From f314e78c7cf7a41f1d709f18e0bfc3d58b440b92 Mon Sep 17 00:00:00 2001 From: Virtually Nick Date: Mon, 4 Nov 2024 20:29:51 -0500 Subject: [PATCH] GUACAMOLE-1239: Add case-sensitivity configuration for UserGroup objects and remove per-extension configuration. --- .../auth/jdbc/HistoryTrackingConnection.java | 10 +- .../auth/jdbc/base/ActivityRecordMapper.java | 25 +-- .../auth/jdbc/base/EntityMapper.java | 8 +- .../auth/jdbc/base/EntityService.java | 28 ++- .../base/ModeledDirectoryObjectMapper.java | 32 ++-- .../base/ModeledDirectoryObjectService.java | 36 ++-- .../auth/jdbc/base/ObjectRelationMapper.java | 24 +-- .../auth/jdbc/base/RelatedObjectSet.java | 24 +-- .../jdbc/connection/ConnectionMapper.java | 8 +- .../jdbc/connection/ConnectionService.java | 7 +- .../ConnectionGroupMapper.java | 4 +- .../ConnectionGroupService.java | 3 +- .../ModeledObjectPermissionService.java | 15 +- .../permission/ModeledPermissionService.java | 2 +- .../permission/ObjectPermissionMapper.java | 19 +- .../jdbc/permission/PermissionMapper.java | 22 ++- .../jdbc/permission/PermissionService.java | 19 +- .../permission/SystemPermissionMapper.java | 10 +- .../permission/SystemPermissionService.java | 13 +- .../permission/UserPermissionService.java | 7 +- .../jdbc/security/PasswordPolicyService.java | 2 +- .../AbstractGuacamoleTunnelService.java | 21 ++- .../guacamole/auth/jdbc/user/ModeledUser.java | 10 +- .../auth/jdbc/user/ModeledUserContext.java | 2 +- .../auth/jdbc/user/PasswordRecordMapper.java | 9 +- .../guacamole/auth/jdbc/user/UserMapper.java | 9 +- .../guacamole/auth/jdbc/user/UserService.java | 25 +-- .../auth/jdbc/usergroup/ModeledUserGroup.java | 30 ++++ .../auth/jdbc/usergroup/UserGroupMapper.java | 8 +- .../UserGroupMemberUserGroupSet.java | 13 ++ .../usergroup/UserGroupMemberUserSet.java | 12 +- .../UserGroupParentUserGroupSet.java | 13 ++ .../auth/jdbc/usergroup/UserGroupService.java | 19 +- .../MySQLAuthenticationProviderModule.java | 16 +- .../guacamole/auth/jdbc/base/EntityMapper.xml | 89 +++++++--- .../auth/jdbc/connection/ConnectionMapper.xml | 22 ++- .../connection/ConnectionRecordMapper.xml | 16 +- .../connectiongroup/ConnectionGroupMapper.xml | 37 ++-- .../ConnectionGroupPermissionMapper.xml | 21 ++- .../permission/ConnectionPermissionMapper.xml | 21 ++- .../SharingProfilePermissionMapper.xml | 21 ++- .../permission/SystemPermissionMapper.xml | 14 +- .../permission/UserGroupPermissionMapper.xml | 100 ++++++++--- .../jdbc/permission/UserPermissionMapper.xml | 31 ++-- .../sharingprofile/SharingProfileMapper.xml | 22 ++- .../auth/jdbc/user/PasswordRecordMapper.xml | 2 +- .../guacamole/auth/jdbc/user/UserMapper.xml | 44 ++--- .../jdbc/user/UserParentUserGroupMapper.xml | 47 ++++- .../auth/jdbc/user/UserRecordMapper.xml | 11 +- .../auth/jdbc/usergroup/UserGroupMapper.xml | 154 +++++++++++++--- .../UserGroupMemberUserGroupMapper.xml | 53 ++++-- .../usergroup/UserGroupMemberUserMapper.xml | 16 +- .../UserGroupParentUserGroupMapper.xml | 53 ++++-- .../guacamole/auth/jdbc/base/EntityMapper.xml | 44 +++-- .../auth/jdbc/connection/ConnectionMapper.xml | 32 ++-- .../connection/ConnectionRecordMapper.xml | 16 +- .../connectiongroup/ConnectionGroupMapper.xml | 37 ++-- .../ConnectionGroupPermissionMapper.xml | 21 ++- .../permission/ConnectionPermissionMapper.xml | 21 ++- .../SharingProfilePermissionMapper.xml | 21 ++- .../permission/SystemPermissionMapper.xml | 14 +- .../permission/UserGroupPermissionMapper.xml | 85 +++++++-- .../jdbc/permission/UserPermissionMapper.xml | 46 ++--- .../sharingprofile/SharingProfileMapper.xml | 22 ++- .../auth/jdbc/user/PasswordRecordMapper.xml | 2 +- .../guacamole/auth/jdbc/user/UserMapper.xml | 80 +++++---- .../jdbc/user/UserParentUserGroupMapper.xml | 54 ++++-- .../auth/jdbc/user/UserRecordMapper.xml | 15 +- .../auth/jdbc/usergroup/UserGroupMapper.xml | 167 +++++++++++++----- .../UserGroupMemberUserGroupMapper.xml | 53 ++++-- .../usergroup/UserGroupMemberUserMapper.xml | 13 +- .../UserGroupParentUserGroupMapper.xml | 53 ++++-- ...SQLServerAuthenticationProviderModule.java | 5 +- .../guacamole/auth/jdbc/base/EntityMapper.xml | 44 +++-- .../auth/jdbc/connection/ConnectionMapper.xml | 32 ++-- .../connection/ConnectionRecordMapper.xml | 16 +- .../connectiongroup/ConnectionGroupMapper.xml | 37 ++-- .../ConnectionGroupPermissionMapper.xml | 21 ++- .../permission/ConnectionPermissionMapper.xml | 21 ++- .../SharingProfilePermissionMapper.xml | 21 ++- .../permission/SystemPermissionMapper.xml | 14 +- .../permission/UserGroupPermissionMapper.xml | 83 ++++++--- .../jdbc/permission/UserPermissionMapper.xml | 45 ++--- .../sharingprofile/SharingProfileMapper.xml | 22 ++- .../auth/jdbc/user/PasswordRecordMapper.xml | 2 +- .../guacamole/auth/jdbc/user/UserMapper.xml | 65 ++++--- .../jdbc/user/UserParentUserGroupMapper.xml | 53 ++++-- .../auth/jdbc/user/UserRecordMapper.xml | 15 +- .../auth/jdbc/usergroup/UserGroupMapper.xml | 155 +++++++++++----- .../UserGroupMemberUserGroupMapper.xml | 54 ++++-- .../usergroup/UserGroupMemberUserMapper.xml | 17 +- .../UserGroupParentUserGroupMapper.xml | 53 ++++-- .../ldap/conf/JacksonLDAPConfiguration.java | 7 - .../environment/DelegatingEnvironment.java | 5 +- .../guacamole/environment/Environment.java | 35 ++-- .../net/auth/AbstractAuthenticatedUser.java | 12 +- .../net/auth/AbstractIdentifiable.java | 4 +- .../guacamole/net/auth/AbstractUserGroup.java | 30 ++++ .../guacamole/properties/CaseSensitivity.java | 92 ++++++++++ 99 files changed, 2091 insertions(+), 944 deletions(-) create mode 100644 guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java index c8aea85362..87de9eb5b6 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/HistoryTrackingConnection.java @@ -23,11 +23,12 @@ import java.util.Date; import java.util.HashMap; import java.util.Map; - import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper; import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel; import org.apache.guacamole.auth.jdbc.connection.ModeledConnectionRecord; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.environment.LocalEnvironment; import org.apache.guacamole.net.GuacamoleTunnel; import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.DelegatingConnection; @@ -56,6 +57,11 @@ public class HistoryTrackingConnection extends DelegatingConnection { * established connections. */ private final ConnectionRecordMapper connectionRecordMapper; + + /** + * The environment in which Guacamole is running. + */ + private final Environment environment = LocalEnvironment.getInstance(); /** * Creates a new HistoryConnection that wraps the given connection, @@ -100,7 +106,7 @@ public GuacamoleTunnel connect(GuacamoleClientInformation info, // Insert the connection history record to mark the start of this connection connectionRecordMapper.insert(connectionRecordModel, - currentUser.isCaseSensitive()); + environment.getCaseSensitivity()); // Include history record UUID as token ModeledConnectionRecord modeledRecord = new ModeledConnectionRecord(connectionRecordModel); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java index 17b4571ed8..a860949695 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java @@ -22,6 +22,7 @@ import java.util.Collection; import java.util.List; import org.apache.guacamole.auth.jdbc.user.UserModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -39,15 +40,15 @@ public interface ActivityRecordMapper { * @param record * The activity record to insert. * - * @param caseSensitive - * Whether or not string comparisons should be done in a case-sensitive - * manner. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The number of rows inserted. */ int insert(@Param("record") ModelType record, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Updates the given activity record in the database, assigning an end @@ -91,9 +92,9 @@ int insert(@Param("record") ModelType record, * @param limit * The maximum number of records that should be returned. * - * @param caseSensitive - * Whether or not string comparisons should be done in a case-sensitive - * manner. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The results of the search performed with the given parameters. @@ -103,7 +104,7 @@ List search(@Param("identifier") String identifier, @Param("terms") Collection terms, @Param("sortPredicates") List sortPredicates, @Param("limit") int limit, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Searches for up to limit activity records that contain @@ -143,9 +144,9 @@ List search(@Param("identifier") String identifier, * no groups are given, only permissions directly granted to the user * will be used. * - * @param caseSensitive - * Whether or not string comparisons should be done in a case-sensitive - * manner. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The results of the search performed with the given parameters. @@ -157,6 +158,6 @@ List searchReadable(@Param("identifier") String identifier, @Param("sortPredicates") List sortPredicates, @Param("limit") int limit, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java index dbe7cb4d03..499171be85 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java @@ -21,6 +21,7 @@ import java.util.Collection; import java.util.Set; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -67,6 +68,10 @@ public interface EntityMapper { * depth and may need to be executed multiple times. If it is known * that the database engine in question will always support (or always * not support) recursive queries, this parameter may be ignored. + * + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The set of identifiers of all groups that the given entity is a @@ -75,6 +80,7 @@ public interface EntityMapper { */ Set selectEffectiveGroupIdentifiers(@Param("entity") EntityModel entity, @Param("effectiveGroups") Collection effectiveGroups, - @Param("recursive") boolean recursive); + @Param("recursive") boolean recursive, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java index cc2a9aaf95..d1f9b5ca1a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java @@ -22,9 +22,13 @@ import com.google.inject.Inject; import java.util.Collection; import java.util.Set; +import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.session.SqlSession; import org.mybatis.guice.transactional.Transactional; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Service which provides convenience methods for creating, retrieving, and @@ -32,6 +36,11 @@ */ public class EntityService { + /** + * The Logger for this class. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(EntityService.class); + /** * The Guacamole server environment. */ @@ -76,9 +85,22 @@ public class EntityService { public Set retrieveEffectiveGroups(ModeledPermissions entity, Collection effectiveGroups) { + CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED; + try { + caseSensitivity = environment.getCaseSensitivity(); + } + catch (GuacamoleException e) { + LOGGER.warn("Unable to retrieve configuration setting for group " + + "name case sensitivity: {}. Group names will be treated " + + "as case-sensitive.", e.getMessage()); + LOGGER.debug("An exception was caught while trying to get group name" + + "case sensitivity configuration.", e); + } + // Retrieve the effective user groups of the given entity, recursively if possible boolean recursive = environment.isRecursiveQuerySupported(sqlSession); - Set identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), effectiveGroups, recursive); + Set identifiers = entityMapper.selectEffectiveGroupIdentifiers( + entity.getModel(), effectiveGroups, recursive, caseSensitivity); // If the set of user groups retrieved was not produced recursively, // manually repeat the query to expand the set until all effective @@ -87,7 +109,9 @@ public Set retrieveEffectiveGroups(ModeledPermissions previousIdentifiers; do { previousIdentifiers = identifiers; - identifiers = entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), previousIdentifiers, false); + identifiers = entityMapper.selectEffectiveGroupIdentifiers( + entity.getModel(), previousIdentifiers, false, + caseSensitivity); } while (identifiers.size() > previousIdentifiers.size()); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java index 5ff8edf156..971ae462f8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java @@ -22,6 +22,7 @@ import java.util.Collection; import java.util.Set; import org.apache.guacamole.auth.jdbc.user.UserModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -60,12 +61,17 @@ public interface ModeledDirectoryObjectMapper { * @param effectiveGroups * The identifiers of any known effective groups that should be taken * into account, such as those defined externally to the database. + * + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * A Set containing all identifiers of all readable objects. */ Set selectReadableIdentifiers(@Param("user") UserModel user, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects all objects which have the given identifiers. If an identifier @@ -77,15 +83,15 @@ Set selectReadableIdentifiers(@Param("user") UserModel user, * @param identifiers * The identifiers of the objects to return. * - * @param caseSensitive - * true if the query should evaluate identifiers in a case-sensitive - * manner, otherwise false. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * A Collection of all objects having the given identifiers. */ Collection select(@Param("identifiers") Collection identifiers, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects all objects which have the given identifiers and are explicitly @@ -105,9 +111,9 @@ Collection select(@Param("identifiers") Collection identifier * The identifiers of any known effective groups that should be taken * into account, such as those defined externally to the database. * - * @param caseSensitive - * true if the query should evaluate identifiers in a case-sensitive - * manner, otherwise false. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * A Collection of all objects having the given identifiers. @@ -115,7 +121,7 @@ Collection select(@Param("identifiers") Collection identifier Collection selectReadable(@Param("user") UserModel user, @Param("identifiers") Collection identifiers, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Inserts the given object into the database. If the object already @@ -136,15 +142,15 @@ Collection selectReadable(@Param("user") UserModel user, * @param identifier * The identifier of the object to delete. * - * @param caseSensitive - * true if the query should evaluate the identifier in a - * case-sensitive manner, otherwise false. + * @param caseSensitivity + * The case sensitivity configuration that contains information on + * whether usernames and/or group names will be treated as case-sensitive. * * @return * The number of rows deleted. */ int delete(@Param("identifier") String identifier, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Updates the given existing object in the database. If the object does diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java index 94c7407dab..0adcfbe2f7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java @@ -27,9 +27,9 @@ import java.util.List; import java.util.Set; import java.util.stream.Collectors; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel; @@ -37,6 +37,7 @@ import org.apache.guacamole.net.auth.Identifiable; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; import org.mybatis.guice.transactional.Transactional; /** @@ -117,20 +118,20 @@ protected abstract InternalType getObjectInstance(ModeledAuthenticatedUser curre ModelType model) throws GuacamoleException; /** - * Returns whether or not identifiers for objects provided by this service - * are handled in a case-sensitive manner or not. + * Returns the case sensitivity configuration for this service, which will + * be used to determine whether usernames and/or group names will be treated + * as case-sensitive. * * @return - * "true" if identifiers handled by this object service should be - * treated as case-sensitive, otherwise false. + * The case sensitivity configuration for this service. * * @throws GuacamoleException * If an error occurs retrieving relevant configuration information. */ - protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException { + protected CaseSensitivity getCaseSensitivity() throws GuacamoleException { - // By default identifiers are not case-sensitive. - return false; + // Retrieve the Guacamole setting. + return environment.getCaseSensitivity(); } @@ -246,7 +247,7 @@ protected Collection getObjectInstances(ModeledAuthenticatedUser c Collection models) throws GuacamoleException { // Create new collection of objects by manually converting each model - Collection objects = new ArrayList(models.size()); + Collection objects = new ArrayList<>(models.size()); for (ModelType model : models) objects.add(getObjectInstance(currentUser, model)); @@ -426,7 +427,7 @@ public Collection retrieveObjects(ModeledAuthenticatedUser user, boolean userIsPrivileged = user.isPrivileged(); - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); // Process the filteredIdentifiers in batches using Lists.partition() and flatMap Collection allObjects = Lists.partition(filteredIdentifiers, batchSize).stream() @@ -435,12 +436,12 @@ public Collection retrieveObjects(ModeledAuthenticatedUser user, // Bypass permission checks if the user is privileged if (userIsPrivileged) - objects = getObjectMapper().select(chunk, caseSensitive); + objects = getObjectMapper().select(chunk, caseSensitivity); // Otherwise only return explicitly readable identifiers else objects = getObjectMapper().selectReadable(user.getUser().getModel(), - chunk, user.getEffectiveUserGroups(), caseSensitive); + chunk, user.getEffectiveUserGroups(), caseSensitivity); return objects.stream(); }) @@ -513,7 +514,7 @@ public InternalType createObject(ModeledAuthenticatedUser user, ExternalType obj // Add implicit permissions Collection implicitPermissions = getImplicitPermissions(user, model); if (!implicitPermissions.isEmpty()) - getPermissionMapper().insert(implicitPermissions, getCaseSensitiveIdentifiers()); + getPermissionMapper().insert(implicitPermissions, getCaseSensitivity()); // Add any arbitrary attributes if (model.hasArbitraryAttributes()) @@ -530,7 +531,7 @@ public void deleteObject(ModeledAuthenticatedUser user, String identifier) beforeDelete(user, identifier); // Delete object - getObjectMapper().delete(identifier, getCaseSensitiveIdentifiers()); + getObjectMapper().delete(identifier, getCaseSensitivity()); } @@ -562,8 +563,11 @@ public Set getIdentifiers(ModeledAuthenticatedUser user) // Otherwise only return explicitly readable identifiers else - return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel(), - user.getEffectiveUserGroups()); + return getObjectMapper().selectReadableIdentifiers( + user.getUser().getModel(), + user.getEffectiveUserGroups(), + getCaseSensitivity() + ); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectRelationMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectRelationMapper.java index df09b7734e..a155f259f0 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectRelationMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectRelationMapper.java @@ -22,6 +22,7 @@ import java.util.Collection; import java.util.Set; import org.apache.guacamole.auth.jdbc.user.UserModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -49,17 +50,16 @@ public interface ObjectRelationMapper { * The identifiers of the objects on the child side of the one-to-many * relationship represented by the RelatedObjectSet. * - * @param caseSensitive - * true if child identifiers should be treated as case-sensitive when - * performing lookups on them, or false if the queries should be done - * case-insensitively. + * @param caseSensitivity + * The case sensitivity configuration, used to determine whether + * usernames and/or group names will be treated as case-sensitive. * * @return * The number of rows inserted. */ int insert(@Param("parent") ParentModelType parent, @Param("children") Collection children, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Deletes rows as necessary to modify the one-to-many relationship @@ -76,17 +76,16 @@ int insert(@Param("parent") ParentModelType parent, * The identifiers of the objects on the child side of the one-to-many * relationship represented by the RelatedObjectSet. * - * @param caseSensitive - * true if child identifiers should be treated as case-sensitive when - * performing lookups on them, or false if the queries should be done - * case-insensitively. + * @param caseSensitivity + * The case sensitivity configuration, used to determine whether + * usernames and/or group names will be treated as case-sensitive. * * @return * The number of rows deleted. */ int delete(@Param("parent") ParentModelType parent, @Param("children") Collection children, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Retrieves the identifiers of all objects on the child side of the @@ -122,6 +121,10 @@ int delete(@Param("parent") ParentModelType parent, * @param effectiveGroups * The identifiers of any known effective groups that should be taken * into account, such as those defined externally to the database. + * + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @param parent * The model of the object on the parent side of the one-to-many @@ -133,6 +136,7 @@ int delete(@Param("parent") ParentModelType parent, */ Set selectReadableChildIdentifiers(@Param("user") UserModel user, @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity, @Param("parent") ParentModelType parent); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java index b661c3bf5c..541afc793a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java @@ -22,11 +22,12 @@ import java.util.Collection; import java.util.Collections; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; /** * A database implementation of RelatedObjectSet which provides access to a @@ -76,21 +77,21 @@ public void init(ModeledAuthenticatedUser currentUser, ParentObjectType parent) } /** - * Return "true" if identifiers within a related object set should be treated - * as case-sensitive, otherwise false. + * Return the current case sensitivity setting, which can be used to + * determine whether or not certain identifiers should be treated as + * case-sensitive. * * @return - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * The current case sensitivity setting. * * @throws GuacamoleException * If an error occurs retrieving configuration information on - * case-sensitivity. + * case sensitivity. */ - protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException { + protected CaseSensitivity getCaseSensitivity() throws GuacamoleException { // Identifiers are not case-sensitive by default. - return false; + return CaseSensitivity.DISABLED; } /** @@ -189,6 +190,7 @@ public Set getObjects() throws GuacamoleException { // Otherwise only return explicitly readable identifiers return getObjectRelationMapper().selectReadableChildIdentifiers( user.getUser().getModel(), user.getEffectiveUserGroups(), + getCaseSensitivity(), parent.getModel()); } @@ -202,7 +204,8 @@ public void addObjects(Set identifiers) throws GuacamoleException { // Create relations only if permission is granted if (canAlterRelation(identifiers)) - getObjectRelationMapper().insert(parent.getModel(), identifiers, getCaseSensitiveIdentifiers()); + getObjectRelationMapper().insert(parent.getModel(), identifiers, + getCaseSensitivity()); // User lacks permission to add user groups else @@ -219,7 +222,8 @@ public void removeObjects(Set identifiers) throws GuacamoleException { // Delete relations only if permission is granted if (canAlterRelation(identifiers)) - getObjectRelationMapper().delete(parent.getModel(), identifiers, getCaseSensitiveIdentifiers()); + getObjectRelationMapper().delete(parent.getModel(), identifiers, + getCaseSensitivity()); // User lacks permission to remove user groups else diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.java index 3cd542fd2d..5f3db38187 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.java @@ -23,6 +23,7 @@ import java.util.Set; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.user.UserModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -67,13 +68,18 @@ public interface ConnectionMapper extends ModeledDirectoryObjectMapper selectReadableIdentifiersWithin(@Param("user") UserModel user, @Param("parentIdentifier") String parentIdentifier, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects the connection within the given parent group and having the diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java index 2561e15082..3297d7fab5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java @@ -361,7 +361,8 @@ public Set getIdentifiersWithin(ModeledAuthenticatedUser user, else return connectionMapper.selectReadableIdentifiersWithin( user.getUser().getModel(), identifier, - user.getEffectiveUserGroups()); + user.getEffectiveUserGroups(), + getCaseSensitivity()); } @@ -494,7 +495,7 @@ public List retrieveHistory(String identifier, if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT)) searchResults = connectionRecordMapper.search(identifier, recordIdentifier, requiredContents, sortPredicates, limit, - user.isCaseSensitive()); + getCaseSensitivity()); // Otherwise only return explicitly readable history records else @@ -502,7 +503,7 @@ public List retrieveHistory(String identifier, user.getUser().getModel(), recordIdentifier, requiredContents, sortPredicates, limit, user.getEffectiveUserGroups(), - user.isCaseSensitive()); + getCaseSensitivity()); return getObjectInstances(searchResults); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java index a54a151084..440a85fe25 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java @@ -23,6 +23,7 @@ import java.util.Set; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.user.UserModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -73,7 +74,8 @@ public interface ConnectionGroupMapper extends ModeledDirectoryObjectMapper selectReadableIdentifiersWithin(@Param("user") UserModel user, @Param("parentIdentifier") String parentIdentifier, - @Param("effectiveGroups") Collection effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Selects the connection group within the given parent group and having diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java index dbf7793ece..0c106c2866 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java @@ -226,7 +226,8 @@ public Set getIdentifiersWithin(ModeledAuthenticatedUser user, else return connectionGroupMapper.selectReadableIdentifiersWithin( user.getUser().getModel(), identifier, - user.getEffectiveUserGroups()); + user.getEffectiveUserGroups(), + getCaseSensitivity()); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java index f9d55c14dc..9f224c868e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java @@ -23,13 +23,14 @@ import java.util.Collections; import java.util.HashSet; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; /** * Service which provides convenience methods for creating, retrieving, and @@ -133,12 +134,12 @@ public void createPermissions(ModeledAuthenticatedUser user, // Create permissions only if user has permission to do so if (canAlterPermissions(user, targetEntity, permissions)) { - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - getPermissionMapper().insert(models, caseSensitive); + getPermissionMapper().insert(models, caseSensitivity); }); return; @@ -158,12 +159,12 @@ public void deletePermissions(ModeledAuthenticatedUser user, // Delete permissions only if user has permission to do so if (canAlterPermissions(user, targetEntity, permissions)) { - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - getPermissionMapper().delete(models, caseSensitive); + getPermissionMapper().delete(models, caseSensitivity); }); return; @@ -183,7 +184,7 @@ public boolean hasPermission(ModeledAuthenticatedUser user, // Retrieve permissions only if allowed if (canReadPermissions(user, targetEntity)) return getPermissionMapper().selectOne(targetEntity.getModel(), - type, identifier, effectiveGroups, getCaseSensitiveIdentifiers()) != null; + type, identifier, effectiveGroups, getCaseSensitivity()) != null; // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); @@ -209,7 +210,7 @@ public Collection retrieveAccessibleIdentifiers(ModeledAuthenticatedUser if (canReadPermissions(user, targetEntity)) return getPermissionMapper().selectAccessibleIdentifiers( targetEntity.getModel(), permissions, identifiers, - effectiveGroups, getCaseSensitiveIdentifiers()); + effectiveGroups, getCaseSensitivity()); // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java index ee35c44e18..577b713741 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java @@ -195,7 +195,7 @@ public Set retrievePermissions(ModeledAuthenticatedUser user, return getPermissionInstances(getPermissionMapper().select( targetEntity.getModel(), effectiveGroups, - getCaseSensitiveIdentifiers())); + getCaseSensitivity())); // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java index 35ec5a472f..474990ec36 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java @@ -21,8 +21,9 @@ import java.util.Collection; import org.apache.guacamole.auth.jdbc.base.EntityModel; -import org.apache.ibatis.annotations.Param; import org.apache.guacamole.net.auth.permission.ObjectPermission; +import org.apache.guacamole.properties.CaseSensitivity; +import org.apache.ibatis.annotations.Param; /** * Mapper for object-related permissions. @@ -49,9 +50,9 @@ public interface ObjectPermissionMapper extends PermissionMapper effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Retrieves the subset of the given identifiers for which the given entity @@ -85,9 +86,9 @@ ObjectPermissionModel selectOne(@Param("entity") EntityModel entity, * no groups are given, only permissions directly granted to the user * will be used. * - * @param caseSensitive - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * @param caseSensitivity + * The configuration of case sensitivity, used to determine whether + * usernames and/or group names will be treated as case-sensitive. * * @return * A collection containing the subset of identifiers for which at least @@ -97,6 +98,6 @@ Collection selectAccessibleIdentifiers(@Param("entity") EntityModel enti @Param("permissions") Collection permissions, @Param("identifiers") Collection identifiers, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java index 92746e4f37..9d9525b8b2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java @@ -21,6 +21,7 @@ import java.util.Collection; import org.apache.guacamole.auth.jdbc.base.EntityModel; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -44,16 +45,15 @@ public interface PermissionMapper { * no groups are given, only permissions directly granted to the user * will be used. * - * @param caseSensitive - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * @param caseSensitivity + * The case sensitivity configuration for usernames and group names. * * @return * All permissions associated with the given entity. */ Collection select(@Param("entity") EntityModel entity, @Param("effectiveGroups") Collection effectiveGroups, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Inserts the given permissions into the database. If any permissions @@ -62,15 +62,14 @@ Collection select(@Param("entity") EntityModel entity, * @param permissions * The permissions to insert. * - * @param caseSensitive - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * @param caseSensitivity + * The case sensitivity configuration for usernames and group names. * * @return * The number of rows inserted. */ int insert(@Param("permissions") Collection permissions, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Deletes the given permissions from the database. If any permissions do @@ -79,14 +78,13 @@ int insert(@Param("permissions") Collection permissions, * @param permissions * The permissions to delete. * - * @param caseSensitive - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * @param caseSensitivity + * The case sensitivity configuration for usernames and group names. * * @return * The number of rows deleted. */ int delete(@Param("permissions") Collection permissions, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java index 63584c0322..6791c26a10 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java @@ -21,12 +21,13 @@ import java.util.Collection; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.net.auth.permission.Permission; import org.apache.guacamole.net.auth.permission.PermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; /** * Service which provides convenience methods for creating, retrieving, and @@ -44,21 +45,21 @@ public interface PermissionService { /** - * Return "true" if identifiers should be treated as case-sensitive, - * otherwise "false". + * Return the current case sensitivity setting, allowing the system to + * determine if usernames and/or group names should be treated as case- + * sensitive. * * @return - * "true" if identifiers should be treated as case-sensitive, otherwise - * "false". + * The current case sensitivity configuration. * * @throws GuacamoleException * If an error occurs retrieving configuration information related to - * case-sensitivity. + * case sensitivity. */ - default boolean getCaseSensitiveIdentifiers() throws GuacamoleException { + default CaseSensitivity getCaseSensitivity() throws GuacamoleException { - // By default identifiers are case-insensitive. - return false; + // By default identifiers are case-sensitive. + return CaseSensitivity.ENABLED; } /** diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java index c676b72b13..e80f548977 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java @@ -21,8 +21,9 @@ import java.util.Collection; import org.apache.guacamole.auth.jdbc.base.EntityModel; -import org.apache.ibatis.annotations.Param; import org.apache.guacamole.net.auth.permission.SystemPermission; +import org.apache.guacamole.properties.CaseSensitivity; +import org.apache.ibatis.annotations.Param; /** * Mapper for system-level permissions. @@ -44,6 +45,10 @@ public interface SystemPermissionMapper extends PermissionMapper effectiveGroups); + @Param("effectiveGroups") Collection effectiveGroups, + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java index 63bd8b3bf2..8a5bf07d14 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java @@ -23,13 +23,14 @@ import com.google.inject.Provider; import java.util.Collection; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; import org.apache.guacamole.GuacamoleUnsupportedException; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.net.auth.permission.SystemPermission; +import org.apache.guacamole.properties.CaseSensitivity; /** * Service which provides convenience methods for creating, retrieving, and @@ -99,12 +100,12 @@ public void createPermissions(ModeledAuthenticatedUser user, if (user.isPrivileged()) { // Pull identifier case sensitivity - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - systemPermissionMapper.insert(models, caseSensitive); + systemPermissionMapper.insert(models, caseSensitivity); }); return; @@ -129,12 +130,12 @@ public void deletePermissions(ModeledAuthenticatedUser user, throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed."); // Pull case sensitivity - boolean caseSensitive = getCaseSensitiveIdentifiers(); + CaseSensitivity caseSensitivity = getCaseSensitivity(); batchPermissionUpdates(permissions, permissionSubset -> { Collection models = getModelInstances( targetEntity, permissionSubset); - systemPermissionMapper.delete(models, caseSensitive); + systemPermissionMapper.delete(models, caseSensitivity); }); return; @@ -179,7 +180,7 @@ public boolean hasPermission(ModeledAuthenticatedUser user, // Retrieve permissions only if allowed if (canReadPermissions(user, targetEntity)) - return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups) != null; + return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups, getCaseSensitivity()) != null; // User cannot read this entity's permissions throw new GuacamoleSecurityException("Permission denied."); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java index 11b4537546..ae35ba356e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java @@ -22,11 +22,12 @@ import com.google.inject.Inject; import com.google.inject.Provider; import java.util.Set; -import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.EntityModel; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; +import org.apache.guacamole.properties.CaseSensitivity; /** * Service which provides convenience methods for creating, retrieving, and @@ -54,8 +55,8 @@ public class UserPermissionService extends ModeledObjectPermissionService { private JDBCEnvironment environment; @Override - public boolean getCaseSensitiveIdentifiers() throws GuacamoleException { - return environment.getCaseSensitiveUsernames(); + public CaseSensitivity getCaseSensitivity() throws GuacamoleException { + return environment.getCaseSensitivity(); } @Override diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java index 639ed5e43c..3a0ccb3a00 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java @@ -145,7 +145,7 @@ private boolean matchesPreviousPasswords(String password, String username, // Check password against all recorded hashes List history = passwordRecordMapper.select(username, - historySize, environment.getCaseSensitiveUsernames()); + historySize, environment.getCaseSensitivity()); for (PasswordRecordModel record : history) { byte[] hash = encryptionService.createPasswordHash(password, record.getPasswordSalt()); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java index ecb7c97ec6..18525723af 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java @@ -67,6 +67,7 @@ import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser; import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration; import org.apache.guacamole.protocol.FailoverGuacamoleSocket; +import org.apache.guacamole.properties.CaseSensitivity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -479,7 +480,7 @@ private GuacamoleTunnel assignGuacamoleTunnel(ActiveConnectionRecord activeConne try { // This MUST happen before getUUID() is invoked, to ensure the ID driving the UUID exists connectionRecordMapper.insert(activeConnection.getModel(), - activeConnection.getUser().isCaseSensitive()); + environment.getCaseSensitivity()); activeTunnels.put(activeConnection.getUUID().toString(), activeConnection); } @@ -637,8 +638,21 @@ private List getBalancedConnections(ModeledAuthenticatedUser if (connectionGroup.isSessionAffinityEnabled()) identifiers = getPreferredConnections(user, identifiers); + CaseSensitivity caseSensitivity = CaseSensitivity.ENABLED; + try { + caseSensitivity = environment.getCaseSensitivity(); + } + catch (GuacamoleException e) { + logger.warn("Error trying to retrieve case sensitivity configuration: {}." + + "Both usernames and group names will be treated as case-" + + "sensitive.", e.getMessage()); + logger.debug("An exception was received while trying to retrieve the " + + "case sensitivity configuration.", e); + } + // Retrieve all children - Collection models = connectionMapper.select(identifiers, false); + Collection models = connectionMapper.select(identifiers, + caseSensitivity); List connections = new ArrayList(models.size()); // Convert each retrieved model to a modeled connection @@ -679,7 +693,8 @@ public Collection getActiveConnections(ModeledAuthentica // Produce collection of readable connection identifiers Collection connections = connectionMapper.selectReadable(user.getUser().getModel(), - identifiers, user.getEffectiveUserGroups(), false); + identifiers, user.getEffectiveUserGroups(), + environment.getCaseSensitivity()); // Ensure set contains only identifiers of readable connections identifiers.clear(); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index 3b0ae67f4f..8cd74905b9 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -792,12 +792,14 @@ public boolean isSkeleton() { @Override public boolean isCaseSensitive() { try { - return environment.getCaseSensitiveUsernames(); + return environment.getCaseSensitivity().caseSensitiveUsernames(); } catch (GuacamoleException e) { - logger.error("Failed to retrieve the configuration for case-sensitive usernames: {}." - + " Usernames comparisons will be case-sensitive.", e.getMessage()); - logger.debug("Exception caught when attempting to read the configuration.", e); + logger.error("Failed to retrieve the configuration for case sensitivity: {}. " + + "Username comparisons will be case-sensitive.", + e.getMessage()); + logger.debug("An exception was caught when attempting to retrieve the " + + "case sensitivity configuration.", e); return true; } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java index d61eaccb94..6064ddaf2e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUserContext.java @@ -194,7 +194,7 @@ public void recordUserLogin() throws GuacamoleException { userRecord.setRemoteHost(getCurrentUser().getCredentials().getRemoteAddress()); // Insert record representing login - userRecordMapper.insert(userRecord, getCurrentUser().isCaseSensitive()); + userRecordMapper.insert(userRecord, environment.getCaseSensitivity()); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java index c505afcc9e..a44329cbde 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.java @@ -21,6 +21,7 @@ import java.util.List; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -39,9 +40,9 @@ public interface PasswordRecordMapper extends ModeledDirectoryObjectMapper select(@Param("username") String username, @Param("maxHistorySize") int maxHistorySize, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); /** * Inserts the given password record. Old records exceeding the maximum diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java index f9e63a6e55..8d7e5ad8da 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java @@ -20,6 +20,7 @@ package org.apache.guacamole.auth.jdbc.user; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -34,14 +35,14 @@ public interface UserMapper extends ModeledDirectoryObjectMapper { * @param username * The username of the user to return. * - * @param caseSensitive - * true if the search should evaluate the username in a case-sensitive - * manner, otherwise false. + * @param caseSensitivity + * The object that contains current configuration for case sensitivity + * for usernames and group names. * * @return * The user having the given username, or null if no such user exists. */ UserModel selectOne(@Param("username") String username, - @Param("caseSensitive") boolean caseSensitive); + @Param("caseSensitivity") CaseSensitivity caseSensitivity); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java index b1256c9b29..4ffa850ac6 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java @@ -27,12 +27,11 @@ import java.util.Collections; import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.guacamole.net.auth.Credentials; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleUnsupportedException; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.ActivityRecordModel; import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm; @@ -51,12 +50,14 @@ import org.apache.guacamole.net.auth.ActivityRecord; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; +import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.permission.ObjectPermission; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.SystemPermission; import org.apache.guacamole.net.auth.permission.SystemPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -219,8 +220,8 @@ protected UserModel getModelInstance(ModeledAuthenticatedUser currentUser, } @Override - protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException { - return environment.getCaseSensitiveUsernames(); + protected CaseSensitivity getCaseSensitivity() throws GuacamoleException { + return environment.getCaseSensitivity(); } @Override @@ -254,7 +255,7 @@ protected void beforeCreate(ModeledAuthenticatedUser user, User object, // Do not create duplicate users Collection existing = userMapper.select(Collections.singleton( - model.getIdentifier()), user.isCaseSensitive()); + model.getIdentifier()), getCaseSensitivity()); if (!existing.isEmpty()) throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists."); @@ -291,7 +292,7 @@ protected void beforeUpdate(ModeledAuthenticatedUser user, // Check whether such a user is already present UserModel existing = userMapper.selectOne(model.getIdentifier(), - user.isCaseSensitive()); + getCaseSensitivity()); if (existing != null) { // Do not rename to existing user @@ -359,7 +360,7 @@ public void deleteObject(ModeledAuthenticatedUser user, String identifier) beforeDelete(user, identifier); // Delete object - userMapper.delete(identifier, user.isCaseSensitive()); + userMapper.delete(identifier, getCaseSensitivity()); } @@ -401,7 +402,7 @@ public ModeledAuthenticatedUser retrieveAuthenticatedUser(AuthenticationProvider // Retrieve corresponding user model, if such a user exists UserModel userModel = userMapper.selectOne(username, - getCaseSensitiveIdentifiers()); + getCaseSensitivity()); if (userModel == null) return null; @@ -443,7 +444,7 @@ public ModeledUser retrieveUser(AuthenticationProvider authenticationProvider, // Retrieve corresponding user model, if such a user exists UserModel userModel = userMapper.selectOne(authenticatedUser.getIdentifier(), - authenticatedUser.isCaseSensitive()); + getCaseSensitivity()); if (userModel == null) return null; @@ -642,7 +643,7 @@ public List retrieveHistory(String username, if (user.isPrivileged() || user.getUser().getEffectivePermissions().getSystemPermissions().hasPermission(SystemPermission.Type.AUDIT)) searchResults = userRecordMapper.search(username, recordIdentifier, requiredContents, sortPredicates, limit, - user.isCaseSensitive()); + getCaseSensitivity()); // Otherwise only return explicitly readable history records else @@ -650,7 +651,7 @@ public List retrieveHistory(String username, user.getUser().getModel(), recordIdentifier, requiredContents, sortPredicates, limit, user.getEffectiveUserGroups(), - user.isCaseSensitive()); + getCaseSensitivity()); return getObjectInstances(searchResults); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java index 8b30db4b31..dcdb5979e5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java @@ -28,6 +28,7 @@ import java.util.Map; import java.util.Set; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.JDBCEnvironment; import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.form.BooleanField; @@ -35,6 +36,8 @@ import org.apache.guacamole.form.Form; import org.apache.guacamole.net.auth.RelatedObjectSet; import org.apache.guacamole.net.auth.UserGroup; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * An implementation of the UserGroup object which is backed by a database model. @@ -42,6 +45,11 @@ public class ModeledUserGroup extends ModeledPermissions implements UserGroup { + /** + * The Logger for this class. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(ModeledUserGroup.class); + /** * All possible attributes of user groups organized as individual, * logical forms. @@ -74,6 +82,13 @@ public class ModeledUserGroup extends ModeledPermissions */ @Inject private Provider memberUserGroupSetProvider; + + /** + * The environment associated with this instance of the JDBC authentication + * module. + */ + @Inject + private JDBCEnvironment environment; /** * Whether attributes which control access restrictions should be exposed @@ -187,5 +202,20 @@ public RelatedObjectSet getMemberUserGroups() throws GuacamoleException { memberUserGroupSet.init(getCurrentUser(), this); return memberUserGroupSet; } + + @Override + public boolean isCaseSensitive() { + try { + return environment.getCaseSensitivity().caseSensitiveGroupNames(); + } + catch (GuacamoleException e) { + LOGGER.error("Error while retrieving case sensitivity configuration: {}. " + + "Group names comparisons will be case-sensitive.", + e.getMessage()); + LOGGER.debug("An exception was caught when attempting to retrieve the " + + "case sensitivity configuration.", e); + return true; + } + } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java index 7c048f7f50..268bfcb0ca 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.java @@ -20,6 +20,7 @@ package org.apache.guacamole.auth.jdbc.usergroup; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.ibatis.annotations.Param; /** @@ -33,10 +34,15 @@ public interface UserGroupMapper extends ModeledDirectoryObjectMapper getObjectRelationMapper() { return userGroupMemberUserGroupMapper; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java index 87613f3553..3aa8079300 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java @@ -25,6 +25,7 @@ import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; +import org.apache.guacamole.properties.CaseSensitivity; /** * RelatedObjectSet implementation which represents the one-to-many @@ -32,6 +33,13 @@ */ public class UserGroupMemberUserSet extends RelatedObjectSet { + /** + * The environment of the running server, used for retrieving server + * configuration information. + */ + @Inject + private JDBCEnvironment environment; + /** * Mapper for the relation between user groups and their user members. */ @@ -39,8 +47,8 @@ public class UserGroupMemberUserSet extends RelatedObjectSet getObjectRelationMapper() { diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java index 547b15997b..525233fc44 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupService.java @@ -21,10 +21,11 @@ import com.google.inject.Inject; import com.google.inject.Provider; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.JDBCEnvironment; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.auth.jdbc.base.EntityMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.UserGroupPermissionMapper; @@ -46,6 +47,12 @@ public class UserGroupService extends ModeledDirectoryObjectService userGroupProvider; - + @Override protected ModeledDirectoryObjectMapper getObjectMapper() { return userGroupMapper; @@ -145,7 +152,8 @@ protected void beforeCreate(ModeledAuthenticatedUser user, UserGroup object, throw new GuacamoleClientException("The group name must not be blank."); // Do not create duplicate user groups - UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier()); + UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier(), + environment.getCaseSensitivity()); if (existing != null) throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists."); @@ -166,7 +174,8 @@ protected void beforeUpdate(ModeledAuthenticatedUser user, // Do not allow groups to be renamed if the name collides with that of // another, existing group - UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier()); + UserGroupModel existing = userGroupMapper.selectOne(model.getIdentifier(), + environment.getCaseSensitivity()); if (existing != null && !existing.getObjectID().equals(model.getObjectID())) throw new GuacamoleClientException("Group \"" + model.getIdentifier() + "\" already exists."); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java index faedb237af..ce13bfed20 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java @@ -29,6 +29,7 @@ import org.apache.guacamole.auth.mysql.conf.MySQLDriver; import org.apache.guacamole.auth.mysql.conf.MySQLEnvironment; import org.apache.guacamole.auth.mysql.conf.MySQLSSLMode; +import org.apache.guacamole.properties.CaseSensitivity; import org.mybatis.guice.datasource.helper.JdbcHelper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -129,14 +130,15 @@ public MySQLAuthenticationProviderModule(MySQLEnvironment environment) if (serverTz != null) driverProperties.setProperty("serverTimezone", serverTz.getID()); - // Check for case-sensitivity and warn admin - if (environment.getCaseSensitiveUsernames()) + // Check for case sensitivity and warn admin + if (environment.getCaseSensitivity() != CaseSensitivity.DISABLED) LOGGER.warn("The MySQL module is currently configured to support " - + "case-sensitive username comparisons, however, the default " - + "collations for MySQL databases do not support " - + "case-sensitive string comparisons. If you want usernames " - + "within Guacamole to be treated as case-sensitive, further " - + "database configuration may be required."); + + "case-sensitive username and/or group name comparisons, " + + "however, the default collations for MySQL databases do " + + "not support case-sensitive string comparisons. If you " + + "want identifiers within Guacamole to be treated as " + + "case-sensitive, further database configuration may be " + + "required."); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml index a292511947..2bffc2721b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml @@ -51,11 +51,24 @@ JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE type = 'USER_GROUP' - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + + AND disabled = false ) @@ -83,20 +96,44 @@ JOIN guacamole_entity member_entity ON guacamole_user_group_member.member_entity_id = member_entity.entity_id WHERE guacamole_user_group.disabled = false - AND member_entity.type = 'USER_GROUP' AND member_entity.name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND member_entity.type = 'USER_GROUP' AND + + + member_entity.name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(member_entity.name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + UNION SELECT guacamole_entity.name FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE type = 'USER_GROUP' AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + WHERE type = 'USER_GROUP' AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + @@ -117,11 +154,23 @@ JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE type = 'USER_GROUP' - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND guacamole_user_group.disabled = false UNION diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml index d42b47a1f2..ccbc19e732 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = 'READ' @@ -194,8 +195,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ) GROUP BY guacamole_connection.connection_id; @@ -209,8 +211,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -226,8 +229,9 @@ AND guacamole_connection_attribute.connection_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index f9e2e600ca..c6e8784805 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -62,7 +62,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -121,7 +121,7 @@ FROM guacamole_user WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0 @@ -190,16 +190,18 @@ AND guacamole_connection_history.connection_id IN ( - - + + + ) AND guacamole_connection_history.user_id IN ( - - + + + ) @@ -216,7 +218,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index 7274f79aea..bf92810f15 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -83,9 +83,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -93,8 +94,9 @@ @@ -116,8 +118,9 @@ parent_id IS NULL AND connection_group_id IN ( - - + + + ) @@ -190,8 +193,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -204,8 +208,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -218,8 +223,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ); @@ -235,8 +241,9 @@ AND guacamole_connection_group_attribute.connection_group_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index ad8076c853..b9ea64037f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -41,9 +41,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_group_id = #{identifier,jdbcType=VARCHAR} @@ -74,9 +76,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND connection_group_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_id = #{identifier,jdbcType=VARCHAR} @@ -74,9 +76,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND connection_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND sharing_profile_id = #{identifier,jdbcType=VARCHAR} @@ -74,9 +76,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND sharing_profile_id IN - - - + + + + @@ -55,9 +56,10 @@ FROM guacamole_system_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml index dab3804eb5..fdc148b4a9 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER_GROUP' @@ -63,13 +64,22 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} - AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name = #{identifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -82,21 +92,35 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND affected_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(affected_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + AND permission IN #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER_GROUP' @@ -108,15 +132,29 @@ JOIN guacamole_user_group affected_group ON guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN - - (#{permission.entityID,jdbcType=INTEGER}, - #{permission.type,jdbcType=VARCHAR}, - #{permission.objectIdentifier,jdbcType=VARCHAR}) - - AND affected_entity.type = 'USER_GROUP' - + affected_entity.type = 'USER_GROUP' + AND + + + (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN + + (#{permission.entityID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}, + #{permission.objectIdentifier,jdbcType=VARCHAR}) + + + + (guacamole_user_group_permission.entity_id, permission, LOWER(affected_entity.name)) IN + + (#{permission.entityID,jdbcType=INTEGER}, + #{permission.type,jdbcType=VARCHAR}, + LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR})) + + + + @@ -140,8 +178,16 @@ AS permissions JOIN guacamole_entity affected_entity ON - affected_entity.name = permissions.affected_name - AND affected_entity.type = 'USER_GROUP' + affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name = permissions.affected_name + + + LOWER(affected_entity.name) = LOWER(permissions.affected_name) + + JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index 37203bcf52..3dbc3b3a3f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER' @@ -63,14 +64,15 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND - + affected_entity.name = #{identifier,jdbcType=VARCHAR} @@ -90,13 +92,15 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER' AND - + affected_entity.name IN @@ -116,7 +120,6 @@ open="(" separator="," close=")"> #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER' @@ -129,7 +132,7 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - + (guacamole_user_permission.entity_id, permission, affected_entity.name) IN @@ -174,7 +177,7 @@ AS permissions JOIN guacamole_entity affected_entity ON - + affected_entity.name = permissions.affected_name diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index eb80c1bf8d..4a9115cba2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -66,9 +66,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = 'READ' @@ -76,8 +77,9 @@ @@ -125,8 +127,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -142,8 +145,9 @@ AND guacamole_sharing_profile_attribute.sharing_profile_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml index 30f6bc6764..a475c7ceb0 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml @@ -44,7 +44,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index e6e613f4c9..07be80f458 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_user_permission WHERE - - - + + + + AND permission = 'READ' @@ -97,8 +98,9 @@ WHERE guacamole_user.user_id IN ( - - + + + ) AND guacamole_entity.type = 'USER' @@ -132,7 +134,7 @@ LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id WHERE - + guacamole_entity.name @@ -143,7 +145,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -163,7 +165,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name @@ -174,7 +176,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -214,7 +216,7 @@ LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id WHERE - + guacamole_entity.name @@ -225,7 +227,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -236,8 +238,9 @@ AND guacamole_entity.type = 'USER' AND guacamole_user.user_id IN ( - - + + + ) GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; @@ -251,7 +254,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name @@ -262,7 +265,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -273,8 +276,9 @@ AND guacamole_entity.type = 'USER' AND guacamole_user.user_id IN ( - - + + + ); @@ -308,7 +312,7 @@ LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} @@ -327,7 +331,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} @@ -343,7 +347,7 @@ DELETE FROM guacamole_entity WHERE - + name = #{identifier,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml index 764213e6d9..1624dfa989 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,10 +61,26 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_entity.name IN + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -79,12 +96,28 @@ FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name IN + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier} + + + LOWER(#{identifier}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index 69d6a01623..a070a3a7d1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -50,7 +50,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -89,7 +89,7 @@ - + guacamole_user_history.username = #{identifier,jdbcType=VARCHAR} @@ -107,7 +107,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 @@ -163,13 +163,14 @@ + ) AND - + guacamole_entity.name = #{identifier,jdbcType=VARCHAR} @@ -187,7 +188,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml index 4d68da7540..1c521e8d41 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml @@ -68,9 +68,10 @@ FROM guacamole_user_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -83,8 +84,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_entity.type = 'USER_GROUP' @@ -101,12 +103,30 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + open="(" separator="," close=")"> + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP'; + ; SELECT guacamole_user_group_attribute.user_group_id, @@ -115,12 +135,30 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + open="(" separator="," close=")"> + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP'; + ; @@ -135,16 +173,34 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -155,16 +211,34 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN + WHERE + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_user_group.user_group_id IN ( + AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -182,7 +256,14 @@ FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + AND guacamole_entity.type = 'USER_GROUP'; SELECT @@ -193,8 +274,16 @@ JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} - AND guacamole_entity.type = 'USER_GROUP' + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + @@ -202,8 +291,15 @@ DELETE FROM guacamole_entity WHERE - name = #{identifier,jdbcType=VARCHAR} - AND type = 'USER_GROUP' + type = 'USER_GROUP' + + + name = #{identifier,jdbcType=VARCHAR} + + + LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml index bfcd6c647f..e589a8501c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml @@ -40,14 +40,15 @@ JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group_member.member_entity_id JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_user_group.user_group_id IN ( + guacamole_entity.type = 'USER_GROUP' + AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} + AND guacamole_user_group.user_group_id IN ( - - + + + ) - AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} - AND guacamole_entity.type = 'USER_GROUP' @@ -58,10 +59,26 @@ WHERE user_group_id = #{parent.objectID,jdbcType=INTEGER} AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_entity.name IN + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -76,12 +93,28 @@ guacamole_entity.entity_id FROM guacamole_entity WHERE - guacamole_entity.name IN + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier} + + + #{identifier} + + + LOWER(#{identifier}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_entity.entity_id NOT IN ( SELECT guacamole_user_group_member.member_entity_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml index c5f7030b92..776059c630 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml @@ -44,6 +44,7 @@ + ) AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -60,7 +61,7 @@ AND guacamole_entity.type = 'USER' AND - + guacamole_entity.name @@ -71,7 +72,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -92,8 +93,10 @@ guacamole_entity.entity_id FROM guacamole_entity WHERE + guacamole_entity.type = 'USER' + AND - + guacamole_entity.name @@ -104,15 +107,14 @@ - - #{identifier} + + #{identifier,jdbcType=VARCHAR} - LOWER(#{identifier}) + LOWER(#{identifier,jdbcType=VARCHAR}) - AND guacamole_entity.type = 'USER' AND guacamole_entity.entity_id NOT IN ( SELECT guacamole_user_group_member.member_entity_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml index 9fa81b91ef..531a4e5dd8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml @@ -41,14 +41,15 @@ JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id WHERE - guacamole_user_group.user_group_id IN ( + guacamole_entity.type = 'USER_GROUP' + AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} + AND guacamole_user_group.user_group_id IN ( - - + + + ) - AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} - AND guacamole_entity.type = 'USER_GROUP' @@ -60,10 +61,26 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND guacamole_entity.type = 'USER_GROUP' - AND guacamole_entity.name IN + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -79,12 +96,28 @@ FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE - guacamole_entity.name IN + guacamole_entity.type = 'USER_GROUP' + AND + + + guacamole_entity.name + + + LOWER(guacamole_entity.name) + + + IN - #{identifier,jdbcType=VARCHAR} + + + #{identifier,jdbcType=VARCHAR} + + + LOWER(#{identifier,jdbcType=VARCHAR}) + + - AND guacamole_entity.type = 'USER_GROUP' AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml index ca779a2182..37b6b439b2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml @@ -51,11 +51,23 @@ JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE type = 'USER_GROUP'::guacamole_entity_type - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND disabled = false ) @@ -81,11 +93,23 @@ JOIN guacamole_user_group ON guacamole_user_group.entity_id = guacamole_entity.entity_id WHERE type = 'USER_GROUP'::guacamole_entity_type - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND guacamole_user_group.disabled = false UNION diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml index 05c4f61ced..32f325d7c5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = 'READ' @@ -92,8 +93,9 @@ @@ -115,8 +117,9 @@ parent_id IS NULL AND connection_id IN ( - - + + + ) @@ -194,8 +197,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ) GROUP BY guacamole_connection.connection_id; @@ -209,8 +213,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -226,8 +231,9 @@ AND guacamole_connection_attribute.connection_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index 0889485f83..09a21d150b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -62,7 +62,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -119,7 +119,7 @@ FROM guacamole_user WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN username) > 0 @@ -188,16 +188,18 @@ AND guacamole_connection_history.connection_id IN ( - - + + + ) AND guacamole_connection_history.user_id IN ( - - + + + ) @@ -214,7 +216,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index dd2dbabb21..a26c80b3a8 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -83,9 +83,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -93,8 +94,9 @@ @@ -116,8 +118,9 @@ parent_id IS NULL AND connection_group_id IN ( - - + + + ) @@ -190,8 +193,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -204,8 +208,9 @@ AND guacamole_connection_group.connection_group_id IN ( - - + + + ); @@ -218,8 +223,9 @@ AND guacamole_connection.connection_id IN ( - - + + + ); @@ -235,8 +241,9 @@ AND guacamole_connection_group_attribute.connection_group_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index b67f3b46cd..c0e0cfbdae 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -41,9 +41,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer @@ -74,9 +76,10 @@ FROM guacamole_connection_group_permission WHERE - - - + + + + AND connection_group_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND connection_id = #{identifier,jdbcType=INTEGER}::integer @@ -74,9 +76,10 @@ FROM guacamole_connection_permission WHERE - - - + + + + AND connection_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer @@ -74,9 +76,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND sharing_profile_id IN - - - + + + + @@ -55,9 +56,10 @@ FROM guacamole_system_permission WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml index fd86d9d04b..8251901d75 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -63,13 +64,22 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type - AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + affected_entity.name = #{identifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -82,21 +92,34 @@ JOIN guacamole_entity affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND affected_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + affected_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(affected_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND permission IN #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type - AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -108,12 +131,29 @@ WHERE guacamole_user_group_permission.affected_user_group_id = affected_group.user_group_id AND affected_group.entity_id = affected_entity.entity_id - AND (guacamole_user_group_permission.entity_id, permission, affected_entity.name) IN + AND + + + (guacamole_user_group_permission.entity_id, permission, affected_entity.name) + + + (guacamole_user_group_permission.entity_id, permission, LOWER(affected_entity.name)) + + + IN (#{permission.entityID,jdbcType=INTEGER}, #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, - #{permission.objectIdentifier,jdbcType=INTEGER}) + + + #{permission.objectIdentifier,jdbcType=INTEGER} + + + LOWER(#{permission.objectIdentifier,jdbcType=INTEGER}) + + + ) AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -140,7 +180,14 @@ AS permissions JOIN guacamole_entity affected_entity ON - affected_entity.name = permissions.affected_name + + + affected_entity.name = permissions.affected_name + + + LOWER(affected_entity.name) = LOWER(permissions.affected_name) + + AND affected_entity.type = 'USER_GROUP'::guacamole_entity_type JOIN guacamole_user_group affected_group ON affected_group.entity_id = affected_entity.entity_id WHERE (permissions.entity_id, permissions.permission, affected_group.user_group_id) NOT IN ( diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index f96cc16a58..0ca81fb7fb 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER'::guacamole_entity_type @@ -63,22 +64,22 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type + AND affected_entity.type = 'USER'::guacamole_entity_type AND - + affected_entity.name = #{identifier,jdbcType=VARCHAR} LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) - - AND affected_entity.type = 'USER'::guacamole_entity_type @@ -91,13 +92,15 @@ JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER'::guacamole_entity_type AND - + affected_entity.name IN @@ -117,8 +120,7 @@ open="(" separator="," close=")"> #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type - AND affected_entity.type = 'USER'::guacamole_entity_type - + @@ -129,9 +131,11 @@ WHERE guacamole_user_permission.affected_user_id = affected_user.user_id AND affected_user.entity_id = affected_entity.entity_id + AND affected_entity.type = 'USER'::guacamole_entity_type + AND - - AND (guacamole_user_permission.entity_id, permission, affected_entity.name) IN + + (guacamole_user_permission.entity_id, permission, affected_entity.name) IN (#{permission.entityID,jdbcType=INTEGER}, @@ -140,7 +144,7 @@ - AND (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN + (guacamole_user_permission.entity_id, permission, LOWER(affected_entity.name)) IN (#{permission.entityID,jdbcType=INTEGER}, @@ -149,7 +153,6 @@ - AND affected_entity.type = 'USER'::guacamole_entity_type @@ -174,15 +177,16 @@ AS permissions JOIN guacamole_entity affected_entity ON + affected_entity.type = 'USER'::guacamole_entity_type + AND - + affected_entity.name = permissions.affected_name LOWER(affected_entity.name) = LOWER(permissions.affected_name) - AND affected_entity.type = 'USER'::guacamole_entity_type JOIN guacamole_user affected_user ON affected_user.entity_id = affected_entity.entity_id WHERE (permissions.entity_id, permissions.permission, affected_user.user_id) NOT IN ( SELECT diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index 71fec72dc3..e92d58fead 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -66,9 +66,10 @@ FROM guacamole_sharing_profile_permission WHERE - - - + + + + AND permission = 'READ' @@ -76,8 +77,9 @@ @@ -125,8 +127,9 @@ AND guacamole_sharing_profile.sharing_profile_id IN ( - - + + + ); @@ -142,8 +145,9 @@ AND guacamole_sharing_profile_attribute.sharing_profile_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml index 0e03a36169..a85a3889b2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml @@ -44,7 +44,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{username,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index d70a3cb9e1..0e3ccf5632 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -82,9 +82,10 @@ FROM guacamole_user_permission WHERE - - - + + + + AND permission = 'READ' @@ -94,14 +95,14 @@ SELECT guacamole_entity.name FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE - guacamole_user.user_id IN ( + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND guacamole_user.user_id IN ( - - + + + ) - AND guacamole_entity.type = 'USER'::guacamole_entity_type @@ -130,9 +131,10 @@ FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -143,15 +145,14 @@ - + #{identifier,jdbcType=VARCHAR} LOWER(#{identifier,jdbcType=VARCHAR}) - - AND guacamole_entity.type = 'USER'::guacamole_entity_type + GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; SELECT @@ -161,9 +162,10 @@ FROM guacamole_user_attribute JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -174,7 +176,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -182,7 +184,7 @@ - AND guacamole_entity.type = 'USER'::guacamole_entity_type; + ; @@ -212,9 +214,10 @@ FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -225,7 +228,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -233,11 +236,11 @@ - AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_user.user_id IN ( - - + + + ) GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; @@ -249,9 +252,10 @@ FROM guacamole_user_attribute JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name @@ -262,7 +266,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -270,11 +274,11 @@ - AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_user.user_id IN ( - - + + + ); @@ -306,16 +310,16 @@ FROM guacamole_user JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name = #{username,jdbcType=VARCHAR} LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR}) - AND guacamole_entity.type = 'USER'::guacamole_entity_type GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; SELECT @@ -325,31 +329,31 @@ FROM guacamole_user_attribute JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id - WHERE + WHERE guacamole_entity.type = 'USER'::guacamole_entity_type + AND - + guacamole_entity.name = #{username,jdbcType=VARCHAR} LOWER(guacamole_entity.name) = LOWER(#{username,jdbcType=VARCHAR}) - AND guacamole_entity.type = 'USER'::guacamole_entity_type DELETE FROM guacamole_entity - WHERE + WHERE type = 'USER'::guacamole_entity_type + AND - + name = #{identifier,jdbcType=VARCHAR} LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) - AND type = 'USER'::guacamole_entity_type diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml index ef7dc425c0..b92b03c1e6 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id AND guacamole_entity.entity_id = guacamole_user_group.entity_id AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type - AND guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -78,13 +92,25 @@ #{parent.entityID,jdbcType=INTEGER} FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index e13a2d2a40..5184fec70e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -50,7 +50,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + guacamole_entity.name = #{record.username,jdbcType=VARCHAR} @@ -89,7 +89,7 @@ - + guacamole_user_history.username = #{identifier,jdbcType=VARCHAR} @@ -107,7 +107,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 @@ -161,15 +161,16 @@ guacamole_connection_history.user_id IN ( - - + + + ) AND - + guacamole_entity.name = #{identifier,jdbcType=VARCHAR} @@ -187,7 +188,7 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id WHERE - + POSITION(#{term.term,jdbcType=VARCHAR} IN guacamole_entity.name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml index 88232ad11b..fac9172792 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml @@ -68,9 +68,10 @@ FROM guacamole_user_group_permission WHERE - - - + + + + AND permission = 'READ' @@ -80,14 +81,14 @@ SELECT guacamole_entity.name FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_user_group.user_group_id IN ( + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND guacamole_user_group.user_group_id IN ( - - + + + ) - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type @@ -101,12 +102,25 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + ; SELECT guacamole_user_group_attribute.user_group_id, @@ -115,12 +129,25 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + ; @@ -135,16 +162,29 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -155,16 +195,29 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND guacamole_user_group.user_group_id IN ( - - + + + ); @@ -181,9 +234,17 @@ disabled FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + + ; SELECT guacamole_user_group_attribute.user_group_id, @@ -192,18 +253,34 @@ FROM guacamole_user_group_attribute JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_attribute.user_group_id JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name = #{name,jdbcType=VARCHAR} - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name = #{name,jdbcType=VARCHAR} + + + LOWER(guacamole_entity.name) = LOWER(#{name,jdbcType=VARCHAR}) + + + ; DELETE FROM guacamole_entity - WHERE - name = #{identifier,jdbcType=VARCHAR} - AND type = 'USER_GROUP'::guacamole_entity_type + WHERE type = 'USER_GROUP'::guacamole_entity_type + AND + + + name = #{identifier,jdbcType=VARCHAR} + + + LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + + diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml index 09f12b2bfd..074322b4dc 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml @@ -42,8 +42,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -58,11 +59,24 @@ user_group_id = #{parent.objectID,jdbcType=INTEGER} AND guacamole_entity.entity_id = member_entity_id AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type - AND guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -75,13 +89,24 @@ #{parent.objectID,jdbcType=INTEGER}, guacamole_entity.entity_id FROM guacamole_entity - WHERE - guacamole_entity.name IN - - #{identifier} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier}) + + + AND guacamole_entity.entity_id NOT IN ( SELECT guacamole_user_group_member.member_entity_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml index 5e74d4b8aa..9e500b88ed 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml @@ -42,8 +42,9 @@ WHERE guacamole_user.user_id IN ( - - + + + ) AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -60,7 +61,7 @@ AND guacamole_entity.type = 'USER'::guacamole_entity_type AND - + guacamole_entity.name @@ -71,7 +72,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -93,7 +94,7 @@ FROM guacamole_entity WHERE - + guacamole_entity.name @@ -104,7 +105,7 @@ - + #{identifier} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml index 9fec628d3c..14d317d551 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE guacamole_user_group.user_group_id IN ( - - + + + ) AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id AND guacamole_entity.entity_id = guacamole_user_group.entity_id AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type - AND guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -78,13 +92,24 @@ #{parent.entityID,jdbcType=INTEGER} FROM guacamole_user_group JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id - WHERE - guacamole_entity.name IN - - #{identifier,jdbcType=VARCHAR} - - AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + WHERE guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND + + + guacamole_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(guacamole_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND guacamole_user_group.user_group_id NOT IN ( SELECT guacamole_user_group_member.user_group_id FROM guacamole_user_group_member diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java index f2f5e45cda..8d9c164efb 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java @@ -27,6 +27,7 @@ import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.auth.sqlserver.conf.SQLServerDriver; import org.apache.guacamole.auth.sqlserver.conf.SQLServerEnvironment; +import org.apache.guacamole.properties.CaseSensitivity; import org.mybatis.guice.datasource.helper.JdbcHelper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -96,8 +97,8 @@ public SQLServerAuthenticationProviderModule(SQLServerEnvironment environment) // Capture which driver to use for the connection. this.sqlServerDriver = environment.getSQLServerDriver(); - // Check for case-sensitivity and warn admin. - if (environment.getCaseSensitiveUsernames()) + // Check for case sensitivity and warn admin. + if (environment.getCaseSensitivity() != CaseSensitivity.DISABLED) LOGGER.warn("The SQL Server module is currently configured to support " + "case-sensitive username comparisons, however, the default " + "collations for SQL Server databases do not support " diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml index a13279ed53..b58938dffd 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml @@ -51,11 +51,23 @@ JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE type = 'USER_GROUP' - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND disabled = 0 ) @@ -83,11 +95,23 @@ JOIN [guacamole_user_group] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE type = 'USER_GROUP' - AND name IN - - #{effectiveGroup,jdbcType=VARCHAR} - + AND + + + name IN + + #{effectiveGroup,jdbcType=VARCHAR} + + + + LOWER(name) IN + + LOWER(#{effectiveGroup,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].disabled = 0 UNION ALL diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml index 7b1adae8e4..d811139c71 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml @@ -82,9 +82,10 @@ FROM [guacamole_connection_permission] WHERE - - - + + + + AND permission = 'READ' @@ -92,8 +93,9 @@ @@ -115,8 +117,9 @@ parent_id IS NULL AND connection_id IN ( - - + + + ) @@ -199,8 +202,9 @@ AND [guacamole_connection].connection_id IN ( - - + + + ); @@ -213,8 +217,9 @@ AND [guacamole_sharing_profile].sharing_profile_id IN ( - - + + + ); @@ -230,8 +235,9 @@ AND [guacamole_connection_attribute].connection_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index 0a67bf31cf..7bbfe21f93 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -69,7 +69,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + [guacamole_entity].name = #{record.username,jdbcType=VARCHAR} @@ -119,7 +119,7 @@ FROM [guacamole_user] WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN username) > 0 @@ -186,16 +186,18 @@ AND [guacamole_connection_history].connection_id IN ( - - + + + ) AND [guacamole_connection_history].user_id IN ( - - + + + ) @@ -212,7 +214,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index 4bc8a27963..e0d3368f27 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -83,9 +83,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + AND permission = 'READ' @@ -93,8 +94,9 @@ @@ -116,8 +118,9 @@ parent_id IS NULL AND connection_group_id IN ( - - + + + ) @@ -190,8 +193,9 @@ AND [guacamole_connection_group].connection_group_id IN ( - - + + + ); @@ -204,8 +208,9 @@ AND [guacamole_connection_group].connection_group_id IN ( - - + + + ); @@ -218,8 +223,9 @@ AND [guacamole_connection].connection_id IN ( - - + + + ); @@ -235,8 +241,9 @@ AND [guacamole_connection_group_attribute].connection_group_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index 23cef25e3e..6ed0a46eb6 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -41,9 +41,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + @@ -58,9 +59,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_group_id = #{identifier,jdbcType=INTEGER} @@ -74,9 +76,10 @@ FROM [guacamole_connection_group_permission] WHERE - - - + + + + AND connection_group_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM [guacamole_connection_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND connection_id = #{identifier,jdbcType=INTEGER} @@ -74,9 +76,10 @@ FROM [guacamole_connection_permission] WHERE - - - + + + + AND connection_id IN - - - + + + + @@ -58,9 +59,10 @@ FROM [guacamole_sharing_profile_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} AND sharing_profile_id = #{identifier,jdbcType=INTEGER} @@ -74,9 +76,10 @@ FROM [guacamole_sharing_profile_permission] WHERE - - - + + + + AND sharing_profile_id IN - - - + + + + @@ -55,9 +56,10 @@ FROM [guacamole_system_permission] WHERE - - - + + + + AND permission = #{type,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml index 8c7ff2797d..2a7be87f03 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserGroupPermissionMapper.xml @@ -43,9 +43,10 @@ JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + AND affected_entity.type = 'USER_GROUP' @@ -63,13 +64,22 @@ JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND permission = #{type,jdbcType=VARCHAR} - AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER_GROUP' + AND permission = #{type,jdbcType=VARCHAR} + AND + + + affected_entity.name = #{identifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) + + @@ -82,22 +92,35 @@ JOIN [guacamole_entity] affected_entity ON affected_group.entity_id = affected_entity.entity_id WHERE - - - + + + + - AND affected_entity.name IN - - #{identifier,jdbcType=VARCHAR} - + AND affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER(affected_entity.name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND permission IN #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER_GROUP' - + @@ -112,8 +135,16 @@ open="(" separator=" OR " close=")"> ([guacamole_user_group_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND permission = #{permission.type,jdbcType=VARCHAR} AND - affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} AND - affected_entity.type = 'USER_GROUP') + affected_entity.type = 'USER_GROUP' + + + affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} + + + LOWER(affected_entity.name) = LOWER(#{permission.objectIdentifier,jdbcType=VARCHAR}) + + + ) @@ -139,8 +170,16 @@ AS permissions JOIN [guacamole_entity] affected_entity ON - affected_entity.name = permissions.affected_name - AND affected_entity.type = 'USER_GROUP' + affected_entity.type = 'USER_GROUP' + AND + + + affected_entity.name = permissions.affected_name + + + LOWER(affected_entity.name) = LOWER(permissions.affected_name) + + JOIN [guacamole_user_group] affected_group ON affected_group.entity_id = affected_entity.entity_id WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_group_permission] WHERE [guacamole_user_group_permission].entity_id = permissions.entity_id diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index a2f9ff8adf..279d351622 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -42,12 +42,14 @@ JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE + affected_entity.type = 'USER' + AND - - - - - AND affected_entity.type = 'USER' + + + + + @@ -63,21 +65,22 @@ JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER' AND permission = #{type,jdbcType=VARCHAR} AND - + affected_entity.name = #{identifier,jdbcType=VARCHAR} LOWER(affected_entity.name) = LOWER(#{identifier,jdbcType=VARCHAR}) - AND affected_entity.type = 'USER' @@ -90,13 +93,15 @@ JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - - - + + + + + AND affected_entity.type = 'USER' AND - + affected_entity.name IN @@ -116,8 +121,7 @@ open="(" separator="," close=")"> #{permission,jdbcType=VARCHAR} - AND affected_entity.type = 'USER' - + @@ -133,7 +137,7 @@ ([guacamole_user_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND permission = #{permission.type,jdbcType=VARCHAR} AND - + affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} @@ -167,15 +171,16 @@ AS permissions JOIN [guacamole_entity] affected_entity ON + affected_entity.type = 'USER' + AND - + affected_entity.name = permissions.affected_name LOWER(affected_entity.name) = LOWER(permissions.affected_name) - - AND affected_entity.type = 'USER' + JOIN [guacamole_user] affected_user ON affected_user.entity_id = affected_entity.entity_id WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_permission] WHERE [guacamole_user_permission].entity_id = permissions.entity_id diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index 34d9b58f7b..222c73700a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -66,9 +66,10 @@ FROM [guacamole_sharing_profile_permission] WHERE - - - + + + + AND permission = 'READ' @@ -76,8 +77,9 @@ @@ -125,8 +127,9 @@ AND [guacamole_sharing_profile].sharing_profile_id IN ( - - + + + ); @@ -142,8 +145,9 @@ AND [guacamole_sharing_profile_attribute].sharing_profile_id IN ( - - + + + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml index da453d44d4..4aad5d6474 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/PasswordRecordMapper.xml @@ -44,7 +44,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + [guacamole_entity].name = #{username,jdbcType=VARCHAR} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index a4530335ad..2b7e01e22e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -82,9 +82,10 @@ FROM [guacamole_user_permission] WHERE - - - + + + + AND permission = 'READ' @@ -97,8 +98,9 @@ WHERE [guacamole_user].user_id IN ( - - + + + ) AND [guacamole_entity].type = 'USER' @@ -134,8 +136,10 @@ FROM [guacamole_user] JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -146,7 +150,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -154,7 +158,7 @@ - AND [guacamole_entity].type = 'USER'; + ; SELECT [guacamole_user_attribute].user_id, @@ -164,8 +168,10 @@ JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -176,7 +182,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -184,7 +190,7 @@ - AND [guacamole_entity].type = 'USER'; + ; @@ -218,8 +224,10 @@ FROM [guacamole_user] JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -230,7 +238,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -238,7 +246,6 @@ - AND [guacamole_entity].type = 'USER' AND [guacamole_user].user_id IN ( @@ -253,9 +260,11 @@ FROM [guacamole_user_attribute] JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id - WHERE + WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -266,7 +275,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -274,11 +283,11 @@ - AND [guacamole_entity].type = 'USER' AND [guacamole_user].user_id IN ( - - + + + ); @@ -314,15 +323,17 @@ FROM [guacamole_user] JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name = #{username,jdbcType=VARCHAR} LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR}) - AND [guacamole_entity].type = 'USER'; + ; SELECT [guacamole_user_attribute].user_id, @@ -332,15 +343,16 @@ JOIN [guacamole_user] ON [guacamole_user].user_id = [guacamole_user_attribute].user_id JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE + [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name = #{username,jdbcType=VARCHAR} LOWER([guacamole_entity].name) = LOWER(#{username,jdbcType=VARCHAR}) - AND [guacamole_entity].type = 'USER' @@ -348,15 +360,16 @@ DELETE FROM [guacamole_entity] WHERE + type = 'USER' + AND - + name = #{identifier,jdbcType=VARCHAR} LOWER(name) = LOWER(#{identifier,jdbcType=VARCHAR}) - AND type = 'USER' diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml index ee67931adb..c914994a8b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE [guacamole_user_group].user_group_id IN ( - - + + + ) AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND [guacamole_entity].type = 'USER_GROUP' - AND [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -79,12 +93,25 @@ FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE - [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + AND [guacamole_user_group].user_group_id NOT IN ( SELECT [guacamole_user_group_member].user_group_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index 5bcc3b95f6..d104c903a7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -50,7 +50,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + [guacamole_entity].name = #{record.username,jdbcType=VARCHAR} @@ -89,7 +89,7 @@ - + [guacamole_user_history].username = #{identifier,jdbcType=VARCHAR} @@ -107,7 +107,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 @@ -159,15 +159,16 @@ [guacamole_connection_history].user_id IN ( - - + + + ) AND - + [guacamole_entity].name = #{identifier,jdbcType=VARCHAR} @@ -185,7 +186,7 @@ JOIN [guacamole_entity] ON [guacamole_user].entity_id = [guacamole_entity].entity_id WHERE - + CHARINDEX(#{term.term,jdbcType=VARCHAR} IN [guacamole_entity].name) > 0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml index 21c776aa13..ccbec3ee5f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml @@ -68,9 +68,10 @@ FROM [guacamole_user_group_permission] WHERE - - - + + + + AND permission = 'READ' @@ -81,13 +82,14 @@ FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id WHERE - [guacamole_user_group].user_group_id IN ( + [guacamole_entity].type = 'USER_GROUP' + AND [guacamole_user_group].user_group_id IN ( - - + + + - ) - AND [guacamole_entity].type = 'USER_GROUP' + ) @@ -101,12 +103,26 @@ disabled FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP'; + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + + ; SELECT [guacamole_user_group_attribute].user_group_id, @@ -115,12 +131,26 @@ FROM [guacamole_user_group_attribute] JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP'; + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + + ; @@ -135,16 +165,29 @@ disabled FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOOWER(#{identifier,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].user_group_id IN ( - - + + + ); @@ -155,16 +198,29 @@ FROM [guacamole_user_group_attribute] JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].user_group_id IN ( - - + + + ); @@ -181,9 +237,17 @@ disabled FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE - [guacamole_entity].name = #{name,jdbcType=VARCHAR} - AND [guacamole_entity].type = 'USER_GROUP'; + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name = #{name,jdbcType=VARCHAR} + + + LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR}) + + + ; SELECT [guacamole_user_group_attribute].user_group_id, @@ -192,9 +256,16 @@ FROM [guacamole_user_group_attribute] JOIN [guacamole_user_group] ON [guacamole_user_group].user_group_id = [guacamole_user_group_attribute].user_group_id JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE - [guacamole_entity].name = #{name,jdbcType=VARCHAR} - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name = #{name,jdbcType=VARCHAR} + + + LOWER([guacamole_entity].name) = LOWER(#{name,jdbcType=VARCHAR}) + + diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml index b11a3c5290..a45719108b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserGroupMapper.xml @@ -42,8 +42,9 @@ WHERE [guacamole_user_group].user_group_id IN ( - - + + + ) AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -58,11 +59,24 @@ WHERE user_group_id = #{parent.objectID,jdbcType=INTEGER} AND [guacamole_entity].type = 'USER_GROUP' - AND [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -75,13 +89,25 @@ #{parent.objectID,jdbcType=INTEGER}, [guacamole_entity].entity_id FROM [guacamole_entity] - WHERE - [guacamole_entity].name IN - - #{identifier} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier}) + + + + AND [guacamole_entity].entity_id NOT IN ( SELECT [guacamole_user_group_member].member_entity_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml index 70fe520da1..6073c150c5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml @@ -42,8 +42,9 @@ WHERE [guacamole_user].user_id IN ( - - + + + ) AND [guacamole_user_group_member].user_group_id = #{parent.objectID,jdbcType=INTEGER} @@ -60,7 +61,7 @@ AND [guacamole_entity].type = 'USER' AND - + [guacamole_entity].name @@ -71,7 +72,7 @@ - + #{identifier,jdbcType=VARCHAR} @@ -91,9 +92,10 @@ #{parent.objectID,jdbcType=INTEGER}, [guacamole_entity].entity_id FROM [guacamole_entity] - WHERE + WHERE [guacamole_entity].type = 'USER' + AND - + [guacamole_entity].name @@ -104,7 +106,7 @@ - + #{identifier} @@ -112,7 +114,6 @@ - AND [guacamole_entity].type = 'USER' AND [guacamole_entity].entity_id NOT IN ( SELECT [guacamole_user_group_member].member_entity_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml index 198a6244d9..e791ffa9c7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml @@ -43,8 +43,9 @@ WHERE [guacamole_user_group].user_group_id IN ( - - + + + ) AND [guacamole_user_group_member].member_entity_id = #{parent.entityID,jdbcType=INTEGER} @@ -60,11 +61,24 @@ WHERE member_entity_id = #{parent.entityID,jdbcType=INTEGER} AND [guacamole_entity].type = 'USER_GROUP' - AND [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + + @@ -78,13 +92,24 @@ #{parent.entityID,jdbcType=INTEGER} FROM [guacamole_user_group] JOIN [guacamole_entity] ON [guacamole_user_group].entity_id = [guacamole_entity].entity_id - WHERE - [guacamole_entity].name IN - - #{identifier,jdbcType=VARCHAR} - - AND [guacamole_entity].type = 'USER_GROUP' + WHERE [guacamole_entity].type = 'USER_GROUP' + AND + + + [guacamole_entity].name IN + + #{identifier,jdbcType=VARCHAR} + + + + LOWER([guacamole_entity].name) IN + + LOWER(#{identifier,jdbcType=VARCHAR}) + + + AND [guacamole_user_group].user_group_id NOT IN ( SELECT [guacamole_user_group_member].user_group_id FROM [guacamole_user_group_member] diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java index d4ac0bc2e2..bddccd871f 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/JacksonLDAPConfiguration.java @@ -203,13 +203,6 @@ public class JacksonLDAPConfiguration implements LDAPConfiguration { */ @JsonProperty("member-attribute-type") private String memberAttributeType; - - /** - * The raw YAML value of {@link LDAPGuacamoleProperties#LDAP_USERNAMES_CASE_SENSITIVE}. - * If not set within the YAML, this will currently default to true. - */ - @JsonProperty("case-sensitive-usernames") - private String caseSensitiveUsernames; /** * The default configuration options for all parameters. diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java b/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java index 5dc3266c4f..593d7f74b3 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/environment/DelegatingEnvironment.java @@ -24,6 +24,7 @@ import java.util.Map; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration; +import org.apache.guacamole.properties.CaseSensitivity; import org.apache.guacamole.properties.GuacamoleProperties; import org.apache.guacamole.properties.GuacamoleProperty; import org.apache.guacamole.protocols.ProtocolInfo; @@ -115,8 +116,8 @@ public void addGuacamoleProperties(GuacamoleProperties properties) throws Guacam } @Override - public boolean getCaseSensitiveUsernames() throws GuacamoleException { - return environment.getCaseSensitiveUsernames(); + public CaseSensitivity getCaseSensitivity() throws GuacamoleException { + return environment.getCaseSensitivity(); } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java b/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java index e6154a17cc..572ad3d2e8 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java @@ -28,6 +28,8 @@ import org.apache.guacamole.GuacamoleUnsupportedException; import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration; import org.apache.guacamole.properties.BooleanGuacamoleProperty; +import org.apache.guacamole.properties.CaseSensitivity; +import org.apache.guacamole.properties.EnumGuacamoleProperty; import org.apache.guacamole.properties.GuacamoleProperty; import org.apache.guacamole.properties.IntegerGuacamoleProperty; import org.apache.guacamole.properties.StringGuacamoleProperty; @@ -71,15 +73,16 @@ public interface Environment { }; /** - * A property that configures whether or not Guacamole will take case - * into account when comparing and processing usernames. + * A property that configures how Guacamole handles case sensitivity - it + * can be enabled for both usernames and group names, just usernames, just + * group names, or disabled for both. */ - public static final BooleanGuacamoleProperty CASE_SENSITIVE_USERNAMES = - new BooleanGuacamoleProperty() { - + public static final EnumGuacamoleProperty CASE_SENSITIVITY = + new EnumGuacamoleProperty(CaseSensitivity.class) { + @Override - public String getName() { return "case-sensitive-usernames"; } - + public String getName() { return "case-sensitivity"; } + }; /** @@ -381,21 +384,19 @@ public default void addGuacamoleProperties(GuacamoleProperties properties) } /** - * Returns true if Guacamole should consider case when comparing and - * processing usernames (case-sensitive), or false if case should not be - * considered (case-insensitive). Because the past behavior of Guacamole, - * prior to the introduction of this option, was case-sensitive, the default - * value is true. + * Returns the case sensitivity configuration for Guacamole as defined + * in guacamole.properties, or the default of enabling case sensitivity + * for both usernames and group names. * * @return - * true if Guacamole should consider usernames case-sensitive, otherwise - * false. + * The case sensitivity setting as configured in guacamole.properties, + * or the default of enabling case sensitivity. * * @throws GuacamoleException - * If guacamole.properties cannot be parsed. + * If guacamole.properties cannot be read or parsed. */ - public default boolean getCaseSensitiveUsernames() throws GuacamoleException { - return getProperty(CASE_SENSITIVE_USERNAMES, true); + public default CaseSensitivity getCaseSensitivity() throws GuacamoleException { + return getProperty(CASE_SENSITIVITY, CaseSensitivity.ENABLED); } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java index ae9bc48eae..0fa477ccab 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java @@ -55,14 +55,14 @@ public Set getEffectiveUserGroups() { @Override public boolean isCaseSensitive() { try { - return environment.getCaseSensitiveUsernames(); + return environment.getCaseSensitivity().caseSensitiveUsernames(); } catch (GuacamoleException e) { - LOGGER.warn("Exception attempting to read the Guacamole configuration, " - + "usernames will be treated as case-sensitive.", e.getMessage()); - LOGGER.debug("Received GuacamoleException attempting to retrieve the " - + "case-sensitivity setting for usernames. Defaulting to" - + "case-sensitive usernames.", e); + LOGGER.error("Failed to retrieve the configuration for case sensitivity: {}. " + + "Username comparisons will be case-sensitive.", + e.getMessage()); + LOGGER.debug("An exception was caught when attempting to retrieve the " + + "case sensitivity configuration.", e); return true; } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java index c7b8a950c0..73728b4ab9 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractIdentifiable.java @@ -73,8 +73,8 @@ public boolean equals(Object other) { if (otherIdentifier == null) return identifier == null; - // If either this identifier or the one we're comparing to is - // case-sensitive, evaluate with case-sensitivity. + // If either this identifier or the one we're comparing to is + // case-sensitive, evaluate with case sensitivity. if (isCaseSensitive() || ((AbstractIdentifiable) other).isCaseSensitive()) return otherIdentifier.equals(identifier); diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java index 2c89cb0506..306d34f974 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java @@ -22,8 +22,12 @@ import java.util.Collections; import java.util.Map; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.environment.LocalEnvironment; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.SystemPermissionSet; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Base implementation of UserGroup which provides default implementations of @@ -31,6 +35,17 @@ */ public abstract class AbstractUserGroup extends AbstractIdentifiable implements UserGroup { + /** + * The logger for this class. + */ + private static final Logger LOGGER = LoggerFactory.getLogger(AbstractUserGroup.class); + + /** + * The server environment in which this Guacamole Client instance is + * running. + */ + private final Environment environment = LocalEnvironment.getInstance(); + /** * {@inheritDoc} * @@ -179,5 +194,20 @@ public RelatedObjectSet getMemberUsers() throws GuacamoleException { public RelatedObjectSet getMemberUserGroups() throws GuacamoleException { return RelatedObjectSet.EMPTY_SET; } + + @Override + public boolean isCaseSensitive() { + try { + return environment.getCaseSensitivity().caseSensitiveGroupNames(); + } + catch (GuacamoleException e) { + LOGGER.warn("Unable to retrieve server configuration, group names " + + "will default to case-sensitive."); + LOGGER.debug("Received an exception attempting to retrieve the " + + "property for group name case sensitivity, group names" + + "will be treated as case-sensitive.", e); + return true; + } + } } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java new file mode 100644 index 0000000000..8c5ca6b623 --- /dev/null +++ b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CaseSensitivity.java @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.properties; + +import org.apache.guacamole.properties.EnumGuacamoleProperty.PropertyValue; + +/** + * An enum that supports configuring various user and group case sensitivity + * settings. + */ +public enum CaseSensitivity { + + /** + * Case sensitivity enabled for both usernames and group names. + */ + @PropertyValue("enabled") + ENABLED(true, true), + + /** + * Case sensitivity enabled for usernames but disabled for group names. + */ + @PropertyValue("usernames") + USERS(true, false), + + /** + * Case sensitivity disabled for usernames but enabled for group names. + */ + @PropertyValue("group-names") + GROUPS(false, true), + + /** + * Case sensitivity disabled for both usernames and group names. + */ + @PropertyValue("disabled") + DISABLED(false, false); + + /** + * Whether or not case sensitivity should be enabled for usernames. + */ + private final boolean usernames; + + /** + * Whether or not case sensitivity should be enabled for group names. + */ + private final boolean groupNames; + + CaseSensitivity(boolean usernames, boolean groupNames) { + this.usernames = usernames; + this.groupNames = groupNames; + } + + /** + * Return "true" if case sensitivity is enabled for usernames, otherwise + * "false". + * + * @return + * "true" if case sensitivity is enabled for usernames, otherwise "false". + */ + public boolean caseSensitiveUsernames() { + return usernames; + } + + /** + * Return "true" if case sensitivity is enabled group names, otherwise + * "false". + * + * @return + * "true" if case sensitivity is enabled for group names, otherwise + * "false". + */ + public boolean caseSensitiveGroupNames() { + return groupNames; + } + +}