safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1239: Add case-sensitivity configuration for UserGroup objects and remove per-extension configuration.

Browse Source
This commit is contained in:
Virtually Nick
2024-11-04 20:29:51 -05:00
parent cdc4524751
commit f314e78c7c
99 changed files with 2091 additions and 944 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java
View File

@@ -23,11 +23,12 @@ import com.google.inject.Inject;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel;
import org.apache.guacamole.auth.jdbc.connection.ModeledConnectionRecord;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.environment.LocalEnvironment;
import org.apache.guacamole.net.GuacamoleTunnel;
import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.DelegatingConnection;
@@ -56,6 +57,11 @@ public class HistoryTrackingConnection extends DelegatingConnection {
* established connections.
*/
private final ConnectionRecordMapper connectionRecordMapper;
/**
* The environment in which Guacamole is running.
*/
private final Environment environment = LocalEnvironment.getInstance();
/**
* Creates a new HistoryConnection that wraps the given connection,
@@ -100,7 +106,7 @@ public class HistoryTrackingConnection extends DelegatingConnection {
// Insert the connection history record to mark the start of this connection
connectionRecordMapper.insert(connectionRecordModel,
currentUser.isCaseSensitive());
environment.getCaseSensitivity());
// Include history record UUID as token
ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel);

25
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection;
import java.util.List;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -39,15 +40,15 @@ public interface ActivityRecordMapper<ModelType> {
* @param record
* The activity record to insert.
*
* @param caseSensitive
* Whether or not string comparisons should be done in a case-sensitive
* manner.
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* The number of rows inserted.
*/
int insert(@Param("record") ModelType record,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Updates the given activity record in the database, assigning an end
@@ -91,9 +92,9 @@ public interface ActivityRecordMapper<ModelType> {
* @param limit
* The maximum number of records that should be returned.
*
* @param caseSensitive
* Whether or not string comparisons should be done in a case-sensitive
* manner.
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* The results of the search performed with the given parameters.
@@ -103,7 +104,7 @@ public interface ActivityRecordMapper<ModelType> {
@Param("terms") Collection<ActivityRecordSearchTerm> terms,
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Searches for up to <code>limit</code> activity records that contain
@@ -143,9 +144,9 @@ public interface ActivityRecordMapper<ModelType> {
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* Whether or not string comparisons should be done in a case-sensitive
* manner.
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* The results of the search performed with the given parameters.
@@ -157,6 +158,6 @@ public interface ActivityRecordMapper<ModelType> {
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
}

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java
View File

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -67,6 +68,10 @@ public interface EntityMapper {
* depth and may need to be executed multiple times. If it is known
* that the database engine in question will always support (or always
* not support) recursive queries, this parameter may be ignored.
*
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* The set of identifiers of all groups that the given entity is a
@@ -75,6 +80,7 @@ public interface EntityMapper {
*/
Set<String> selectEffectiveGroupIdentifiers(@Param("entity") EntityModel entity,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("recursive") boolean recursive);
@Param("recursive") boolean recursive,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
}

28
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java
View File

@@ -22,9 +22,13 @@ package org.apache.guacamole.auth.jdbc.base;
import com.google.inject.Inject;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.session.SqlSession;
import org.mybatis.guice.transactional.Transactional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -32,6 +36,11 @@ import org.mybatis.guice.transactional.Transactional;
*/
public class EntityService {
/**
* The Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(EntityService.class);
/**
* The Guacamole server environment.
*/
@@ -76,9 +85,22 @@ public class EntityService {
public Set<String> retrieveEffectiveGroups(ModeledPermissions<? extends EntityModel> entity,
Collection<String> effectiveGroups) {
CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED;
try {
caseSensitivity = environment.getCaseSensitivity();
}
catch (GuacamoleException e) {
LOGGER.warn("Unable to retrieve configuration setting for group "
+ "name case sensitivity: {}. Group names will be treated "
+ "as case-sensitive.", e.getMessage());
LOGGER.debug("An exception was caught while trying to get group name"
+ "case sensitivity configuration.", e);
}
// Retrieve the effective user groups of the given entity, recursively if possible
boolean recursive = environment.isRecursiveQuerySupported(sqlSession);
Set<String> identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), effectiveGroups, recursive);
Set<String> identifiers = entityMapper.selectEffectiveGroupIdentifiers(
entity.getModel(), effectiveGroups, recursive, caseSensitivity);
// If the set of user groups retrieved was not produced recursively,
// manually repeat the query to expand the set until all effective
@@ -87,7 +109,9 @@ public class EntityService {
Set<String> previousIdentifiers;
do {
previousIdentifiers = identifiers;
identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), previousIdentifiers, false);
identifiers = entityMapper.selectEffectiveGroupIdentifiers(
entity.getModel(), previousIdentifiers, false,
caseSensitivity);
} while (identifiers.size() > previousIdentifiers.size());
}

32
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -60,12 +61,17 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* @param effectiveGroups
* The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database.
*
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* A Set containing all identifiers of all readable objects.
*/
Set<String> selectReadableIdentifiers(@Param("user") UserModel user,
@Param("effectiveGroups") Collection<String> effectiveGroups);
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Selects all objects which have the given identifiers. If an identifier
@@ -77,15 +83,15 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* @param identifiers
* The identifiers of the objects to return.
*
* @param caseSensitive
* true if the query should evaluate identifiers in a case-sensitive
* manner, otherwise false.
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* A Collection of all objects having the given identifiers.
*/
Collection<ModelType> select(@Param("identifiers") Collection<String> identifiers,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Selects all objects which have the given identifiers and are explicitly
@@ -105,9 +111,9 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database.
*
* @param caseSensitive
* true if the query should evaluate identifiers in a case-sensitive
* manner, otherwise false.
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* A Collection of all objects having the given identifiers.
@@ -115,7 +121,7 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
Collection<ModelType> selectReadable(@Param("user") UserModel user,
@Param("identifiers") Collection<String> identifiers,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Inserts the given object into the database. If the object already
@@ -136,15 +142,15 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* @param identifier
* The identifier of the object to delete.
*
* @param caseSensitive
* true if the query should evaluate the identifier in a
* case-sensitive manner, otherwise false.
* @param caseSensitivity
* The case sensitivity configuration that contains information on
* whether usernames and/or group names will be treated as case-sensitive.
*
* @return
* The number of rows deleted.
*/
int delete(@Param("identifier") String identifier,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Updates the given existing object in the database. If the object does

36
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java
View File

@@ -27,9 +27,9 @@ import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel;
@@ -37,6 +37,7 @@ import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.net.auth.Identifiable;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
import org.mybatis.guice.transactional.Transactional;
/**
@@ -117,20 +118,20 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
ModelType model) throws GuacamoleException;
/**
* Returns whether or not identifiers for objects provided by this service
* are handled in a case-sensitive manner or not.
* Returns the case sensitivity configuration for this service, which will
* be used to determine whether usernames and/or group names will be treated
* as case-sensitive.
*
* @return
* "true" if identifiers handled by this object service should be
* treated as case-sensitive, otherwise false.
* The case sensitivity configuration for this service.
*
* @throws GuacamoleException
* If an error occurs retrieving relevant configuration information.
*/
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
// By default identifiers are not case-sensitive.
return false;
// Retrieve the Guacamole setting.
return environment.getCaseSensitivity();
}
@@ -246,7 +247,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
Collection<ModelType> models) throws GuacamoleException {
// Create new collection of objects by manually converting each model
Collection<InternalType> objects = new ArrayList<InternalType>(models.size());
Collection<InternalType> objects = new ArrayList<>(models.size());
for (ModelType model : models)
objects.add(getObjectInstance(currentUser, model));
@@ -426,7 +427,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
boolean userIsPrivileged = user.isPrivileged();
boolean caseSensitive = getCaseSensitiveIdentifiers();
CaseSensitivity caseSensitivity = getCaseSensitivity();
// Process the filteredIdentifiers in batches using Lists.partition() and flatMap
Collection<ModelType> allObjects = Lists.partition(filteredIdentifiers, batchSize).stream()
@@ -435,12 +436,12 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
// Bypass permission checks if the user is privileged
if (userIsPrivileged)
objects = getObjectMapper().select(chunk, caseSensitive);
objects = getObjectMapper().select(chunk, caseSensitivity);
// Otherwise only return explicitly readable identifiers
else
objects = getObjectMapper().selectReadable(user.getUser().getModel(),
chunk, user.getEffectiveUserGroups(), caseSensitive);
chunk, user.getEffectiveUserGroups(), caseSensitivity);
return objects.stream();
})
@@ -513,7 +514,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
// Add implicit permissions
Collection<ObjectPermissionModel> implicitPermissions = getImplicitPermissions(user, model);
if (!implicitPermissions.isEmpty())
getPermissionMapper().insert(implicitPermissions, getCaseSensitiveIdentifiers());
getPermissionMapper().insert(implicitPermissions, getCaseSensitivity());
// Add any arbitrary attributes
if (model.hasArbitraryAttributes())
@@ -530,7 +531,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
beforeDelete(user, identifier);
// Delete object
getObjectMapper().delete(identifier, getCaseSensitiveIdentifiers());
getObjectMapper().delete(identifier, getCaseSensitivity());
}
@@ -562,8 +563,11 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
// Otherwise only return explicitly readable identifiers
else
return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel(),
user.getEffectiveUserGroups());
return getObjectMapper().selectReadableIdentifiers(
user.getUser().getModel(),
user.getEffectiveUserGroups(),
getCaseSensitivity()
);
}

24
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectRelationMapper.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -49,17 +50,16 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
* The identifiers of the objects on the child side of the one-to-many
* relationship represented by the RelatedObjectSet.
*
* @param caseSensitive
* true if child identifiers should be treated as case-sensitive when
* performing lookups on them, or false if the queries should be done
* case-insensitively.
* @param caseSensitivity
* The case sensitivity configuration, used to determine whether
* usernames and/or group names will be treated as case-sensitive.
*
* @return
* The number of rows inserted.
*/
int insert(@Param("parent") ParentModelType parent,
@Param("children") Collection<String> children,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Deletes rows as necessary to modify the one-to-many relationship
@@ -76,17 +76,16 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
* The identifiers of the objects on the child side of the one-to-many
* relationship represented by the RelatedObjectSet.
*
* @param caseSensitive
* true if child identifiers should be treated as case-sensitive when
* performing lookups on them, or false if the queries should be done
* case-insensitively.
* @param caseSensitivity
* The case sensitivity configuration, used to determine whether
* usernames and/or group names will be treated as case-sensitive.
*
* @return
* The number of rows deleted.
*/
int delete(@Param("parent") ParentModelType parent,
@Param("children") Collection<String> children,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Retrieves the identifiers of all objects on the child side of the
@@ -122,6 +121,10 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
* @param effectiveGroups
* The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database.
*
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @param parent
* The model of the object on the parent side of the one-to-many
@@ -133,6 +136,7 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
*/
Set<String> selectReadableChildIdentifiers(@Param("user") UserModel user,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity,
@Param("parent") ParentModelType parent);
}

24
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java
View File

@@ -22,11 +22,12 @@ package org.apache.guacamole.auth.jdbc.base;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* A database implementation of RelatedObjectSet which provides access to a
@@ -76,21 +77,21 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
}
/**
* Return "true" if identifiers within a related object set should be treated
* as case-sensitive, otherwise false.
* Return the current case sensitivity setting, which can be used to
* determine whether or not certain identifiers should be treated as
* case-sensitive.
*
* @return
* "true" if identifiers should be treated as case-sensitive, otherwise
* "false".
* The current case sensitivity setting.
*
* @throws GuacamoleException
* If an error occurs retrieving configuration information on
* case-sensitivity.
* case sensitivity.
*/
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
// Identifiers are not case-sensitive by default.
return false;
return CaseSensitivity.DISABLED;
}
/**
@@ -189,6 +190,7 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
// Otherwise only return explicitly readable identifiers
return getObjectRelationMapper().selectReadableChildIdentifiers(
user.getUser().getModel(), user.getEffectiveUserGroups(),
getCaseSensitivity(),
parent.getModel());
}
@@ -202,7 +204,8 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
// Create relations only if permission is granted
if (canAlterRelation(identifiers))
getObjectRelationMapper().insert(parent.getModel(), identifiers, getCaseSensitiveIdentifiers());
getObjectRelationMapper().insert(parent.getModel(), identifiers,
getCaseSensitivity());
// User lacks permission to add user groups
else
@@ -219,7 +222,8 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
// Delete relations only if permission is granted
if (canAlterRelation(identifiers))
getObjectRelationMapper().delete(parent.getModel(), identifiers, getCaseSensitiveIdentifiers());
getObjectRelationMapper().delete(parent.getModel(), identifiers,
getCaseSensitivity());
// User lacks permission to remove user groups
else

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.java
View File

@@ -23,6 +23,7 @@ import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -67,13 +68,18 @@ public interface ConnectionMapper extends ModeledDirectoryObjectMapper<Connectio
* when determining the permissions effectively granted to the user. If
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* A Set containing all identifiers of all readable objects.
*/
Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
@Param("parentIdentifier") String parentIdentifier,
@Param("effectiveGroups") Collection<String> effectiveGroups);
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Selects the connection within the given parent group and having the

7
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
View File

@@ -361,7 +361,8 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
else
return connectionMapper.selectReadableIdentifiersWithin(
user.getUser().getModel(), identifier,
user.getEffectiveUserGroups());
user.getEffectiveUserGroups(),
getCaseSensitivity());
}
@@ -494,7 +495,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT))
searchResults = connectionRecordMapper.search(identifier,
recordIdentifier, requiredContents, sortPredicates, limit,
user.isCaseSensitive());
getCaseSensitivity());
// Otherwise only return explicitly readable history records
else
@@ -502,7 +503,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
user.getUser().getModel(), recordIdentifier,
requiredContents, sortPredicates, limit,
user.getEffectiveUserGroups(),
user.isCaseSensitive());
getCaseSensitivity());
return getObjectInstances(searchResults);

4
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
View File

@@ -23,6 +23,7 @@ import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -73,7 +74,8 @@ public interface ConnectionGroupMapper extends ModeledDirectoryObjectMapper<Conn
*/
Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
@Param("parentIdentifier") String parentIdentifier,
@Param("effectiveGroups") Collection<String> effectiveGroups);
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Selects the connection group within the given parent group and having

3
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
View File

@@ -226,7 +226,8 @@ public class ConnectionGroupService extends ModeledChildDirectoryObjectService<M
else
return connectionGroupMapper.selectReadableIdentifiersWithin(
user.getUser().getModel(), identifier,
user.getEffectiveUserGroups());
user.getEffectiveUserGroups(),
getCaseSensitivity());
}

15
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
View File

@@ -23,13 +23,14 @@ import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -133,12 +134,12 @@ public abstract class ModeledObjectPermissionService
// Create permissions only if user has permission to do so
if (canAlterPermissions(user, targetEntity, permissions)) {
boolean caseSensitive = getCaseSensitiveIdentifiers();
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> {
Collection<ObjectPermissionModel> models = getModelInstances(
targetEntity, permissionSubset);
getPermissionMapper().insert(models, caseSensitive);
getPermissionMapper().insert(models, caseSensitivity);
});
return;
@@ -158,12 +159,12 @@ public abstract class ModeledObjectPermissionService
// Delete permissions only if user has permission to do so
if (canAlterPermissions(user, targetEntity, permissions)) {
boolean caseSensitive = getCaseSensitiveIdentifiers();
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> {
Collection<ObjectPermissionModel> models = getModelInstances(
targetEntity, permissionSubset);
getPermissionMapper().delete(models, caseSensitive);
getPermissionMapper().delete(models, caseSensitivity);
});
return;
@@ -183,7 +184,7 @@ public abstract class ModeledObjectPermissionService
// Retrieve permissions only if allowed
if (canReadPermissions(user, targetEntity))
return getPermissionMapper().selectOne(targetEntity.getModel(),
type, identifier, effectiveGroups, getCaseSensitiveIdentifiers()) != null;
type, identifier, effectiveGroups, getCaseSensitivity()) != null;
// User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");
@@ -209,7 +210,7 @@ public abstract class ModeledObjectPermissionService
if (canReadPermissions(user, targetEntity))
return getPermissionMapper().selectAccessibleIdentifiers(
targetEntity.getModel(), permissions, identifiers,
effectiveGroups, getCaseSensitiveIdentifiers());
effectiveGroups, getCaseSensitivity());
// User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java
View File

@@ -195,7 +195,7 @@ public abstract class ModeledPermissionService<PermissionSetType extends Permiss
return getPermissionInstances(getPermissionMapper().select(
targetEntity.getModel(),
effectiveGroups,
getCaseSensitiveIdentifiers()));
getCaseSensitivity()));
// User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");

19
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
View File

@@ -21,8 +21,9 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.ibatis.annotations.Param;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
* Mapper for object-related permissions.
@@ -49,9 +50,9 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* "true" if identifiers should be treated as case-sensitive, otherwise
* "false".
* @param caseSensitivity
* The configuration of case sensitivity, used to determine whether
* usernames and/or group names will be treated as case-sensitive.
*
* @return
* The requested permission, or null if no such permission is granted
@@ -61,7 +62,7 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
@Param("type") ObjectPermission.Type type,
@Param("identifier") String identifier,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Retrieves the subset of the given identifiers for which the given entity
@@ -85,9 +86,9 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* "true" if identifiers should be treated as case-sensitive, otherwise
* "false".
* @param caseSensitivity
* The configuration of case sensitivity, used to determine whether
* usernames and/or group names will be treated as case-sensitive.
*
* @return
* A collection containing the subset of identifiers for which at least
@@ -97,6 +98,6 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
@Param("permissions") Collection<ObjectPermission.Type> permissions,
@Param("identifiers") Collection<String> identifiers,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
}

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java
View File

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -44,16 +45,15 @@ public interface PermissionMapper<PermissionType> {
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* "true" if identifiers should be treated as case-sensitive, otherwise
* "false".
* @param caseSensitivity
* The case sensitivity configuration for usernames and group names.
*
* @return
* All permissions associated with the given entity.
*/
Collection<PermissionType> select(@Param("entity") EntityModel entity,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Inserts the given permissions into the database. If any permissions
@@ -62,15 +62,14 @@ public interface PermissionMapper<PermissionType> {
* @param permissions
* The permissions to insert.
*
* @param caseSensitive
* "true" if identifiers should be treated as case-sensitive, otherwise
* "false".
* @param caseSensitivity
* The case sensitivity configuration for usernames and group names.
*
* @return
* The number of rows inserted.
*/
int insert(@Param("permissions") Collection<PermissionType> permissions,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Deletes the given permissions from the database. If any permissions do
@@ -79,14 +78,13 @@ public interface PermissionMapper<PermissionType> {
* @param permissions
* The permissions to delete.
*
* @param caseSensitive
* "true" if identifiers should be treated as case-sensitive, otherwise
* "false".
* @param caseSensitivity
* The case sensitivity configuration for usernames and group names.
*
* @return
* The number of rows deleted.
*/
int delete(@Param("permissions") Collection<PermissionType> permissions,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
}

19
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java
View File

@@ -21,12 +21,13 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.Permission;
import org.apache.guacamole.net.auth.permission.PermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -44,21 +45,21 @@ public interface PermissionService<PermissionSetType extends PermissionSet<Permi
PermissionType extends Permission> {
/**
* Return "true" if identifiers should be treated as case-sensitive,
* otherwise "false".
* Return the current case sensitivity setting, allowing the system to
* determine if usernames and/or group names should be treated as case-
* sensitive.
*
* @return
* "true" if identifiers should be treated as case-sensitive, otherwise
* "false".
* The current case sensitivity configuration.
*
* @throws GuacamoleException
* If an error occurs retrieving configuration information related to
* case-sensitivity.
* case sensitivity.
*/
default boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
default CaseSensitivity getCaseSensitivity() throws GuacamoleException {
// By default identifiers are case-insensitive.
return false;
// By default identifiers are case-sensitive.
return CaseSensitivity.ENABLED;
}
/**

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
View File

@@ -21,8 +21,9 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.ibatis.annotations.Param;
import org.apache.guacamole.net.auth.permission.SystemPermission;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
* Mapper for system-level permissions.
@@ -44,6 +45,10 @@ public interface SystemPermissionMapper extends PermissionMapper<SystemPermissio
* when determining the permissions effectively granted to the user. If
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitivity
* The case sensitivity configuration, used to determine whether usernames
* and/or group names will be treated as case-sensitive.
*
* @return
* The requested permission, or null if no such permission is granted
@@ -51,6 +56,7 @@ public interface SystemPermissionMapper extends PermissionMapper<SystemPermissio
*/
SystemPermissionModel selectOne(@Param("entity") EntityModel entity,
@Param("type") SystemPermission.Type type,
@Param("effectiveGroups") Collection<String> effectiveGroups);
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
}

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
View File

@@ -23,13 +23,14 @@ import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.GuacamoleUnsupportedException;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.net.auth.permission.SystemPermission;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -99,12 +100,12 @@ public class SystemPermissionService
if (user.isPrivileged()) {
// Pull identifier case sensitivity
boolean caseSensitive = getCaseSensitiveIdentifiers();
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> {
Collection<SystemPermissionModel> models = getModelInstances(
targetEntity, permissionSubset);
systemPermissionMapper.insert(models, caseSensitive);
systemPermissionMapper.insert(models, caseSensitivity);
});
return;
@@ -129,12 +130,12 @@ public class SystemPermissionService
throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed.");
// Pull case sensitivity
boolean caseSensitive = getCaseSensitiveIdentifiers();
CaseSensitivity caseSensitivity = getCaseSensitivity();
batchPermissionUpdates(permissions, permissionSubset -> {
Collection<SystemPermissionModel> models = getModelInstances(
targetEntity, permissionSubset);
systemPermissionMapper.delete(models, caseSensitive);
systemPermissionMapper.delete(models, caseSensitivity);
});
return;
@@ -179,7 +180,7 @@ public class SystemPermissionService
// Retrieve permissions only if allowed
if (canReadPermissions(user, targetEntity))
return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups) != null;
return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups, getCaseSensitivity()) != null;
// User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");

7
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java
View File

@@ -22,11 +22,12 @@ package org.apache.guacamole.auth.jdbc.permission;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.EntityModel;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -54,8 +55,8 @@ public class UserPermissionService extends ModeledObjectPermissionService {
private JDBCEnvironment environment;
@Override
public boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
return environment.getCaseSensitiveUsernames();
public CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java
View File

@@ -145,7 +145,7 @@ public class PasswordPolicyService {
// Check password against all recorded hashes
List<PasswordRecordModel> history = passwordRecordMapper.select(username,
historySize, environment.getCaseSensitiveUsernames());
historySize, environment.getCaseSensitivity());
for (PasswordRecordModel record : history) {
byte[] hash = encryptionService.createPasswordHash(password, record.getPasswordSalt());

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java
View File

@@ -67,6 +67,7 @@ import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMode
import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser;
import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration;
import org.apache.guacamole.protocol.FailoverGuacamoleSocket;
import org.apache.guacamole.properties.CaseSensitivity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -479,7 +480,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
try {
// This MUST happen before getUUID() is invoked, to ensure the ID driving the UUID exists
connectionRecordMapper.insert(activeConnection.getModel(),
activeConnection.getUser().isCaseSensitive());
environment.getCaseSensitivity());
activeTunnels.put(activeConnection.getUUID().toString(), activeConnection);
}
@@ -637,8 +638,21 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
if (connectionGroup.isSessionAffinityEnabled())
identifiers = getPreferredConnections(user, identifiers);
CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED;
try {
caseSensitivity = environment.getCaseSensitivity();
}
catch (GuacamoleException e) {
logger.warn("Error trying to retrieve case sensitivity configuration: {}."
+ "Both usernames and group names will be treated as case-"
+ "sensitive.", e.getMessage());
logger.debug("An exception was received while trying to retrieve the "
+ "case sensitivity configuration.", e);
}
// Retrieve all children
Collection<ConnectionModel> models = connectionMapper.select(identifiers, false);
Collection<ConnectionModel> models = connectionMapper.select(identifiers,
caseSensitivity);
List<ModeledConnection> connections = new ArrayList<ModeledConnection>(models.size());
// Convert each retrieved model to a modeled connection
@@ -679,7 +693,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
// Produce collection of readable connection identifiers
Collection<ConnectionModel> connections =
connectionMapper.selectReadable(user.getUser().getModel(),
identifiers, user.getEffectiveUserGroups(), false);
identifiers, user.getEffectiveUserGroups(),
environment.getCaseSensitivity());
// Ensure set contains only identifiers of readable connections
identifiers.clear();

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
View File

@@ -792,12 +792,14 @@ public class ModeledUser extends ModeledPermissions<UserModel> implements User {
@Override
public boolean isCaseSensitive() {
try {
return environment.getCaseSensitiveUsernames();
return environment.getCaseSensitivity().caseSensitiveUsernames();
}
catch (GuacamoleException e) {
logger.error("Failed to retrieve the configuration for case-sensitive usernames: {}."
+ " Usernames comparisons will be case-sensitive.", e.getMessage());
logger.debug("Exception caught when attempting to read the configuration.", e);
logger.error("Failed to retrieve the configuration for case sensitivity: {}. "
+ "Username comparisons will be case-sensitive.",
e.getMessage());
logger.debug("An exception was caught when attempting to retrieve the "
+ "case sensitivity configuration.", e);
return true;
}
}

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java
View File

@@ -194,7 +194,7 @@ public class ModeledUserContext extends RestrictedObject
userRecord.setRemoteHost(getCurrentUser().getCredentials().getRemoteAddress());
// Insert record representing login
userRecordMapper.insert(userRecord, getCurrentUser().isCaseSensitive());
userRecordMapper.insert(userRecord, environment.getCaseSensitivity());
}

9
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java
View File

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.user;
import java.util.List;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -39,9 +40,9 @@ public interface PasswordRecordMapper extends ModeledDirectoryObjectMapper<UserM
* @param maxHistorySize
* The maximum number of records to maintain for each user.
*
* @param caseSensitive
* true if the username being queried should be evaluated in a
* case-sensitive manner, otherwise false.
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* A collection of all password records associated with the user having
@@ -50,7 +51,7 @@ public interface PasswordRecordMapper extends ModeledDirectoryObjectMapper<UserM
*/
List<PasswordRecordModel> select(@Param("username") String username,
@Param("maxHistorySize") int maxHistorySize,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
/**
* Inserts the given password record. Old records exceeding the maximum

9
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java
View File

@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.jdbc.user;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -34,14 +35,14 @@ public interface UserMapper extends ModeledDirectoryObjectMapper<UserModel> {
* @param username
* The username of the user to return.
*
* @param caseSensitive
* true if the search should evaluate the username in a case-sensitive
* manner, otherwise false.
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* The user having the given username, or null if no such user exists.
*/
UserModel selectOne(@Param("username") String username,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
}

25
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
View File

@@ -27,12 +27,11 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.GuacamoleClientException;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleUnsupportedException;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ActivityRecordModel;
import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm;
@@ -51,12 +50,14 @@ import org.apache.guacamole.language.TranslatableGuacamoleInsufficientCredential
import org.apache.guacamole.net.auth.ActivityRecord;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.net.auth.permission.SystemPermission;
import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -219,8 +220,8 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
}
@Override
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
return environment.getCaseSensitiveUsernames();
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override
@@ -254,7 +255,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Do not create duplicate users
Collection<UserModel> existing = userMapper.select(Collections.singleton(
model.getIdentifier()), user.isCaseSensitive());
model.getIdentifier()), getCaseSensitivity());
if (!existing.isEmpty())
throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists.");
@@ -291,7 +292,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Check whether such a user is already present
UserModel existing = userMapper.selectOne(model.getIdentifier(),
user.isCaseSensitive());
getCaseSensitivity());
if (existing != null) {
// Do not rename to existing user
@@ -359,7 +360,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
beforeDelete(user, identifier);
// Delete object
userMapper.delete(identifier, user.isCaseSensitive());
userMapper.delete(identifier, getCaseSensitivity());
}
@@ -401,7 +402,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Retrieve corresponding user model, if such a user exists
UserModel userModel = userMapper.selectOne(username,
getCaseSensitiveIdentifiers());
getCaseSensitivity());
if (userModel == null)
return null;
@@ -443,7 +444,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Retrieve corresponding user model, if such a user exists
UserModel userModel = userMapper.selectOne(authenticatedUser.getIdentifier(),
authenticatedUser.isCaseSensitive());
getCaseSensitivity());
if (userModel == null)
return null;
@@ -642,7 +643,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT))
searchResults = userRecordMapper.search(username, recordIdentifier,
requiredContents, sortPredicates, limit,
user.isCaseSensitive());
getCaseSensitivity());
// Otherwise only return explicitly readable history records
else
@@ -650,7 +651,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
user.getUser().getModel(), recordIdentifier,
requiredContents, sortPredicates, limit,
user.getEffectiveUserGroups(),
user.isCaseSensitive());
getCaseSensitivity());
return getObjectInstances(searchResults);

30
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java
View File

@@ -28,6 +28,7 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.form.BooleanField;
@@ -35,6 +36,8 @@ import org.apache.guacamole.form.Field;
import org.apache.guacamole.form.Form;
import org.apache.guacamole.net.auth.RelatedObjectSet;
import org.apache.guacamole.net.auth.UserGroup;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* An implementation of the UserGroup object which is backed by a database model.
@@ -42,6 +45,11 @@ import org.apache.guacamole.net.auth.UserGroup;
public class ModeledUserGroup extends ModeledPermissions<UserGroupModel>
implements UserGroup {
/**
* The Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(ModeledUserGroup.class);
/**
* All possible attributes of user groups organized as individual,
* logical forms.
@@ -74,6 +82,13 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel>
*/
@Inject
private Provider<UserGroupMemberUserGroupSet> memberUserGroupSetProvider;
/**
* The environment associated with this instance of the JDBC authentication
* module.
*/
@Inject
private JDBCEnvironment environment;
/**
* Whether attributes which control access restrictions should be exposed
@@ -187,5 +202,20 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel>
memberUserGroupSet.init(getCurrentUser(), this);
return memberUserGroupSet;
}
@Override
public boolean isCaseSensitive() {
try {
return environment.getCaseSensitivity().caseSensitiveGroupNames();
}
catch (GuacamoleException e) {
LOGGER.error("Error while retrieving case sensitivity configuration: {}. "
+ "Group names comparisons will be case-sensitive.",
e.getMessage());
LOGGER.debug("An exception was caught when attempting to retrieve the "
+ "case sensitivity configuration.", e);
return true;
}
}
}

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java
View File

@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.jdbc.usergroup;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;
/**
@@ -33,10 +34,15 @@ public interface UserGroupMapper extends ModeledDirectoryObjectMapper<UserGroupM
*
* @param name
* The name of the group to return.
*
* @param caseSensitivity
* The object that contains current configuration for case sensitivity
* for usernames and group names.
*
* @return
* The group having the given name, or null if no such group exists.
*/
UserGroupModel selectOne(@Param("name") String name);
UserGroupModel selectOne(@Param("name") String name,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);
}

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupSet.java
View File

@@ -21,9 +21,11 @@ package org.apache.guacamole.auth.jdbc.usergroup;
import com.google.inject.Inject;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* RelatedObjectSet implementation which represents the one-to-many
@@ -37,6 +39,17 @@ public class UserGroupMemberUserGroupSet extends RelatedObjectSet<ModeledUserGro
@Inject
private UserGroupMemberUserGroupMapper userGroupMemberUserGroupMapper;
/**
* The server environment for retrieving configuration.
*/
@Inject
private JDBCEnvironment environment;
@Override
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override
protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() {
return userGroupMemberUserGroupMapper;

12
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java
View File

@@ -25,6 +25,7 @@ import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* RelatedObjectSet implementation which represents the one-to-many
@@ -32,6 +33,13 @@ import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
*/
public class UserGroupMemberUserSet extends RelatedObjectSet<ModeledUserGroup, UserGroupModel> {
/**
* The environment of the running server, used for retrieving server
* configuration information.
*/
@Inject
private JDBCEnvironment environment;
/**
* Mapper for the relation between user groups and their user members.
*/
@@ -39,8 +47,8 @@ public class UserGroupMemberUserSet extends RelatedObjectSet<ModeledUserGroup, U
private UserGroupMemberUserMapper userGroupMemberUserMapper;
@Override
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
return getCurrentUser().isCaseSensitive();
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupSet.java
View File

@@ -21,9 +21,11 @@ package org.apache.guacamole.auth.jdbc.usergroup;
import com.google.inject.Inject;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
/**
* RelatedObjectSet implementation which represents the one-to-many
@@ -37,6 +39,17 @@ public class UserGroupParentUserGroupSet extends RelatedObjectSet<ModeledUserGro
*/
@Inject
private UserGroupParentUserGroupMapper userGroupParentUserGroupMapper;
/**
* The server environment for retrieving configuration.
*/
@Inject
private JDBCEnvironment environment;
@Override
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {
return environment.getCaseSensitivity();
}
@Override
protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() {

19
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java
View File

@@ -21,10 +21,11 @@ package org.apache.guacamole.auth.jdbc.usergroup;
import com.google.inject.Inject;
import com.google.inject.Provider;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.GuacamoleClientException;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
import org.apache.guacamole.auth.jdbc.base.EntityMapper;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.apache.guacamole.auth.jdbc.permission.UserGroupPermissionMapper;
@@ -46,6 +47,12 @@ public class UserGroupService extends ModeledDirectoryObjectService<ModeledUserG
*/
@Inject
private EntityMapper entityMapper;
/**
* The Guacamole server configuration environment.
*/
@Inject
private JDBCEnvironment environment;
/**
* Mapper for accessing user groups.
@@ -64,7 +71,7 @@ public class UserGroupService extends ModeledDirectoryObjectService<ModeledUserG
*/
@Inject
private Provider<ModeledUserGroup> userGroupProvider;
@Override
protected ModeledDirectoryObjectMapper<UserGroupModel> getObjectMapper() {
return userGroupMapper;
@@ -145,7 +152,8 @@ public class UserGroupService extends ModeledDirectoryObjectService<ModeledUserG
throw new GuacamoleClientException("The group name must not be blank.");
// Do not create duplicate user groups
UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier());
UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier(),
environment.getCaseSensitivity());
if (existing != null)
throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists.");
@@ -166,7 +174,8 @@ public class UserGroupService extends ModeledDirectoryObjectService<ModeledUserG
// Do not allow groups to be renamed if the name collides with that of
// another, existing group
UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier());
UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier(),
environment.getCaseSensitivity());
if (existing != null && !existing.getObjectID().equals(model.getObjectID()))
throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists.");