From b078804c8750bb172073249d4f76ce453ed76be6 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 9 Jun 2015 11:41:01 -0700
Subject: [PATCH] GUAC-1220: MySQL init scripts should not rely on specific IDs
 nor on column order/count of guacamole_user.

---
 .../schema/002-create-admin-user.sql          | 32 +++++++++++++------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql
index 997a48841..2a2530b8f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql
@@ -1,5 +1,5 @@
 --
--- Copyright (C) 2013 Glyptodon LLC
+-- Copyright (C) 2015 Glyptodon LLC
 --
 -- Permission is hereby granted, free of charge, to any person obtaining a copy
 -- of this software and associated documentation files (the "Software"), to deal
@@ -21,18 +21,30 @@
 --
 
 -- Create default user "guacadmin" with password "guacadmin"
-insert into guacamole_user values(1, 'guacadmin',
+INSERT INTO guacamole_user (username, password_hash, password_salt)
+VALUES ('guacadmin',
     x'CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960',  -- 'guacadmin'
     x'FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264');
 
--- Grant this user create permissions
-insert into guacamole_system_permission values(1, 'CREATE_CONNECTION');
-insert into guacamole_system_permission values(1, 'CREATE_CONNECTION_GROUP');
-insert into guacamole_system_permission values(1, 'CREATE_USER');
-insert into guacamole_system_permission values(1, 'ADMINISTER');
+-- Grant this user all system permissions
+INSERT INTO guacamole_system_permission
+SELECT user_id, permission
+FROM (
+          SELECT 'guacadmin'  AS username, 'CREATE_CONNECTION'       AS permission
+    UNION SELECT 'guacadmin'  AS username, 'CREATE_CONNECTION_GROUP' AS permission
+    UNION SELECT 'guacadmin'  AS username, 'CREATE_USER'             AS permission
+    UNION SELECT 'guacadmin'  AS username, 'ADMINISTER'              AS permission
+) permissions
+JOIN guacamole_user ON permissions.username = guacamole_user.username;
 
 -- Grant admin permission to read/update/administer self
-insert into guacamole_user_permission values(1, 1, 'READ');
-insert into guacamole_user_permission values(1, 1, 'UPDATE');
-insert into guacamole_user_permission values(1, 1, 'ADMINISTER');
+INSERT INTO guacamole_user_permission
+SELECT guacamole_user.user_id, affected.user_id, permission
+FROM (
+          SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'READ'       AS permission
+    UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'UPDATE'     AS permission
+    UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'ADMINISTER' AS permission
+) permissions
+JOIN guacamole_user          ON permissions.username = guacamole_user.username
+JOIN guacamole_user affected ON permissions.affected_username = affected.username;