Skip to content

Commit

Permalink
GUACAMOLE-1239: Add case-sensitivity configuration for UserGroup obje…
Browse files Browse the repository at this point in the history
…cts and remove per-extension configuration.
  • Loading branch information
necouchman committed Nov 5, 2024
1 parent cdc4524 commit 8bd95a2
Show file tree
Hide file tree
Showing 96 changed files with 2,084 additions and 931 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel;
Expand Down Expand Up @@ -56,6 +55,12 @@ public class HistoryTrackingConnection extends DelegatingConnection {
* established connections.
*/
private final ConnectionRecordMapper connectionRecordMapper;

/**
* The environment in which Guacamole is running.
*/
@Inject
private JDBCEnvironment environment;

/**
* Creates a new HistoryConnection that wraps the given connection,
Expand Down Expand Up @@ -100,7 +105,7 @@ public GuacamoleTunnel connect(GuacamoleClientInformation info,

// Insert the connection history record to mark the start of this connection
connectionRecordMapper.insert(connectionRecordModel,
currentUser.isCaseSensitive());
environment.getCaseSensitivity());

// Include history record UUID as token
ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.Collection;
import java.util.List;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;

/**
Expand All @@ -39,15 +40,15 @@ public interface ActivityRecordMapper<ModelType> {
* @param record
* The activity record to insert.
*
* @param caseSensitive
* Whether or not string comparisons should be done in a case-sensitive
* manner.
* @param caseSensitivity
* The object that contains current configuration for case-sensitivity
* for usernames and group names.
*
* @return
* The number of rows inserted.
*/
int insert(@Param("record") ModelType record,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

/**
* Updates the given activity record in the database, assigning an end
Expand Down Expand Up @@ -91,9 +92,9 @@ int insert(@Param("record") ModelType record,
* @param limit
* The maximum number of records that should be returned.
*
* @param caseSensitive
* Whether or not string comparisons should be done in a case-sensitive
* manner.
* @param caseSensitivity
* The object that contains current configuration for case-sensitivity
* for usernames and group names.
*
* @return
* The results of the search performed with the given parameters.
Expand All @@ -103,7 +104,7 @@ List<ModelType> search(@Param("identifier") String identifier,
@Param("terms") Collection<ActivityRecordSearchTerm> terms,
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

/**
* Searches for up to <code>limit</code> activity records that contain
Expand Down Expand Up @@ -143,9 +144,9 @@ List<ModelType> search(@Param("identifier") String identifier,
* no groups are given, only permissions directly granted to the user
* will be used.
*
* @param caseSensitive
* Whether or not string comparisons should be done in a case-sensitive
* manner.
* @param caseSensitivity
* The object that contains current configuration for case-sensitivity
* for usernames and group names.
*
* @return
* The results of the search performed with the given parameters.
Expand All @@ -157,6 +158,6 @@ List<ModelType> searchReadable(@Param("identifier") String identifier,
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

}
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;

/**
Expand Down Expand Up @@ -67,6 +68,10 @@ public interface EntityMapper {
* depth and may need to be executed multiple times. If it is known
* that the database engine in question will always support (or always
* not support) recursive queries, this parameter may be ignored.
*
* @param caseSensitivity
* The object that contains current configuration for case-sensitivity
* for usernames and group names.
*
* @return
* The set of identifiers of all groups that the given entity is a
Expand All @@ -75,6 +80,7 @@ public interface EntityMapper {
*/
Set<String> selectEffectiveGroupIdentifiers(@Param("entity") EntityModel entity,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("recursive") boolean recursive);
@Param("recursive") boolean recursive,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

}
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,25 @@
import com.google.inject.Inject;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.session.SqlSession;
import org.mybatis.guice.transactional.Transactional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
* Service which provides convenience methods for creating, retrieving, and
* manipulating entities.
*/
public class EntityService {

/**
* The Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(EntityService.class);

/**
* The Guacamole server environment.
*/
Expand Down Expand Up @@ -76,9 +85,22 @@ public class EntityService {
public Set<String> retrieveEffectiveGroups(ModeledPermissions<? extends EntityModel> entity,
Collection<String> effectiveGroups) {

CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED;
try {
caseSensitivity = environment.getCaseSensitivity();
}
catch (GuacamoleException e) {
LOGGER.warn("Unable to retrieve configuration setting for group "
+ "name case-sensitivity, group names will be treated "
+ "as case-sensitive.", e.getMessage());
LOGGER.debug("Got exception while trying to get group name case-"
+ "sensitivity configuration.", e);
}

// Retrieve the effective user groups of the given entity, recursively if possible
boolean recursive = environment.isRecursiveQuerySupported(sqlSession);
Set<String> identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), effectiveGroups, recursive);
Set<String> identifiers = entityMapper.selectEffectiveGroupIdentifiers(
entity.getModel(), effectiveGroups, recursive, caseSensitivity);

// If the set of user groups retrieved was not produced recursively,
// manually repeat the query to expand the set until all effective
Expand All @@ -87,7 +109,9 @@ public Set<String> retrieveEffectiveGroups(ModeledPermissions<? extends EntityMo
Set<String> previousIdentifiers;
do {
previousIdentifiers = identifiers;
identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), previousIdentifiers, false);
identifiers = entityMapper.selectEffectiveGroupIdentifiers(
entity.getModel(), previousIdentifiers, false,
caseSensitivity);
} while (identifiers.size() > previousIdentifiers.size());
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.properties.CaseSensitivity;
import org.apache.ibatis.annotations.Param;

/**
Expand Down Expand Up @@ -60,12 +61,17 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
* @param effectiveGroups
* The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database.
*
* @param caseSensitivity
* The object that contains current configuration for case-sensitivity
* for usernames and group names.
*
* @return
* A Set containing all identifiers of all readable objects.
*/
Set<String> selectReadableIdentifiers(@Param("user") UserModel user,
@Param("effectiveGroups") Collection<String> effectiveGroups);
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

/**
* Selects all objects which have the given identifiers. If an identifier
Expand All @@ -77,15 +83,15 @@ Set<String> selectReadableIdentifiers(@Param("user") UserModel user,
* @param identifiers
* The identifiers of the objects to return.
*
* @param caseSensitive
* true if the query should evaluate identifiers in a case-sensitive
* manner, otherwise false.
* @param caseSensitivity
* The object that contains current configuration for case-sensitivity
* for usernames and group names.
*
* @return
* A Collection of all objects having the given identifiers.
*/
Collection<ModelType> select(@Param("identifiers") Collection<String> identifiers,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

/**
* Selects all objects which have the given identifiers and are explicitly
Expand All @@ -105,17 +111,17 @@ Collection<ModelType> select(@Param("identifiers") Collection<String> identifier
* The identifiers of any known effective groups that should be taken
* into account, such as those defined externally to the database.
*
* @param caseSensitive
* true if the query should evaluate identifiers in a case-sensitive
* manner, otherwise false.
* @param caseSensitivity
* The object that contains current configuration for case-sensitivity
* for usernames and group names.
*
* @return
* A Collection of all objects having the given identifiers.
*/
Collection<ModelType> selectReadable(@Param("user") UserModel user,
@Param("identifiers") Collection<String> identifiers,
@Param("effectiveGroups") Collection<String> effectiveGroups,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

/**
* Inserts the given object into the database. If the object already
Expand All @@ -136,15 +142,15 @@ Collection<ModelType> selectReadable(@Param("user") UserModel user,
* @param identifier
* The identifier of the object to delete.
*
* @param caseSensitive
* true if the query should evaluate the identifier in a
* case-sensitive manner, otherwise false.
* @param caseSensitivity
* The case-sensitivity configuration that contains information on
* whether usernames and/or group names will be treated as case-sensitive.
*
* @return
* The number of rows deleted.
*/
int delete(@Param("identifier") String identifier,
@Param("caseSensitive") boolean caseSensitive);
@Param("caseSensitivity") CaseSensitivity caseSensitivity);

/**
* Updates the given existing object in the database. If the object does
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,17 @@
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.net.auth.Identifiable;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.properties.CaseSensitivity;
import org.mybatis.guice.transactional.Transactional;

/**
Expand Down Expand Up @@ -117,20 +118,20 @@ protected abstract InternalType getObjectInstance(ModeledAuthenticatedUser curre
ModelType model) throws GuacamoleException;

/**
* Returns whether or not identifiers for objects provided by this service
* are handled in a case-sensitive manner or not.
* Returns the case sensitivity configuration for this service, which will
* be used to determine whether usernames and/or group names will be treated
* as case-sensitive.
*
* @return
* "true" if identifiers handled by this object service should be
* treated as case-sensitive, otherwise false.
* The case-sensitivity configuration for this service.
*
* @throws GuacamoleException
* If an error occurs retrieving relevant configuration information.
*/
protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
protected CaseSensitivity getCaseSensitivity() throws GuacamoleException {

// By default identifiers are not case-sensitive.
return false;
// Retrieve the Guacamole setting.
return environment.getCaseSensitivity();

}

Expand Down Expand Up @@ -246,7 +247,7 @@ protected Collection<InternalType> getObjectInstances(ModeledAuthenticatedUser c
Collection<ModelType> models) throws GuacamoleException {

// Create new collection of objects by manually converting each model
Collection<InternalType> objects = new ArrayList<InternalType>(models.size());
Collection<InternalType> objects = new ArrayList<>(models.size());
for (ModelType model : models)
objects.add(getObjectInstance(currentUser, model));

Expand Down Expand Up @@ -426,7 +427,7 @@ public Collection<InternalType> retrieveObjects(ModeledAuthenticatedUser user,

boolean userIsPrivileged = user.isPrivileged();

boolean caseSensitive = getCaseSensitiveIdentifiers();
CaseSensitivity caseSensitivity = getCaseSensitivity();

// Process the filteredIdentifiers in batches using Lists.partition() and flatMap
Collection<ModelType> allObjects = Lists.partition(filteredIdentifiers, batchSize).stream()
Expand All @@ -435,12 +436,12 @@ public Collection<InternalType> retrieveObjects(ModeledAuthenticatedUser user,

// Bypass permission checks if the user is privileged
if (userIsPrivileged)
objects = getObjectMapper().select(chunk, caseSensitive);
objects = getObjectMapper().select(chunk, caseSensitivity);

// Otherwise only return explicitly readable identifiers
else
objects = getObjectMapper().selectReadable(user.getUser().getModel(),
chunk, user.getEffectiveUserGroups(), caseSensitive);
chunk, user.getEffectiveUserGroups(), caseSensitivity);

return objects.stream();
})
Expand Down Expand Up @@ -513,7 +514,7 @@ public InternalType createObject(ModeledAuthenticatedUser user, ExternalType obj
// Add implicit permissions
Collection<ObjectPermissionModel> implicitPermissions = getImplicitPermissions(user, model);
if (!implicitPermissions.isEmpty())
getPermissionMapper().insert(implicitPermissions, getCaseSensitiveIdentifiers());
getPermissionMapper().insert(implicitPermissions, getCaseSensitivity());

// Add any arbitrary attributes
if (model.hasArbitraryAttributes())
Expand All @@ -530,7 +531,7 @@ public void deleteObject(ModeledAuthenticatedUser user, String identifier)
beforeDelete(user, identifier);

// Delete object
getObjectMapper().delete(identifier, getCaseSensitiveIdentifiers());
getObjectMapper().delete(identifier, getCaseSensitivity());

}

Expand Down Expand Up @@ -562,8 +563,11 @@ public Set<String> getIdentifiers(ModeledAuthenticatedUser user)

// Otherwise only return explicitly readable identifiers
else
return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel(),
user.getEffectiveUserGroups());
return getObjectMapper().selectReadableIdentifiers(
user.getUser().getModel(),
user.getEffectiveUserGroups(),
getCaseSensitivity()
);

}

Expand Down
Loading

0 comments on commit 8bd95a2

Please sign in to comment.