safebox/guacamole-tomcat
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add .gitignore and .ratignore files for various directories
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
gyurix
2025-04-29 21:43:12 +02:00
parent 983ecbfc53
commit be9f66dee9
2167 changed files with 254128 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
target/
*~

0
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/.ratignore Normal file
View File

57
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/pom.xml Normal file
View File

@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-jdbc-sqlserver</artifactId>
<packaging>jar</packaging>
<name>guacamole-auth-jdbc-sqlserver</name>
<url>http://guacamole.apache.org/</url>
<parent>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-jdbc</artifactId>
<version>1.6.0</version>
<relativePath>../../</relativePath>
</parent>
<dependencies>
<!-- Guacamole Extension API -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-ext</artifactId>
<scope>provided</scope>
</dependency>
<!-- Guacamole JDBC Authentication -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-jdbc-base</artifactId>
<version>1.6.0</version>
</dependency>
</dependencies>
</project>

973
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/schema/001-create-schema.sql Normal file
View File

@@ -0,0 +1,973 @@
--
-- Licensed to the Apache Software Foundation (ASF) under one
-- or more contributor license agreements. See the NOTICE file
-- distributed with this work for additional information
-- regarding copyright ownership. The ASF licenses this file
-- to you under the Apache License, Version 2.0 (the
-- "License"); you may not use this file except in compliance
-- with the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing,
-- software distributed under the License is distributed on an
-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-- KIND, either express or implied. See the License for the
-- specific language governing permissions and limitations
-- under the License.
--
--
-- Connection group types
--
CREATE RULE [guacamole_connection_group_type_list] AS @list IN (
'ORGANIZATIONAL',
'BALANCING'
);
GO
CREATE TYPE [guacamole_connection_group_type] FROM [nvarchar](16);
EXEC sp_bindrule
'guacamole_connection_group_type_list',
'guacamole_connection_group_type';
GO
--
-- Entity types
--
CREATE RULE [guacamole_entity_type_list] AS @list IN (
'USER',
'USER_GROUP'
);
GO
CREATE TYPE [guacamole_entity_type] FROM [nvarchar](16);
EXEC sp_bindrule
'guacamole_entity_type_list',
'guacamole_entity_type';
GO
--
-- Object permission types
--
CREATE RULE [guacamole_object_permission_list] AS @list IN (
'READ',
'UPDATE',
'DELETE',
'ADMINISTER'
);
GO
CREATE TYPE [guacamole_object_permission] FROM [nvarchar](16);
EXEC sp_bindrule
'guacamole_object_permission_list',
'guacamole_object_permission';
GO
--
-- System permission types
--
CREATE RULE [guacamole_system_permission_list] AS @list IN (
'CREATE_CONNECTION',
'CREATE_CONNECTION_GROUP',
'CREATE_SHARING_PROFILE',
'CREATE_USER',
'CREATE_USER_GROUP',
'AUDIT',
'ADMINISTER'
);
GO
CREATE TYPE [guacamole_system_permission] FROM [nvarchar](32);
EXEC sp_bindrule
'guacamole_system_permission_list',
'guacamole_system_permission';
GO
--
-- Guacamole proxy (guacd) encryption methods.
--
CREATE RULE [guacamole_proxy_encryption_method_list] AS @list IN (
'NONE',
'SSL'
);
GO
CREATE TYPE [guacamole_proxy_encryption_method] FROM [nvarchar](8);
EXEC sp_bindrule
'guacamole_proxy_encryption_method_list',
'guacamole_proxy_encryption_method';
GO
--
-- Table of connection groups. Each connection group has a name, type, and
-- optional parent connection group.
--
CREATE TABLE [guacamole_connection_group] (
[connection_group_id] [int] IDENTITY(1,1) NOT NULL,
[parent_id] [int],
[connection_group_name] [nvarchar](128) NOT NULL,
[type] [guacamole_connection_group_type]
NOT NULL DEFAULT 'ORGANIZATIONAL',
-- Concurrency limits
[max_connections] [int],
[max_connections_per_user] [int],
[enable_session_affinity] [bit] NOT NULL DEFAULT 0,
CONSTRAINT [PK_guacamole_connection_group]
PRIMARY KEY CLUSTERED ([connection_group_id]),
CONSTRAINT [AK_guacamole_connection_group_name_parent]
UNIQUE ([connection_group_name], [parent_id]),
CONSTRAINT [FK_guacamole_connection_group_parent_id]
FOREIGN KEY ([parent_id])
REFERENCES [guacamole_connection_group] ([connection_group_id])
-- ON DELETE CASCADE handled by guacamole_delete_connection_group trigger
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_parent_id]
ON [guacamole_connection_group] ([parent_id]);
GO
--
-- Table of connections. Each connection has a name, protocol, and
-- associated set of parameters. A connection may belong to a connection group.
--
CREATE TABLE [guacamole_connection] (
[connection_id] [int] IDENTITY(1,1) NOT NULL,
[connection_name] [nvarchar](128) NOT NULL,
[parent_id] [int],
[protocol] [nvarchar](32) NOT NULL,
-- Concurrency limits
[max_connections] [int],
[max_connections_per_user] [int],
-- Connection Weight
[connection_weight] [int],
[failover_only] [bit] NOT NULL DEFAULT 0,
-- Guacamole proxy (guacd) overrides
[proxy_port] [int],
[proxy_hostname] [nvarchar](512),
[proxy_encryption_method] [guacamole_proxy_encryption_method],
CONSTRAINT [PK_guacamole_connection]
PRIMARY KEY CLUSTERED ([connection_id]),
CONSTRAINT [AK_guacamole_connection_name_parent]
UNIQUE ([connection_name], [parent_id]),
CONSTRAINT [FK_guacamole_connection_parent_id]
FOREIGN KEY ([parent_id])
REFERENCES [guacamole_connection_group] ([connection_group_id])
-- ON DELETE CASCADE handled by guacamole_delete_connection_group trigger
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_parent_id]
ON [guacamole_connection] ([parent_id]);
GO
--
-- Table of base entities which may each be either a user or user group. Other
-- tables which represent qualities shared by both users and groups will point
-- to guacamole_entity, while tables which represent qualities specific to
-- users or groups will point to guacamole_user or guacamole_user_group.
--
CREATE TABLE [guacamole_entity] (
[entity_id] [int] IDENTITY(1,1) NOT NULL,
[name] [nvarchar](128) NOT NULL,
[type] [guacamole_entity_type] NOT NULL,
CONSTRAINT [PK_guacamole_entity]
PRIMARY KEY CLUSTERED ([entity_id]),
CONSTRAINT [AK_guacamole_entity_name_scope]
UNIQUE ([type], [name])
);
GO
--
-- Table of users. Each user has a unique username and a hashed password
-- with corresponding salt. Although the authentication system will always set
-- salted passwords, other systems may set unsalted passwords by simply not
-- providing the salt.
--
CREATE TABLE [guacamole_user] (
[user_id] [int] IDENTITY(1,1) NOT NULL,
[entity_id] [int] NOT NULL,
-- Optionally-salted password
[password_hash] [binary](32) NOT NULL,
[password_salt] [binary](32),
[password_date] [datetime] NOT NULL,
-- Account disabled/expired status
[disabled] [bit] NOT NULL DEFAULT 0,
[expired] [bit] NOT NULL DEFAULT 0,
-- Time-based access restriction
[access_window_start] [time](7),
[access_window_end] [time](7),
-- Date-based access restriction
[valid_from] [date],
[valid_until] [date],
-- Timezone used for all date/time comparisons and interpretation
[timezone] [nvarchar](64),
-- Profile information
[full_name] [nvarchar](256),
[email_address] [nvarchar](256),
[organization] [nvarchar](256),
[organizational_role] [nvarchar](256),
CONSTRAINT [PK_guacamole_user]
PRIMARY KEY CLUSTERED ([user_id]),
CONSTRAINT [AK_guacamole_user_single_entity]
UNIQUE ([entity_id]),
CONSTRAINT [FK_guacamole_user_entity]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE
);
GO
--
-- Table of user groups. Each user group may have an arbitrary set of member
-- users and member groups, with those members inheriting the permissions
-- granted to that group.
--
CREATE TABLE [guacamole_user_group] (
[user_group_id] [int] IDENTITY(1,1) NOT NULL,
[entity_id] [int] NOT NULL,
-- Group disabled status
[disabled] [bit] NOT NULL DEFAULT 0,
CONSTRAINT [PK_guacamole_user_group]
PRIMARY KEY CLUSTERED ([user_group_id]),
CONSTRAINT [guacamole_user_group_single_entity]
UNIQUE ([entity_id]),
CONSTRAINT [guacamole_user_group_entity]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE
);
GO
--
-- Table of users which are members of given user groups.
--
CREATE TABLE [guacamole_user_group_member] (
[user_group_id] [int] NOT NULL,
[member_entity_id] [int] NOT NULL,
CONSTRAINT [PK_guacamole_user_group_member]
PRIMARY KEY CLUSTERED ([user_group_id], [member_entity_id]),
-- Parent must be a user group
CONSTRAINT [guacamole_user_group_member_parent_id]
FOREIGN KEY ([user_group_id])
REFERENCES [guacamole_user_group] ([user_group_id])
ON DELETE CASCADE,
-- Member may be either a user or a user group (any entity)
CONSTRAINT [guacamole_user_group_member_entity_id]
FOREIGN KEY ([member_entity_id])
REFERENCES [guacamole_entity] ([entity_id])
-- ON DELETE CASCADE handled by guacamole_delete_entity trigger
);
GO
--
-- Table of sharing profiles. Each sharing profile has a name, associated set
-- of parameters, and a primary connection. The primary connection is the
-- connection that the sharing profile shares, and the parameters dictate the
-- restrictions/features which apply to the user joining the connection via the
-- sharing profile.
--
CREATE TABLE [guacamole_sharing_profile] (
[sharing_profile_id] [int] IDENTITY(1,1) NOT NULL,
[sharing_profile_name] [nvarchar](128) NOT NULL,
[primary_connection_id] [int] NOT NULL,
CONSTRAINT [PK_guacamole_sharing_profile]
PRIMARY KEY CLUSTERED ([sharing_profile_id]),
CONSTRAINT [AK_guacamole_sharing_profile_name_primary_connection]
UNIQUE ([sharing_profile_name], [primary_connection_id]),
CONSTRAINT [FK_guacamole_sharing_profile_primary_connection_id]
FOREIGN KEY ([primary_connection_id])
REFERENCES [guacamole_connection] ([connection_id])
-- ON DELETE CASCADE handled by guacamole_delete_connection trigger
);
CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_primary_connection_id]
ON [guacamole_sharing_profile] ([primary_connection_id]);
GO
--
-- Table of arbitrary user attributes. Each attribute is simply a name/value
-- pair associated with a user. Arbitrary attributes are defined by other
-- extensions. Attributes defined by this extension will be mapped to
-- properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_user_attribute] (
[user_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_user_attribute]
PRIMARY KEY CLUSTERED ([user_id], [attribute_name]),
CONSTRAINT [FK_guacamole_user_attribute_user_id]
FOREIGN KEY ([user_id])
REFERENCES [guacamole_user] ([user_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_attribute_user_id]
ON [guacamole_user_attribute] ([user_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary user group attributes. Each attribute is simply a
-- name/value pair associated with a user group. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_user_group_attribute] (
[user_group_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_user_group_attribute]
PRIMARY KEY CLUSTERED ([user_group_id], [attribute_name]),
CONSTRAINT [FK_guacamole_user_attribute_user_group_id]
FOREIGN KEY ([user_group_id])
REFERENCES [guacamole_user_group] ([user_group_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_attribute_user_id]
ON [guacamole_user_group_attribute] ([user_group_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary connection attributes. Each attribute is simply a
-- name/value pair associated with a connection. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_connection_attribute] (
[connection_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
PRIMARY KEY (connection_id, attribute_name),
CONSTRAINT [FK_guacamole_connection_attribute_connection_id]
FOREIGN KEY ([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_attribute_connection_id]
ON [guacamole_connection_attribute] ([connection_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary connection group attributes. Each attribute is simply a
-- name/value pair associated with a connection group. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_connection_group_attribute] (
[connection_group_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
PRIMARY KEY (connection_group_id, attribute_name),
CONSTRAINT [FK_guacamole_connection_group_attribute_connection_group_id]
FOREIGN KEY ([connection_group_id])
REFERENCES [guacamole_connection_group] ([connection_group_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_attribute_connection_group_id]
ON [guacamole_connection_group_attribute] ([connection_group_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary sharing profile attributes. Each attribute is simply a
-- name/value pair associated with a sharing profile. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_sharing_profile_attribute] (
[sharing_profile_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
PRIMARY KEY (sharing_profile_id, attribute_name),
CONSTRAINT [FK_guacamole_sharing_profile_attribute_sharing_profile_id]
FOREIGN KEY ([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_attribute_sharing_profile_id]
ON [guacamole_sharing_profile_attribute] ([sharing_profile_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of connection parameters. Each parameter is simply a name/value pair
-- associated with a connection.
--
CREATE TABLE [guacamole_connection_parameter] (
[connection_id] [int] NOT NULL,
[parameter_name] [nvarchar](128) NOT NULL,
[parameter_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_connection_parameter]
PRIMARY KEY CLUSTERED ([connection_id], [parameter_name]),
CONSTRAINT [FK_guacamole_connection_parameter_connection_id]
FOREIGN KEY ([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_parameter_connection_id]
ON [guacamole_connection_parameter] ([connection_id]);
GO
--
-- Table of sharing profile parameters. Each parameter is simply
-- name/value pair associated with a sharing profile. These parameters dictate
-- the restrictions/features which apply to the user joining the associated
-- connection via the sharing profile.
--
CREATE TABLE [guacamole_sharing_profile_parameter] (
[sharing_profile_id] [int] NOT NULL,
[parameter_name] [nvarchar](128) NOT NULL,
[parameter_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_sharing_profile_parameter]
PRIMARY KEY CLUSTERED ([sharing_profile_id], [parameter_name]),
CONSTRAINT [FK_guacamole_sharing_profile_parameter_connection_id]
FOREIGN KEY ([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_parameter_sharing_profile_id]
ON [guacamole_sharing_profile_parameter] ([sharing_profile_id]);
GO
--
-- Table of connection permissions. Each connection permission grants a user or
-- user group specific access to a connection.
--
CREATE TABLE [guacamole_connection_permission] (
[entity_id] [int] NOT NULL,
[connection_id] [int] NOT NULL,
[permission] [guacamole_object_permission] NOT NULL,
CONSTRAINT [PK_guacamole_connection_permission]
PRIMARY KEY CLUSTERED ([entity_id], [connection_id], [permission]),
CONSTRAINT [FK_guacamole_connection_permission_connection_id]
FOREIGN KEY ([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON DELETE CASCADE,
CONSTRAINT [FK_guacamole_connection_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_permission_connection_id]
ON [guacamole_connection_permission] ([connection_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_permission_entity_id]
ON [guacamole_connection_permission] ([entity_id]);
GO
--
-- Table of connection group permissions. Each group permission grants a user
-- or user group specific access to a connection group.
--
CREATE TABLE [guacamole_connection_group_permission] (
[entity_id] [int] NOT NULL,
[connection_group_id] [int] NOT NULL,
[permission] [guacamole_object_permission] NOT NULL,
CONSTRAINT [PK_guacamole_connection_group_permission]
PRIMARY KEY CLUSTERED ([entity_id], [connection_group_id], [permission]),
CONSTRAINT [FK_guacamole_connection_group_permission_connection_group_id]
FOREIGN KEY ([connection_group_id])
REFERENCES [guacamole_connection_group] ([connection_group_id])
ON DELETE CASCADE,
CONSTRAINT [FK_guacamole_connection_group_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_permission_connection_group_id]
ON [guacamole_connection_group_permission] ([connection_group_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_permission_entity_id]
ON [guacamole_connection_group_permission] ([entity_id]);
GO
--
-- Table of sharing profile permissions. Each sharing profile permission grants
-- a user or user group specific access to a sharing profile.
--
CREATE TABLE [guacamole_sharing_profile_permission] (
[entity_id] [int] NOT NULL,
[sharing_profile_id] [int] NOT NULL,
[permission] [guacamole_object_permission] NOT NULL,
CONSTRAINT [PK_guacamole_sharing_profile_permission]
PRIMARY KEY CLUSTERED ([entity_id], [sharing_profile_id], [permission]),
CONSTRAINT [FK_guacamole_sharing_profile_permission_sharing_profile_id]
FOREIGN KEY ([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id])
ON DELETE CASCADE,
CONSTRAINT [FK_guacamole_sharing_profile_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_permission_sharing_profile_id]
ON [guacamole_sharing_profile_permission] ([sharing_profile_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_permission_entity_id]
ON [guacamole_sharing_profile_permission] ([entity_id]);
GO
--
-- Table of system permissions. Each system permission grants a user or user
-- group a system-level privilege of some kind.
--
CREATE TABLE [guacamole_system_permission] (
[entity_id] [int] NOT NULL,
[permission] [guacamole_system_permission] NOT NULL,
CONSTRAINT [PK_guacamole_system_permission]
PRIMARY KEY CLUSTERED ([entity_id], [permission]),
CONSTRAINT [FK_guacamole_system_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_system_permission_entity_id]
ON [guacamole_system_permission] ([entity_id]);
GO
--
-- Table of user permissions. Each user permission grants a user or user group
-- access to another user (the "affected" user) for a specific type of
-- operation.
--
CREATE TABLE [guacamole_user_permission] (
[entity_id] [int] NOT NULL,
[affected_user_id] [int] NOT NULL,
[permission] [guacamole_object_permission] NOT NULL,
CONSTRAINT [PK_guacamole_user_permission]
PRIMARY KEY CLUSTERED ([entity_id], [affected_user_id], [permission]),
CONSTRAINT [FK_guacamole_user_permission_affected_user_id]
FOREIGN KEY ([affected_user_id])
REFERENCES [guacamole_user] ([user_id])
ON DELETE CASCADE,
CONSTRAINT [FK_guacamole_user_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
-- ON DELETE CASCADE handled by guacamole_delete_entity trigger
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_permission_entity_id]
ON [guacamole_user_permission] ([entity_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_permission_affected_user_id]
ON [guacamole_user_permission] ([affected_user_id]);
GO
--
-- Table of user group permissions. Each user group permission grants a user
-- or user group access to a another user group (the "affected" user group) for
-- a specific type of operation.
--
CREATE TABLE [guacamole_user_group_permission] (
[entity_id] [int] NOT NULL,
[affected_user_group_id] [int] NOT NULL,
[permission] [guacamole_object_permission] NOT NULL,
CONSTRAINT [PK_guacamole_user_group_permission]
PRIMARY KEY CLUSTERED ([entity_id], [affected_user_group_id], [permission]),
CONSTRAINT [FK_guacamole_user_group_permission_affected_user_group_id]
FOREIGN KEY ([affected_user_group_id])
REFERENCES [guacamole_user_group] ([user_group_id])
ON DELETE CASCADE,
CONSTRAINT [FK_guacamole_user_group_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
-- ON DELETE CASCADE handled by guacamole_delete_entity trigger
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_entity_id]
ON [guacamole_user_group_permission] ([entity_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_affected_user_group_id]
ON [guacamole_user_group_permission] ([affected_user_group_id]);
GO
--
-- Table of connection history records. Each record defines a specific user's
-- session, including the connection used, the start time, and the end time
-- (if any).
--
CREATE TABLE [guacamole_connection_history] (
[history_id] [int] IDENTITY(1,1) NOT NULL,
[user_id] [int],
[username] [nvarchar](128) NOT NULL,
[remote_host] [nvarchar](256),
[connection_id] [int],
[connection_name] [nvarchar](128) NOT NULL,
[sharing_profile_id] [int],
[sharing_profile_name] [nvarchar](128),
[start_date] [datetime] NOT NULL,
[end_date] [datetime],
CONSTRAINT [PK_guacamole_connection_history]
PRIMARY KEY CLUSTERED ([history_id]),
CONSTRAINT [FK_guacamole_connection_history_user_id]
FOREIGN KEY ([user_id])
REFERENCES [guacamole_user] ([user_id])
ON DELETE SET NULL,
CONSTRAINT [FK_guacamole_connection_history_connection_id]
FOREIGN KEY ([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON DELETE SET NULL,
CONSTRAINT [FK_guacamole_connection_history_sharing_profile_id]
FOREIGN KEY ([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id])
-- ON DELETE SET NULL handled by guacamole_delete_sharing profile trigger
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_user_id]
ON [guacamole_connection_history] ([user_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_connection_id]
ON [guacamole_connection_history] ([connection_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_sharing_profile_id]
ON [guacamole_connection_history] ([sharing_profile_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_start_date]
ON [guacamole_connection_history] ([start_date]);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_end_date]
ON [guacamole_connection_history] ([end_date]);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_connection_id_start_date]
ON [guacamole_connection_history] ([connection_id], [start_date]);
GO
--
-- User login/logout history
--
CREATE TABLE [guacamole_user_history] (
[history_id] [int] IDENTITY(1,1) NOT NULL,
[user_id] [int] DEFAULT NULL,
[username] [nvarchar](128) NOT NULL,
[remote_host] [nvarchar](256) DEFAULT NULL,
[start_date] [datetime] NOT NULL,
[end_date] [datetime] DEFAULT NULL,
PRIMARY KEY (history_id),
CONSTRAINT FK_guacamole_user_history_user_id
FOREIGN KEY (user_id)
REFERENCES guacamole_user (user_id) ON DELETE SET NULL
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_user_id]
ON [guacamole_user_history] ([user_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_start_date]
ON [guacamole_user_history] ([start_date]);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_end_date]
ON [guacamole_user_history] ([end_date]);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_user_id_start_date]
ON [guacamole_user_history] ([user_id], [start_date]);
GO
--
-- The user_password_history table stores password history
-- for users, allowing for enforcing rules associated with
-- reuse of passwords.
--
CREATE TABLE [guacamole_user_password_history] (
[password_history_id] [int] IDENTITY(1,1) NOT NULL,
[user_id] [int] NOT NULL,
-- Salted password
[password_hash] [binary](32) NOT NULL,
[password_salt] [binary](32),
[password_date] [datetime] NOT NULL,
CONSTRAINT [PK_guacamole_user_password_history]
PRIMARY KEY CLUSTERED ([password_history_id]),
CONSTRAINT [FK_guacamole_user_password_history_user_id]
FOREIGN KEY ([user_id])
REFERENCES [guacamole_user] ([user_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_password_history_user_id]
ON [guacamole_user_password_history] ([user_id]);
GO
--
-- Handle cascading deletion/updates of records in response to deletion of
-- guacamole_entity records, where such deletion is not already covered by
-- ON DELETE CASCADE or ON DELETE SET NULL.
--
CREATE TRIGGER [guacamole_delete_entity]
ON [guacamole_entity]
INSTEAD OF DELETE
AS BEGIN
-- Do not take trigger into account when producing row counts for the DELETE
SET NOCOUNT ON;
-- Delete all associated permissions not covered by ON DELETE CASCADE
DELETE FROM [guacamole_user_permission]
WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED);
DELETE FROM [guacamole_user_group_permission]
WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED);
-- Delete all associated group memberships not covered by ON DELETE CASCADE
DELETE FROM [guacamole_user_group_member]
WHERE [member_entity_id] IN (SELECT [entity_id] FROM DELETED);
-- Perform original deletion
DELETE FROM [guacamole_entity]
WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED);
END
GO
--
-- Handle cascading deletion/updates of records in response to deletion of
-- guacamole_connection records, where such deletion is not already covered by
-- ON DELETE CASCADE or ON DELETE SET NULL.
--
CREATE TRIGGER [guacamole_delete_connection]
ON [guacamole_connection]
INSTEAD OF DELETE
AS BEGIN
-- Do not take trigger into account when producing row counts for the DELETE
SET NOCOUNT ON;
-- Delete associated sharing profiles
DELETE FROM [guacamole_sharing_profile]
WHERE [primary_connection_id] IN (SELECT [connection_id] FROM DELETED);
-- Perform original deletion
DELETE FROM [guacamole_connection]
WHERE [connection_id] IN (SELECT [connection_id] FROM DELETED);
END
GO
--
-- Handle cascading deletion/updates of records in response to deletion of
-- guacamole_connection_group records, where such deletion is not already
-- covered by ON DELETE CASCADE or ON DELETE SET NULL.
--
CREATE TRIGGER [guacamole_delete_connection_group]
ON [guacamole_connection_group]
INSTEAD OF DELETE
AS BEGIN
-- Do not take trigger into account when producing row counts for the DELETE
SET NOCOUNT ON;
-- Delete all descendant connections
WITH [connection_groups] ([connection_group_id]) AS (
SELECT [connection_group_id] FROM DELETED
UNION ALL
SELECT [guacamole_connection_group].[connection_group_id]
FROM [guacamole_connection_group]
JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id]
)
DELETE FROM [guacamole_connection]
WHERE [parent_id] IN (
SELECT [connection_group_id]
FROM [connection_groups]
);
-- Delete all requested connection groups, including descendants
WITH [connection_groups] ([connection_group_id]) AS (
SELECT [connection_group_id] FROM DELETED
UNION ALL
SELECT [guacamole_connection_group].[connection_group_id]
FROM [guacamole_connection_group]
JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id]
)
DELETE FROM [guacamole_connection_group]
WHERE [connection_group_id] IN (
SELECT [connection_group_id]
FROM [connection_groups]
);
END
GO
--
-- Handle cascading deletion/updates of records in response to deletion of
-- guacamole_sharing_profile records, where such deletion is not already
-- covered by ON DELETE CASCADE or ON DELETE SET NULL.
--
CREATE TRIGGER [guacamole_delete_sharing_profile]
ON [guacamole_sharing_profile]
INSTEAD OF DELETE
AS BEGIN
-- Do not take trigger into account when producing row counts for the DELETE
SET NOCOUNT ON;
-- Delete all associated permissions not covered by ON DELETE CASCADE
UPDATE [guacamole_connection_history]
SET [sharing_profile_id] = NULL
WHERE [sharing_profile_id] IN (SELECT [sharing_profile_id] FROM DELETED);
-- Perform original deletion
DELETE FROM [guacamole_sharing_profile]
WHERE [sharing_profile_id] IN (SELECT [sharing_profile_id] FROM DELETED);
END
GO

64
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/schema/002-create-admin-user.sql Normal file
View File

@@ -0,0 +1,64 @@
--
-- Licensed to the Apache Software Foundation (ASF) under one
-- or more contributor license agreements. See the NOTICE file
-- distributed with this work for additional information
-- regarding copyright ownership. The ASF licenses this file
-- to you under the Apache License, Version 2.0 (the
-- "License"); you may not use this file except in compliance
-- with the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing,
-- software distributed under the License is distributed on an
-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-- KIND, either express or implied. See the License for the
-- specific language governing permissions and limitations
-- under the License.
--
-- Create default user "guacadmin" with password "guacadmin"
INSERT INTO [guacamole_entity] ([name], [type]) VALUES ('guacadmin', 'USER');
INSERT INTO [guacamole_user] (
[entity_id],
[password_hash],
[password_salt],
[password_date]
)
SELECT
[entity_id],
0xCA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960,
0xFE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264,
getdate()
FROM [guacamole_entity] WHERE [name] = 'guacadmin';
-- Grant this user all system permissions
INSERT INTO [guacamole_system_permission]
SELECT
[entity_id],
[permission]
FROM (
SELECT 'guacadmin', 'CREATE_CONNECTION'
UNION SELECT 'guacadmin', 'CREATE_CONNECTION_GROUP'
UNION SELECT 'guacadmin', 'CREATE_SHARING_PROFILE'
UNION SELECT 'guacadmin', 'CREATE_USER'
UNION SELECT 'guacadmin', 'CREATE_USER_GROUP'
UNION SELECT 'guacadmin', 'ADMINISTER'
) [permissions] ([username], [permission])
JOIN [guacamole_entity] ON [permissions].[username] = [guacamole_entity].[name] AND [guacamole_entity].[type] = 'USER';
INSERT INTO [guacamole_user_permission]
SELECT
[guacamole_entity].[entity_id],
[guacamole_user].[user_id],
[permission]
FROM (
SELECT 'guacadmin', 'guacadmin', 'READ'
UNION SELECT 'guacadmin', 'guacadmin', 'UPDATE'
UNION SELECT 'guacadmin', 'guacadmin', 'ADMINISTER'
) [permissions] ([username], [affected_username], [permission])
JOIN [guacamole_entity] ON [permissions].[username] = [guacamole_entity].[name] AND [guacamole_entity].[type] = 'USER'
JOIN [guacamole_entity] [affected] ON [permissions].[affected_username] = [affected].[name] AND [guacamole_entity].[type] = 'USER'
JOIN [guacamole_user] ON [guacamole_user].[entity_id] = [affected].[entity_id];
GO

659
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/schema/upgrade/upgrade-pre-1.0.0.sql Normal file
View File

@@ -0,0 +1,659 @@
--
-- Licensed to the Apache Software Foundation (ASF) under one
-- or more contributor license agreements. See the NOTICE file
-- distributed with this work for additional information
-- regarding copyright ownership. The ASF licenses this file
-- to you under the Apache License, Version 2.0 (the
-- "License"); you may not use this file except in compliance
-- with the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing,
-- software distributed under the License is distributed on an
-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-- KIND, either express or implied. See the License for the
-- specific language governing permissions and limitations
-- under the License.
--
--
-- Add new system-level permission
--
EXEC sp_unbindrule 'guacamole_system_permission';
DROP RULE [guacamole_system_permission_list];
GO
CREATE RULE [guacamole_system_permission_list] AS @list IN (
'CREATE_CONNECTION',
'CREATE_CONNECTION_GROUP',
'CREATE_SHARING_PROFILE',
'CREATE_USER',
'CREATE_USER_GROUP',
'ADMINISTER'
);
GO
EXEC sp_bindrule
'guacamole_system_permission_list',
'guacamole_system_permission';
GO
--
-- Entity types
--
CREATE RULE [guacamole_entity_type_list] AS @list IN (
'USER',
'USER_GROUP'
);
GO
CREATE TYPE [guacamole_entity_type] FROM [nvarchar](16);
EXEC sp_bindrule
'guacamole_entity_type_list',
'guacamole_entity_type';
GO
--
-- Table of base entities which may each be either a user or user group. Other
-- tables which represent qualities shared by both users and groups will point
-- to guacamole_entity, while tables which represent qualities specific to
-- users or groups will point to guacamole_user or guacamole_user_group.
--
CREATE TABLE [guacamole_entity] (
[entity_id] [int] IDENTITY(1,1) NOT NULL,
[name] [nvarchar](128) NOT NULL,
[type] [guacamole_entity_type] NOT NULL,
CONSTRAINT [PK_guacamole_entity]
PRIMARY KEY CLUSTERED ([entity_id]),
CONSTRAINT [AK_guacamole_entity_name_scope]
UNIQUE ([type], [name])
);
GO
--
-- Table of user groups. Each user group may have an arbitrary set of member
-- users and member groups, with those members inheriting the permissions
-- granted to that group.
--
CREATE TABLE [guacamole_user_group] (
[user_group_id] [int] IDENTITY(1,1) NOT NULL,
[entity_id] [int] NOT NULL,
-- Group disabled status
[disabled] [bit] NOT NULL DEFAULT 0,
CONSTRAINT [PK_guacamole_user_group]
PRIMARY KEY CLUSTERED ([user_group_id]),
CONSTRAINT [guacamole_user_group_single_entity]
UNIQUE ([entity_id]),
CONSTRAINT [guacamole_user_group_entity]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE
);
GO
--
-- Table of users which are members of given user groups.
--
CREATE TABLE [guacamole_user_group_member] (
[user_group_id] [int] NOT NULL,
[member_entity_id] [int] NOT NULL,
CONSTRAINT [PK_guacamole_user_group_member]
PRIMARY KEY CLUSTERED ([user_group_id], [member_entity_id]),
-- Parent must be a user group
CONSTRAINT [guacamole_user_group_member_parent_id]
FOREIGN KEY ([user_group_id])
REFERENCES [guacamole_user_group] ([user_group_id])
ON DELETE CASCADE,
-- Member may be either a user or a user group (any entity)
CONSTRAINT [guacamole_user_group_member_entity_id]
FOREIGN KEY ([member_entity_id])
REFERENCES [guacamole_entity] ([entity_id])
-- ON DELETE CASCADE handled by guacamole_delete_entity trigger
);
GO
--
-- Table of user group permissions. Each user group permission grants a user
-- or user group access to a another user group (the "affected" user group) for
-- a specific type of operation.
--
CREATE TABLE [guacamole_user_group_permission] (
[entity_id] [int] NOT NULL,
[affected_user_group_id] [int] NOT NULL,
[permission] [guacamole_object_permission] NOT NULL,
CONSTRAINT [PK_guacamole_user_group_permission]
PRIMARY KEY CLUSTERED ([entity_id], [affected_user_group_id], [permission]),
CONSTRAINT [FK_guacamole_user_group_permission_affected_user_group_id]
FOREIGN KEY ([affected_user_group_id])
REFERENCES [guacamole_user_group] ([user_group_id])
ON DELETE CASCADE,
CONSTRAINT [FK_guacamole_user_group_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
-- ON DELETE CASCADE handled by guacamole_delete_entity trigger
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_entity_id]
ON [guacamole_user_group_permission] ([entity_id]);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_affected_user_group_id]
ON [guacamole_user_group_permission] ([affected_user_group_id]);
GO
--
-- The guacamole_delete_entity trigger effectively replaces the
-- guacamole_delete_user trigger, which is no longer necessary and will cease
-- being correct after the columns of existing tables are updated.
--
DROP TRIGGER [guacamole_delete_user];
GO
--
-- Modify guacamole_user table to use guacamole_entity as a base
--
-- Add new entity_id column
ALTER TABLE [guacamole_user] ADD [entity_id] [int];
GO
-- Create user entities for each guacamole_user entry
INSERT INTO [guacamole_entity] ([name], [type])
SELECT [username], 'USER' FROM [guacamole_user];
GO
-- Update guacamole_user to point to corresponding guacamole_entity
UPDATE [guacamole_user] SET [entity_id] = (
SELECT [entity_id] FROM [guacamole_entity]
WHERE
[username] = [guacamole_entity].[name]
AND type = 'USER'
);
GO
-- The entity_id column should now be safely non-NULL
ALTER TABLE [guacamole_user]
ALTER COLUMN [entity_id] [int] NOT NULL;
-- The entity_id column should now be unique for each user
ALTER TABLE [guacamole_user]
ADD CONSTRAINT [AK_guacamole_user_single_entity]
UNIQUE ([entity_id]);
-- The entity_id column should now safely point to guacamole_entity entries
ALTER TABLE [guacamole_user]
ADD CONSTRAINT [FK_guacamole_user_entity]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE;
-- The username column can now safely be removed
ALTER TABLE [guacamole_user] DROP [AK_guacamole_user_username];
ALTER TABLE [guacamole_user] DROP COLUMN [username];
GO
--
-- Modify guacamole_connection_permission to use guacamole_entity instead of
-- guacamole_user
--
-- Add new entity_id column
ALTER TABLE [guacamole_connection_permission] ADD [entity_id] [int];
GO
-- Update guacamole_connection_permission to point to the guacamole_entity
-- that has been granted the permission
UPDATE [guacamole_connection_permission] SET [entity_id] = (
SELECT [entity_id] FROM [guacamole_user]
WHERE [guacamole_user].[user_id] = [guacamole_connection_permission].[user_id]
);
GO
-- The entity_id column should now be safely non-NULL
ALTER TABLE [guacamole_connection_permission]
ALTER COLUMN [entity_id] [int] NOT NULL;
-- Remove user_id column
DROP INDEX [IX_guacamole_connection_permission_user_id] ON [guacamole_connection_permission];
ALTER TABLE [guacamole_connection_permission] DROP [PK_guacamole_connection_permission];
ALTER TABLE [guacamole_connection_permission] DROP [FK_guacamole_connection_permission_user_id];
ALTER TABLE [guacamole_connection_permission] DROP COLUMN [user_id];
-- The entity_id column should now safely point to guacamole_entity entries
ALTER TABLE [guacamole_connection_permission]
ADD CONSTRAINT [FK_guacamole_connection_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE;
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_permission_entity_id]
ON [guacamole_connection_permission] ([entity_id]);
-- Add new primary key which uses entity_id
ALTER TABLE [guacamole_connection_permission]
ADD CONSTRAINT [PK_guacamole_connection_permission]
PRIMARY KEY CLUSTERED ([entity_id], [connection_id], [permission]);
GO
--
-- Modify guacamole_connection_group_permission to use guacamole_entity instead
-- of guacamole_user
--
-- Add new entity_id column
ALTER TABLE [guacamole_connection_group_permission] ADD [entity_id] [int];
GO
-- Update guacamole_connection_group_permission to point to the guacamole_entity
-- that has been granted the permission
UPDATE guacamole_connection_group_permission SET entity_id = (
SELECT entity_id FROM guacamole_user
WHERE guacamole_user.user_id = guacamole_connection_group_permission.user_id
);
GO
-- The entity_id column should now be safely non-NULL
ALTER TABLE [guacamole_connection_group_permission]
ALTER COLUMN [entity_id] [int] NOT NULL;
-- Remove user_id column
DROP INDEX [IX_guacamole_connection_group_permission_user_id] ON [guacamole_connection_group_permission];
ALTER TABLE [guacamole_connection_group_permission] DROP [PK_guacamole_connection_group_permission];
ALTER TABLE [guacamole_connection_group_permission] DROP [FK_guacamole_connection_group_permission_user_id];
ALTER TABLE [guacamole_connection_group_permission] DROP COLUMN user_id;
-- The entity_id column should now safely point to guacamole_entity entries
ALTER TABLE [guacamole_connection_group_permission]
ADD CONSTRAINT [FK_guacamole_connection_group_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE;
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_permission_entity_id]
ON [guacamole_connection_group_permission] ([entity_id]);
-- Add new primary key which uses entity_id
ALTER TABLE [guacamole_connection_group_permission]
ADD CONSTRAINT [PK_guacamole_connection_group_permission]
PRIMARY KEY CLUSTERED ([entity_id], [connection_group_id], [permission]);
GO
--
-- Modify guacamole_sharing_profile_permission to use guacamole_entity instead
-- of guacamole_user
--
-- Add new entity_id column
ALTER TABLE [guacamole_sharing_profile_permission] ADD [entity_id] [int];
GO
-- Update guacamole_sharing_profile_permission to point to the guacamole_entity
-- that has been granted the permission
UPDATE guacamole_sharing_profile_permission SET entity_id = (
SELECT entity_id FROM guacamole_user
WHERE guacamole_user.user_id = guacamole_sharing_profile_permission.user_id
);
GO
-- The entity_id column should now be safely non-NULL
ALTER TABLE [guacamole_sharing_profile_permission]
ALTER COLUMN [entity_id] [int] NOT NULL;
-- Remove user_id column
DROP INDEX [IX_guacamole_sharing_profile_permission_user_id] ON [guacamole_sharing_profile_permission];
ALTER TABLE [guacamole_sharing_profile_permission] DROP [PK_guacamole_sharing_profile_permission];
ALTER TABLE [guacamole_sharing_profile_permission] DROP [FK_guacamole_sharing_profile_permission_user_id];
ALTER TABLE [guacamole_sharing_profile_permission] DROP COLUMN user_id;
-- The entity_id column should now safely point to guacamole_entity entries
ALTER TABLE [guacamole_sharing_profile_permission]
ADD CONSTRAINT [FK_guacamole_sharing_profile_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE;
CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_permission_entity_id]
ON [guacamole_sharing_profile_permission] ([entity_id]);
-- Add new primary key which uses entity_id
ALTER TABLE [guacamole_sharing_profile_permission]
ADD CONSTRAINT [PK_guacamole_sharing_profile_permission]
PRIMARY KEY CLUSTERED ([entity_id], [sharing_profile_id], [permission]);
GO
--
-- Modify guacamole_user_permission to use guacamole_entity instead of
-- guacamole_user
--
-- Add new entity_id column
ALTER TABLE [guacamole_user_permission] ADD [entity_id] [int];
GO
-- Update guacamole_user_permission to point to the guacamole_entity
-- that has been granted the permission
UPDATE guacamole_user_permission SET entity_id = (
SELECT entity_id FROM guacamole_user
WHERE guacamole_user.user_id = guacamole_user_permission.user_id
);
GO
-- The entity_id column should now be safely non-NULL
ALTER TABLE [guacamole_user_permission]
ALTER COLUMN [entity_id] [int] NOT NULL;
-- The entity_id column should now safely point to guacamole_entity entries
ALTER TABLE [guacamole_user_permission]
ADD CONSTRAINT [FK_guacamole_user_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id]);
-- ON DELETE CASCADE handled by guacamole_delete_entity trigger
-- The affected_user_id column now has ON DELETE CASCADE
ALTER TABLE [guacamole_user_permission] DROP [FK_guacamole_user_permission_affected_user_id];
ALTER TABLE [guacamole_user_permission]
ADD CONSTRAINT [FK_guacamole_user_permission_affected_user_id]
FOREIGN KEY ([affected_user_id])
REFERENCES [guacamole_user] ([user_id])
ON DELETE CASCADE;
CREATE NONCLUSTERED INDEX [IX_guacamole_user_permission_entity_id]
ON [guacamole_user_permission] ([entity_id]);
-- Remove user_id column
DROP INDEX [IX_guacamole_user_permission_user_id] ON [guacamole_user_permission];
ALTER TABLE [guacamole_user_permission] DROP [PK_guacamole_user_permission];
ALTER TABLE [guacamole_user_permission] DROP [FK_guacamole_user_permission_user_id];
ALTER TABLE [guacamole_user_permission] DROP COLUMN user_id;
-- Add new primary key which uses entity_id
ALTER TABLE [guacamole_user_permission]
ADD CONSTRAINT [PK_guacamole_user_permission]
PRIMARY KEY CLUSTERED ([entity_id], [affected_user_id], [permission]);
GO
--
-- Modify guacamole_system_permission to use guacamole_entity instead of
-- guacamole_user
--
-- Add new entity_id column
ALTER TABLE [guacamole_system_permission] ADD [entity_id] [int];
GO
-- Update guacamole_system_permission to point to the guacamole_entity
-- that has been granted the permission
UPDATE [guacamole_system_permission] SET [entity_id] = (
SELECT [entity_id] FROM [guacamole_user]
WHERE [guacamole_user].[user_id] = [guacamole_system_permission].[user_id]
);
GO
-- The entity_id column should now be safely non-NULL
ALTER TABLE [guacamole_system_permission]
ALTER COLUMN [entity_id] [int] NOT NULL;
-- Remove user_id column
DROP INDEX [IX_guacamole_system_permission_user_id] ON [guacamole_system_permission];
ALTER TABLE [guacamole_system_permission] DROP [PK_guacamole_system_permission];
ALTER TABLE [guacamole_system_permission] DROP [FK_guacamole_system_permission_user_id];
ALTER TABLE [guacamole_system_permission] DROP COLUMN [user_id];
-- The entity_id column should now safely point to guacamole_entity entries
ALTER TABLE [guacamole_system_permission]
ADD CONSTRAINT [FK_guacamole_system_permission_entity_id]
FOREIGN KEY ([entity_id])
REFERENCES [guacamole_entity] ([entity_id])
ON DELETE CASCADE;
CREATE NONCLUSTERED INDEX [IX_guacamole_system_permission_entity_id]
ON [guacamole_system_permission] ([entity_id]);
-- Add new primary key which uses entity_id
ALTER TABLE [guacamole_system_permission]
ADD CONSTRAINT [PK_guacamole_system_permission]
PRIMARY KEY CLUSTERED ([entity_id], [permission]);
GO
--
-- Handle cascading deletion/updates of records in response to deletion of
-- guacamole_entity records, where such deletion is not already covered by
-- ON DELETE CASCADE or ON DELETE SET NULL.
--
CREATE TRIGGER [guacamole_delete_entity]
ON [guacamole_entity]
INSTEAD OF DELETE
AS BEGIN
-- Do not take trigger into account when producing row counts for the DELETE
SET NOCOUNT ON;
-- Delete all associated permissions not covered by ON DELETE CASCADE
DELETE FROM [guacamole_user_permission]
WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED);
DELETE FROM [guacamole_user_group_permission]
WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED);
-- Delete all associated group memberships not covered by ON DELETE CASCADE
DELETE FROM [guacamole_user_group_member]
WHERE [member_entity_id] IN (SELECT [entity_id] FROM DELETED);
-- Perform original deletion
DELETE FROM [guacamole_entity]
WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED);
END
GO
--
-- Update guacamole_delete_connection_group trigger to remove descendant
-- connections first.
--
DROP TRIGGER [guacamole_delete_connection_group];
GO
CREATE TRIGGER [guacamole_delete_connection_group]
ON [guacamole_connection_group]
INSTEAD OF DELETE
AS BEGIN
-- Do not take trigger into account when producing row counts for the DELETE
SET NOCOUNT ON;
-- Delete all descendant connections
WITH [connection_groups] ([connection_group_id]) AS (
SELECT [connection_group_id] FROM DELETED
UNION ALL
SELECT [guacamole_connection_group].[connection_group_id]
FROM [guacamole_connection_group]
JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id]
)
DELETE FROM [guacamole_connection]
WHERE [parent_id] IN (
SELECT [connection_group_id]
FROM [connection_groups]
);
-- Delete all requested connection groups, including descendants
WITH [connection_groups] ([connection_group_id]) AS (
SELECT [connection_group_id] FROM DELETED
UNION ALL
SELECT [guacamole_connection_group].[connection_group_id]
FROM [guacamole_connection_group]
JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id]
)
DELETE FROM [guacamole_connection_group]
WHERE [connection_group_id] IN (
SELECT [connection_group_id]
FROM [connection_groups]
);
END
GO
--
-- Table of arbitrary user attributes. Each attribute is simply a name/value
-- pair associated with a user. Arbitrary attributes are defined by other
-- extensions. Attributes defined by this extension will be mapped to
-- properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_user_attribute] (
[user_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_user_attribute]
PRIMARY KEY CLUSTERED ([user_id], [attribute_name]),
CONSTRAINT [FK_guacamole_user_attribute_user_id]
FOREIGN KEY ([user_id])
REFERENCES [guacamole_user] ([user_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_attribute_user_id]
ON [guacamole_user_attribute] ([user_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary user group attributes. Each attribute is simply a
-- name/value pair associated with a user group. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_user_group_attribute] (
[user_group_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
CONSTRAINT [PK_guacamole_user_group_attribute]
PRIMARY KEY CLUSTERED ([user_group_id], [attribute_name]),
CONSTRAINT [FK_guacamole_user_attribute_user_group_id]
FOREIGN KEY ([user_group_id])
REFERENCES [guacamole_user_group] ([user_group_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_attribute_user_id]
ON [guacamole_user_group_attribute] ([user_group_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary connection attributes. Each attribute is simply a
-- name/value pair associated with a connection. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_connection_attribute] (
[connection_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
PRIMARY KEY (connection_id, attribute_name),
CONSTRAINT [FK_guacamole_connection_attribute_connection_id]
FOREIGN KEY ([connection_id])
REFERENCES [guacamole_connection] ([connection_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_attribute_connection_id]
ON [guacamole_connection_attribute] ([connection_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary connection group attributes. Each attribute is simply a
-- name/value pair associated with a connection group. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_connection_group_attribute] (
[connection_group_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
PRIMARY KEY (connection_group_id, attribute_name),
CONSTRAINT [FK_guacamole_connection_group_attribute_connection_group_id]
FOREIGN KEY ([connection_group_id])
REFERENCES [guacamole_connection_group] ([connection_group_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_attribute_connection_group_id]
ON [guacamole_connection_group_attribute] ([connection_group_id])
INCLUDE ([attribute_name], [attribute_value]);
GO
--
-- Table of arbitrary sharing profile attributes. Each attribute is simply a
-- name/value pair associated with a sharing profile. Arbitrary attributes are
-- defined by other extensions. Attributes defined by this extension will be
-- mapped to properly-typed columns of a specific table.
--
CREATE TABLE [guacamole_sharing_profile_attribute] (
[sharing_profile_id] [int] NOT NULL,
[attribute_name] [nvarchar](128) NOT NULL,
[attribute_value] [nvarchar](4000) NOT NULL,
PRIMARY KEY (sharing_profile_id, attribute_name),
CONSTRAINT [FK_guacamole_sharing_profile_attribute_sharing_profile_id]
FOREIGN KEY ([sharing_profile_id])
REFERENCES [guacamole_sharing_profile] ([sharing_profile_id])
ON DELETE CASCADE
);
CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_attribute_sharing_profile_id]
ON [guacamole_sharing_profile_attribute] ([sharing_profile_id])
INCLUDE ([attribute_name], [attribute_value]);
GO

43
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/schema/upgrade/upgrade-pre-1.6.0.sql Normal file
View File

@@ -0,0 +1,43 @@
--
-- Licensed to the Apache Software Foundation (ASF) under one
-- or more contributor license agreements. See the NOTICE file
-- distributed with this work for additional information
-- regarding copyright ownership. The ASF licenses this file
-- to you under the Apache License, Version 2.0 (the
-- "License"); you may not use this file except in compliance
-- with the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing,
-- software distributed under the License is distributed on an
-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-- KIND, either express or implied. See the License for the
-- specific language governing permissions and limitations
-- under the License.
--
--
-- Add new system-level audit permission
--
EXEC sp_unbindrule 'guacamole_system_permission';
DROP RULE [guacamole_system_permission_list];
GO
CREATE RULE [guacamole_system_permission_list] AS @list IN (
'CREATE_CONNECTION',
'CREATE_CONNECTION_GROUP',
'CREATE_SHARING_PROFILE',
'CREATE_USER',
'CREATE_USER_GROUP',
'AUDIT',
'ADMINISTER'
);
GO
EXEC sp_bindrule
'guacamole_system_permission_list',
'guacamole_system_permission';
GO

50
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProvider.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.InjectedAuthenticationProvider;
import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderService;
/**
* Provides a SQLServer-based implementation of the AuthenticationProvider
* functionality.
*/
public class SQLServerAuthenticationProvider extends InjectedAuthenticationProvider {
/**
* Creates a new SQLServerAuthenticationProvider that reads and writes
* authentication data to a SQLServer database defined by properties in
* guacamole.properties.
*
* @throws GuacamoleException
* If a required property is missing, or an error occurs while parsing
* a property.
*/
public SQLServerAuthenticationProvider() throws GuacamoleException {
super(new SQLServerInjectorProvider(), JDBCAuthenticationProviderService.class);
}
@Override
public String getIdentifier() {
return "sqlserver";
}
}

148
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java Normal file
View File

@@ -0,0 +1,148 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import com.google.inject.Binder;
import com.google.inject.Module;
import com.google.inject.name.Names;
import java.lang.UnsupportedOperationException;
import java.util.Properties;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.sqlserver.conf.SQLServerDriver;
import org.apache.guacamole.auth.sqlserver.conf.SQLServerEnvironment;
import org.apache.guacamole.properties.CaseSensitivity;
import org.mybatis.guice.datasource.helper.JdbcHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Guice module which configures SQLServer-specific injections.
*/
public class SQLServerAuthenticationProviderModule implements Module {
/**
* Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(SQLServerAuthenticationProviderModule.class);
/**
* MyBatis-specific configuration properties.
*/
private final Properties myBatisProperties = new Properties();
/**
* SQLServer-specific driver configuration properties.
*/
private final Properties driverProperties = new Properties();
/**
* Which SQL Server driver should be used.
*/
private final SQLServerDriver sqlServerDriver;
/**
* Creates a new SQLServer authentication provider module that configures
* driver and MyBatis properties using the given environment.
*
* @param environment
* The environment to use when configuring MyBatis and the underlying
* JDBC driver.
*
* @throws GuacamoleException
* If a required property is missing, or an error occurs while parsing
* a property.
*/
public SQLServerAuthenticationProviderModule(SQLServerEnvironment environment)
throws GuacamoleException {
// Set the SQLServer-specific properties for MyBatis.
myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
myBatisProperties.setProperty("JDBC.host", environment.getSQLServerHostname());
myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getSQLServerPort()));
myBatisProperties.setProperty("JDBC.schema", environment.getSQLServerDatabase());
myBatisProperties.setProperty("JDBC.autoCommit", "false");
myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
// Use UTF-8 in database
driverProperties.setProperty("characterEncoding", "UTF-8");
// Trust unknown server certificates if configured to do so
if (environment.trustAllServerCertificates())
driverProperties.setProperty("trustServerCertificate", "true");
// Retrieve instance name and set it
String instance = environment.getSQLServerInstance();
if (instance != null)
driverProperties.setProperty("JDBC.instanceName", instance);
// Capture which driver to use for the connection.
this.sqlServerDriver = environment.getSQLServerDriver();
// Check for case sensitivity and warn admin.
if (environment.getCaseSensitivity() != CaseSensitivity.DISABLED)
LOGGER.warn("The SQL Server module is currently configured to support "
+ "case-sensitive username comparisons, however, the default "
+ "collations for SQL Server databases do not support "
+ "case-sensitive string comparisons. If you want usernames "
+ "within Guacamole to be treated as case-sensitive, further "
+ "database configuration may be required.");
}
@Override
public void configure(Binder binder) {
// Bind SQLServer-specific properties with the configured driver.
switch(sqlServerDriver) {
case JTDS:
JdbcHelper.SQL_Server_jTDS.configure(binder);
break;
case DATA_DIRECT:
JdbcHelper.SQL_Server_DataDirect.configure(binder);
break;
case MICROSOFT_LEGACY:
JdbcHelper.SQL_Server_MS_Driver.configure(binder);
break;
case MICROSOFT_2005:
JdbcHelper.SQL_Server_2005_MS_Driver.configure(binder);
break;
default:
throw new UnsupportedOperationException(
"A driver has been specified that is not supported by this module."
);
}
// Bind MyBatis properties
Names.bindProperties(binder, myBatisProperties);
// Bind JDBC driver properties
binder.bind(Properties.class)
.annotatedWith(Names.named("JDBC.driverProperties"))
.toInstance(driverProperties);
}
}

50
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerInjectorProvider.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import com.google.inject.Guice;
import com.google.inject.Injector;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderModule;
import org.apache.guacamole.auth.jdbc.JDBCInjectorProvider;
import org.apache.guacamole.auth.sqlserver.conf.SQLServerEnvironment;
/**
* JDBCInjectorProvider implementation which configures Guice injections for
* connecting to a SQLServer database based on SQLServer-specific options
* provided via guacamole.properties.
*/
public class SQLServerInjectorProvider extends JDBCInjectorProvider {
@Override
protected Injector create() throws GuacamoleException {
// Get local environment
SQLServerEnvironment environment = new SQLServerEnvironment();
// Set up Guice injector
return Guice.createInjector(
new JDBCAuthenticationProviderModule(environment),
new SQLServerAuthenticationProviderModule(environment)
);
}
}

50
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerSharedAuthenticationProvider.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.InjectedAuthenticationProvider;
import org.apache.guacamole.auth.jdbc.sharing.SharedAuthenticationProviderService;
/**
* Provides a implementation of AuthenticationProvider which interacts with the
* SQLServer AuthenticationProvider, accepting share keys as credentials and
* providing access to the shared connections.
*/
public class SQLServerSharedAuthenticationProvider extends InjectedAuthenticationProvider {
/**
* Creates a new SQLServerSharedAuthenticationProvider that provides access
* to shared connections exposed by the SQLServerAuthenticationProvider.
*
* @throws GuacamoleException
* If a required property is missing, or an error occurs while parsing
* a property.
*/
public SQLServerSharedAuthenticationProvider() throws GuacamoleException {
super(new SQLServerInjectorProvider(), SharedAuthenticationProviderService.class);
}
@Override
public String getIdentifier() {
return "sqlserver-shared";
}
}

52
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerDriver.java Normal file
View File

@@ -0,0 +1,52 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver.conf;
import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue;
/**
* The possible SQL Server drivers to use when using a TDS-compatible database.
*/
public enum SQLServerDriver {
/**
* The open source jTDS driver.
*/
@PropertyValue("jtds")
JTDS,
/**
* The Progress DataDirect driver.
*/
@PropertyValue("datadirect")
DATA_DIRECT,
/**
* The Microsoft Legacy SQL Server driver.
*/
@PropertyValue("microsoft")
MICROSOFT_LEGACY,
/**
* The Microsoft 2005 SQL Server driver.
*/
@PropertyValue("microsoft2005")
MICROSOFT_2005;
}

332
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java Normal file
View File

@@ -0,0 +1,332 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.guacamole.auth.jdbc.security.PasswordPolicy;
import org.apache.ibatis.session.SqlSession;
/**
* A SQLServer-specific implementation of JDBCEnvironment provides database
* properties specifically for SQLServer.
*/
public class SQLServerEnvironment extends JDBCEnvironment {
/**
* Logger for this class.
*/
private static final Logger logger = LoggerFactory.getLogger(SQLServerEnvironment.class);
/**
* The default host to connect to, if SQLSERVER_HOSTNAME is not specified.
*/
private static final String DEFAULT_HOSTNAME = "localhost";
/**
* The default port to connect to, if SQLSERVER_PORT is not specified.
*/
private static final int DEFAULT_PORT = 1433;
/**
* Whether a database user account is required by default for authentication
* to succeed.
*/
private static final boolean DEFAULT_USER_REQUIRED = false;
/**
* The default value for the maximum number of connections to be
* allowed to the Guacamole server overall.
*/
private static final int DEFAULT_ABSOLUTE_MAX_CONNECTIONS = 0;
/**
* The default value for the default maximum number of connections to be
* allowed per user to any one connection.
*/
private static final int DEFAULT_MAX_CONNECTIONS_PER_USER = 0;
/**
* The default value for the default maximum number of connections to be
* allowed per user to any one connection group.
*/
private static final int DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER = 1;
/**
* The default value for the default maximum number of connections to be
* allowed to any one connection.
*/
private static final int DEFAULT_MAX_CONNECTIONS = 0;
/**
* The default value for the default maximum number of connections to be
* allowed to any one connection group.
*/
private static final int DEFAULT_MAX_GROUP_CONNECTIONS = 0;
/**
* The default SQLServer driver to use.
*/
public static final SQLServerDriver SQLSERVER_DEFAULT_DRIVER = SQLServerDriver.MICROSOFT_2005;
/**
* The default maximum number of identifiers/parameters to be included in a
* single batch when executing SQL statements for SQL Server.
*
* SQL Server supports a maximum of 2100 parameters per query. A value of
* 500 is chosen to stay within this limit and avoid query execution errors,
* as some queries involve multiple parameters per item - namely retrieval
* of connections.
*
* @see https://docs.microsoft.com/en-us/sql/sql-server/maximum-capacity-specifications-for-sql-server
*/
private static final int DEFAULT_BATCH_SIZE = 500;
/**
* Constructs a new SQLServerEnvironment, providing access to SQLServer-specific
* configuration options.
*
* @throws GuacamoleException
* If an error occurs while setting up the underlying JDBCEnvironment
* or while parsing legacy SQLServer configuration options.
*/
public SQLServerEnvironment() throws GuacamoleException {
// Init underlying JDBC environment
super();
}
@Override
public boolean isUserRequired() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_USER_REQUIRED,
DEFAULT_USER_REQUIRED
);
}
@Override
public int getAbsoluteMaxConnections() throws GuacamoleException {
return getProperty(SQLServerGuacamoleProperties.SQLSERVER_ABSOLUTE_MAX_CONNECTIONS,
DEFAULT_ABSOLUTE_MAX_CONNECTIONS
);
}
@Override
public int getBatchSize() throws GuacamoleException {
return getProperty(SQLServerGuacamoleProperties.SQLSERVER_BATCH_SIZE,
DEFAULT_BATCH_SIZE
);
}
@Override
public int getDefaultMaxConnections() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_CONNECTIONS,
DEFAULT_MAX_CONNECTIONS
);
}
@Override
public int getDefaultMaxGroupConnections() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS,
DEFAULT_MAX_GROUP_CONNECTIONS
);
}
@Override
public int getDefaultMaxConnectionsPerUser() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_CONNECTIONS_PER_USER,
DEFAULT_MAX_CONNECTIONS_PER_USER
);
}
@Override
public int getDefaultMaxGroupConnectionsPerUser() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER,
DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER
);
}
@Override
public PasswordPolicy getPasswordPolicy() {
return new SQLServerPasswordPolicy(this);
}
/**
* Returns the hostname of the SQLServer server hosting the Guacamole
* authentication tables. If unspecified, this will be "localhost".
*
* @return
* The URL of the SQLServer server.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value.
*/
public String getSQLServerHostname() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_HOSTNAME,
DEFAULT_HOSTNAME
);
}
/**
* Returns the instance name of the SQL Server installation hosting the
* Guacamole database, if any. If unspecified it will be null.
*
* @return
* The instance name of the SQL Server install hosting the Guacamole
* database, or null if undefined.
*
* @throws GuacamoleException
* If an error occurs reading guacamole.properties.
*/
public String getSQLServerInstance() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_INSTANCE
);
}
/**
* Returns the port number of the SQLServer server hosting the Guacamole
* authentication tables. If unspecified, this will be the default
* SQLServer port of 5432.
*
* @return
* The port number of the SQLServer server.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value.
*/
public int getSQLServerPort() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_PORT,
DEFAULT_PORT
);
}
/**
* Returns the name of the SQLServer database containing the Guacamole
* authentication tables.
*
* @return
* The name of the SQLServer database.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value, or if the
* value was not set, as this property is required.
*/
public String getSQLServerDatabase() throws GuacamoleException {
return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_DATABASE);
}
@Override
public String getUsername() throws GuacamoleException {
return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_USERNAME);
}
@Override
public String getPassword() throws GuacamoleException {
return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_PASSWORD);
}
/**
* Returns which JDBC driver should be used to make the SQLServer/TDS connection.
*
* @return
* Which TDS-compatible JDBC driver should be used.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value, or if the
* value was not set, as this property is required.
*/
public SQLServerDriver getSQLServerDriver() throws GuacamoleException {
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_DRIVER,
SQLSERVER_DEFAULT_DRIVER
);
}
@Override
public boolean isRecursiveQuerySupported(SqlSession session) {
return true; // All versions of SQL Server support recursive queries through CTEs
}
@Override
public boolean autoCreateAbsentAccounts() throws GuacamoleException {
return getProperty(SQLServerGuacamoleProperties.SQLSERVER_AUTO_CREATE_ACCOUNTS,
false);
}
@Override
public boolean trackExternalConnectionHistory() throws GuacamoleException {
// Track external connection history unless explicitly disabled
return getProperty(SQLServerGuacamoleProperties.SQLSERVER_TRACK_EXTERNAL_CONNECTION_HISTORY,
true);
}
@Override
public boolean enforceAccessWindowsForActiveSessions() throws GuacamoleException {
// Enforce access window restrictions for active sessions unless explicitly disabled
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_ENFORCE_ACCESS_WINDOWS_FOR_ACTIVE_SESSIONS,
true);
}
@Override
public boolean shouldUseBatchExecutor() {
// The SQL Server driver does not work when batch execution is enabled.
// Specifically, inserts fail with com.microsoft.sqlserver.jdbc.SQLServerException:
// The statement must be executed before any results can be obtained.
// See https://github.com/microsoft/mssql-jdbc/issues/358 for more.
logger.warn(
"JDBC batch executor is disabled for SQL Server Connections. "
+ "Large batched updates may run slower."
);
return false;
}
/**
* Returns true if all server certificates should be trusted, including
* those signed by an unknown certificate authority, such as self-signed
* certificates, or false otherwise.
*
* @throws GuacamoleException
* If an error occurs while retrieving the property value, or if the
* value was not set, as this property is required.
*/
public boolean trustAllServerCertificates() throws GuacamoleException {
// Do not trust unknown certificates unless explicitly enabled
return getProperty(
SQLServerGuacamoleProperties.SQLSERVER_TRUST_ALL_SERVER_CERTIFICATES,
false);
}
}

261
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerGuacamoleProperties.java Normal file
View File

@@ -0,0 +1,261 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver.conf;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.EnumGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
/**
* Properties used by the SQLServer Authentication plugin.
*/
public class SQLServerGuacamoleProperties {
/**
* This class should not be instantiated.
*/
private SQLServerGuacamoleProperties() {}
/**
* The URL of the SQLServer server hosting the Guacamole authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_HOSTNAME =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-hostname"; }
};
/**
* The instance name of the SQL Server where the Guacamole database is running.
*/
public static final StringGuacamoleProperty SQLSERVER_INSTANCE =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-instance"; }
};
/**
* The port of the SQLServer server hosting the Guacamole authentication
* tables.
*/
public static final IntegerGuacamoleProperty SQLSERVER_PORT =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-port"; }
};
/**
* The name of the SQLServer database containing the Guacamole
* authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_DATABASE =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-database"; }
};
/**
* The username used to authenticate to the SQLServer database containing
* the Guacamole authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_USERNAME =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-username"; }
};
/**
* The password used to authenticate to the SQLServer database containing
* the Guacamole authentication tables.
*/
public static final StringGuacamoleProperty SQLSERVER_PASSWORD =
new StringGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-password"; }
};
/**
* Whether a user account within the database is required for authentication
* to succeed, even if the user has been authenticated via another
* authentication provider.
*/
public static final BooleanGuacamoleProperty
SQLSERVER_USER_REQUIRED = new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-required"; }
};
/**
* The maximum number of concurrent connections to allow overall. Zero
* denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_ABSOLUTE_MAX_CONNECTIONS =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-absolute-max-connections"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection. Zero denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_CONNECTIONS =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-connections"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection group. Zero denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-group-connections"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection by an individual user. Zero denotes unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_CONNECTIONS_PER_USER =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-connections-per-user"; }
};
/**
* The maximum number of concurrent connections to allow to any one
* connection group by an individual user. Zero denotes
* unlimited.
*/
public static final IntegerGuacamoleProperty
SQLSERVER_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-default-max-group-connections-per-user"; }
};
/**
* Which TDS-compatible JDBC driver should be used for the connection.
*/
public static final EnumGuacamoleProperty<SQLServerDriver>
SQLSERVER_DRIVER = new EnumGuacamoleProperty<SQLServerDriver>(SQLServerDriver.class) {
@Override
public String getName() { return "sqlserver-driver"; }
};
/**
* Whether or not to automatically create accounts in the SQL Server
* database for users who successfully authenticate through another
* extension. By default users will not be automatically created.
*/
public static final BooleanGuacamoleProperty SQLSERVER_AUTO_CREATE_ACCOUNTS =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-auto-create-accounts"; }
};
/**
* Whether or not to track connection history for connections that do not originate
* from within the SQL Server database. By default, external connection history will be
* tracked.
*/
public static final BooleanGuacamoleProperty SQLSERVER_TRACK_EXTERNAL_CONNECTION_HISTORY =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-track-external-connection-history"; }
};
/**
* Whether or not user-specific access time windows should be enforced for active sessions,
* i.e. whether users with active sessions should be logged out immediately when an access
* window closes.
*/
public static final BooleanGuacamoleProperty SQLSERVER_ENFORCE_ACCESS_WINDOWS_FOR_ACTIVE_SESSIONS =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-enforce-access-windows-for-active-sessions"; }
};
/**
* The maximum number of identifiers/parameters to be included in a single batch when
* executing SQL statements.
*/
public static final IntegerGuacamoleProperty SQLSERVER_BATCH_SIZE =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-batch-size"; }
};
/**
* Whether or not all server certificates should be trusted, including those
* signed by an unknown certificate authority, such as self-signed
* certificates.
*/
public static final BooleanGuacamoleProperty SQLSERVER_TRUST_ALL_SERVER_CERTIFICATES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-trust-all-server-certificates"; }
};
}

194
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerPasswordPolicy.java Normal file
View File

@@ -0,0 +1,194 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.sqlserver.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.security.PasswordPolicy;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
/**
* PasswordPolicy implementation which reads the details of the policy from
* SQLServer-specific properties in guacamole.properties.
*/
public class SQLServerPasswordPolicy implements PasswordPolicy {
/**
* The property which specifies the minimum length required of all user
* passwords. By default, this will be zero.
*/
private static final IntegerGuacamoleProperty MIN_LENGTH =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-min-length"; }
};
/**
* The property which specifies the minimum number of days which must
* elapse before a user may reset their password. If set to zero, the
* default, then this restriction does not apply.
*/
private static final IntegerGuacamoleProperty MIN_AGE =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-min-age"; }
};
/**
* The property which specifies the maximum number of days which may
* elapse before a user is required to reset their password. If set to zero,
* the default, then this restriction does not apply.
*/
private static final IntegerGuacamoleProperty MAX_AGE =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-max-age"; }
};
/**
* The property which specifies the number of previous passwords remembered
* for each user. If set to zero, the default, then this restriction does
* not apply.
*/
private static final IntegerGuacamoleProperty HISTORY_SIZE =
new IntegerGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-history-size"; }
};
/**
* The property which specifies whether all user passwords must have at
* least one lowercase character and one uppercase character. By default,
* no such restriction is imposed.
*/
private static final BooleanGuacamoleProperty REQUIRE_MULTIPLE_CASE =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-require-multiple-case"; }
};
/**
* The property which specifies whether all user passwords must have at
* least one numeric character (digit). By default, no such restriction is
* imposed.
*/
private static final BooleanGuacamoleProperty REQUIRE_DIGIT =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-require-digit"; }
};
/**
* The property which specifies whether all user passwords must have at
* least one non-alphanumeric character (symbol). By default, no such
* restriction is imposed.
*/
private static final BooleanGuacamoleProperty REQUIRE_SYMBOL =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-require-symbol"; }
};
/**
* The property which specifies whether users are prohibited from including
* their own username in their password. By default, no such restriction is
* imposed.
*/
private static final BooleanGuacamoleProperty PROHIBIT_USERNAME =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "sqlserver-user-password-prohibit-username"; }
};
/**
* The Guacamole server environment.
*/
private final JDBCEnvironment environment;
/**
* Creates a new SQLServerPasswordPolicy which reads the details of the
* policy from the properties exposed by the given environment.
*
* @param environment
* The environment from which password policy properties should be
* read.
*/
public SQLServerPasswordPolicy(JDBCEnvironment environment) {
this.environment = environment;
}
@Override
public int getMinimumLength() throws GuacamoleException {
return environment.getProperty(MIN_LENGTH, 0);
}
@Override
public int getMinimumAge() throws GuacamoleException {
return environment.getProperty(MIN_AGE, 0);
}
@Override
public int getMaximumAge() throws GuacamoleException {
return environment.getProperty(MAX_AGE, 0);
}
@Override
public int getHistorySize() throws GuacamoleException {
return environment.getProperty(HISTORY_SIZE, 0);
}
@Override
public boolean isMultipleCaseRequired() throws GuacamoleException {
return environment.getProperty(REQUIRE_MULTIPLE_CASE, false);
}
@Override
public boolean isNumericRequired() throws GuacamoleException {
return environment.getProperty(REQUIRE_DIGIT, false);
}
@Override
public boolean isNonAlphanumericRequired() throws GuacamoleException {
return environment.getProperty(REQUIRE_SYMBOL, false);
}
@Override
public boolean isUsernameProhibited() throws GuacamoleException {
return environment.getProperty(PROHIBIT_USERNAME, false);
}
}

23
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/package-info.java Normal file
View File

@@ -0,0 +1,23 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* The SQLServer authentication provider.
*/
package org.apache.guacamole.auth.sqlserver;

36
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/guac-manifest.json Normal file
View File

@@ -0,0 +1,36 @@
{
"guacamoleVersion" : "1.6.0",
"name" : "SQLServer Authentication",
"namespace" : "sqlserver",
"authProviders" : [
"org.apache.guacamole.auth.sqlserver.SQLServerAuthenticationProvider",
"org.apache.guacamole.auth.sqlserver.SQLServerSharedAuthenticationProvider"
],
"css" : [
"styles/jdbc.css"
],
"html" : [
"html/shared-connection.html"
],
"translations" : [
"translations/ca.json",
"translations/de.json",
"translations/en.json",
"translations/es.json",
"translations/fr.json",
"translations/ja.json",
"translations/ko.json",
"translations/pl.json",
"translations/pt.json",
"translations/ru.json",
"translations/zh.json"
]
}

151
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml Normal file
View File

@@ -0,0 +1,151 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.base.EntityMapper" >
<!--
* SQL fragment which tests whether the value of the given column matches
* the given entity ID. If group identifiers are provided, the IDs of the
* entities for all groups having those identifiers are tested, as well.
* Disabled groups are ignored.
*
* @param column
* The name of the column to test. This column MUST contain an entity
* ID (a foreign key into the [guacamole_entity] table).
*
* @param entityID
* The ID of the specific entity to test the column against.
*
* @param groups
* A collection of group identifiers to additionally test the column
* against. Though this functionality is optional, a collection must
* always be given, even if that collection is empty.
-->
<sql id="isRelatedEntity">
(
${column} = ${entityID}
<if test="!${groups}.isEmpty()">
OR ${column} IN (
SELECT [guacamole_entity].entity_id
FROM [guacamole_entity]
JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE
type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
name IN
<foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND disabled = 0
)
</if>
)
</sql>
<!-- Select names of all effective groups (including inherited) -->
<select id="selectEffectiveGroupIdentifiers" resultType="string">
WITH [related_entity] ([entity_id], [path]) AS (
SELECT
[guacamole_user_group].entity_id,
'{' + CAST([guacamole_user_group].entity_id AS VARCHAR(MAX)) + '}'
FROM [guacamole_user_group]
JOIN [guacamole_user_group_member] ON [guacamole_user_group].user_group_id = [guacamole_user_group_member].user_group_id
WHERE
[guacamole_user_group_member].member_entity_id = #{entity.entityID}
AND [guacamole_user_group].disabled = 0
<if test="!effectiveGroups.isEmpty()">
UNION ALL
SELECT
[guacamole_entity].entity_id,
'{' + CAST([guacamole_entity].entity_id AS VARCHAR(MAX)) + '}'
FROM [guacamole_entity]
JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE
type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
name IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(name) IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
LOWER(#{effectiveGroup,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].disabled = 0
</if>
UNION ALL
SELECT
[guacamole_user_group].entity_id,
[related_entity].path + '{' + CAST([guacamole_user_group].entity_id AS VARCHAR(MAX)) + '}'
FROM [related_entity]
JOIN [guacamole_user_group_member] ON [related_entity].entity_id = [guacamole_user_group_member].member_entity_id
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_member].user_group_id
WHERE
[guacamole_user_group].disabled = 0
AND [related_entity].path NOT LIKE '%{' + CAST([guacamole_user_group].entity_id AS VARCHAR(MAX)) + '}%'
)
SELECT DISTINCT name
FROM [related_entity]
JOIN [guacamole_entity] ON [related_entity].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER_GROUP';
</select>
<!-- Insert single entity -->
<insert id="insert" useGeneratedKeys="true" keyProperty="entity.entityID"
parameterType="org.apache.guacamole.auth.jdbc.base.EntityModel">
INSERT INTO [guacamole_entity] (
name,
type
)
VALUES (
#{entity.identifier,jdbcType=VARCHAR},
#{entity.entityType,jdbcType=VARCHAR}
)
</insert>
</mapper>

348
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml Normal file
View File

@@ -0,0 +1,348 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper" >
<!-- Result mapper for connection objects -->
<resultMap id="ConnectionResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionModel" >
<!-- Connection properties -->
<id column="connection_id" property="objectID" jdbcType="INTEGER"/>
<result column="connection_name" property="name" jdbcType="VARCHAR"/>
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
<result column="protocol" property="protocol" jdbcType="VARCHAR"/>
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
<result column="proxy_hostname" property="proxyHostname" jdbcType="VARCHAR"/>
<result column="proxy_port" property="proxyPort" jdbcType="INTEGER"/>
<result column="proxy_encryption_method" property="proxyEncryptionMethod" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.GuacamoleProxyConfiguration$EncryptionMethod"/>
<result column="connection_weight" property="connectionWeight" jdbcType="INTEGER"/>
<result column="failover_only" property="failoverOnly" jdbcType="BOOLEAN"/>
<result column="last_active" property="lastActive" jdbcType="TIMESTAMP"/>
<!-- Associated sharing profiles -->
<collection property="sharingProfileIdentifiers" resultSet="sharingProfiles" ofType="java.lang.String"
column="connection_id" foreignColumn="primary_connection_id">
<result column="sharing_profile_id"/>
</collection>
<!-- Arbitrary attributes -->
<collection property="arbitraryAttributes" resultSet="arbitraryAttributes"
ofType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel"
column="connection_id" foreignColumn="connection_id">
<result property="name" column="attribute_name" jdbcType="VARCHAR"/>
<result property="value" column="attribute_value" jdbcType="VARCHAR"/>
</collection>
</resultMap>
<!-- Select all connection identifiers -->
<select id="selectIdentifiers" resultType="string">
SELECT connection_id
FROM [guacamole_connection]
</select>
<!--
* SQL fragment which lists the IDs of all connections readable by the
* entity having the given entity ID. If group identifiers are provided,
* the IDs of the entities for all groups having those identifiers are
* tested, as well. Disabled groups are ignored.
*
* @param entityID
* The ID of the specific entity to test against.
*
* @param groups
* A collection of group identifiers to additionally test against.
* Though this functionality is optional, a collection must always be
* given, even if that collection is empty.
-->
<sql id="getReadableIDs">
SELECT DISTINCT connection_id
FROM [guacamole_connection_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = 'READ'
</sql>
<!-- Select identifiers of all readable connections -->
<select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select all connection identifiers within a particular connection group -->
<select id="selectIdentifiersWithin" resultType="string">
SELECT connection_id
FROM [guacamole_connection]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
</select>
<!-- Select identifiers of all readable connections within a particular connection group -->
<select id="selectReadableIdentifiersWithin" resultType="string">
SELECT [guacamole_connection].connection_id
FROM [guacamole_connection]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
</select>
<!-- Select multiple connections by identifier -->
<select id="select" resultMap="ConnectionResultMap"
resultSets="connections,sharingProfiles,arbitraryAttributes">
SELECT
[guacamole_connection].connection_id,
[guacamole_connection].connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only,
(
SELECT MAX(start_date)
FROM [guacamole_connection_history]
WHERE [guacamole_connection_history].connection_id = [guacamole_connection].connection_id
) AS last_active
FROM [guacamole_connection]
WHERE [guacamole_connection].connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT primary_connection_id, sharing_profile_id
FROM [guacamole_sharing_profile]
WHERE primary_connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT
connection_id,
attribute_name,
attribute_value
FROM [guacamole_connection_attribute]
WHERE connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
</select>
<!-- Select multiple connections by identifier only if readable -->
<select id="selectReadable" resultMap="ConnectionResultMap"
resultSets="connections,sharingProfiles,arbitraryAttributes">
SELECT
[guacamole_connection].connection_id,
[guacamole_connection].connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only,
(
SELECT MAX(start_date)
FROM [guacamole_connection_history]
WHERE [guacamole_connection_history].connection_id = [guacamole_connection].connection_id
) AS last_active
FROM [guacamole_connection]
WHERE [guacamole_connection].connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_connection].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
SELECT primary_connection_id, [guacamole_sharing_profile].sharing_profile_id
FROM [guacamole_sharing_profile]
WHERE primary_connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_sharing_profile].sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
SELECT
[guacamole_connection_attribute].connection_id,
attribute_name,
attribute_value
FROM [guacamole_connection_attribute]
WHERE [guacamole_connection_attribute].connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_connection_attribute].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
</select>
<!-- Select single connection by name -->
<select id="selectOneByName" resultMap="ConnectionResultMap">
SELECT
[guacamole_connection].connection_id,
[guacamole_connection].connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only,
(
SELECT MAX(start_date)
FROM [guacamole_connection_history]
WHERE [guacamole_connection_history].connection_id = [guacamole_connection].connection_id
) AS last_active
FROM [guacamole_connection]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND [guacamole_connection].connection_name = #{name,jdbcType=VARCHAR}
</select>
<!-- Delete single connection by identifier -->
<delete id="delete">
DELETE FROM [guacamole_connection]
WHERE connection_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert single connection -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionModel">
INSERT INTO [guacamole_connection] (
connection_name,
parent_id,
protocol,
max_connections,
max_connections_per_user,
proxy_hostname,
proxy_port,
proxy_encryption_method,
connection_weight,
failover_only
)
VALUES (
#{object.name,jdbcType=VARCHAR},
#{object.parentIdentifier,jdbcType=INTEGER},
#{object.protocol,jdbcType=VARCHAR},
#{object.maxConnections,jdbcType=INTEGER},
#{object.maxConnectionsPerUser,jdbcType=INTEGER},
#{object.proxyHostname,jdbcType=VARCHAR},
#{object.proxyPort,jdbcType=INTEGER},
#{object.proxyEncryptionMethod,jdbcType=VARCHAR},
#{object.connectionWeight,jdbcType=INTEGER},
#{object.failoverOnly,jdbcType=INTEGER}
)
</insert>
<!-- Update single connection -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionModel">
UPDATE [guacamole_connection]
SET connection_name = #{object.name,jdbcType=VARCHAR},
parent_id = #{object.parentIdentifier,jdbcType=INTEGER},
protocol = #{object.protocol,jdbcType=VARCHAR},
max_connections = #{object.maxConnections,jdbcType=INTEGER},
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER},
proxy_hostname = #{object.proxyHostname,jdbcType=VARCHAR},
proxy_port = #{object.proxyPort,jdbcType=INTEGER},
proxy_encryption_method = #{object.proxyEncryptionMethod,jdbcType=VARCHAR},
connection_weight = #{object.connectionWeight,jdbcType=INTEGER},
failover_only = #{object.failoverOnly,jdbcType=INTEGER}
WHERE connection_id = #{object.objectID,jdbcType=INTEGER}
</update>
<!-- Delete attributes associated with connection -->
<delete id="deleteAttributes">
DELETE FROM [guacamole_connection_attribute]
WHERE connection_id = #{object.objectID,jdbcType=INTEGER}
</delete>
<!-- Insert attributes for connection -->
<insert id="insertAttributes" parameterType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel">
INSERT INTO [guacamole_connection_attribute] (
connection_id,
attribute_name,
attribute_value
)
VALUES
<foreach collection="object.arbitraryAttributes" item="attribute" separator=",">
(#{object.objectID,jdbcType=INTEGER},
#{attribute.name,jdbcType=VARCHAR},
#{attribute.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

68
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml Normal file
View File

@@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper">
<!-- Result mapper for connection parameters -->
<resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
<result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
<result column="parameter_name" property="name" jdbcType="VARCHAR"/>
<result column="parameter_value" property="value" jdbcType="VARCHAR"/>
</resultMap>
<!-- Select all parameters of a given connection -->
<select id="select" resultMap="ParameterResultMap">
SELECT
connection_id,
parameter_name,
parameter_value
FROM [guacamole_connection_parameter]
WHERE
connection_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Delete all parameters of a given connection -->
<delete id="delete">
DELETE FROM [guacamole_connection_parameter]
WHERE connection_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert all given parameters -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
INSERT INTO [guacamole_connection_parameter] (
connection_id,
parameter_name,
parameter_value
)
VALUES
<foreach collection="parameters" item="parameter" separator=",">
(#{parameter.connectionIdentifier,jdbcType=INTEGER},
#{parameter.name,jdbcType=VARCHAR},
#{parameter.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

257
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml Normal file
View File

@@ -0,0 +1,257 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper" >
<!-- Result mapper for system permissions -->
<resultMap id="ConnectionRecordResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel">
<id column="history_id" property="recordID" jdbcType="INTEGER"/>
<result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
<result column="connection_name" property="connectionName" jdbcType="VARCHAR"/>
<result column="remote_host" property="remoteHost" jdbcType="VARCHAR"/>
<result column="sharing_profile_id" property="sharingProfileIdentifier" jdbcType="INTEGER"/>
<result column="sharing_profile_name" property="sharingProfileName" jdbcType="VARCHAR"/>
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="start_date" property="startDate" jdbcType="TIMESTAMP"/>
<result column="end_date" property="endDate" jdbcType="TIMESTAMP"/>
</resultMap>
<!-- Update the given connection record, assigning an end date -->
<update id="updateEndDate" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel">
UPDATE [guacamole_connection_history]
SET end_date = #{record.endDate,jdbcType=TIMESTAMP}
WHERE history_id = #{record.recordID,jdbcType=INTEGER}
</update>
<!-- Insert the given connection record -->
<insert id="insert" useGeneratedKeys="true" keyProperty="record.recordID"
parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel">
INSERT INTO [guacamole_connection_history] (
connection_id,
connection_name,
remote_host,
sharing_profile_id,
sharing_profile_name,
user_id,
username,
start_date,
end_date
)
VALUES (
#{record.connectionIdentifier,jdbcType=INTEGER},
#{record.connectionName,jdbcType=VARCHAR},
#{record.remoteHost,jdbcType=VARCHAR},
#{record.sharingProfileIdentifier,jdbcType=INTEGER},
#{record.sharingProfileName,jdbcType=VARCHAR},
(SELECT user_id FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{record.username,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{record.username,jdbcType=VARCHAR})
</otherwise>
</choose>
AND [guacamole_entity].type = 'USER'),
#{record.username,jdbcType=VARCHAR},
#{record.startDate,jdbcType=TIMESTAMP},
#{record.endDate,jdbcType=TIMESTAMP}
)
</insert>
<!-- Search for specific connection records -->
<select id="search" resultMap="ConnectionRecordResultMap">
SELECT TOP (#{limit,jdbcType=INTEGER})
[guacamole_connection_history].history_id,
[guacamole_connection_history].connection_id,
[guacamole_connection_history].connection_name,
[guacamole_connection_history].remote_host,
[guacamole_connection_history].sharing_profile_id,
[guacamole_connection_history].sharing_profile_name,
[guacamole_connection_history].user_id,
[guacamole_connection_history].username,
[guacamole_connection_history].start_date,
[guacamole_connection_history].end_date
FROM [guacamole_connection_history]
<!-- Search terms -->
<where>
<if test="recordIdentifier != null">
[guacamole_connection_history].history_id = #{recordIdentifier,jdbcType=INTEGER}
</if>
<if test="identifier != null">
AND [guacamole_connection_history].connection_id = #{identifier,jdbcType=INTEGER}
</if>
<foreach collection="terms" item="term" open=" AND " separator=" AND ">
(
[guacamole_connection_history].user_id IN (
SELECT user_id
FROM [guacamole_user]
WHERE
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN username) > 0
</when>
<otherwise>
CHARINDEX(LOWER(#{term.term,jdbcType=VARCHAR}) IN LOWER(username)) > 0
</otherwise>
</choose>
)
OR [guacamole_connection_history].connection_id IN (
SELECT connection_id
FROM [guacamole_connection]
WHERE CHARINDEX(#{term.term,jdbcType=VARCHAR}, connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">
OR start_date BETWEEN #{term.startDate,jdbcType=TIMESTAMP} AND #{term.endDate,jdbcType=TIMESTAMP}
</if>
)
</foreach>
</where>
<!-- Bind sort property enum values for sake of readability -->
<bind name="START_DATE" value="@org.apache.guacamole.net.auth.ActivityRecordSet$SortableProperty@START_DATE"/>
<!-- Sort predicates -->
<foreach collection="sortPredicates" item="sortPredicate"
open="ORDER BY " separator=", ">
<choose>
<when test="sortPredicate.property == START_DATE">[guacamole_connection_history].start_date</when>
<otherwise>1</otherwise>
</choose>
<if test="sortPredicate.descending">DESC</if>
</foreach>
</select>
<!-- Search for specific connection records -->
<select id="searchReadable" resultMap="ConnectionRecordResultMap">
SELECT TOP (#{limit,jdbcType=INTEGER})
[guacamole_connection_history].history_id,
[guacamole_connection_history].connection_id,
[guacamole_connection_history].connection_name,
[guacamole_connection_history].remote_host,
[guacamole_connection_history].sharing_profile_id,
[guacamole_connection_history].sharing_profile_name,
[guacamole_connection_history].user_id,
[guacamole_connection_history].username,
[guacamole_connection_history].start_date,
[guacamole_connection_history].end_date
FROM [guacamole_connection_history]
LEFT JOIN [guacamole_connection] ON [guacamole_connection_history].connection_id = [guacamole_connection].connection_id
LEFT JOIN [guacamole_user] ON [guacamole_connection_history].user_id = [guacamole_user].user_id
<!-- Search terms -->
<where>
<if test="recordIdentifier != null">
[guacamole_connection_history].history_id = #{recordIdentifier,jdbcType=INTEGER}
</if>
<!-- Restrict to readable connections -->
AND [guacamole_connection_history].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
<!-- Restrict to readable users -->
AND [guacamole_connection_history].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
<if test="identifier != null">
AND [guacamole_connection_history].connection_id = #{identifier,jdbcType=INTEGER}
</if>
<foreach collection="terms" item="term" open=" AND " separator=" AND ">
(
[guacamole_connection_history].user_id IN (
SELECT user_id
FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
<choose>
<hen test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0
</when>
<otherwise>
CHARINDEX(LOWER(#{term.term,jdbcType=VARCHAR}) IN LOWER(guacamole_entity.name)) > 0
</otherwise>
</choose>
AND [guacamole_entity].type = 'USER'
)
OR [guacamole_connection_history].connection_id IN (
SELECT connection_id
FROM [guacamole_connection]
WHERE CHARINDEX(#{term.term,jdbcType=VARCHAR}, connection_name) > 0
)
<if test="term.startDate != null and term.endDate != null">
OR start_date BETWEEN #{term.startDate,jdbcType=TIMESTAMP} AND #{term.endDate,jdbcType=TIMESTAMP}
</if>
)
</foreach>
</where>
<!-- Bind sort property enum values for sake of readability -->
<bind name="START_DATE" value="@org.apache.guacamole.net.auth.ActivityRecordSet$SortableProperty@START_DATE"/>
<!-- Sort predicates -->
<foreach collection="sortPredicates" item="sortPredicate"
open="ORDER BY " separator=", ">
<choose>
<when test="sortPredicate.property == START_DATE">[guacamole_connection_history].start_date</when>
<otherwise>1</otherwise>
</choose>
<if test="sortPredicate.descending">DESC</if>
</foreach>
</select>
</mapper>

333
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml Normal file
View File

@@ -0,0 +1,333 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper" >
<!-- Result mapper for connection objects -->
<resultMap id="ConnectionGroupResultMap" type="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel" >
<!-- Connection group properties -->
<id column="connection_group_id" property="objectID" jdbcType="INTEGER"/>
<result column="connection_group_name" property="name" jdbcType="VARCHAR"/>
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
<result column="type" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.ConnectionGroup$Type"/>
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
<result column="enable_session_affinity" property="sessionAffinityEnabled" jdbcType="INTEGER"/>
<!-- Child connection groups -->
<collection property="connectionGroupIdentifiers" resultSet="childConnectionGroups" ofType="java.lang.String"
column="connection_group_id" foreignColumn="parent_id">
<result column="connection_group_id"/>
</collection>
<!-- Child connections -->
<collection property="connectionIdentifiers" resultSet="childConnections" ofType="java.lang.String"
column="connection_group_id" foreignColumn="parent_id">
<result column="connection_id"/>
</collection>
<!-- Arbitrary attributes -->
<collection property="arbitraryAttributes" resultSet="arbitraryAttributes"
ofType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel"
column="connection_group_id" foreignColumn="connection_group_id">
<result property="name" column="attribute_name" jdbcType="VARCHAR"/>
<result property="value" column="attribute_value" jdbcType="VARCHAR"/>
</collection>
</resultMap>
<!-- Select all connection group identifiers -->
<select id="selectIdentifiers" resultType="string">
SELECT connection_group_id
FROM [guacamole_connection_group]
</select>
<!--
* SQL fragment which lists the IDs of all connection groups readable by
* the entity having the given entity ID. If group identifiers are
* provided, the IDs of the entities for all groups having those
* identifiers are tested, as well. Disabled groups are ignored.
*
* @param entityID
* The ID of the specific entity to test against.
*
* @param groups
* A collection of group identifiers to additionally test against.
* Though this functionality is optional, a collection must always be
* given, even if that collection is empty.
-->
<sql id="getReadableIDs">
SELECT DISTINCT connection_group_id
FROM [guacamole_connection_group_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = 'READ'
</sql>
<!-- Select identifiers of all readable connection groups -->
<select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select all connection identifiers within a particular connection group -->
<select id="selectIdentifiersWithin" resultType="string">
SELECT connection_group_id
FROM [guacamole_connection_group]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
</select>
<!-- Select identifiers of all readable connection groups within a particular connection group -->
<select id="selectReadableIdentifiersWithin" resultType="string">
SELECT [guacamole_connection_group].connection_group_id
FROM [guacamole_connection_group]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
</select>
<!-- Select multiple connection groups by identifier -->
<select id="select" resultMap="ConnectionGroupResultMap"
resultSets="connectionGroups,childConnectionGroups,childConnections,arbitraryAttributes">
SELECT
connection_group_id,
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
FROM [guacamole_connection_group]
WHERE connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT parent_id, connection_group_id
FROM [guacamole_connection_group]
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT parent_id, connection_id
FROM [guacamole_connection]
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT
connection_group_id,
attribute_name,
attribute_value
FROM [guacamole_connection_group_attribute]
WHERE connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
</select>
<!-- Select multiple connection groups by identifier only if readable -->
<select id="selectReadable" resultMap="ConnectionGroupResultMap"
resultSets="connectionGroups,childConnectionGroups,childConnections,arbitraryAttributes">
SELECT
[guacamole_connection_group].connection_group_id,
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
FROM [guacamole_connection_group]
WHERE [guacamole_connection_group].connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_connection_group].connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
SELECT parent_id, [guacamole_connection_group].connection_group_id
FROM [guacamole_connection_group]
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_connection_group].connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
SELECT parent_id, [guacamole_connection].connection_id
FROM [guacamole_connection]
WHERE parent_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_connection].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
SELECT
[guacamole_connection_group_attribute].connection_group_id,
attribute_name,
attribute_value
FROM [guacamole_connection_group_attribute]
WHERE [guacamole_connection_group_attribute].connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_connection_group_attribute].connection_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
</select>
<!-- Select single connection group by name -->
<select id="selectOneByName" resultMap="ConnectionGroupResultMap">
SELECT
connection_group_id,
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
FROM [guacamole_connection_group]
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND connection_group_name = #{name,jdbcType=VARCHAR}
</select>
<!-- Delete single connection group by identifier -->
<delete id="delete">
DELETE FROM [guacamole_connection_group]
WHERE connection_group_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert single connection -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
INSERT INTO [guacamole_connection_group] (
connection_group_name,
parent_id,
type,
max_connections,
max_connections_per_user,
enable_session_affinity
)
VALUES (
#{object.name,jdbcType=VARCHAR},
#{object.parentIdentifier,jdbcType=INTEGER},
#{object.type,jdbcType=VARCHAR},
#{object.maxConnections,jdbcType=INTEGER},
#{object.maxConnectionsPerUser,jdbcType=INTEGER},
#{object.sessionAffinityEnabled,jdbcType=INTEGER}
)
</insert>
<!-- Update single connection group -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
UPDATE [guacamole_connection_group]
SET connection_group_name = #{object.name,jdbcType=VARCHAR},
parent_id = #{object.parentIdentifier,jdbcType=INTEGER},
type = #{object.type,jdbcType=VARCHAR},
max_connections = #{object.maxConnections,jdbcType=INTEGER},
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER},
enable_session_affinity = #{object.sessionAffinityEnabled,jdbcType=INTEGER}
WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
</update>
<!-- Delete attributes associated with connection group -->
<delete id="deleteAttributes">
DELETE FROM [guacamole_connection_group_attribute]
WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
</delete>
<!-- Insert attributes for connection group -->
<insert id="insertAttributes" parameterType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel">
INSERT INTO [guacamole_connection_group_attribute] (
connection_group_id,
attribute_name,
attribute_value
)
VALUES
<foreach collection="object.arbitraryAttributes" item="attribute" separator=",">
(#{object.objectID,jdbcType=INTEGER},
#{attribute.name,jdbcType=VARCHAR},
#{attribute.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

139
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml Normal file
View File

@@ -0,0 +1,139 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper" >
<!-- Result mapper for connection permissions -->
<resultMap id="ConnectionGroupPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="connection_group_id" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="ConnectionGroupPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_group_id
FROM [guacamole_connection_group_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="ConnectionGroupPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_group_id
FROM [guacamole_connection_group_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}
AND connection_group_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Select identifiers accessible by the given entity for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT connection_group_id
FROM [guacamole_connection_group_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE FROM [guacamole_connection_group_permission]
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
(entity_id = #{permission.entityID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND
connection_group_id = #{permission.objectIdentifier,jdbcType=INTEGER})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_connection_group_permission] (
entity_id,
permission,
connection_group_id
)
SELECT DISTINCT
permissions.entity_id,
permissions.permission,
permissions.connection_group_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.entityID,jdbcType=INTEGER} AS entity_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS connection_group_id
</foreach>
AS permissions
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_connection_group_permission]
WHERE [guacamole_connection_group_permission].entity_id = permissions.entity_id AND
[guacamole_connection_group_permission].permission = permissions.permission AND
[guacamole_connection_group_permission].connection_group_id = permissions.connection_group_id
);
</insert>
</mapper>

139
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml Normal file
View File

@@ -0,0 +1,139 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.ConnectionPermissionMapper" >
<!-- Result mapper for connection permissions -->
<resultMap id="ConnectionPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="connection_id" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="ConnectionPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_id
FROM [guacamole_connection_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="ConnectionPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_id
FROM [guacamole_connection_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}
AND connection_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Select identifiers accessible by the given entity for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT connection_id
FROM [guacamole_connection_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE FROM [guacamole_connection_permission]
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
(entity_id = #{permission.entityID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND
connection_id = #{permission.objectIdentifier,jdbcType=INTEGER})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_connection_permission] (
entity_id,
permission,
connection_id
)
SELECT DISTINCT
permissions.entity_id,
permissions.permission,
permissions.connection_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.entityID,jdbcType=INTEGER} AS entity_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS connection_id
</foreach>
AS permissions
WHERE NOT EXISTS ( SELECT 1 FROM [guacamole_connection_permission]
WHERE [guacamole_connection_permission].entity_id = permissions.entity_id AND
[guacamole_connection_permission].permission = permissions.permission AND
[guacamole_connection_permission].connection_id = permissions.connection_id
);
</insert>
</mapper>

139
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml Normal file
View File

@@ -0,0 +1,139 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper">
<!-- Result mapper for sharing profile permissions -->
<resultMap id="SharingProfilePermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="sharing_profile_id" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="SharingProfilePermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
sharing_profile_id
FROM [guacamole_sharing_profile_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="SharingProfilePermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
sharing_profile_id
FROM [guacamole_sharing_profile_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}
AND sharing_profile_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Select identifiers accessible by the given entity for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT sharing_profile_id
FROM [guacamole_sharing_profile_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE FROM [guacamole_sharing_profile_permission]
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
(entity_id = #{permission.entityID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND
sharing_profile_id = #{permission.objectIdentifier,jdbcType=INTEGER})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_sharing_profile_permission] (
entity_id,
permission,
sharing_profile_id
)
SELECT DISTINCT
permissions.entity_id,
permissions.permission,
permissions.sharing_profile_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.entityID,jdbcType=INTEGER} AS entity_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS sharing_profile_id
</foreach>
AS permissions
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_sharing_profile_permission]
WHERE [guacamole_sharing_profile_permission].entity_id = permissions.entity_id
AND [guacamole_sharing_profile_permission].permission = permissions.permission
AND [guacamole_sharing_profile_permission].sharing_profile_id = permissions.sharing_profile_id
);
</insert>
</mapper>

105
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml Normal file
View File

@@ -0,0 +1,105 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.SystemPermissionMapper" >
<!-- Result mapper for system permissions -->
<resultMap id="SystemPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.SystemPermissionModel">
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.SystemPermission$Type"/>
</resultMap>
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="SystemPermissionResultMap">
SELECT DISTINCT
#{entity.entityID} AS entity_id,
permission
FROM [guacamole_system_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="SystemPermissionResultMap">
SELECT DISTINCT
#{entity.entityID} AS entity_id,
permission
FROM [guacamole_system_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.SystemPermissionModel">
DELETE FROM [guacamole_system_permission]
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
(entity_id = #{permission.entityID,jdbcType=INTEGER}
AND permission = #{permission.type,jdbcType=VARCHAR})
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.SystemPermissionModel">
INSERT INTO [guacamole_system_permission] (
entity_id,
permission
)
SELECT DISTINCT
permissions.entity_id,
permissions.permission
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.entityID,jdbcType=INTEGER} AS entity_id,
#{permission.type,jdbcType=VARCHAR} AS permission
</foreach>
AS permissions
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_system_permission]
WHERE [guacamole_system_permission].entity_id = permissions.entity_id
AND [guacamole_system_permission].permission = permissions.permission
);
</insert>
</mapper>

192
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml Normal file
View File

@@ -0,0 +1,192 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.UserGroupPermissionMapper" >
<!-- Result mapper for user group permissions -->
<resultMap id="UserGroupPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="affected_name" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="UserGroupPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM [guacamole_user_group_permission]
JOIN [guacamole_user_group] affected_group ON [guacamole_user_group_permission].affected_user_group_id = affected_group.user_group_id
JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_group_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND affected_entity.type = 'USER_GROUP'
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="UserGroupPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM [guacamole_user_group_permission]
JOIN [guacamole_user_group] affected_group ON [guacamole_user_group_permission].affected_user_group_id = affected_group.user_group_id
JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_group_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND affected_entity.type = 'USER_GROUP'
AND permission = #{type,jdbcType=VARCHAR}
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</select>
<!-- Select identifiers accessible by the given entity for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT affected_entity.name
FROM [guacamole_user_group_permission]
JOIN [guacamole_user_group] affected_group ON [guacamole_user_group_permission].affected_user_group_id = affected_group.user_group_id
JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_group_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND affected_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(affected_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE [guacamole_user_group_permission]
FROM [guacamole_user_group_permission]
JOIN [guacamole_user_group] affected_group ON [guacamole_user_group_permission].affected_user_group_id = affected_group.user_group_id
JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
([guacamole_user_group_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND
affected_entity.type = 'USER_GROUP'
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR})
</otherwise>
</choose>
)
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_user_group_permission] (
entity_id,
permission,
affected_user_group_id
)
SELECT DISTINCT
permissions.entity_id,
permissions.permission,
affected_group.user_group_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.entityID,jdbcType=INTEGER} AS entity_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=VARCHAR} AS affected_name
</foreach>
AS permissions
JOIN [guacamole_entity] affected_entity ON
affected_entity.type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
affected_entity.name = permissions.affected_name
</when>
<test>
LOWER(affected_entity.name) = LOWER(permissions.affected_name)
</test>
</choose>
JOIN [guacamole_user_group] affected_group ON affected_group.entity_id = affected_entity.entity_id
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_group_permission]
WHERE [guacamole_user_group_permission].entity_id = permissions.entity_id
AND [guacamole_user_group_permission].permission = permissions.permission
AND [guacamole_user_group_permission].affected_user_group_id = affected_group.user_group_id
);
</insert>
</mapper>

193
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml Normal file
View File

@@ -0,0 +1,193 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.permission.UserPermissionMapper" >
<!-- Result mapper for user permissions -->
<resultMap id="UserPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="permission" property="type" jdbcType="VARCHAR"
javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
<result column="affected_name" property="objectIdentifier" jdbcType="INTEGER"/>
</resultMap>
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="UserPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM [guacamole_user_permission]
JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id
JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
affected_entity.type = 'USER'
AND
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="UserPermissionResultMap">
SELECT DISTINCT
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM [guacamole_user_permission]
JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id
JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND affected_entity.type = 'USER'
AND permission = #{type,jdbcType=VARCHAR}
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</select>
<!-- Select identifiers accessible by the given entity for the given permissions -->
<select id="selectAccessibleIdentifiers" resultType="string">
SELECT DISTINCT affected_entity.name
FROM [guacamole_user_permission]
JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id
JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="[guacamole_user_permission].entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND affected_entity.type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER(affected_entity.name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND permission IN
<foreach collection="permissions" item="permission"
open="(" separator="," close=")">
#{permission,jdbcType=VARCHAR}
</foreach>
</select>
<!-- Delete all given permissions -->
<delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
DELETE [guacamole_user_permission]
FROM [guacamole_user_permission]
JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id
JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
<foreach collection="permissions" item="permission"
open="(" separator=" OR " close=")">
([guacamole_user_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND
permission = #{permission.type,jdbcType=VARCHAR} AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(affected_entity.name = LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR})
</otherwise>
</choose>
AND
affected_entity.type = 'USER')
</foreach>
</delete>
<!-- Insert all given permissions -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
INSERT INTO [guacamole_user_permission] (
entity_id,
permission,
affected_user_id
)
SELECT DISTINCT
permissions.entity_id,
permissions.permission,
affected_user.user_id
FROM
<foreach collection="permissions" item="permission"
open="(" separator="UNION ALL" close=")">
SELECT #{permission.entityID,jdbcType=INTEGER} AS entity_id,
#{permission.type,jdbcType=VARCHAR} AS permission,
#{permission.objectIdentifier,jdbcType=INTEGER} AS affected_name
</foreach>
AS permissions
JOIN [guacamole_entity] affected_entity ON
affected_entity.type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
affected_entity.name = permissions.affected_name
</when>
<otherwise>
LOWER(affected_entity.name) = LOWER(permissions.affected_name)
</otherwise>
</choose>
JOIN [guacamole_user] affected_user ON affected_user.entity_id = affected_entity.entity_id
WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_permission]
WHERE [guacamole_user_permission].entity_id = permissions.entity_id
AND [guacamole_user_permission].permission = permissions.permission
AND [guacamole_user_permission].affected_user_id = affected_user.user_id
);
</insert>
</mapper>

220
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml Normal file
View File

@@ -0,0 +1,220 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper">
<!-- Result mapper for sharing profile objects -->
<resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
<!-- Sharing profile properties -->
<id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/>
<result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/>
<result column="primary_connection_id" property="parentIdentifier" jdbcType="INTEGER"/>
<!-- Arbitrary attributes -->
<collection property="arbitraryAttributes" resultSet="arbitraryAttributes"
ofType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel"
column="sharing_profile_id" foreignColumn="sharing_profile_id">
<result property="name" column="attribute_name" jdbcType="VARCHAR"/>
<result property="value" column="attribute_value" jdbcType="VARCHAR"/>
</collection>
</resultMap>
<!-- Select all sharing profile identifiers -->
<select id="selectIdentifiers" resultType="string">
SELECT sharing_profile_id
FROM [guacamole_sharing_profile]
</select>
<!--
* SQL fragment which lists the IDs of all sharing profiles readable by
* the entity having the given entity ID. If group identifiers are
* provided, the IDs of the entities for all groups having those
* identifiers are tested, as well. Disabled groups are ignored.
*
* @param entityID
* The ID of the specific entity to test against.
*
* @param groups
* A collection of group identifiers to additionally test against.
* Though this functionality is optional, a collection must always be
* given, even if that collection is empty.
-->
<sql id="getReadableIDs">
SELECT DISTINCT sharing_profile_id
FROM [guacamole_sharing_profile_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = 'READ'
</sql>
<!-- Select identifiers of all readable sharing profiles -->
<select id="selectReadableIdentifiers" resultType="string">
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
</select>
<!-- Select multiple sharing profiles by identifier -->
<select id="select" resultMap="SharingProfileResultMap"
resultSets="sharingProfiles,arbitraryAttributes">
SELECT
sharing_profile_id,
sharing_profile_name,
primary_connection_id
FROM [guacamole_sharing_profile]
WHERE sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
SELECT
sharing_profile_id,
attribute_name,
attribute_value
FROM [guacamole_sharing_profile_attribute]
WHERE sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>;
</select>
<!-- Select multiple sharing profiles by identifier only if readable -->
<select id="selectReadable" resultMap="SharingProfileResultMap"
resultSets="sharingProfiles,arbitraryAttributes">
SELECT
[guacamole_sharing_profile].sharing_profile_id,
[guacamole_sharing_profile].sharing_profile_name,
primary_connection_id
FROM [guacamole_sharing_profile]
WHERE [guacamole_sharing_profile].sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_sharing_profile].sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
SELECT
[guacamole_sharing_profile_attribute].sharing_profile_id,
attribute_name,
attribute_value
FROM [guacamole_sharing_profile_attribute]
WHERE [guacamole_sharing_profile_attribute].sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}
</foreach>
AND [guacamole_sharing_profile_attribute].sharing_profile_id IN (
<include refid="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
</select>
<!-- Select single sharing profile by name -->
<select id="selectOneByName" resultMap="SharingProfileResultMap">
SELECT
sharing_profile_id,
sharing_profile_name,
primary_connection_id
FROM [guacamole_sharing_profile]
WHERE
primary_connection_id = #{parentIdentifier,jdbcType=INTEGER}
AND sharing_profile_name = #{name,jdbcType=VARCHAR}
</select>
<!-- Delete single sharing profile by identifier -->
<delete id="delete">
DELETE FROM [guacamole_sharing_profile]
WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert single sharing profile -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
INSERT INTO [guacamole_sharing_profile] (
sharing_profile_name,
primary_connection_id
)
VALUES (
#{object.name,jdbcType=VARCHAR},
#{object.parentIdentifier,jdbcType=INTEGER}
)
</insert>
<!-- Update single sharing profile -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
UPDATE [guacamole_sharing_profile]
SET sharing_profile_name = #{object.name,jdbcType=VARCHAR},
primary_connection_id = #{object.parentIdentifier,jdbcType=INTEGER}
WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}
</update>
<!-- Delete attributes associated with sharing profile -->
<delete id="deleteAttributes">
DELETE FROM [guacamole_sharing_profile_attribute]
WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}
</delete>
<!-- Insert attributes for sharing profile -->
<insert id="insertAttributes" parameterType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel">
INSERT INTO [guacamole_sharing_profile_attribute] (
sharing_profile_id,
attribute_name,
attribute_value
)
VALUES
<foreach collection="object.arbitraryAttributes" item="attribute" separator=",">
(#{object.objectID,jdbcType=INTEGER},
#{attribute.name,jdbcType=VARCHAR},
#{attribute.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

68
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml Normal file
View File

@@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper">
<!-- Result mapper for sharing profile parameters -->
<resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
<result column="sharing_profile_id" property="sharingProfileIdentifier" jdbcType="INTEGER"/>
<result column="parameter_name" property="name" jdbcType="VARCHAR"/>
<result column="parameter_value" property="value" jdbcType="VARCHAR"/>
</resultMap>
<!-- Select all parameters of a given sharing profile -->
<select id="select" resultMap="ParameterResultMap">
SELECT
sharing_profile_id,
parameter_name,
parameter_value
FROM [guacamole_sharing_profile_parameter]
WHERE
sharing_profile_id = #{identifier,jdbcType=INTEGER}
</select>
<!-- Delete all parameters of a given sharing profile -->
<delete id="delete">
DELETE FROM [guacamole_sharing_profile_parameter]
WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}
</delete>
<!-- Insert all given parameters -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
INSERT INTO [guacamole_sharing_profile_parameter] (
sharing_profile_id,
parameter_name,
parameter_value
)
VALUES
<foreach collection="parameters" item="parameter" separator=",">
(#{parameter.sharingProfileIdentifier,jdbcType=INTEGER},
#{parameter.name,jdbcType=VARCHAR},
#{parameter.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

86
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml Normal file
View File

@@ -0,0 +1,86 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.user.PasswordRecordMapper" >
<!-- Result mapper for historical passwords -->
<resultMap id="PasswordRecordResultMap" type="org.apache.guacamole.auth.jdbc.user.PasswordRecordModel">
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
<result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
<result column="password_date" property="passwordDate" jdbcType="TIMESTAMP"/>
</resultMap>
<!-- Select all password records for a given user -->
<select id="select" resultMap="PasswordRecordResultMap">
SELECT TOP (#{maxHistorySize,jdbcType=INTEGER})
[guacamole_user_password_history].user_id,
[guacamole_user_password_history].password_hash,
[guacamole_user_password_history].password_salt,
[guacamole_user_password_history].password_date
FROM [guacamole_user_password_history]
JOIN [guacamole_user] ON [guacamole_user_password_history].user_id = [guacamole_user].user_id
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{username,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR})
</otherwise>
</choose>
ORDER BY
[guacamole_user_password_history].password_date DESC
</select>
<!-- Insert the given password record -->
<insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.user.PasswordRecordModel">
INSERT INTO [guacamole_user_password_history] (
user_id,
password_hash,
password_salt,
password_date
)
VALUES (
#{record.userID,jdbcType=INTEGER},
#{record.passwordHash,jdbcType=BINARY},
#{record.passwordSalt,jdbcType=BINARY},
#{record.passwordDate,jdbcType=TIMESTAMP}
);
DELETE FROM [guacamole_user_password_history]
WHERE user_id = #{record.userID,jdbcType=INTEGER}
AND password_history_id NOT IN (
SELECT TOP(#{maxHistorySize}) password_history_id
FROM [guacamole_user_password_history]
WHERE user_id = #{record.userID,jdbcType=INTEGER}
ORDER BY password_date DESC
);
</insert>
</mapper>

457
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml Normal file
View File

@@ -0,0 +1,457 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.user.UserMapper" >
<!-- Result mapper for user objects -->
<resultMap id="UserResultMap" type="org.apache.guacamole.auth.jdbc.user.UserModel" >
<!-- User properties -->
<id column="user_id" property="objectID" jdbcType="INTEGER"/>
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="name" property="identifier" jdbcType="VARCHAR"/>
<result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
<result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
<result column="password_date" property="passwordDate" jdbcType="TIMESTAMP"/>
<result column="disabled" property="disabled" jdbcType="INTEGER"/>
<result column="expired" property="expired" jdbcType="INTEGER"/>
<result column="access_window_start" property="accessWindowStart" jdbcType="TIME"/>
<result column="access_window_end" property="accessWindowEnd" jdbcType="TIME"/>
<result column="valid_from" property="validFrom" jdbcType="DATE"/>
<result column="valid_until" property="validUntil" jdbcType="DATE"/>
<result column="timezone" property="timeZone" jdbcType="VARCHAR"/>
<result column="full_name" property="fullName" jdbcType="VARCHAR"/>
<result column="email_address" property="emailAddress" jdbcType="VARCHAR"/>
<result column="organization" property="organization" jdbcType="VARCHAR"/>
<result column="organizational_role" property="organizationalRole" jdbcType="VARCHAR"/>
<result column="last_active" property="lastActive" jdbcType="TIMESTAMP"/>
<!-- Arbitrary attributes -->
<collection property="arbitraryAttributes" resultSet="arbitraryAttributes"
ofType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel"
column="user_id" foreignColumn="user_id">
<result property="name" column="attribute_name" jdbcType="VARCHAR"/>
<result property="value" column="attribute_value" jdbcType="VARCHAR"/>
</collection>
</resultMap>
<!-- Select all usernames -->
<select id="selectIdentifiers" resultType="string">
SELECT name
FROM [guacamole_entity]
WHERE [guacamole_entity].type = 'USER'
</select>
<!--
* SQL fragment which lists the IDs of all users readable by the entity
* having the given entity ID. If group identifiers are provided, the IDs
* of the entities for all groups having those identifiers are tested, as
* well. Disabled groups are ignored.
*
* @param entityID
* The ID of the specific entity to test against.
*
* @param groups
* A collection of group identifiers to additionally test against.
* Though this functionality is optional, a collection must always be
* given, even if that collection is empty.
-->
<sql id="getReadableIDs">
SELECT DISTINCT [guacamole_user_permission].affected_user_id
FROM [guacamole_user_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = 'READ'
</sql>
<!-- Select usernames of all readable users -->
<select id="selectReadableIdentifiers" resultType="string">
SELECT [guacamole_entity].name
FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
AND [guacamole_entity].type = 'USER'
</select>
<!-- Select multiple users by username -->
<select id="select" resultMap="UserResultMap"
resultSets="users,arbitraryAttributes">
SELECT
[guacamole_user].user_id,
[guacamole_entity].entity_id,
[guacamole_entity].name,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role,
(
SELECT MAX(start_date)
FROM [guacamole_user_history]
WHERE [guacamole_user_history].user_id = [guacamole_user].user_id
) AS last_active
FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name
</when>
<otherwise>
LOWER([guacamole_entity].name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach>
;
SELECT
[guacamole_user_attribute].user_id,
[guacamole_user_attribute].attribute_name,
[guacamole_user_attribute].attribute_value
FROM [guacamole_user_attribute]
JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name
</when>
<otherwise>
LOWER([guacamole_entity].name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach>
;
</select>
<!-- Select multiple users by username only if readable -->
<select id="selectReadable" resultMap="UserResultMap"
resultSets="users,arbitraryAttributes">
SELECT
[guacamole_user].user_id,
[guacamole_entity].entity_id,
[guacamole_entity].name,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role,
(
SELECT MAX(start_date)
FROM [guacamole_user_history]
WHERE [guacamole_user_history].user_id = [guacamole_user].user_id
) AS last_active
FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name
</when>
<otherwise>
LOWER([guacamole_entity].name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach>
AND [guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
);
SELECT
[guacamole_user_attribute].user_id,
[guacamole_user_attribute].attribute_name,
[guacamole_user_attribute].attribute_value
FROM [guacamole_user_attribute]
JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name
</when>
<otherwise>
LOWER([guacamole_entity].name)
</otherwise>
</choose>
IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach>
AND [guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
</select>
<!-- Select single user by username -->
<select id="selectOne" resultMap="UserResultMap"
resultSets="users,arbitraryAttributes">
SELECT
[guacamole_user].user_id,
[guacamole_entity].entity_id,
[guacamole_entity].name,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role,
(
SELECT MAX(start_date)
FROM [guacamole_user_history]
WHERE [guacamole_user_history].user_id = [guacamole_user].user_id
) AS last_active
FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{username,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR})
</otherwise>
</choose>
;
SELECT
[guacamole_user_attribute].user_id,
[guacamole_user_attribute].attribute_name,
[guacamole_user_attribute].attribute_value
FROM [guacamole_user_attribute]
JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{username,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR})
</otherwise>
</choose>
</select>
<!-- Delete single user by username -->
<delete id="delete">
DELETE FROM [guacamole_entity]
WHERE
type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</delete>
<!-- Insert single user -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.user.UserModel">
INSERT INTO [guacamole_user] (
entity_id,
password_hash,
password_salt,
password_date,
disabled,
expired,
access_window_start,
access_window_end,
valid_from,
valid_until,
timezone,
full_name,
email_address,
organization,
organizational_role
)
VALUES (
#{object.entityID,jdbcType=VARCHAR},
#{object.passwordHash,jdbcType=BINARY},
#{object.passwordSalt,jdbcType=BINARY},
#{object.passwordDate,jdbcType=TIMESTAMP},
#{object.disabled,jdbcType=INTEGER},
#{object.expired,jdbcType=INTEGER},
#{object.accessWindowStart,jdbcType=TIME},
#{object.accessWindowEnd,jdbcType=TIME},
#{object.validFrom,jdbcType=DATE},
#{object.validUntil,jdbcType=DATE},
#{object.timeZone,jdbcType=VARCHAR},
#{object.fullName,jdbcType=VARCHAR},
#{object.emailAddress,jdbcType=VARCHAR},
#{object.organization,jdbcType=VARCHAR},
#{object.organizationalRole,jdbcType=VARCHAR}
)
</insert>
<!-- Update single user -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.user.UserModel">
UPDATE [guacamole_user]
SET password_hash = #{object.passwordHash,jdbcType=BINARY},
password_salt = #{object.passwordSalt,jdbcType=BINARY},
password_date = #{object.passwordDate,jdbcType=TIMESTAMP},
disabled = #{object.disabled,jdbcType=INTEGER},
expired = #{object.expired,jdbcType=INTEGER},
access_window_start = #{object.accessWindowStart,jdbcType=TIME},
access_window_end = #{object.accessWindowEnd,jdbcType=TIME},
valid_from = #{object.validFrom,jdbcType=DATE},
valid_until = #{object.validUntil,jdbcType=DATE},
timezone = #{object.timeZone,jdbcType=VARCHAR},
full_name = #{object.fullName,jdbcType=VARCHAR},
email_address = #{object.emailAddress,jdbcType=VARCHAR},
organization = #{object.organization,jdbcType=VARCHAR},
organizational_role = #{object.organizationalRole,jdbcType=VARCHAR}
WHERE user_id = #{object.objectID,jdbcType=INTEGER}
</update>
<!-- Delete attributes associated with user -->
<delete id="deleteAttributes">
DELETE FROM [guacamole_user_attribute]
WHERE user_id = #{object.objectID,jdbcType=INTEGER}
</delete>
<!-- Insert attributes for user -->
<insert id="insertAttributes" parameterType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel">
INSERT INTO [guacamole_user_attribute] (
user_id,
attribute_name,
attribute_value
)
VALUES
<foreach collection="object.arbitraryAttributes" item="attribute" separator=",">
(#{object.objectID,jdbcType=INTEGER},
#{attribute.name,jdbcType=VARCHAR},
#{attribute.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

122
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml Normal file
View File

@@ -0,0 +1,122 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.user.UserParentUserGroupMapper" >
<!-- Select the names of all parent user groups -->
<select id="selectChildIdentifiers" resultType="string">
SELECT name
FROM [guacamole_user_group_member]
JOIN [guacamole_user_group] ON [guacamole_user_group_member].user_group_id = [guacamole_user_group].user_group_id
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group].entity_id
WHERE
[guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
</select>
<!-- Select the names of all readable parent user groups -->
<select id="selectReadableChildIdentifiers" resultType="string">
SELECT [guacamole_entity].name
FROM [guacamole_user_group_member]
JOIN [guacamole_user_group] ON [guacamole_user_group_member].user_group_id = [guacamole_user_group].user_group_id
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group].entity_id
WHERE
[guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
</select>
<!-- Delete parent groups by name -->
<delete id="delete">
DELETE [guacamole_user_group_member]
FROM [guacamole_user_group_member]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_member].user_group_id
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group].entity_id
WHERE
member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete>
<!-- Insert parent groups by name -->
<insert id="insert">
INSERT INTO [guacamole_user_group_member] (
user_group_id,
member_entity_id
)
SELECT DISTINCT
[guacamole_user_group].user_group_id,
#{parent.entityID,jdbcType=INTEGER}
FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].user_group_id NOT IN (
SELECT [guacamole_user_group_member].user_group_id
FROM [guacamole_user_group_member]
WHERE [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER}
)
</insert>
</mapper>

223
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml Normal file
View File

@@ -0,0 +1,223 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.user.UserRecordMapper" >
<!-- Result mapper for system permissions -->
<resultMap id="UserRecordResultMap" type="org.apache.guacamole.auth.jdbc.base.ActivityRecordModel">
<id column="history_id" property="recordID" jdbcType="INTEGER"/>
<result column="remote_host" property="remoteHost" jdbcType="VARCHAR"/>
<result column="user_id" property="userID" jdbcType="INTEGER"/>
<result column="username" property="username" jdbcType="VARCHAR"/>
<result column="start_date" property="startDate" jdbcType="TIMESTAMP"/>
<result column="end_date" property="endDate" jdbcType="TIMESTAMP"/>
</resultMap>
<!-- Insert the given user record -->
<insert id="insert" useGeneratedKeys="true" keyProperty="record.recordID"
parameterType="org.apache.guacamole.auth.jdbc.base.ActivityRecordModel">
INSERT INTO [guacamole_user_history] (
remote_host,
user_id,
username,
start_date,
end_date
)
VALUES (
#{record.remoteHost,jdbcType=VARCHAR},
(SELECT user_id FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{record.username,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{record.username,jdbcType=VARCHAR})
</otherwise>
</choose>
AND [guacamole_entity].type = 'USER'),
#{record.username,jdbcType=VARCHAR},
#{record.startDate,jdbcType=TIMESTAMP},
#{record.endDate,jdbcType=TIMESTAMP}
)
</insert>
<!-- Update the given user record, assigning an end date -->
<update id="updateEndDate" parameterType="org.apache.guacamole.auth.jdbc.base.ActivityRecordModel">
UPDATE [guacamole_user_history]
SET end_date = #{record.endDate,jdbcType=TIMESTAMP}
WHERE history_id = #{record.recordID,jdbcType=INTEGER}
</update>
<!-- Search for specific user records -->
<select id="search" resultMap="UserRecordResultMap">
SELECT TOP (#{limit,jdbcType=INTEGER})
[guacamole_user_history].history_id,
[guacamole_user_history].remote_host,
[guacamole_user_history].user_id,
[guacamole_user_history].username,
[guacamole_user_history].start_date,
[guacamole_user_history].end_date
FROM [guacamole_user_history]
<!-- Search terms -->
<where>
<if test="identifier != null">
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_user_history].username = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_user_history].username) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</if>
<foreach collection="terms" item="term" open=" AND " separator=" AND ">
(
[guacamole_user_history].user_id IN (
SELECT user_id
FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0
</when>
<otherwise>
CHARINDEX(LOWER(#{term.term,jdbcType=VARCHAR}) IN LOWER([guacamole_entity].name)) > 0
</otherwise>
</choose>
AND [guacamole_entity].type = 'USER'),
)
<if test="term.startDate != null and term.endDate != null">
OR start_date BETWEEN #{term.startDate,jdbcType=TIMESTAMP} AND #{term.endDate,jdbcType=TIMESTAMP}
</if>
)
</foreach>
</where>
<!-- Bind sort property enum values for sake of readability -->
<bind name="START_DATE" value="@org.apache.guacamole.net.auth.ActivityRecordSet$SortableProperty@START_DATE"/>
<!-- Sort predicates -->
<foreach collection="sortPredicates" item="sortPredicate"
open="ORDER BY " separator=", ">
<choose>
<when test="sortPredicate.property == START_DATE">[guacamole_user_history].start_date</when>
<otherwise>1</otherwise>
</choose>
<if test="sortPredicate.descending">DESC</if>
</foreach>
</select>
<!-- Search for specific user records -->
<select id="searchReadable" resultMap="UserRecordResultMap">
SELECT TOP (#{limit,jdbcType=INTEGER})
[guacamole_user_history].history_id,
[guacamole_user_history].remote_host,
[guacamole_user_history].user_id,
[guacamole_user_history].username,
[guacamole_user_history].start_date,
[guacamole_user_history].end_date
FROM [guacamole_user_history]
<!-- Search terms -->
<where>
<!-- Restrict to readable users -->
[guacamole_connection_history].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
<if test="identifier != null">
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name = #{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</if>
<foreach collection="terms" item="term" open=" AND " separator=" AND ">
(
[guacamole_user_history].user_id IN (
SELECT user_id
FROM [guacamole_user]
JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0
</when>
<otherwise>
CHARINDEX(LOWER(#{term.term,jdbcType=VARCHAR}) IN LOWER([guacamole_entity].name)) > 0
</otherwise>
</choose>
AND [guacamole_entity].type = 'USER'
)
<if test="term.startDate != null and term.endDate != null">
OR start_date BETWEEN #{term.startDate,jdbcType=TIMESTAMP} AND #{term.endDate,jdbcType=TIMESTAMP}
</if>
)
</foreach>
</where>
<!-- Bind sort property enum values for sake of readability -->
<bind name="START_DATE" value="@org.apache.guacamole.net.auth.ActivityRecordSet$SortableProperty@START_DATE"/>
<!-- Sort predicates -->
<foreach collection="sortPredicates" item="sortPredicate"
open="ORDER BY " separator=", ">
<choose>
<when test="sortPredicate.property == START_DATE">[guacamole_user_history].start_date</when>
<otherwise>1</otherwise>
</choose>
<if test="sortPredicate.descending">DESC</if>
</foreach>
</select>
</mapper>

323
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml Normal file
View File

@@ -0,0 +1,323 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper" >
<!-- Result mapper for user group objects -->
<resultMap id="UserGroupResultMap" type="org.apache.guacamole.auth.jdbc.usergroup.UserGroupModel" >
<!-- User group properties -->
<id column="user_group_id" property="objectID" jdbcType="INTEGER"/>
<result column="entity_id" property="entityID" jdbcType="INTEGER"/>
<result column="name" property="identifier" jdbcType="VARCHAR"/>
<result column="disabled" property="disabled" jdbcType="BOOLEAN"/>
<!-- Arbitrary attributes -->
<collection property="arbitraryAttributes" resultSet="arbitraryAttributes"
ofType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel"
column="user_group_id" foreignColumn="user_group_id">
<result property="name" column="attribute_name" jdbcType="VARCHAR"/>
<result property="value" column="attribute_value" jdbcType="VARCHAR"/>
</collection>
</resultMap>
<!-- Select all group names -->
<select id="selectIdentifiers" resultType="string">
SELECT name
FROM [guacamole_entity]
WHERE [guacamole_entity].type = 'USER_GROUP'
</select>
<!--
* SQL fragment which lists the IDs of all user groups readable by the
* entity having the given entity ID. If group identifiers are provided,
* the IDs of the entities for all groups having those identifiers are
* tested, as well. Disabled groups are ignored.
*
* @param entityID
* The ID of the specific entity to test against.
*
* @param groups
* A collection of group identifiers to additionally test against.
* Though this functionality is optional, a collection must always be
* given, even if that collection is empty.
-->
<sql id="getReadableIDs">
SELECT DISTINCT [guacamole_user_group_permission].affected_user_group_id
FROM [guacamole_user_group_permission]
WHERE
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="${entityID}"/>
<property name="groups" value="${groups}"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
AND permission = 'READ'
</sql>
<!-- Select names of all readable groups -->
<select id="selectReadableIdentifiers" resultType="string">
SELECT [guacamole_entity].name
FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_entity].type = 'USER_GROUP'
AND [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
</select>
<!-- Select multiple groups by name -->
<select id="select" resultMap="UserGroupResultMap"
resultSets="users,arbitraryAttributes">
SELECT
[guacamole_user_group].user_group_id,
[guacamole_entity].entity_id,
[guacamole_entity].name,
disabled
FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
;
SELECT
[guacamole_user_group_attribute].user_group_id,
[guacamole_user_group_attribute].attribute_name,
[guacamole_user_group_attribute].attribute_value
FROM [guacamole_user_group_attribute]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
;
</select>
<!-- Select multiple groups by name only if readable -->
<select id="selectReadable" resultMap="UserGroupResultMap"
resultSets="users,arbitraryAttributes">
SELECT
[guacamole_user_group].user_group_id,
[guacamole_entity].entity_id,
[guacamole_entity].name,
disabled
FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
SELECT
[guacamole_user_group_attribute].user_group_id,
[guacamole_user_group_attribute].attribute_name,
[guacamole_user_group_attribute].attribute_value
FROM [guacamole_user_group_attribute]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
);
</select>
<!-- Select single group by name -->
<select id="selectOne" resultMap="UserGroupResultMap"
resultSets="users,arbitraryAttributes">
SELECT
[guacamole_user_group].user_group_id,
[guacamole_entity].entity_id,
[guacamole_entity].name,
disabled
FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
;
SELECT
[guacamole_user_group_attribute].user_group_id,
[guacamole_user_group_attribute].attribute_name,
[guacamole_user_group_attribute].attribute_value
FROM [guacamole_user_group_attribute]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name = #{name,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR})
</otherwise>
</choose>
</select>
<!-- Delete single group by name -->
<delete id="delete">
DELETE FROM [guacamole_entity]
WHERE
name = #{identifier,jdbcType=VARCHAR}
AND type = 'USER_GROUP'
</delete>
<!-- Insert single group -->
<insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
parameterType="org.apache.guacamole.auth.jdbc.usergroup.UserGroupModel">
INSERT INTO [guacamole_user_group] (
entity_id,
disabled
)
VALUES (
#{object.entityID,jdbcType=VARCHAR},
#{object.disabled,jdbcType=BOOLEAN}
)
</insert>
<!-- Update single group -->
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.usergroup.UserGroupModel">
UPDATE [guacamole_user_group]
SET disabled = #{object.disabled,jdbcType=BOOLEAN}
WHERE user_group_id = #{object.objectID,jdbcType=VARCHAR}
</update>
<!-- Delete attributes associated with group -->
<delete id="deleteAttributes">
DELETE FROM [guacamole_user_group_attribute]
WHERE user_group_id = #{object.objectID,jdbcType=INTEGER}
</delete>
<!-- Insert attributes for group -->
<insert id="insertAttributes" parameterType="org.apache.guacamole.auth.jdbc.base.ArbitraryAttributeModel">
INSERT INTO [guacamole_user_group_attribute] (
user_group_id,
attribute_name,
attribute_value
)
VALUES
<foreach collection="object.arbitraryAttributes" item="attribute" separator=",">
(#{object.objectID,jdbcType=INTEGER},
#{attribute.name,jdbcType=VARCHAR},
#{attribute.value,jdbcType=VARCHAR})
</foreach>
</insert>
</mapper>

118
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml Normal file
View File

@@ -0,0 +1,118 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserGroupMapper" >
<!-- Select the names of all member user groups -->
<select id="selectChildIdentifiers" resultType="string">
SELECT name
FROM [guacamole_user_group_member]
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group_member].member_entity_id
WHERE
[guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
</select>
<!-- Select the names of all readable member user groups -->
<select id="selectReadableChildIdentifiers" resultType="string">
SELECT [guacamole_entity].name
FROM [guacamole_user_group_member]
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group_member].member_entity_id
JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
</select>
<!-- Delete member groups by name -->
<delete id="delete">
DELETE [guacamole_user_group_member]
FROM [guacamole_user_group_member]
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = member_entity_id
WHERE
user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete>
<!-- Insert member groups by name -->
<insert id="insert">
INSERT INTO [guacamole_user_group_member] (
user_group_id,
member_entity_id
)
SELECT DISTINCT
#{parent.objectID,jdbcType=INTEGER},
[guacamole_entity].entity_id
FROM [guacamole_entity]
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier})
</foreach>
</otherwise>
</choose>
AND [guacamole_entity].entity_id NOT IN (
SELECT [guacamole_user_group_member].member_entity_id
FROM [guacamole_user_group_member]
WHERE [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
)
</insert>
</mapper>

124
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml Normal file
View File

@@ -0,0 +1,124 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserMapper" >
<!-- Select the username of all member users -->
<select id="selectChildIdentifiers" resultType="string">
SELECT name
FROM [guacamole_user_group_member]
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group_member].member_entity_id
WHERE
[guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER'
</select>
<!-- Select the usernames of all readable member users -->
<select id="selectReadableChildIdentifiers" resultType="string">
SELECT [guacamole_entity].name
FROM [guacamole_user_group_member]
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group_member].member_entity_id
JOIN [guacamole_user] ON [guacamole_user].entity_id = [guacamole_entity].entity_id
WHERE
[guacamole_user].user_id IN (
<include refid="org.apache.guacamole.auth.jdbc.user.UserMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER'
</select>
<!-- Delete member users by name -->
<delete id="delete">
DELETE [guacamole_user_group_member]
FROM [guacamole_user_group_member]
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = member_entity_id
WHERE
user_group_id = #{parent.objectID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name
</when>
<otherwise>
LOWER([guacamole_entity].name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier,jdbcType=VARCHAR}
</when>
<otherwise>
LOWER(#{identifier,jdbcType=VARCHAR})
</otherwise>
</choose>
</foreach>
</delete>
<!-- Insert member users by name -->
<insert id="insert">
INSERT INTO [guacamole_user_group_member] (
user_group_id,
member_entity_id
)
SELECT DISTINCT
#{parent.objectID,jdbcType=INTEGER},
[guacamole_entity].entity_id
FROM [guacamole_entity]
WHERE [guacamole_entity].type = 'USER'
AND
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
[guacamole_entity].name
</when>
<otherwise>
LOWER([guacamole_entity].name)
</otherwise>
</choose>
IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
<choose>
<when test="caseSensitivity.caseSensitiveUsernames()">
#{identifier}
</when>
<otherwise>
LOWER(#{identifier})
</otherwise>
</choose>
</foreach>
AND [guacamole_entity].entity_id NOT IN (
SELECT [guacamole_user_group_member].member_entity_id
FROM [guacamole_user_group_member]
WHERE [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER}
)
</insert>
</mapper>

120
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml Normal file
View File

@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<mapper namespace="org.apache.guacamole.auth.jdbc.usergroup.UserGroupParentUserGroupMapper" >
<!-- Select the names of all parent user groups -->
<select id="selectChildIdentifiers" resultType="string">
SELECT name
FROM [guacamole_user_group_member]
JOIN [guacamole_user_group] ON [guacamole_user_group_member].user_group_id = [guacamole_user_group].user_group_id
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group].entity_id
WHERE
[guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
</select>
<!-- Select the names of all readable parent user groups -->
<select id="selectReadableChildIdentifiers" resultType="string">
SELECT [guacamole_entity].name
FROM [guacamole_user_group_member]
JOIN [guacamole_user_group] ON [guacamole_user_group_member].user_group_id = [guacamole_user_group].user_group_id
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group].entity_id
WHERE
[guacamole_user_group].user_group_id IN (
<include refid="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
<property name="caseSensitivity" value="${caseSensitivity}"/>
</include>
)
AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
</select>
<!-- Delete parent groups by name -->
<delete id="delete">
DELETE [guacamole_user_group_member]
FROM [guacamole_user_group_member]
JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_member].user_group_id
JOIN [guacamole_entity] ON [guacamole_entity].entity_id = [guacamole_user_group].entity_id
WHERE
member_entity_id = #{parent.entityID,jdbcType=INTEGER}
AND [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
</delete>
<!-- Insert parent groups by name -->
<insert id="insert">
INSERT INTO [guacamole_user_group_member] (
user_group_id,
member_entity_id
)
SELECT DISTINCT
[guacamole_user_group].user_group_id,
#{parent.entityID,jdbcType=INTEGER}
FROM [guacamole_user_group]
JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id
WHERE [guacamole_entity].type = 'USER_GROUP'
AND
<choose>
<when test="caseSensitivity.caseSensitiveGroupNames()">
[guacamole_entity].name IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
#{identifier,jdbcType=VARCHAR}
</foreach>
</when>
<otherwise>
LOWER([guacamole_entity].name) IN
<foreach collection="children" item="identifier"
open="(" separator="," close=")">
LOWER(#{identifier,jdbcType=VARCHAR})
</foreach>
</otherwise>
</choose>
AND [guacamole_user_group].user_group_id NOT IN (
SELECT [guacamole_user_group_member].user_group_id
FROM [guacamole_user_group_member]
WHERE [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER}
)
</insert>
</mapper>