password_salt] [binary](32) NULL,
[password_date] [datetime] NOT NULL,
CONSTRAINT [PK_guacamole_user_password_history] PRIMARY KEY CLUSTERED
([password_history_id] ASC) ON [PRIMARY]
) ON [PRIMARY];
/**
* Foreign keys for user_password_history table
*/
ALTER TABLE [guacamole_user_password_history]
WITH CHECK ADD CONSTRAINT [FK_guacamole_user_password_history_user] FOREIGN KEY([user_id])
REFERENCES [guacamole_user] ([user_id])
ON UPDATE CASCADE
ON DELETE CASCADE;
ALTER TABLE [guacamole_user_password_history]
CHECK CONSTRAINT [FK_guacamole_user_password_history_user];
GO;

49
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/schema/002-create-admin-user.sql Normal file
View File

@@ -0,0 +1,49 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* Create the default admin user account and set up full privileges.
*/
INSERT INTO [guacamole_user] (username, password_hash, password_salt, password_date)
VALUES ('guacadmin',
0xCA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960,
0xFE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264,
getdate());
INSERT INTO [guacamole_user_permission]
SELECT [guacamole_user].[user_id], [affected].[user_id], permission
FROM (
SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'READ' AS permission
UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'UPDATE' AS permission
UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'ADMINISTER' AS permission)
permissions
JOIN [guacamole_user] ON permissions.username = [guacamole_user].[username]
JOIN [guacamole_user] affected ON permissions.affected_username = affected.username;
INSERT INTO [guacamole_system_permission]
SELECT user_id, permission
FROM (
SELECT 'guacadmin' AS username, 'CREATE_CONNECTION' AS permission
UNION SELECT 'guacadmin' AS username, 'CREATE_CONNECTION_GROUP' AS permission
UNION SELECT 'guacadmin' AS username, 'CREATE_SHARING_PROFILE' AS permission
UNION SELECT 'guacadmin' AS username, 'CREATE_USER' AS permission
UNION SELECT 'guacadmin' AS username, 'ADMINISTER' AS permission)
permissions
JOIN [guacamole_user] ON permissions.username = [guacamole_user].[username];
GO;

50
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProvider.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.InjectedAuthenticationProvider;
import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderService;
/**
* Provides a SQLServer-based implementation of the AuthenticationProvider
* functionality.
*/
public class SQLServerAuthenticationProvider extends InjectedAuthenticationProvider {
/**
* Creates a new SQLServerAuthenticationProvider that reads and writes
* authentication data to a SQLServer database defined by properties in
* guacamole.properties.
*
* @throws GuacamoleException
* If a required property is missing, or an error occurs while parsing
* a property.
*/
public SQLServerAuthenticationProvider() throws GuacamoleException {
super(new SQLServerInjectorProvider(), JDBCAuthenticationProviderService.class);
}
@Override
public String getIdentifier() {
return "sqlserver";
}
}

121
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java Normal file
View File

@@ -0,0 +1,121 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import com.google.inject.Binder;
import com.google.inject.Module;
import com.google.inject.name.Names;
import java.lang.UnsupportedOperationException;
import java.util.Properties;
import org.apache.guacamole.GuacamoleException;
import org.mybatis.guice.datasource.helper.JdbcHelper;
/**
* Guice module which configures SQLServer-specific injections.
*/
public class SQLServerAuthenticationProviderModule implements Module {
/**
* MyBatis-specific configuration properties.
*/
private final Properties myBatisProperties = new Properties();
/**
* SQLServer-specific driver configuration properties.
*/
private final Properties driverProperties = new Properties();
/**
* Which SQL Server driver should be used.
*/
private SQLServerDriver sqlServerDriver;
/**
* Creates a new SQLServer authentication provider module that configures
* driver and MyBatis properties using the given environment.
*
* @param environment
* The environment to use when configuring MyBatis and the underlying
* JDBC driver.
*
* @throws GuacamoleException
* If a required property is missing, or an error occurs while parsing
* a property.
*/
public SQLServerAuthenticationProviderModule(SQLServerEnvironment environment)
throws GuacamoleException {
// Set the SQLServer-specific properties for MyBatis.
myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
myBatisProperties.setProperty("JDBC.host", environment.getSQLServerHostname());
myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getSQLServerPort()));
myBatisProperties.setProperty("JDBC.schema", environment.getSQLServerDatabase());
myBatisProperties.setProperty("JDBC.username", environment.getSQLServerUsername());
myBatisProperties.setProperty("JDBC.password", environment.getSQLServerPassword());
myBatisProperties.setProperty("JDBC.autoCommit", "false");
myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
// Use UTF-8 in database
driverProperties.setProperty("characterEncoding", "UTF-8");
// Capture which driver to use for the connection.
this.sqlServerDriver = environment.getSQLServerDriver();
}
@Override
public void configure(Binder binder) {
// Bind SQLServer-specific properties with the configured driver.
switch(sqlServerDriver) {
case JTDS:
JdbcHelper.SQL_Server_jTDS.configure(binder);
break;
case DATA_DIRECT:
JdbcHelper.SQL_Server_DataDirect.configure(binder);
break;
case MICROSOFT_LEGACY:
JdbcHelper.SQL_Server_MS_Driver.configure(binder);
break;
case MICROSOFT_2005:
JdbcHelper.SQL_Server_2005_MS_Driver.configure(binder);
break;
default:
throw new UnsupportedOperationException(
"A driver has been specified that is not supported by this module."
);
}
// Bind MyBatis properties
Names.bindProperties(binder, myBatisProperties);
// Bind JDBC driver properties
binder.bind(Properties.class)
.annotatedWith(Names.named("JDBC.driverProperties"))
.toInstance(driverProperties);
}
}

46
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerDriver.java Normal file
View File

@@ -0,0 +1,46 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
/**
* The possible SQL Server drivers to use when using a TDS-compatible database.
*/
public enum SQLServerDriver {
/**
* The open source jTDS driver.
*/
JTDS,
/**
* The Progress DataDirect driver.
*/
DATA_DIRECT,
/**
* The Microsoft Legacy SQL Server driver.
*/
MICROSOFT_LEGACY,
/**
* The Microsoft 2005 SQL Server driver.
*/
MICROSOFT_2005;
}

60
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerDriverProperty.java Normal file
View File

@@ -0,0 +1,60 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.properties.GuacamoleProperty;
/**
* A property whose value is a SQLServerDriver. The incoming string values of "jtds", "datadirect",
* "microsoft", and "microsoft2005" into the corresponding SQLServerDriver enum value. Any
* values that are not valid result in a parse error.
*/
public abstract class SQLServerDriverProperty implements GuacamoleProperty<SQLServerDriver> {
@Override
public SQLServerDriver parseValue(String value) throws GuacamoleException {
// If no value provided, return null.
if (value == null)
return null;
// jTDS Driver
if (value.equals("jtds"))
return SQLServerDriver.JTDS;
// Progress DataDirect Driver
if (value.equals("datadirect"))
return SQLServerDriver.DATA_DIRECT;
// Microsoft Legacy Driver
if (value.equals("microsoft"))
return SQLServerDriver.MICROSOFT_LEGACY;
// Microsoft 2005 Driver
if (value.equals("microsoft2005"))
return SQLServerDriver.MICROSOFT_2005;
throw new GuacamoleServerException("SQLServer driver must be one of \"jtds\", \"datadirect\", \"microsoft\", \"microsoft2005\".");
}
}

254
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerEnvironment.java Normal file
View File

@@ -0,0 +1,254 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.guacamole.auth.jdbc.security.PasswordPolicy;
/**
* A SQLServer-specific implementation of JDBCEnvironment provides database
* properties specifically for SQLServer.
*/
public class SQLServerEnvironment extends JDBCEnvironment {
/**
* Logger for this class.
*/
private static final Logger logger = LoggerFactory.getLogger(SQLServerEnvironment.class);
/**
* The default host to connect to, if SQLSERVER_HOSTNAME is not specified.
*/
private static final String DEFAULT_HOSTNAME = "localhost";
/**
* The default port to connect to, if SQLSERVER_PORT is not specified.
*/
private static final int DEFAULT_PORT = 1433;
/**
* Whether a database user account is required by default for authentication
* to succeed.
*/
private static final boolean DEFAULT_USER_REQUIRED = false;
/**
* The default value for the maximum number of connections to be
* allowed to the Guacamole server overall.
*/
private static final int DEFAULT_ABSOLUTE_MAX_CONNECTIONS = 0;
/**
* The default value for the default maximum number of connections to be
* allowed per user to any one connection.
*/
private static final int DEFAULT_MAX_CONNECTIONS_PER_USER = 1;
/**
* The default value for the default maximum number of connections to be
* allowed per user to any one connection group.
*/
private static final int DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER = 1;
/**
* The default value for the default maximum number of connections to be
* allowed to any one connection.
*/
private static final int DEFAULT_MAX_CONNECTIONS = 0;
/**
* The default value for the default maximum number of connections to be
* allowed to any one connection group.
*/
private static final int DEFAULT_MAX_GROUP_CONNECTIONS = 0;
/**
* The default SQLServer driver to use.
*/
public static final SQLServerDriver SQLSERVER_DEFAULT_DRIVER = SQLServerDriver.MICROSOFT_2005;
/**
* Constructs a new SQLServerEnvironment, providing access to SQLServer-specific
* configuration options.
*
* @throws GuacamoleException
* If an error occurs while setting up the underlying JDBCEnvironment
* or while parsing legacy SQLServer configuration options.
*/
public SQLServerEnvironment() throws GuacamoleException {
// Init underlying JDBC environment
super();
}
@Override
public boolean isUserRequired() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_USER_REQUIRED,
DEFAULT_USER_REQUIRED
);
}
@Override
public int getAbsoluteMaxConnections() throws GuacamoleException {
return getProperty(SQLServerGuacamoleProperties.SQLSERVER_ABSOLUTE_MAX_CONNECTIONS,
DEFAULT_ABSOLUTE_MAX_CONNECTIONS
);
}
@Override
public int getDefaultMaxConnections() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_CONNECTIONS,
DEFAULT_MAX_CONNECTIONS
);
}
@Override
public int getDefaultMaxGroupConnections() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS,
DEFAULT_MAX_GROUP_CONNECTIONS
);
}
@Override
public int getDefaultMaxConnectionsPerUser() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_CONNECTIONS_PER_USER,
DEFAULT_MAX_CONNECTIONS_PER_USER
);
}
@Override
public int getDefaultMaxGroupConnectionsPerUser() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER,
DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER
);
}
@Override
public PasswordPolicy getPasswordPolicy() {
return new SQLServerPasswordPolicy(this);
}
/**
* Returns the hostname of the SQLServer server hosting the Guacamole
* authentication tables. If unspecified, this will be "localhost".
*
* @return
* The URL of the SQLServer server.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value.
*/
public String getSQLServerHostname() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_HOSTNAME,
DEFAULT_HOSTNAME
);
}
/**
* Returns the port number of the SQLServer server hosting the Guacamole
* authentication tables. If unspecified, this will be the default
* SQLServer port of 5432.
*
* @return
* The port number of the SQLServer server.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value.
*/
public int getSQLServerPort() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_PORT,
DEFAULT_PORT
);
}
/**
* Returns the name of the SQLServer database containing the Guacamole
* authentication tables.
*
* @return
* The name of the SQLServer database.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value, or if the
* value was not set, as this property is required.
*/
public String getSQLServerDatabase() throws GuacamoleException {
return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_DATABASE);
}
/**
* Returns the username that should be used when authenticating with the
* SQLServer database containing the Guacamole authentication tables.
*
* @return
* The username for the SQLServer database.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value, or if the
* value was not set, as this property is required.
*/
public String getSQLServerUsername() throws GuacamoleException {
return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_USERNAME);
}
/**
* Returns the password that should be used when authenticating with the
* SQLServer database containing the Guacamole authentication tables.
*
* @return
* The password for the SQLServer database.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value, or if the
* value was not set, as this property is required.
*/
public String getSQLServerPassword() throws GuacamoleException {
return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_PASSWORD);
}
/**
* Returns which JDBC driver should be used to make the SQLServer/TDS connection.
*
* @return
* Which TDS-compatible JDBC driver should be used.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value, or if the
* value was not set, as this property is required.
*/
public SQLServerDriver getSQLServerDriver() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DRIVER,
SQLSERVER_DEFAULT_DRIVER
);
}
}

185
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerGuacamoleProperties.java Normal file
View File

@@ -0,0 +1,185 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
/**
* Properties used by the SQLServer Authentication plugin.
*/
public class SQLServerGuacamoleProperties {
/**
* This class should not be instantiated.
*/
private SQLServerGuacamoleProperties() {}
/**
* The URL of the SQLServer server hosting the Guacamole authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_HOSTNAME =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-hostname"; }
};
/**
* The port of the SQLServer server hosting the Guacamole authentication
* tables.
*/
public static final IntegerGuacamoleProperty SQLSERVER_PORT =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-port"; }
};
/**
* The name of the SQLServer database containing the Guacamole
* authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_DATABASE =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-database"; }
};
/**
* The username used to authenticate to the SQLServer database containing
* the Guacamole authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_USERNAME =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-username"; }
};
/**
* The password used to authenticate to the SQLServer database containing
* the Guacamole authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_PASSWORD =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-password"; }
};
/**
* Whether a user account within the database is required for authentication
* to succeed, even if the user has been authenticated via another
* authentication provider.
*/
public static final BooleanGuacamoleProperty
SQLSERVER_USER_REQUIRED = new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-required"; }
};
/**
* The maximum number of concurrent connections to allow overall. Zero
* denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_ABSOLUTE_MAX_CONNECTIONS =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-absolute-max-connections"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection. Zero denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_CONNECTIONS =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-connections"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection group. Zero denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-group-connections"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection by an individual user. Zero denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_CONNECTIONS_PER_USER =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-connections-per-user"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection group by an individual user. Zero denotes
* unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-group-connections-per-user"; }
};
/**
* Which TDS-compatible JDBC driver should be used for the connection.
*/
public static final SQLServerDriverProperty
SQLSERVER_DRIVER = new SQLServerDriverProperty() {
@Override
public String getName() { return "sqlserver-driver"; }
};
}

49
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerInjectorProvider.java Normal file
View File

@@ -0,0 +1,49 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import com.google.inject.Guice;
import com.google.inject.Injector;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderModule;
import org.apache.guacamole.auth.jdbc.JDBCInjectorProvider;
/**
* JDBCInjectorProvider implementation which configures Guice injections for
* connecting to a SQLServer database based on SQLServer-specific options
* provided via guacamole.properties.
*/
public class SQLServerInjectorProvider extends JDBCInjectorProvider {
@Override
protected Injector create() throws GuacamoleException {
// Get local environment
SQLServerEnvironment environment = new SQLServerEnvironment();
// Set up Guice injector
return Guice.createInjector(
new JDBCAuthenticationProviderModule(environment),
new SQLServerAuthenticationProviderModule(environment)
);
}
}

194
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerPasswordPolicy.java Normal file
View File

@@ -0,0 +1,194 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.security.PasswordPolicy;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
/**
* PasswordPolicy implementation which reads the details of the policy from
* SQLServer-specific properties in guacamole.properties.
*/
public class SQLServerPasswordPolicy implements PasswordPolicy {
/**
* The property which specifies the minimum length required of all user
* passwords. By default, this will be zero.
*/
private static final IntegerGuacamoleProperty MIN_LENGTH =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-min-length"; }
};
/**
* The property which specifies the minimum number of days which must
* elapse before a user may reset their password. If set to zero, the
* default, then this restriction does not apply.
*/
private static final IntegerGuacamoleProperty MIN_AGE =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-min-age"; }
};
/**
* The property which specifies the maximum number of days which may
* elapse before a user is required to reset their password. If set to zero,
* the default, then this restriction does not apply.
*/
private static final IntegerGuacamoleProperty MAX_AGE =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-max-age"; }
};
/**
* The property which specifies the number of previous passwords remembered
* for each user. If set to zero, the default, then this restriction does
* not apply.
*/
private static final IntegerGuacamoleProperty HISTORY_SIZE =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-history-size"; }
};
/**
* The property which specifies whether all user passwords must have at
* least one lowercase character and one uppercase character. By default,
* no such restriction is imposed.
*/
private static final BooleanGuacamoleProperty REQUIRE_MULTIPLE_CASE =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-require-multiple-case"; }
};
/**
* The property which specifies whether all user passwords must have at
* least one numeric character (digit). By default, no such restriction is
* imposed.
*/
private static final BooleanGuacamoleProperty REQUIRE_DIGIT =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-require-digit"; }
};
/**
* The property which specifies whether all user passwords must have at
* least one non-alphanumeric character (symbol). By default, no such
* restriction is imposed.
*/
private static final BooleanGuacamoleProperty REQUIRE_SYMBOL =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-require-symbol"; }
};
/**
* The property which specifies whether users are prohibited from including
* their own username in their password. By default, no such restriction is
* imposed.
*/
private static final BooleanGuacamoleProperty PROHIBIT_USERNAME =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-prohibit-username"; }
};
/**
* The Guacamole server environment.
*/
private final JDBCEnvironment environment;
/**
* Creates a new SQLServerPasswordPolicy which reads the details of the
* policy from the properties exposed by the given environment.
*
* @param environment
* The environment from which password policy properties should be
* read.
*/
public SQLServerPasswordPolicy(JDBCEnvironment environment) {
this.environment = environment;
}
@Override
public int getMinimumLength() throws GuacamoleException {
return environment.getProperty(MIN_LENGTH, 0);
}
@Override
public int getMinimumAge() throws GuacamoleException {
return environment.getProperty(MIN_AGE, 0);
}
@Override
public int getMaximumAge() throws GuacamoleException {
return environment.getProperty(MAX_AGE, 0);
}
@Override
public int getHistorySize() throws GuacamoleException {
return environment.getProperty(HISTORY_SIZE, 0);
}
@Override
public boolean isMultipleCaseRequired() throws GuacamoleException {
return environment.getProperty(REQUIRE_MULTIPLE_CASE, false);
}
@Override
public boolean isNumericRequired() throws GuacamoleException {
return environment.getProperty(REQUIRE_DIGIT, false);
}
@Override
public boolean isNonAlphanumericRequired() throws GuacamoleException {
return environment.getProperty(REQUIRE_SYMBOL, false);
}
@Override
public boolean isUsernameProhibited() throws GuacamoleException {
return environment.getProperty(PROHIBIT_USERNAME, false);
}
}

50
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerSharedAuthenticationProvider.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.InjectedAuthenticationProvider;
import org.apache.guacamole.auth.jdbc.sharing.SharedAuthenticationProviderService;
/**
* Provides a implementation of AuthenticationProvider which interacts with the
* SQLServer AuthenticationProvider, accepting share keys as credentials and
* providing access to the shared connections.
*/
public class SQLServerSharedAuthenticationProvider extends InjectedAuthenticationProvider {
/**
* Creates a new SQLServerSharedAuthenticationProvider that provides access
* to shared connections exposed by the SQLServerAuthenticationProvider.
*
* @throws GuacamoleException
* If a required property is missing, or an error occurs while parsing
* a property.
*/
public SQLServerSharedAuthenticationProvider() throws GuacamoleException {
super(new SQLServerInjectorProvider(), SharedAuthenticationProviderService.class);
}
@Override
public String getIdentifier() {
return "sqlserver-shared";
}
}

23
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/package-info.java Normal file
View File

@@ -0,0 +1,23 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* The SQLServer authentication provider.
*/
package org.apache.guacamole.auth.sqlserver;

28
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/guac-manifest.json Normal file
View File

@@ -0,0 +1,28 @@
{
"guacamoleVersion" : "0.9.13-incubating",
"name" : "SQLServer Authentication",
"namespace" : "guac-sqlserver",
"authProviders" : [
"org.apache.guacamole.auth.sqlserver.SQLServerAuthenticationProvider",
"org.apache.guacamole.auth.sqlserver.SQLServerSharedAuthenticationProvider"
],
"css" : [
"styles/jdbc.css"
],
"html" : [
"html/shared-connection.html"
],
"translations" : [
"translations/en.json",
"translations/fr.json",
"translations/ru.json"
]
}

235
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml Normal file
View File

@@ -0,0 +1,235 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper" >
<!-- Result mapper for connection objects -->
<resultMap id="ConnectionResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionModel" >
<!-- Connection properties -->
<id column="connection_id" property="objectID" jdbcType="INTEGER"/>
<result column="connection_name" property="name" jdbcType="VARCHAR"/>
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
<result column="protocol" property="protocol" jdbcType="VARCHAR"/>
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
<result column="proxy_hostname" property="proxyHostname" jdbcType="VARCHAR"/>
<result column="proxy_port" property="proxyPort" jdbcType="INTEGER"/>
<result column="proxy_encryption_method" property="proxyEncryptionMethod" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.GuacamoleProxyConfiguration$EncryptionMethod"/>
<result column="connection_weight" property="connectionWeight" jdbcType="INTEGER"/>
<result column="failover_only" property="failoverOnly" jdbcType="BOOLEAN"/>
<!-- Associated sharing profiles -->
<collection property="sharingProfileIdentifiers" resultSet="sharingProfiles" ofType="java.lang.String"
column="connection_id" foreignColumn="primary_connection_id">
<result column="sharing_profile_id"/>
</collection>
</resultMap>
<!-- Select all connection identifiers -->
<select id="selectIdentifiers" resultType="string">
SELECT connection_id
FROM [guacamole_connection]
</select>
<!-- Select identifiers of all readable connections -->
<select id="selectReadableIdentifiers" resultType="string">
SELECT connection_id
FROM [guacamole_connection_permission]
WHERE
user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select all connection identifiers within a particular connection group -->
<select id="selectIdentifiersWithin" resultType="string">
SELECT connection_id
FROM [guacamole_connection]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
</select>
<!-- Select identifiers of all readable connections within a particular connection group -->
<select id="selectReadableIdentifiersWithin" resultType="string">
SELECT [guacamole_connection].connection_id
FROM [guacamole_connection]
JOIN [guacamole_connection_permission] ON [guacamole_connection_permission].connection_id = [guacamole_connection].connection_id
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select multiple connections by identifier -->
<select id="select" resultMap="ConnectionResultMap"
resultSets="connections,sharingProfiles">
SELECT
connection_id,
connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only
FROM [guacamole_connection]
WHERE connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT primary_connection_id, sharing_profile_id
FROM [guacamole_sharing_profile]
WHERE primary_connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
</select>
<!-- Select multiple connections by identifier only if readable -->
<select id="selectReadable" resultMap="ConnectionResultMap"
resultSets="connections,sharingProfiles">
SELECT
[guacamole_connection].connection_id,
connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only
FROM [guacamole_connection]
JOIN [guacamole_connection_permission] ON [guacamole_connection_permission].connection_id = [guacamole_connection].connection_id
WHERE [guacamole_connection].connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ';
SELECT primary_connection_id, [guacamole_sharing_profile].sharing_profile_id
FROM [guacamole_sharing_profile]
JOIN [guacamole_sharing_profile_permission] ON [guacamole_sharing_profile_permission].sharing_profile_id = [guacamole_sharing_profile].sharing_profile_id
WHERE primary_connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ';
</select>
<!-- Select single connection by name -->
<select id="selectOneByName" resultMap="ConnectionResultMap">
SELECT
connection_id,
connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only
FROM [guacamole_connection]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_name = #{name,jdbcType=VARCHAR}
</select>
<!-- Delete single connection by identifier -->
<delete id="delete">
DELETE FROM [guacamole_connection]
WHERE connection_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert single connection -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionModel">
INSERT INTO [guacamole_connection] (
connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only
)
VALUES (
#{object.name,jdbcType=VARCHAR},
#{object.parentIdentifier,jdbcType=INTEGER},
#{object.protocol,jdbcType=VARCHAR},
#{object.maxConnections,jdbcType=INTEGER},
#{object.maxConnectionsPerUser,jdbcType=INTEGER},
#{object.proxyHostname,jdbcType=VARCHAR},
#{object.proxyPort,jdbcType=INTEGER},
#{object.proxyEncryptionMethod,jdbcType=VARCHAR},
#{object.connectionWeight,jdbcType=INTEGER},
#{object.failoverOnly,jdbcType=INTEGER}
)
</insert>
<!-- Update single connection -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionModel">
UPDATE [guacamole_connection]
SET connection_name = #{object.name,jdbcType=VARCHAR},
parent_id = #{object.parentIdentifier,jdbcType=INTEGER},
protocol = #{object.protocol,jdbcType=VARCHAR},
max_connections = #{object.maxConnections,jdbcType=INTEGER},
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER},
proxy_hostname = #{object.proxyHostname,jdbcType=VARCHAR},
proxy_port = #{object.proxyPort,jdbcType=INTEGER},
proxy_encryption_method = #{object.proxyEncryptionMethod,jdbcType=VARCHAR},
connection_weight = #{object.connectionWeight,jdbcType=INTEGER},
failover_only = #{object.failoverOnly,jdbcType=INTEGER}
WHERE connection_id = #{object.objectID,jdbcType=INTEGER}
</update>
</mapper>

68
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml Normal file
View File

@@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper">
<!-- Result mapper for connection parameters -->
<resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
<result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
<result column="parameter_name" property="name" jdbcType="VARCHAR"/>
<result column="parameter_value" property="value" jdbcType="VARCHAR"/>
</resultMap>
<!-- Select all parameters of a given connection -->
<select id="select" resultMap="ParameterResultMap">
SELECT
connection_id,
parameter_name,
parameter_value
FROM [guacamole_connection_parameter]
WHERE
connection_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Delete all parameters of a given connection -->
<delete id="delete">
DELETE FROM [guacamole_connection_parameter]
WHERE connection_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert all given parameters -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
INSERT INTO [guacamole_connection_parameter] (
connection_id,
parameter_name,
parameter_value
)
VALUES
<foreach collection="parameters" item="parameter" separator=",">
(#{parameter.connectionIdentifier,jdbcType=INTEGER},
#{parameter.name,jdbcType=VARCHAR},
#{parameter.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

212
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml Normal file
View File

@@ -0,0 +1,212 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper" >
<!-- Result mapper for system permissions -->
<resultMap id="ConnectionRecordResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel">
<result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
<result column="connection_name" property="connectionName" jdbcType="VARCHAR"/>
<result column="remote_host" property="remoteHost" jdbcType="VARCHAR"/>
<result column="sharing_profile_id" property="sharingProfileIdentifier" jdbcType="INTEGER"/>
<result column="sharing_profile_name" property="sharingProfileName" jdbcType="VARCHAR"/>
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="start_date" property="startDate" jdbcType="TIMESTAMP"/>
<result column="end_date" property="endDate" jdbcType="TIMESTAMP"/>
</resultMap>
<!-- Select all connection records from a given connection -->
<select id="select" resultMap="ConnectionRecordResultMap">
SELECT
[guacamole_connection_history].connection_id,
[guacamole_connection_history].connection_name,
[guacamole_connection_history].remote_host,
[guacamole_connection_history].sharing_profile_id,
[guacamole_connection_history].sharing_profile_name,
[guacamole_connection_history].user_id,
[guacamole_connection_history].username,
[guacamole_connection_history].start_date,
[guacamole_connection_history].end_date
FROM [guacamole_connection_history]
WHERE
[guacamole_connection_history].connection_id = #{identifier,jdbcType=INTEGER}
ORDER BY
[guacamole_connection_history].start_date DESC,
[guacamole_connection_history].end_date DESC
</select>
<!-- Insert the given connection record -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel">
INSERT INTO [guacamole_connection_history] (
connection_id,
connection_name,
remote_host,
sharing_profile_id,
sharing_profile_name,
user_id,
username,
start_date,
end_date
)
VALUES (
#{record.connectionIdentifier,jdbcType=INTEGER},
#{record.connectionName,jdbcType=VARCHAR},
#{record.remoteHost,jdbcType=VARCHAR},
#{record.sharingProfileIdentifier,jdbcType=INTEGER},
#{record.sharingProfileName,jdbcType=VARCHAR},
(SELECT user_id FROM [guacamole_user]
WHERE username = #{record.username,jdbcType=VARCHAR}),
#{record.username,jdbcType=VARCHAR},
#{record.startDate,jdbcType=TIMESTAMP},
#{record.endDate,jdbcType=TIMESTAMP}
)
</insert>
<!-- Search for specific connection records -->
<select id="search" resultMap="ConnectionRecordResultMap">
SELECT TOP (#{limit,jdbcType=INTEGER})
[guacamole_connection_history].connection_id,
[guacamole_connection_history].connection_name,
[guacamole_connection_history].remote_host,
[guacamole_connection_history].sharing_profile_id,
[guacamole_connection_history].sharing_profile_name,
[guacamole_connection_history].user_id,
[guacamole_connection_history].username,
[guacamole_connection_history].start_date,
[guacamole_connection_history].end_date
FROM [guacamole_connection_history]
<!-- Search terms -->
<foreach collection="terms" item="term"
open="WHERE " separator=" AND ">
(
[guacamole_connection_history].user_id IN (
SELECT user_id
FROM [guacamole_user]
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
)
OR [guacamole_connection_history].connection_id IN (
SELECT connection_id
FROM [guacamole_connection]
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">
OR start_date BETWEEN #{term.startDate,jdbcType=TIMESTAMP} AND #{term.endDate,jdbcType=TIMESTAMP}
</if>
)
</foreach>
<!-- Bind sort property enum values for sake of readability -->
<bind name="START_DATE" value="@org.apache.guacamole.net.auth.ActivityRecordSet$SortableProperty@START_DATE"/>
<!-- Sort predicates -->
<foreach collection="sortPredicates" item="sortPredicate"
open="ORDER BY " separator=", ">
<choose>
<when test="sortPredicate.property == START_DATE">[guacamole_connection_history].start_date</when>
<otherwise>1</otherwise>
</choose>
<if test="sortPredicate.descending">DESC</if>
</foreach>
</select>
<!-- Search for specific connection records -->
<select id="searchReadable" resultMap="ConnectionRecordResultMap">
SELECT TOP (#{limit,jdbcType=INTEGER})
[guacamole_connection_history].connection_id,
[guacamole_connection_history].connection_name,
[guacamole_connection_history].remote_host,
[guacamole_connection_history].sharing_profile_id,
[guacamole_connection_history].sharing_profile_name,
[guacamole_connection_history].user_id,
[guacamole_connection_history].username,
[guacamole_connection_history].start_date,
[guacamole_connection_history].end_date
FROM [guacamole_connection_history]
LEFT JOIN [guacamole_connection] ON [guacamole_connection_history].connection_id = [guacamole_connection].connection_id
LEFT JOIN [guacamole_user] ON [guacamole_connection_history].user_id = [guacamole_user].user_id
<!-- Restrict to readable connections -->
JOIN [guacamole_connection_permission] ON
[guacamole_connection_history].connection_id = [guacamole_connection_permission].connection_id
AND [guacamole_connection_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND [guacamole_connection_permission].permission = 'READ'
<!-- Restrict to readable users -->
JOIN [guacamole_user_permission] ON
[guacamole_connection_history].user_id = [guacamole_user_permission].affected_user_id
AND [guacamole_user_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND [guacamole_user_permission].permission = 'READ'
<!-- Search terms -->
<foreach collection="terms" item="term"
open="WHERE " separator=" AND ">
(
[guacamole_connection_history].user_id IN (
SELECT user_id
FROM [guacamole_user]
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0
)
OR [guacamole_connection_history].connection_id IN (
SELECT connection_id
FROM [guacamole_connection]
WHERE POSITION(#{term.term,jdbcType=VARCHAR} IN connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">
OR start_date BETWEEN #{term.startDate,jdbcType=TIMESTAMP} AND #{term.endDate,jdbcType=TIMESTAMP}
</if>
)
</foreach>
<!-- Bind sort property enum values for sake of readability -->
<bind name="START_DATE" value="@org.apache.guacamole.net.auth.ActivityRecordSet$SortableProperty@START_DATE"/>
<!-- Sort predicates -->
<foreach collection="sortPredicates" item="sortPredicate"
open="ORDER BY " separator=", ">
<choose>
<when test="sortPredicate.property == START_DATE">[guacamole_connection_history].start_date</when>
<otherwise>1</otherwise>
</choose>
<if test="sortPredicate.descending">DESC</if>
</foreach>
</select>
</mapper>

232
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml Normal file
View File

@@ -0,0 +1,232 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper" >
<!-- Result mapper for connection objects -->
<resultMap id="ConnectionGroupResultMap" type="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel" >
<!-- Connection group properties -->
<id column="connection_group_id" property="objectID" jdbcType="INTEGER"/>
<result column="connection_group_name" property="name" jdbcType="VARCHAR"/>
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
<result column="type" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.ConnectionGroup$Type"/>
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
<result column="enable_session_affinity" property="sessionAffinityEnabled" jdbcType="INTEGER"/>
<!-- Child connection groups -->
<collection property="connectionGroupIdentifiers" resultSet="childConnectionGroups" ofType="java.lang.String"
column="connection_group_id" foreignColumn="parent_id">
<result column="connection_group_id"/>
</collection>
<!-- Child connections -->
<collection property="connectionIdentifiers" resultSet="childConnections" ofType="java.lang.String"
column="connection_group_id" foreignColumn="parent_id">
<result column="connection_id"/>
</collection>
</resultMap>
<!-- Select all connection group identifiers -->
<select id="selectIdentifiers" resultType="string">
SELECT connection_group_id
FROM [guacamole_connection_group]
</select>
<!-- Select identifiers of all readable connection groups -->
<select id="selectReadableIdentifiers" resultType="string">
SELECT connection_group_id
FROM [guacamole_connection_group_permission]
WHERE
user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select all connection identifiers within a particular connection group -->
<select id="selectIdentifiersWithin" resultType="string">
SELECT connection_group_id
FROM [guacamole_connection_group]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
</select>
<!-- Select identifiers of all readable connection groups within a particular connection group -->
<select id="selectReadableIdentifiersWithin" resultType="string">
SELECT [guacamole_connection_group].connection_group_id
FROM [guacamole_connection_group]
JOIN [guacamole_connection_group_permission] ON [guacamole_connection_group_permission].connection_group_id = [guacamole_connection_group].connection_group_id
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select multiple connection groups by identifier -->
<select id="select" resultMap="ConnectionGroupResultMap"
resultSets="connectionGroups,childConnectionGroups,childConnections">
SELECT
connection_group_id,
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
FROM [guacamole_connection_group]
WHERE connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT parent_id, connection_group_id
FROM [guacamole_connection_group]
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT parent_id, connection_id
FROM [guacamole_connection]
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
</select>
<!-- Select multiple connection groups by identifier only if readable -->
<select id="selectReadable" resultMap="ConnectionGroupResultMap"
resultSets="connectionGroups,childConnectionGroups,childConnections">
SELECT
[guacamole_connection_group].connection_group_id,
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
FROM [guacamole_connection_group]
JOIN [guacamole_connection_group_permission] ON [guacamole_connection_group_permission].connection_group_id = [guacamole_connection_group].connection_group_id
WHERE [guacamole_connection_group].connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ';
SELECT parent_id, [guacamole_connection_group].connection_group_id
FROM [guacamole_connection_group]
JOIN [guacamole_connection_group_permission] ON [guacamole_connection_group_permission].connection_group_id = [guacamole_connection_group].connection_group_id
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ';
SELECT parent_id, [guacamole_connection].connection_id
FROM [guacamole_connection]
JOIN [guacamole_connection_permission] ON [guacamole_connection_permission].connection_id = [guacamole_connection].connection_id
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ';
</select>
<!-- Select single connection group by name -->
<select id="selectOneByName" resultMap="ConnectionGroupResultMap">
SELECT
connection_group_id,
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
FROM [guacamole_connection_group]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_group_name = #{name,jdbcType=VARCHAR}
</select>
<!-- Delete single connection group by identifier -->
<delete id="delete">
DELETE FROM [guacamole_connection_group]
WHERE connection_group_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert single connection -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
INSERT INTO [guacamole_connection_group] (
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
)
VALUES (
#{object.name,jdbcType=VARCHAR},
#{object.parentIdentifier,jdbcType=INTEGER},
#{object.type,jdbcType=VARCHAR},
#{object.maxConnections,jdbcType=INTEGER},
#{object.maxConnectionsPerUser,jdbcType=INTEGER},
#{object.sessionAffinityEnabled,jdbcType=INTEGER}
)
</insert>
<!-- Update single connection group -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
UPDATE [guacamole_connection_group]
SET connection_group_name = #{object.name,jdbcType=VARCHAR},
parent_id = #{object.parentIdentifier,jdbcType=INTEGER},
type = #{object.type,jdbcType=VARCHAR},
max_connections = #{object.maxConnections,jdbcType=INTEGER},
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER},
enable_session_affinity = #{object.sessionAffinityEnabled,jdbcType=INTEGER}
WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
</update>
</mapper>

128
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml Normal file
View File

@@ -0,0 +1,128 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper" >
<!-- Result mapper for connection permissions -->
<resultMap id="ConnectionGroupPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="connection_group_id" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given user -->
<select id="select" resultMap="ConnectionGroupPermissionResultMap">
SELECT
[guacamole_connection_group_permission].user_id,
username,
permission,
connection_group_id
FROM [guacamole_connection_group_permission]
JOIN [guacamole_user] ON [guacamole_connection_group_permission].user_id = [guacamole_user].user_id
WHERE [guacamole_connection_group_permission].user_id = #{user.objectID,jdbcType=INTEGER}
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="ConnectionGroupPermissionResultMap">
SELECT
[guacamole_connection_group_permission].user_id,
username,
permission,
connection_group_id
FROM [guacamole_connection_group_permission]
JOIN [guacamole_user] ON [guacamole_connection_group_permission].user_id = [guacamole_user].user_id
WHERE
[guacamole_connection_group_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = #{type,jdbcType=VARCHAR}
AND connection_group_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Select identifiers accessible by the given user for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT connection_group_id
FROM [guacamole_connection_group_permission]
WHERE
user_id = #{user.objectID,jdbcType=INTEGER}
AND connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE FROM [guacamole_connection_group_permission]
WHERE (user_id, permission, connection_group_id) IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
(#{permission.userID,jdbcType=INTEGER},
#{permission.type,jdbcType=VARCHAR},
#{permission.objectIdentifier,jdbcType=INTEGER})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_connection_group_permission] (
user_id,
permission,
connection_group_id
)
SELECT DISTINCT
permissions.user_id,
permissions.permission,
permissions.connection_group_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.userID,jdbcType=INTEGER} AS user_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS connection_group_id
</foreach>
AS permissions
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_connection_group_permission]
WHERE [guacamole_connection_group_permission].user_id = permissions.user_id AND
[guacamole_connection_group_permission].permission = permissions.permission AND
[guacamole_connection_group_permission].connection_group_id = permissions.connection_group_id
);
</insert>
</mapper>

128
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml Normal file
View File

@@ -0,0 +1,128 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.ConnectionPermissionMapper" >
<!-- Result mapper for connection permissions -->
<resultMap id="ConnectionPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="connection_id" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given user -->
<select id="select" resultMap="ConnectionPermissionResultMap">
SELECT
[guacamole_connection_permission].user_id,
username,
permission,
connection_id
FROM [guacamole_connection_permission]
JOIN [guacamole_user] ON [guacamole_connection_permission].user_id = [guacamole_user].user_id
WHERE [guacamole_connection_permission].user_id = #{user.objectID,jdbcType=INTEGER}
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="ConnectionPermissionResultMap">
SELECT
[guacamole_connection_permission].user_id,
username,
permission,
connection_id
FROM [guacamole_connection_permission]
JOIN [guacamole_user] ON [guacamole_connection_permission].user_id = [guacamole_user].user_id
WHERE
[guacamole_connection_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = #{type,jdbcType=VARCHAR}
AND connection_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Select identifiers accessible by the given user for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT connection_id
FROM [guacamole_connection_permission]
WHERE
user_id = #{user.objectID,jdbcType=INTEGER}
AND connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE FROM [guacamole_connection_permission]
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
(user_id = #{permission.userID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND
connection_id = #{permission.objectIdentifier,jdbcType=INTEGER})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_connection_permission] (
user_id,
permission,
connection_id
)
SELECT DISTINCT
permissions.user_id,
permissions.permission,
permissions.connection_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.userID,jdbcType=INTEGER} AS user_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS connection_id
</foreach>
AS permissions
WHERE NOT EXISTS ( SELECT 1 FROM [guacamole_connection_permission]
WHERE [guacamole_connection_permission].user_id = permissions.user_id AND
[guacamole_connection_permission].permission = permissions.permission AND
[guacamole_connection_permission].connection_id = permissions.connection_id
);
</insert>
</mapper>

128
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml Normal file
View File

@@ -0,0 +1,128 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper">
<!-- Result mapper for sharing profile permissions -->
<resultMap id="SharingProfilePermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="sharing_profile_id" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given user -->
<select id="select" resultMap="SharingProfilePermissionResultMap">
SELECT
[guacamole_sharing_profile_permission].user_id,
username,
permission,
sharing_profile_id
FROM [guacamole_sharing_profile_permission]
JOIN [guacamole_user] ON [guacamole_sharing_profile_permission].user_id = [guacamole_user].user_id
WHERE [guacamole_sharing_profile_permission].user_id = #{user.objectID,jdbcType=INTEGER}
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="SharingProfilePermissionResultMap">
SELECT
[guacamole_sharing_profile_permission].user_id,
username,
permission,
sharing_profile_id
FROM [guacamole_sharing_profile_permission]
JOIN [guacamole_user] ON [guacamole_sharing_profile_permission].user_id = [guacamole_user].user_id
WHERE
[guacamole_sharing_profile_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = #{type,jdbcType=VARCHAR}
AND sharing_profile_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Select identifiers accessible by the given user for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT sharing_profile_id
FROM [guacamole_sharing_profile_permission]
WHERE
user_id = #{user.objectID,jdbcType=INTEGER}
AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE FROM [guacamole_sharing_profile_permission]
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
(user_id = #{permission.userID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND
sharing_profile_id = #{permission.objectIdentifier,jdbcType=INTEGER})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_sharing_profile_permission] (
user_id,
permission,
sharing_profile_id
)
SELECT DISTINCT
permissions.user_id,
permissions.permission,
permissions.sharing_profile_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.userID,jdbcType=INTEGER} AS user_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS sharing_profile_id
</foreach>
AS permissions
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_sharing_profile_permission]
WHERE [guacamole_sharing_profile_permission].user_id = permissions.user_id
AND [guacamole_sharing_profile_permission].permission = permissions.permission
AND [guacamole_sharing_profile_permission].sharing_profile_id = permissions.sharing_profile_id
);
</insert>
</mapper>

99
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml Normal file
View File

@@ -0,0 +1,99 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.SystemPermissionMapper" >
<!-- Result mapper for system permissions -->
<resultMap id="SystemPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.SystemPermissionModel">
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.SystemPermission$Type"/>
</resultMap>
<!-- Select all permissions for a given user -->
<select id="select" resultMap="SystemPermissionResultMap">
SELECT
[guacamole_system_permission].user_id,
username,
permission
FROM [guacamole_system_permission]
JOIN [guacamole_user] ON [guacamole_system_permission].user_id = [guacamole_user].user_id
WHERE [guacamole_system_permission].user_id = #{user.objectID,jdbcType=INTEGER}
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="SystemPermissionResultMap">
SELECT
[guacamole_system_permission].user_id,
username,
permission
FROM [guacamole_system_permission]
JOIN [guacamole_user] ON [guacamole_system_permission].user_id = [guacamole_user].user_id
WHERE
[guacamole_system_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = #{type,jdbcType=VARCHAR}
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.SystemPermissionModel">
DELETE FROM [guacamole_system_permission]
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
(user_id = #{permission.userID,jdbcType=INTEGER}
AND permission = #{permission.type,jdbcType=VARCHAR})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.SystemPermissionModel">
INSERT INTO [guacamole_system_permission] (
user_id,
permission
)
SELECT DISTINCT
permissions.user_id,
permissions.permission
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.userID,jdbcType=INTEGER} AS user_id,
#{permission.type,jdbcType=VARCHAR} AS permission
</foreach>
AS permissions
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_system_permission]
WHERE [guacamole_system_permission].user_id = permissions.user_id
AND [guacamole_system_permission].permission = permissions.permission
);
</insert>
</mapper>

135
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml Normal file
View File

@@ -0,0 +1,135 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.UserPermissionMapper" >
<!-- Result mapper for user permissions -->
<resultMap id="UserPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="affected_username" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given user -->
<select id="select" resultMap="UserPermissionResultMap">
SELECT
[guacamole_user_permission].user_id,
[guacamole_user].username,
permission,
affected.username AS affected_username
FROM [guacamole_user_permission]
JOIN [guacamole_user] ON [guacamole_user_permission].user_id = [guacamole_user].user_id
JOIN [guacamole_user] affected ON [guacamole_user_permission].affected_user_id = affected.user_id
WHERE [guacamole_user_permission].user_id = #{user.objectID,jdbcType=INTEGER}
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="UserPermissionResultMap">
SELECT
[guacamole_user_permission].user_id,
[guacamole_user].username,
permission,
affected.username AS affected_username
FROM [guacamole_user_permission]
JOIN [guacamole_user] ON [guacamole_user_permission].user_id = [guacamole_user].user_id
JOIN [guacamole_user] affected ON [guacamole_user_permission].affected_user_id = affected.user_id
WHERE
[guacamole_user_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = #{type,jdbcType=VARCHAR}
AND affected.username = #{identifier,jdbcType=INTEGER}
</select>
<!-- Select identifiers accessible by the given user for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT username
FROM [guacamole_user_permission]
JOIN [guacamole_user] ON [guacamole_user_permission].affected_user_id = [guacamole_user].user_id
WHERE
[guacamole_user_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND username IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE FROM [guacamole_user_permission]
USING [guacamole_user] affected
WHERE
[guacamole_user_permission].affected_user_id = affected.user_id
AND ([guacamole_user_permission].user_id, permission, affected.username) IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
(#{permission.userID,jdbcType=INTEGER},
#{permission.type,jdbcType=VARCHAR},
#{permission.objectIdentifier,jdbcType=INTEGER})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_user_permission] (
user_id,
permission,
affected_user_id
)
SELECT DISTINCT
permissions.user_id,
permissions.permission,
[guacamole_user].user_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.userID,jdbcType=INTEGER} AS user_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS username
</foreach>
AS permissions
JOIN [guacamole_user] ON [guacamole_user].username = permissions.username
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_permission]
WHERE [guacamole_user_permission].user_id = permissions.user_id
AND [guacamole_user_permission].permission = permissions.permission
AND [guacamole_user_permission].affected_user_id = [guacamole_user].user_id
);
</insert>
</mapper>

126
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml Normal file
View File

@@ -0,0 +1,126 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper">
<!-- Result mapper for sharing profile objects -->
<resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
<id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/>
<result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/>
<result column="primary_connection_id" property="parentIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all sharing profile identifiers -->
<select id="selectIdentifiers" resultType="string">
SELECT sharing_profile_id
FROM [guacamole_sharing_profile]
</select>
<!-- Select identifiers of all readable sharing profiles -->
<select id="selectReadableIdentifiers" resultType="string">
SELECT sharing_profile_id
FROM [guacamole_sharing_profile_permission]
WHERE
user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select multiple sharing profiles by identifier -->
<select id="select" resultMap="SharingProfileResultMap">
SELECT
sharing_profile_id,
sharing_profile_name,
primary_connection_id
FROM [guacamole_sharing_profile]
WHERE sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
</select>
<!-- Select multiple sharing profiles by identifier only if readable -->
<select id="selectReadable" resultMap="SharingProfileResultMap">
SELECT
[guacamole_sharing_profile].sharing_profile_id,
[guacamole_sharing_profile].sharing_profile_name,
primary_connection_id
FROM [guacamole_sharing_profile]
JOIN [guacamole_sharing_profile_permission] ON [guacamole_sharing_profile_permission].sharing_profile_id = [guacamole_sharing_profile].sharing_profile_id
WHERE [guacamole_sharing_profile].sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select single sharing profile by name -->
<select id="selectOneByName" resultMap="SharingProfileResultMap">
SELECT
sharing_profile_id,
sharing_profile_name,
primary_connection_id
FROM [guacamole_sharing_profile]
WHERE
primary_connection_id = #{parentIdentifier,jdbcType=INTEGER}
AND sharing_profile_name = #{name,jdbcType=VARCHAR}
</select>
<!-- Delete single sharing profile by identifier -->
<delete id="delete">
DELETE FROM [guacamole_sharing_profile]
WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert single sharing profile -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
INSERT INTO [guacamole_sharing_profile] (
sharing_profile_name,
primary_connection_id
)
VALUES (
#{object.name,jdbcType=VARCHAR},
#{object.parentIdentifier,jdbcType=INTEGER}
)
</insert>
<!-- Update single sharing profile -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
UPDATE [guacamole_sharing_profile]
SET sharing_profile_name = #{object.name,jdbcType=VARCHAR},
primary_connection_id = #{object.parentIdentifier,jdbcType=INTEGER}
WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}
</update>
</mapper>

68
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml Normal file
View File

@@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper">
<!-- Result mapper for sharing profile parameters -->
<resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
<result column="sharing_profile_id" property="sharingProfileIdentifier" jdbcType="INTEGER"/>
<result column="parameter_name" property="name" jdbcType="VARCHAR"/>
<result column="parameter_value" property="value" jdbcType="VARCHAR"/>
</resultMap>
<!-- Select all parameters of a given sharing profile -->
<select id="select" resultMap="ParameterResultMap">
SELECT
sharing_profile_id,
parameter_name,
parameter_value
FROM [guacamole_sharing_profile_parameter]
WHERE
sharing_profile_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Delete all parameters of a given sharing profile -->
<delete id="delete">
DELETE FROM [guacamole_sharing_profile_parameter]
WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert all given parameters -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
INSERT INTO [guacamole_sharing_profile_parameter] (
sharing_profile_id,
parameter_name,
parameter_value
)
VALUES
<foreach collection="parameters" item="parameter" separator=",">
(#{parameter.sharingProfileIdentifier,jdbcType=INTEGER},
#{parameter.name,jdbcType=VARCHAR},
#{parameter.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

79
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.user.PasswordRecordMapper" >
<!-- Result mapper for historical passwords -->
<resultMap id="PasswordRecordResultMap" type="org.apache.guacamole.auth.jdbc.user.PasswordRecordModel">
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
<result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
<result column="password_date" property="passwordDate" jdbcType="TIMESTAMP"/>
</resultMap>
<!-- Select all password records for a given user -->
<select id="select" resultMap="PasswordRecordResultMap">
SELECT
[guacamole_user_password_history].user_id,
[guacamole_user_password_history].password_hash,
[guacamole_user_password_history].password_salt,
[guacamole_user_password_history].password_date
FROM [guacamole_user_password_history]
JOIN [guacamole_user] ON [guacamole_user_password_history].user_id = [guacamole_user].user_id
WHERE
[guacamole_user].username = #{username,jdbcType=VARCHAR}
ORDER BY
[guacamole_user_password_history].password_date DESC
LIMIT #{maxHistorySize}
</select>
<!-- Insert the given password record -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.user.PasswordRecordModel">
INSERT INTO [guacamole_user_password_history] (
user_id,
password_hash,
password_salt,
password_date
)
VALUES (
#{record.userID,jdbcType=INTEGER},
#{record.passwordHash,jdbcType=BINARY},
#{record.passwordSalt,jdbcType=BINARY},
#{record.passwordDate,jdbcType=TIMESTAMP}
);
DELETE FROM [guacamole_user_password_history]
WHERE password_history_id IN (
SELECT password_history_id
FROM [guacamole_user_password_history]
WHERE user_id = #{record.userID,jdbcType=INTEGER}
ORDER BY password_date DESC
OFFSET #{maxHistorySize}
);
</insert>
</mapper>

216
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml Normal file
View File

@@ -0,0 +1,216 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.user.UserMapper" >
<!-- Result mapper for user objects -->
<resultMap id="UserResultMap" type="org.apache.guacamole.auth.jdbc.user.UserModel" >
<id column="user_id" property="objectID" jdbcType="INTEGER"/>
<result column="username" property="identifier" jdbcType="VARCHAR"/>
<result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
<result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
<result column="password_date" property="passwordDate" jdbcType="TIMESTAMP"/>
<result column="disabled" property="disabled" jdbcType="INTEGER"/>
<result column="expired" property="expired" jdbcType="INTEGER"/>
<result column="access_window_start" property="accessWindowStart" jdbcType="TIME"/>
<result column="access_window_end" property="accessWindowEnd" jdbcType="TIME"/>
<result column="valid_from" property="validFrom" jdbcType="DATE"/>
<result column="valid_until" property="validUntil" jdbcType="DATE"/>
<result column="timezone" property="timeZone" jdbcType="VARCHAR"/>
<result column="full_name" property="fullName" jdbcType="VARCHAR"/>
<result column="email_address" property="emailAddress" jdbcType="VARCHAR"/>
<result column="organization" property="organization" jdbcType="VARCHAR"/>
<result column="organizational_role" property="organizationalRole" jdbcType="VARCHAR"/>
</resultMap>
<!-- Select all usernames -->
<select id="selectIdentifiers" resultType="string">
SELECT username
FROM [guacamole_user]
</select>
<!-- Select usernames of all readable users -->
<select id="selectReadableIdentifiers" resultType="string">
SELECT username
FROM [guacamole_user]
JOIN [guacamole_user_permission] ON affected_user_id = [guacamole_user].user_id
WHERE
[guacamole_user_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select multiple users by username -->
<select id="select" resultMap="UserResultMap">
SELECT
user_id,
username,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role
FROM [guacamole_user]
WHERE username IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Select multiple users by username only if readable -->
<select id="selectReadable" resultMap="UserResultMap">
SELECT
[guacamole_user].user_id,
username,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role
FROM [guacamole_user]
JOIN [guacamole_user_permission] ON affected_user_id = [guacamole_user].user_id
WHERE username IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
AND [guacamole_user_permission].user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'READ'
</select>
<!-- Select single user by username -->
<select id="selectOne" resultMap="UserResultMap">
SELECT
user_id,
username,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role
FROM [guacamole_user]
WHERE
username = #{username,jdbcType=VARCHAR}
</select>
<!-- Delete single user by username -->
<delete id="delete">
DELETE FROM [guacamole_user]
WHERE username = #{identifier,jdbcType=VARCHAR}
</delete>
<!-- Insert single user -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.user.UserModel">
INSERT INTO [guacamole_user] (
username,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role
)
VALUES (
#{object.identifier,jdbcType=VARCHAR},
#{object.passwordHash,jdbcType=BINARY},
#{object.passwordSalt,jdbcType=BINARY},
#{object.passwordDate,jdbcType=TIMESTAMP},
#{object.disabled,jdbcType=INTEGER},
#{object.expired,jdbcType=INTEGER},
#{object.accessWindowStart,jdbcType=TIME},
#{object.accessWindowEnd,jdbcType=TIME},
#{object.validFrom,jdbcType=DATE},
#{object.validUntil,jdbcType=DATE},
#{object.timeZone,jdbcType=VARCHAR},
#{object.fullName,jdbcType=VARCHAR},
#{object.emailAddress,jdbcType=VARCHAR},
#{object.organization,jdbcType=VARCHAR},
#{object.organizationalRole,jdbcType=VARCHAR}
)
</insert>
<!-- Update single user -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.user.UserModel">
UPDATE [guacamole_user]
SET password_hash = #{object.passwordHash,jdbcType=BINARY},
password_salt = #{object.passwordSalt,jdbcType=BINARY},
password_date = #{object.passwordDate,jdbcType=TIMESTAMP},
disabled = #{object.disabled,jdbcType=INTEGER},
expired = #{object.expired,jdbcType=INTEGER},
access_window_start = #{object.accessWindowStart,jdbcType=TIME},
access_window_end = #{object.accessWindowEnd,jdbcType=TIME},
valid_from = #{object.validFrom,jdbcType=DATE},
valid_until = #{object.validUntil,jdbcType=DATE},
timezone = #{object.timeZone,jdbcType=VARCHAR},
full_name = #{object.fullName,jdbcType=VARCHAR},
email_address = #{object.emailAddress,jdbcType=VARCHAR},
organization = #{object.organization,jdbcType=VARCHAR},
organizational_role = #{object.organizationalRole,jdbcType=VARCHAR}
WHERE user_id = #{object.objectID,jdbcType=VARCHAR}
</update>
</mapper>

1
extensions/guacamole-auth-jdbc/pom.xml
View File

@@ -70,6 +70,7 @@
<!-- Database-specific implementations -->
<module>modules/guacamole-auth-jdbc-mysql</module>
<module>modules/guacamole-auth-jdbc-postgresql</module>
<module>modules/guacamole-auth-jdbc-sqlserver</module>
</modules>