diff --git a/Moodle/SH/getsrt.sh b/Moodle/SH/getsrt.sh new file mode 100644 index 0000000..a7a7559 --- /dev/null +++ b/Moodle/SH/getsrt.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# Set the custom cache directory for Whisper models +export XDG_CACHE_HOME="/backup/whisper" + +# Create the cache directory if it does not exist +mkdir -p "$XDG_CACHE_HOME" + +# Iterate through all MP4 files in the current directory and subdirectories +find . -type f -name "*.mp4" | while read -r file; do + # Extract the directory and file name without the .mp4 extension + dir=$(dirname "$file") + filename=$(basename "$file" .mp4) + srt_file="$dir/$filename.srt" + + # Check if the corresponding SRT file exists + if [ ! -f "$srt_file" ]; then + # Run Whisper to generate SRT subtitles with English as the source language + echo "Generating subtitles for: $file" + whisper "$file" --model medium --output_format srt --task transcribe --language en --output_dir "$dir" + + # Rename the generated subtitle file to match the required format + if [ -f "$dir/$filename_en.srt" ]; then + mv "$dir/$filename_en.srt" "$srt_file" + else + echo "Warning: Expected $dir/$filename_en.srt not found." + fi + else + echo "Subtitle already exists for: $file" + fi +done + +echo "Process completed!" diff --git a/SH/agets.sh b/SH/agets.sh new file mode 100644 index 0000000..b7add0f --- /dev/null +++ b/SH/agets.sh @@ -0,0 +1,5 @@ +aria2c -x 16 --content-disposition-default-utf8=true --check-certificate=false -i list.txt \ + --continue=true \ + --check-integrity=true \ + --max-concurrent-downloads=5 \ + --log=aria2.log --log-level=notice diff --git a/SH/batch_run.sh b/SH/batch_run.sh new file mode 100644 index 0000000..bdf9fa5 --- /dev/null +++ b/SH/batch_run.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +# Kiểm tra có đối số không +if [ -z "$1" ] || [ -z "$2" ]; then + echo "Usage: $(basename "$0") " + exit 1 +fi +siteid=$1 +courseid=$2 + +# Lưu thư mục hiện tại (nơi chạy script, không phải nơi đặt script) +BASEDIR="$(pwd)" + +for dir in */ ; do + # Bỏ dấu '/' cuối + dirname="${dir%/}" + + # Cắt phần số trước dấu '.' và trim khoảng trắng + index=$(echo "$dirname" | cut -d'.' -f1 | tr -d '[:space:]') + + # Bỏ số 0 đầu nếu có + index_nozero=$(echo "$index" | sed 's/^0*//') + + # Nếu chuỗi rỗng (trường hợp '0') + if [ -z "$index_nozero" ]; then + index_nozero=0 + fi + + # Kiểm tra là số hợp lệ + if [[ "$index_nozero" =~ ^[0-9]+$ ]]; then + # Tính i-1 + i_minus_1=$((index_nozero - 1)) + + echo "===> Đang xử lý thư mục: $dirname (index: $index_nozero, i-1: $i_minus_1)" + + # Chuyển vào thư mục + cd "$dirname" || { echo "Không thể vào thư mục $dirname"; exit 1; } + + # Gọi online.sh với courseid từ dòng lệnh và i-1 + + case "$siteid" in + 1) + online.sh "$courseid" "$i_minus_1" + ;; + 2) + elearning.sh "$courseid" "$i_minus_1" + ;; + 3) + english.sh "$courseid" "$i_minus_1" + ;; + *) + echo "Không hỗ trợ siteid=$siteid" + exit 1 + ;; +esac + + # Quay lại thư mục gốc + cd "$BASEDIR" + else + echo "Bỏ qua $dirname (không bắt đầu bằng số)" + fi +done diff --git a/SH/create_course.sh b/SH/create_course.sh new file mode 100644 index 0000000..ba62438 --- /dev/null +++ b/SH/create_course.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Lấy thư mục hiện tại nơi người dùng chạy lệnh +CURRENT_DIR="$(pwd)" + +# Gọi PHP script, truyền tham số đầu vào và thư mục hiện tại +/usr/local/lsws/lsphp82/bin/php /usr/bin/create_moodle_course.php "$@" "$CURRENT_DIR" diff --git a/SH/createcourse.sh b/SH/createcourse.sh new file mode 100644 index 0000000..3a72d3b --- /dev/null +++ b/SH/createcourse.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Lấy thư mục hiện tại nơi người dùng chạy lệnh +CURRENT_DIR="$(pwd)" + +# Gọi PHP script, truyền tham số đầu vào và thư mục hiện tại +/usr/local/lsws/lsphp82/bin/php /usr/bin/createcourse.php "$@" "$CURRENT_DIR" diff --git a/SH/docker-compose.yml b/SH/docker-compose.yml new file mode 100644 index 0000000..7920274 --- /dev/null +++ b/SH/docker-compose.yml @@ -0,0 +1,48 @@ +version: '3' + +services: + guacd: + image: guacamole/guacd + container_name: guacd + restart: always + + guac_db: + image: postgres:15 + container_name: guac_db + restart: always + environment: + POSTGRES_DB: guacamole_db + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: guacamole_pass + volumes: + - guac_db_data:/var/lib/postgresql/data + - ./init:/docker-entrypoint-initdb.d + healthcheck: + test: ["CMD-SHELL", "pg_isready -U guacamole_user"] + interval: 10s + timeout: 5s + retries: 5 + + guacamole: + image: guacamole/guacamole + container_name: guacamole + restart: always + ports: + - "4000:8080" + environment: + GUACD_HOSTNAME: guacd + POSTGRES_HOSTNAME: guac_db + POSTGRES_DATABASE: guacamole_db + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: guacamole_pass + depends_on: + guac_db: + condition: service_healthy + guacd: + condition: service_started + volumes: + - /opt/guacamole/extensions:/etc/guacamole/extensions + - /opt/guacamole/config/guacamole.properties:/etc/guacamole/guacamole.properties + +volumes: + guac_db_data: diff --git a/SH/ebatch_run.sh b/SH/ebatch_run.sh new file mode 100644 index 0000000..2077e0f --- /dev/null +++ b/SH/ebatch_run.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# Kiểm tra có đối số không +if [ -z "$1" ]; then + echo "Usage: $(basename "$0") " + exit 1 +fi + +courseid="$1" + +# Lưu thư mục hiện tại (nơi chạy script, không phải nơi đặt script) +BASEDIR="$(pwd)" + +for dir in */ ; do + # Bỏ dấu '/' cuối + dirname="${dir%/}" + + # Cắt phần số trước dấu '.' và trim khoảng trắng + index=$(echo "$dirname" | cut -d'.' -f1 | tr -d '[:space:]') + + # Bỏ số 0 đầu nếu có + index_nozero=$(echo "$index" | sed 's/^0*//') + + # Nếu chuỗi rỗng (trường hợp '0') + if [ -z "$index_nozero" ]; then + index_nozero=0 + fi + + # Kiểm tra là số hợp lệ + if [[ "$index_nozero" =~ ^[0-9]+$ ]]; then + # Tính i-1 + i_minus_1=$((index_nozero - 1)) + + echo "===> Đang xử lý thư mục: $dirname (index: $index_nozero, i-1: $i_minus_1)" + + # Chuyển vào thư mục + cd "$dirname" || { echo "Không thể vào thư mục $dirname"; exit 1; } + + # Gọi online.sh với courseid từ dòng lệnh và i-1 + elearning.sh "$courseid" "$i_minus_1" + + # Quay lại thư mục gốc + cd "$BASEDIR" + else + echo "Bỏ qua $dirname (không bắt đầu bằng số)" + fi +done diff --git a/SH/ecreate_course.sh b/SH/ecreate_course.sh new file mode 100644 index 0000000..c558a53 --- /dev/null +++ b/SH/ecreate_course.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Lấy thư mục hiện tại nơi người dùng chạy lệnh +CURRENT_DIR="$(pwd)" + +# Gọi PHP script, truyền tham số đầu vào và thư mục hiện tại +php /usr/bin/ecreate_moodle_course.php "$@" "$CURRENT_DIR" diff --git a/SH/elearning.sh b/SH/elearning.sh new file mode 100644 index 0000000..0c377d8 --- /dev/null +++ b/SH/elearning.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Kiểm tra số lượng tham số đầu vào +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Gán tham số đầu vào vào biến +COURSEID=$1 +TOPICID=$2 + +# Lấy đường dẫn thư mục hiện tại +CURRENT_DIR=$(pwd) + +# Chạy lệnh PHP với các tham số, sử dụng mdl.media từ thư mục hiện tại +/usr/local/lsws/lsphp82/bin/php /home/elearning.huph.edu.vn/public_html/elearning/page.php "$CURRENT_DIR/mdl.media" "$COURSEID" "$TOPICID" + +# Hiển thị thông báo hoàn tất +echo "Command executed with mdl.media from $CURRENT_DIR, courseid=$COURSEID, and topicid=$TOPICID" diff --git a/SH/enbatch_run.sh b/SH/enbatch_run.sh new file mode 100644 index 0000000..499d441 --- /dev/null +++ b/SH/enbatch_run.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# Kiểm tra có đối số không +if [ -z "$1" ]; then + echo "Usage: $(basename "$0") " + exit 1 +fi + +courseid="$1" + +# Lưu thư mục hiện tại (nơi chạy script, không phải nơi đặt script) +BASEDIR="$(pwd)" + +for dir in */ ; do + # Bỏ dấu '/' cuối + dirname="${dir%/}" + + # Cắt phần số trước dấu '.' và trim khoảng trắng + index=$(echo "$dirname" | cut -d'.' -f1 | tr -d '[:space:]') + + # Bỏ số 0 đầu nếu có + index_nozero=$(echo "$index" | sed 's/^0*//') + + # Nếu chuỗi rỗng (trường hợp '0') + if [ -z "$index_nozero" ]; then + index_nozero=0 + fi + + # Kiểm tra là số hợp lệ + if [[ "$index_nozero" =~ ^[0-9]+$ ]]; then + # Tính i-1 + i_minus_1=$((index_nozero - 1)) + + echo "===> Đang xử lý thư mục: $dirname (index: $index_nozero, i-1: $i_minus_1)" + + # Chuyển vào thư mục + cd "$dirname" || { echo "Không thể vào thư mục $dirname"; exit 1; } + + # Gọi online.sh với courseid từ dòng lệnh và i-1 + english.sh "$courseid" "$i_minus_1" + + # Quay lại thư mục gốc + cd "$BASEDIR" + else + echo "Bỏ qua $dirname (không bắt đầu bằng số)" + fi +done diff --git a/SH/encreate_course.sh b/SH/encreate_course.sh new file mode 100644 index 0000000..3f5bed6 --- /dev/null +++ b/SH/encreate_course.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Lấy thư mục hiện tại nơi người dùng chạy lệnh +CURRENT_DIR="$(pwd)" + +# Gọi PHP script, truyền tham số đầu vào và thư mục hiện tại +php /usr/bin/encreate_moodle_course.php "$@" "$CURRENT_DIR" diff --git a/SH/encreatecourse.sh b/SH/encreatecourse.sh new file mode 100644 index 0000000..d75c986 --- /dev/null +++ b/SH/encreatecourse.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Lấy thư mục hiện tại nơi người dùng chạy lệnh +CURRENT_DIR="$(pwd)" + +# Gọi PHP script, truyền tham số đầu vào và thư mục hiện tại +/usr/local/lsws/lsphp82/bin/php /usr/bin/encreatecourse.php "$@" "$CURRENT_DIR" diff --git a/SH/english.sh b/SH/english.sh new file mode 100644 index 0000000..503a7c1 --- /dev/null +++ b/SH/english.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Kiểm tra số lượng tham số đầu vào +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Gán tham số đầu vào vào biến +COURSEID=$1 +TOPICID=$2 + +# Lấy đường dẫn thư mục hiện tại +CURRENT_DIR=$(pwd) + +# Chạy lệnh PHP với các tham số, sử dụng mdl.media từ thư mục hiện tại +/usr/local/lsws/lsphp82/bin/php /home/english.huph.edu.vn/public_html/english/page.php "$CURRENT_DIR/mdl.media" "$COURSEID" "$TOPICID" + +# Hiển thị thông báo hoàn tất +echo "Command executed with mdl.media from $CURRENT_DIR, courseid=$COURSEID, and topicid=$TOPICID" diff --git a/SH/genmedia.sh b/SH/genmedia.sh new file mode 100644 index 0000000..542504a --- /dev/null +++ b/SH/genmedia.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# Thư mục gốc của khóa học +COURSE_FOLDER="$(pwd)" + +# Tìm tất cả các thư mục con +mapfile -t DIRS < <(find "$COURSE_FOLDER" -type d) + +for dir in "${DIRS[@]}"; do + relative_path="${dir#*/vod/}" + OUTPUT_JSON="$dir/mdl.media" + + # Xóa tệp mdl.media cũ nếu tồn tại + rm -f "$OUTPUT_JSON" + + # Tìm và sắp xếp các file .mp3 và .mp4 theo thứ tự tự nhiên + mapfile -d '' -t FILES < <(find "$dir" -maxdepth 1 -type f \( -name '*.mp3' -o -name '*.mp4' \) -print0 | sort -z -V) + + for file in "${FILES[@]}"; do + filename=$(basename "$file") + vid="$relative_path/$filename" + echo "[stream=$vid]" >> "$OUTPUT_JSON" + done + + echo "File mdl.media created successfully in $dir." +done diff --git a/SH/genmedia.v.1.sh b/SH/genmedia.v.1.sh new file mode 100644 index 0000000..86d3e33 --- /dev/null +++ b/SH/genmedia.v.1.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Thư mục gốc của khóa học +COURSE_FOLDER="$(pwd)" + +# Hàm xử lý tạo mdl.media cho mỗi thư mục +process_dir() { + local dir="$1" + local relative_path="${dir#*/vod/}" + + # Đường dẫn đến tệp mdl.media trong thư mục + OUTPUT_JSON="$dir/mdl.media" + + # Xóa tệp mdl.media cũ nếu tồn tại + rm -f "$OUTPUT_JSON" + + # Tìm và sắp xếp các file .mp4 theo thứ tự tự nhiên (hỗ trợ cả số có hoặc không có leading zeros) + find "$dir" -maxdepth 1 -type f -name '*.mp4' -print0 | sort -z -V | while IFS= read -r -d '' file; do + if [ -f "$file" ]; then + filename=$(basename "$file") + vid="$relative_path/$filename" + echo "[stream=$vid]" >> "$OUTPUT_JSON" + fi + done + + echo "File mdl.media created successfully in $dir." +} + +# Duyệt qua thư mục gốc và tất cả các thư mục con, gọi hàm xử lý +find "$COURSE_FOLDER" -type d | while IFS= read -r dir; do + process_dir "$dir" +done diff --git a/SH/genmp3.sh b/SH/genmp3.sh new file mode 100644 index 0000000..542504a --- /dev/null +++ b/SH/genmp3.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# Thư mục gốc của khóa học +COURSE_FOLDER="$(pwd)" + +# Tìm tất cả các thư mục con +mapfile -t DIRS < <(find "$COURSE_FOLDER" -type d) + +for dir in "${DIRS[@]}"; do + relative_path="${dir#*/vod/}" + OUTPUT_JSON="$dir/mdl.media" + + # Xóa tệp mdl.media cũ nếu tồn tại + rm -f "$OUTPUT_JSON" + + # Tìm và sắp xếp các file .mp3 và .mp4 theo thứ tự tự nhiên + mapfile -d '' -t FILES < <(find "$dir" -maxdepth 1 -type f \( -name '*.mp3' -o -name '*.mp4' \) -print0 | sort -z -V) + + for file in "${FILES[@]}"; do + filename=$(basename "$file") + vid="$relative_path/$filename" + echo "[stream=$vid]" >> "$OUTPUT_JSON" + done + + echo "File mdl.media created successfully in $dir." +done diff --git a/SH/gets.sh b/SH/gets.sh new file mode 100644 index 0000000..7192dbb --- /dev/null +++ b/SH/gets.sh @@ -0,0 +1,2 @@ +wget --no-check-certificate --content-disposition --max-redirect=10 --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" --referer="https://en.git.ir/" -i list.txt + diff --git a/SH/getsrt.sh b/SH/getsrt.sh new file mode 100644 index 0000000..a7a7559 --- /dev/null +++ b/SH/getsrt.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# Set the custom cache directory for Whisper models +export XDG_CACHE_HOME="/backup/whisper" + +# Create the cache directory if it does not exist +mkdir -p "$XDG_CACHE_HOME" + +# Iterate through all MP4 files in the current directory and subdirectories +find . -type f -name "*.mp4" | while read -r file; do + # Extract the directory and file name without the .mp4 extension + dir=$(dirname "$file") + filename=$(basename "$file" .mp4) + srt_file="$dir/$filename.srt" + + # Check if the corresponding SRT file exists + if [ ! -f "$srt_file" ]; then + # Run Whisper to generate SRT subtitles with English as the source language + echo "Generating subtitles for: $file" + whisper "$file" --model medium --output_format srt --task transcribe --language en --output_dir "$dir" + + # Rename the generated subtitle file to match the required format + if [ -f "$dir/$filename_en.srt" ]; then + mv "$dir/$filename_en.srt" "$srt_file" + else + echo "Warning: Expected $dir/$filename_en.srt not found." + fi + else + echo "Subtitle already exists for: $file" + fi +done + +echo "Process completed!" diff --git a/SH/gettext.sh b/SH/gettext.sh new file mode 100644 index 0000000..342ca47 --- /dev/null +++ b/SH/gettext.sh @@ -0,0 +1,135 @@ +#! /bin/sh +# +# Copyright (C) 2003, 2005-2007, 2011, 2018-2020 Free Software Foundation, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . +# + +# Find a way to echo strings without interpreting backslash. +if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then + echo='echo' +else + if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then + echo='printf %s\n' + else + echo_func () { + cat < +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law." + echo "Written by" "Bruno Haible" + } + if test $# = 1; then + case "$1" in + --help | --hel | --he | --h ) + func_usage; exit 0 ;; + --version | --versio | --versi | --vers | --ver | --ve | --v ) + func_version; exit 0 ;; + esac + fi + func_usage 1>&2 + exit 1 + ;; + esac +fi + +# eval_gettext MSGID +# looks up the translation of MSGID and substitutes shell variables in the +# result. +eval_gettext () { + gettext "$1" | (export PATH `envsubst --variables "$1"`; envsubst "$1") +} + +# eval_ngettext MSGID MSGID-PLURAL COUNT +# looks up the translation of MSGID / MSGID-PLURAL for COUNT and substitutes +# shell variables in the result. +eval_ngettext () { + ngettext "$1" "$2" "$3" | (export PATH `envsubst --variables "$1 $2"`; envsubst "$1 $2") +} + +# eval_pgettext MSGCTXT MSGID +# looks up the translation of MSGID in the context MSGCTXT and substitutes +# shell variables in the result. +eval_pgettext () { + gettext --context="$1" "$2" | (export PATH `envsubst --variables "$2"`; envsubst "$2") +} + +# eval_npgettext MSGCTXT MSGID MSGID-PLURAL COUNT +# looks up the translation of MSGID / MSGID-PLURAL for COUNT in the context +# MSGCTXT and substitutes shell variables in the result. +eval_npgettext () { + ngettext --context="$1" "$2" "$3" "$4" | (export PATH `envsubst --variables "$2 $3"`; envsubst "$2 $3") +} + +# Note: This use of envsubst is much safer than using the shell built-in 'eval' +# would be. +# 1) The security problem with Chinese translations that happen to use a +# character such as \xe0\x60 is avoided. +# 2) The security problem with malevolent translators who put in command lists +# like "$(...)" or "`...`" is avoided. +# 3) The translations can only refer to shell variables that are already +# mentioned in MSGID or MSGID-PLURAL. +# +# Note: "export PATH" above is a dummy; this is for the case when +# `envsubst --variables ...` returns nothing. +# +# Note: In eval_ngettext above, "$1 $2" means a string whose variables set is +# the union of the variables set of "$1" and "$2". +# +# Note: The minimal use of backquote above ensures that trailing newlines are +# not dropped, not from the gettext invocation and not from the value of any +# shell variable. +# +# Note: Field splitting on the `envsubst --variables ...` result is desired, +# since envsubst outputs the variables, separated by newlines. Pathname +# wildcard expansion or tilde expansion has no effect here, since the words +# output by "envsubst --variables ..." consist solely of alphanumeric +# characters and underscore. diff --git a/SH/guacamole/docker-compose.yml b/SH/guacamole/docker-compose.yml new file mode 100644 index 0000000..7920274 --- /dev/null +++ b/SH/guacamole/docker-compose.yml @@ -0,0 +1,48 @@ +version: '3' + +services: + guacd: + image: guacamole/guacd + container_name: guacd + restart: always + + guac_db: + image: postgres:15 + container_name: guac_db + restart: always + environment: + POSTGRES_DB: guacamole_db + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: guacamole_pass + volumes: + - guac_db_data:/var/lib/postgresql/data + - ./init:/docker-entrypoint-initdb.d + healthcheck: + test: ["CMD-SHELL", "pg_isready -U guacamole_user"] + interval: 10s + timeout: 5s + retries: 5 + + guacamole: + image: guacamole/guacamole + container_name: guacamole + restart: always + ports: + - "4000:8080" + environment: + GUACD_HOSTNAME: guacd + POSTGRES_HOSTNAME: guac_db + POSTGRES_DATABASE: guacamole_db + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: guacamole_pass + depends_on: + guac_db: + condition: service_healthy + guacd: + condition: service_started + volumes: + - /opt/guacamole/extensions:/etc/guacamole/extensions + - /opt/guacamole/config/guacamole.properties:/etc/guacamole/guacamole.properties + +volumes: + guac_db_data: diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4.tar.gz b/SH/guacamole/guacamole-auth-jdbc-1.5.4.tar.gz new file mode 100644 index 0000000..81e87c6 Binary files /dev/null and b/SH/guacamole/guacamole-auth-jdbc-1.5.4.tar.gz differ diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/LICENSE b/SH/guacamole/guacamole-auth-jdbc-1.5.4/LICENSE new file mode 100644 index 0000000..80dd019 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/LICENSE @@ -0,0 +1,357 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +============================================================================== + +APACHE GUACAMOLE SUBCOMPONENTS + +Apache Guacamole includes a number of subcomponents with separate copyright +notices and license terms. Your use of these subcomponents is subject to the +terms and conditions of the following licenses. + + +AOP Alliance (http://aopalliance.sourceforge.net/) +-------------------------------------------------- + + Version: 1.0 + From: 'AOP Alliance' (http://aopalliance.sourceforge.net/members.html) + License(s): + Public Domain (bundled/aopalliance-1.0/LICENSE) + +From http://aopalliance.sourceforge.net/: + + LICENCE: all the source code provided by AOP Alliance is Public Domain. + + +Checker Framework qualifiers (https://checkerframework.org/) +------------------------------------------------------------ + + Version: 3.37.0 + From: 'Checker Framework developers' (https://checkerframework.org/) + License(s): + MIT (bundled/checker-qual-3.37.0/LICENSE.txt) + +Checker Framework qualifiers +Copyright 2004-present by the Checker Framework developers + +MIT License: + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + + +Error Prone (https://errorprone.info/) +-------------------------------------- + + Version: 2.21.1 + From: 'Google Inc.' (http://www.google.com/) + License(s): + Apache v2.0 + + +Google Guice (https://github.com/google/guice) +---------------------------------------------- + + Version: 5.1.0 + From: 'Google Inc.' (http://www.google.com/) + License(s): + Apache v2.0 + + +Guava: Google Core Libraries for Java (https://github.com/google/guava) +----------------------------------------------------------------------- + + Version: 32.1.3-jre + From: 'Google Inc.' (http://www.google.com/) + License(s): + Apache v2.0 + + +Java to Objective-C Annotations (https://github.com/google/j2objc) +------------------------------------------------------------------ + + Version: 2.8 + From: 'Google Inc.' (http://www.google.com/) + License(s): + Apache v2.0 + + +JSR-305 Reference Implementation (http://code.google.com/p/jsr-305/) +-------------------------------------------------------------------- + + Version: 3.0.2 (originally 0.1-SNAPSHOT, redistributed by FindBugs 3.0.2) + From: 'JSR305 expert group' (https://code.google.com/archive/p/jsr-305/) + License(s): + BSD 3-clause (bundled/findbugs-jsr305-3.0.2/LICENSE) + +Copyright (c) 2007-2009, JSR305 expert group +All rights reserved. + +http://www.opensource.org/licenses/bsd-license.php + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of the JSR305 expert group nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + + +JSR-330 / Dependency Injection for Java (http://code.google.com/p/atinject/) +---------------------------------------------------------------------------- + + Version: 1 + From: 'JSR-330 Expert Group' (https://jcp.org/en/jsr/detail?id=330) + License(s): + Apache v2.0 + + +MyBatis (http://www.mybatis.org/mybatis-3/) +------------------------------------------- + + Version: 3.5.14 + From: 'MyBatis' (http://www.mybatis.org/) + License(s): + Apache v2.0 + + +MyBatis-Guice (http://www.mybatis.org/guice/) +--------------------------------------------- + + Version: 3.18 + From: 'MyBatis' (http://www.mybatis.org/) + License(s): + Apache v2.0 diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/NOTICE b/SH/guacamole/guacamole-auth-jdbc-1.5.4/NOTICE new file mode 100644 index 0000000..df84551 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/NOTICE @@ -0,0 +1,69 @@ +Apache Guacamole +Copyright 2020 The Apache Software Foundation + +This product includes software developed at +The Apache Software Foundation (https://www.apache.org/). + +======== NOTICE for "MyBatis" ======== + +iBATIS + This product includes software developed by + The Apache Software Foundation (http://www.apache.org/). + + Copyright 2010 The Apache Software Foundation + +OGNL +//-------------------------------------------------------------------------- +// Copyright (c) 2004, Drew Davidson and Luke Blanshard +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in the +// documentation and/or other materials provided with the distribution. +// Neither the name of the Drew Davidson nor the names of its contributors +// may be used to endorse or promote products derived from this software +// without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +// OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +// AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +// DAMAGE. +//-------------------------------------------------------------------------- + +Refactored SqlBuilder class (SQL, AbstractSQL) + + This product includes software developed by + Adam Gent (https://gist.github.com/3650165) + + Copyright 2010 Adam Gent + +======== NOTICE for "MyBatis-Guice" ======== + +MyBatis-Guice +Copyright 2010-2013 + +This product includes software developed by +The MyBatis Team (http://www.mybatis.org/). + +iBATIS + This product includes software developed by + The Apache Software Foundation (http://www.apache.org/). + + Copyright 2010 The Apache Software Foundation + +Google Guice + Copyright 2010 The Apache Software Foundation diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/README b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/README new file mode 100644 index 0000000..47ba19d --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/README @@ -0,0 +1,4 @@ +Apache Guacamole includes a number of subcomponents with separate copyright +notices and license terms. Your use of these subcomponents is subject to the +terms and conditions of their respective licenses, included within this +directory for reference. diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/aopalliance-1.0/LICENSE b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/aopalliance-1.0/LICENSE new file mode 100644 index 0000000..8e0e378 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/aopalliance-1.0/LICENSE @@ -0,0 +1,4 @@ +From http://aopalliance.sourceforge.net/: + + LICENCE: all the source code provided by AOP Alliance is Public Domain. + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/checker-qual-3.37.0/LICENSE.txt b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/checker-qual-3.37.0/LICENSE.txt new file mode 100644 index 0000000..9837c6b --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/checker-qual-3.37.0/LICENSE.txt @@ -0,0 +1,22 @@ +Checker Framework qualifiers +Copyright 2004-present by the Checker Framework developers + +MIT License: + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/findbugs-jsr305-3.0.2/LICENSE b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/findbugs-jsr305-3.0.2/LICENSE new file mode 100644 index 0000000..6736681 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/findbugs-jsr305-3.0.2/LICENSE @@ -0,0 +1,28 @@ +Copyright (c) 2007-2009, JSR305 expert group +All rights reserved. + +http://www.opensource.org/licenses/bsd-license.php + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of the JSR305 expert group nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/mybatis-3.5.14/NOTICE b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/mybatis-3.5.14/NOTICE new file mode 100644 index 0000000..35d17fd --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/mybatis-3.5.14/NOTICE @@ -0,0 +1,45 @@ +iBATIS + This product includes software developed by + The Apache Software Foundation (http://www.apache.org/). + + Copyright 2010 The Apache Software Foundation + +OGNL +//-------------------------------------------------------------------------- +// Copyright (c) 2004, Drew Davidson and Luke Blanshard +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in the +// documentation and/or other materials provided with the distribution. +// Neither the name of the Drew Davidson nor the names of its contributors +// may be used to endorse or promote products derived from this software +// without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +// OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +// AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +// DAMAGE. +//-------------------------------------------------------------------------- + +Refactored SqlBuilder class (SQL, AbstractSQL) + + This product includes software developed by + Adam Gent (https://gist.github.com/3650165) + + Copyright 2010 Adam Gent + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/mybatis-guice-3.18/NOTICE b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/mybatis-guice-3.18/NOTICE new file mode 100644 index 0000000..328bb03 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/bundled/mybatis-guice-3.18/NOTICE @@ -0,0 +1,15 @@ +MyBatis-Guice +Copyright 2010-2013 + +This product includes software developed by +The MyBatis Team (http://www.mybatis.org/). + +iBATIS + This product includes software developed by + The Apache Software Foundation (http://www.apache.org/). + + Copyright 2010 The Apache Software Foundation + +Google Guice + Copyright 2010 The Apache Software Foundation + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/guacamole-auth-jdbc-mysql-1.5.4.jar b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/guacamole-auth-jdbc-mysql-1.5.4.jar new file mode 100644 index 0000000..0e975e0 Binary files /dev/null and b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/guacamole-auth-jdbc-mysql-1.5.4.jar differ diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/001-create-schema.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/001-create-schema.sql new file mode 100644 index 0000000..1606af1 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/001-create-schema.sql @@ -0,0 +1,613 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Table of connection groups. Each connection group has a name. +-- + +CREATE TABLE `guacamole_connection_group` ( + + `connection_group_id` int(11) NOT NULL AUTO_INCREMENT, + `parent_id` int(11), + `connection_group_name` varchar(128) NOT NULL, + `type` enum('ORGANIZATIONAL', + 'BALANCING') NOT NULL DEFAULT 'ORGANIZATIONAL', + + -- Concurrency limits + `max_connections` int(11), + `max_connections_per_user` int(11), + `enable_session_affinity` boolean NOT NULL DEFAULT 0, + + PRIMARY KEY (`connection_group_id`), + UNIQUE KEY `connection_group_name_parent` (`connection_group_name`, `parent_id`), + + CONSTRAINT `guacamole_connection_group_ibfk_1` + FOREIGN KEY (`parent_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of connections. Each connection has a name, protocol, and +-- associated set of parameters. +-- A connection may belong to a connection group. +-- + +CREATE TABLE `guacamole_connection` ( + + `connection_id` int(11) NOT NULL AUTO_INCREMENT, + `connection_name` varchar(128) NOT NULL, + `parent_id` int(11), + `protocol` varchar(32) NOT NULL, + + -- Guacamole proxy (guacd) overrides + `proxy_port` integer, + `proxy_hostname` varchar(512), + `proxy_encryption_method` enum('NONE', 'SSL'), + + -- Concurrency limits + `max_connections` int(11), + `max_connections_per_user` int(11), + + -- Load-balancing behavior + `connection_weight` int(11), + `failover_only` boolean NOT NULL DEFAULT 0, + + PRIMARY KEY (`connection_id`), + UNIQUE KEY `connection_name_parent` (`connection_name`, `parent_id`), + + CONSTRAINT `guacamole_connection_ibfk_1` + FOREIGN KEY (`parent_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE `guacamole_entity` ( + + `entity_id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(128) NOT NULL, + `type` enum('USER', + 'USER_GROUP') NOT NULL, + + PRIMARY KEY (`entity_id`), + UNIQUE KEY `guacamole_entity_name_scope` (`type`, `name`) + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of users. Each user has a unique username and a hashed password +-- with corresponding salt. Although the authentication system will always set +-- salted passwords, other systems may set unsalted passwords by simply not +-- providing the salt. +-- + +CREATE TABLE `guacamole_user` ( + + `user_id` int(11) NOT NULL AUTO_INCREMENT, + `entity_id` int(11) NOT NULL, + + -- Optionally-salted password + `password_hash` binary(32) NOT NULL, + `password_salt` binary(32), + `password_date` datetime NOT NULL, + + -- Account disabled/expired status + `disabled` boolean NOT NULL DEFAULT 0, + `expired` boolean NOT NULL DEFAULT 0, + + -- Time-based access restriction + `access_window_start` TIME, + `access_window_end` TIME, + + -- Date-based access restriction + `valid_from` DATE, + `valid_until` DATE, + + -- Timezone used for all date/time comparisons and interpretation + `timezone` VARCHAR(64), + + -- Profile information + `full_name` VARCHAR(256), + `email_address` VARCHAR(256), + `organization` VARCHAR(256), + `organizational_role` VARCHAR(256), + + PRIMARY KEY (`user_id`), + + UNIQUE KEY `guacamole_user_single_entity` (`entity_id`), + + CONSTRAINT `guacamole_user_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) + ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE `guacamole_user_group` ( + + `user_group_id` int(11) NOT NULL AUTO_INCREMENT, + `entity_id` int(11) NOT NULL, + + -- Group disabled status + `disabled` boolean NOT NULL DEFAULT 0, + + PRIMARY KEY (`user_group_id`), + + UNIQUE KEY `guacamole_user_group_single_entity` (`entity_id`), + + CONSTRAINT `guacamole_user_group_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) + ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE `guacamole_user_group_member` ( + + `user_group_id` int(11) NOT NULL, + `member_entity_id` int(11) NOT NULL, + + PRIMARY KEY (`user_group_id`, `member_entity_id`), + + -- Parent must be a user group + CONSTRAINT `guacamole_user_group_member_parent_id` + FOREIGN KEY (`user_group_id`) + REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT `guacamole_user_group_member_entity_id` + FOREIGN KEY (`member_entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of sharing profiles. Each sharing profile has a name, associated set +-- of parameters, and a primary connection. The primary connection is the +-- connection that the sharing profile shares, and the parameters dictate the +-- restrictions/features which apply to the user joining the connection via the +-- sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile ( + + `sharing_profile_id` int(11) NOT NULL AUTO_INCREMENT, + `sharing_profile_name` varchar(128) NOT NULL, + `primary_connection_id` int(11) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`), + UNIQUE KEY `sharing_profile_name_primary` (sharing_profile_name, primary_connection_id), + + CONSTRAINT `guacamole_sharing_profile_ibfk_1` + FOREIGN KEY (`primary_connection_id`) + REFERENCES `guacamole_connection` (`connection_id`) + ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of connection parameters. Each parameter is simply a name/value pair +-- associated with a connection. +-- + +CREATE TABLE `guacamole_connection_parameter` ( + + `connection_id` int(11) NOT NULL, + `parameter_name` varchar(128) NOT NULL, + `parameter_value` varchar(4096) NOT NULL, + + PRIMARY KEY (`connection_id`,`parameter_name`), + + CONSTRAINT `guacamole_connection_parameter_ibfk_1` + FOREIGN KEY (`connection_id`) + REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of sharing profile parameters. Each parameter is simply +-- name/value pair associated with a sharing profile. These parameters dictate +-- the restrictions/features which apply to the user joining the associated +-- connection via the sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + `sharing_profile_id` integer NOT NULL, + `parameter_name` varchar(128) NOT NULL, + `parameter_value` varchar(4096) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`, `parameter_name`), + + CONSTRAINT `guacamole_sharing_profile_parameter_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_attribute ( + + `user_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (user_id, attribute_name), + KEY `user_id` (`user_id`), + + CONSTRAINT guacamole_user_attribute_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_group_attribute ( + + `user_group_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (`user_group_id`, `attribute_name`), + KEY `user_group_id` (`user_group_id`), + + CONSTRAINT `guacamole_user_group_attribute_ibfk_1` + FOREIGN KEY (`user_group_id`) + REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_attribute ( + + `connection_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + KEY `connection_id` (`connection_id`), + + CONSTRAINT guacamole_connection_attribute_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_group_attribute ( + + `connection_group_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + KEY `connection_group_id` (`connection_group_id`), + + CONSTRAINT guacamole_connection_group_attribute_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_sharing_profile_attribute ( + + `sharing_profile_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + KEY `sharing_profile_id` (`sharing_profile_id`), + + CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of connection permissions. Each connection permission grants a user or +-- user group specific access to a connection. +-- + +CREATE TABLE `guacamole_connection_permission` ( + + `entity_id` int(11) NOT NULL, + `connection_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`entity_id`,`connection_id`,`permission`), + + CONSTRAINT `guacamole_connection_permission_ibfk_1` + FOREIGN KEY (`connection_id`) + REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_connection_permission_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of connection group permissions. Each group permission grants a user +-- or user group specific access to a connection group. +-- + +CREATE TABLE `guacamole_connection_group_permission` ( + + `entity_id` int(11) NOT NULL, + `connection_group_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`entity_id`,`connection_group_id`,`permission`), + + CONSTRAINT `guacamole_connection_group_permission_ibfk_1` + FOREIGN KEY (`connection_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_connection_group_permission_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of sharing profile permissions. Each sharing profile permission grants +-- a user or user group specific access to a sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + `entity_id` integer NOT NULL, + `sharing_profile_id` integer NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`entity_id`, `sharing_profile_id`, `permission`), + + CONSTRAINT `guacamole_sharing_profile_permission_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_sharing_profile_permission_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of system permissions. Each system permission grants a user or user +-- group a system-level privilege of some kind. +-- + +CREATE TABLE `guacamole_system_permission` ( + + `entity_id` int(11) NOT NULL, + `permission` enum('CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'CREATE_USER_GROUP', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`entity_id`,`permission`), + + CONSTRAINT `guacamole_system_permission_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of user permissions. Each user permission grants a user or user group +-- access to another user (the "affected" user) for a specific type of +-- operation. +-- + +CREATE TABLE `guacamole_user_permission` ( + + `entity_id` int(11) NOT NULL, + `affected_user_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`entity_id`,`affected_user_id`,`permission`), + + CONSTRAINT `guacamole_user_permission_ibfk_1` + FOREIGN KEY (`affected_user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_user_permission_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of user group permissions. Each user group permission grants a user +-- or user group access to a another user group (the "affected" user group) for +-- a specific type of operation. +-- + +CREATE TABLE `guacamole_user_group_permission` ( + + `entity_id` int(11) NOT NULL, + `affected_user_group_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`entity_id`, `affected_user_group_id`, `permission`), + + CONSTRAINT `guacamole_user_group_permission_affected_user_group` + FOREIGN KEY (`affected_user_group_id`) + REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_user_group_permission_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of connection history records. Each record defines a specific user's +-- session, including the connection used, the start time, and the end time +-- (if any). +-- + +CREATE TABLE `guacamole_connection_history` ( + + `history_id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) DEFAULT NULL, + `username` varchar(128) NOT NULL, + `remote_host` varchar(256) DEFAULT NULL, + `connection_id` int(11) DEFAULT NULL, + `connection_name` varchar(128) NOT NULL, + `sharing_profile_id` int(11) DEFAULT NULL, + `sharing_profile_name` varchar(128) DEFAULT NULL, + `start_date` datetime NOT NULL, + `end_date` datetime DEFAULT NULL, + + PRIMARY KEY (`history_id`), + KEY `user_id` (`user_id`), + KEY `connection_id` (`connection_id`), + KEY `sharing_profile_id` (`sharing_profile_id`), + KEY `start_date` (`start_date`), + KEY `end_date` (`end_date`), + KEY `connection_start_date` (`connection_id`, `start_date`), + + CONSTRAINT `guacamole_connection_history_ibfk_1` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE SET NULL, + + CONSTRAINT `guacamole_connection_history_ibfk_2` + FOREIGN KEY (`connection_id`) + REFERENCES `guacamole_connection` (`connection_id`) ON DELETE SET NULL, + + CONSTRAINT `guacamole_connection_history_ibfk_3` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE SET NULL + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- User login/logout history +-- + +CREATE TABLE guacamole_user_history ( + + `history_id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) DEFAULT NULL, + `username` varchar(128) NOT NULL, + `remote_host` varchar(256) DEFAULT NULL, + `start_date` datetime NOT NULL, + `end_date` datetime DEFAULT NULL, + + PRIMARY KEY (history_id), + KEY `user_id` (`user_id`), + KEY `start_date` (`start_date`), + KEY `end_date` (`end_date`), + KEY `user_start_date` (`user_id`, `start_date`), + + CONSTRAINT guacamole_user_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- User password history +-- + +CREATE TABLE guacamole_user_password_history ( + + `password_history_id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) NOT NULL, + + -- Salted password + `password_hash` binary(32) NOT NULL, + `password_salt` binary(32), + `password_date` datetime NOT NULL, + + PRIMARY KEY (`password_history_id`), + KEY `user_id` (`user_id`), + + CONSTRAINT `guacamole_user_password_history_ibfk_1` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/002-create-admin-user.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/002-create-admin-user.sql new file mode 100644 index 0000000..f62d6d1 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/002-create-admin-user.sql @@ -0,0 +1,53 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- Create default user "guacadmin" with password "guacadmin" +INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER'); +INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date) +SELECT + entity_id, + x'CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960', -- 'guacadmin' + x'FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264', + NOW() +FROM guacamole_entity WHERE name = 'guacadmin'; + +-- Grant this user all system permissions +INSERT INTO guacamole_system_permission (entity_id, permission) +SELECT entity_id, permission +FROM ( + SELECT 'guacadmin' AS username, 'CREATE_CONNECTION' AS permission + UNION SELECT 'guacadmin' AS username, 'CREATE_CONNECTION_GROUP' AS permission + UNION SELECT 'guacadmin' AS username, 'CREATE_SHARING_PROFILE' AS permission + UNION SELECT 'guacadmin' AS username, 'CREATE_USER' AS permission + UNION SELECT 'guacadmin' AS username, 'CREATE_USER_GROUP' AS permission + UNION SELECT 'guacadmin' AS username, 'ADMINISTER' AS permission +) permissions +JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER'; + +-- Grant admin permission to read/update/administer self +INSERT INTO guacamole_user_permission (entity_id, affected_user_id, permission) +SELECT guacamole_entity.entity_id, guacamole_user.user_id, permission +FROM ( + SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'READ' AS permission + UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'UPDATE' AS permission + UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'ADMINISTER' AS permission +) permissions +JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER' +JOIN guacamole_entity affected ON permissions.affected_username = affected.name AND guacamole_entity.type = 'USER' +JOIN guacamole_user ON guacamole_user.entity_id = affected.entity_id; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.8.2.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.8.2.sql new file mode 100644 index 0000000..616b728 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.8.2.sql @@ -0,0 +1,86 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Table of connection groups. Each connection group has a name. +-- + +CREATE TABLE `guacamole_connection_group` ( + + `connection_group_id` int(11) NOT NULL AUTO_INCREMENT, + `parent_id` int(11), + `connection_group_name` varchar(128) NOT NULL, + `type` enum('ORGANIZATIONAL', + 'BALANCING') NOT NULL DEFAULT 'ORGANIZATIONAL', + + + PRIMARY KEY (`connection_group_id`), + UNIQUE KEY `connection_group_name_parent` (`connection_group_name`, `parent_id`), + + CONSTRAINT `guacamole_connection_group_ibfk_1` + FOREIGN KEY (`parent_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + +-- +-- Changes to connection table to support grouping. +-- + +ALTER TABLE `guacamole_connection` ADD COLUMN `parent_id` int(11) AFTER `connection_name`; + +ALTER TABLE `guacamole_connection` DROP INDEX `connection_name`; +ALTER TABLE `guacamole_connection` ADD UNIQUE KEY `connection_name_parent` (`connection_name`, `parent_id`); + +ALTER TABLE `guacamole_connection` ADD CONSTRAINT `guacamole_connection_ibfk_1` + FOREIGN KEY (`parent_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE; + +-- +-- Table of connection group permissions. Each group permission grants a user +-- specific access to a connection group. +-- + +CREATE TABLE `guacamole_connection_group_permission` ( + + `user_id` int(11) NOT NULL, + `connection_group_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`user_id`,`connection_group_id`,`permission`), + + CONSTRAINT `guacamole_connection_group_permission_ibfk_1` + FOREIGN KEY (`connection_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_connection_group_permission_ibfk_2` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +ALTER TABLE `guacamole_system_permission` MODIFY `permission` + enum('CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_USER', + 'ADMINISTER') NOT NULL; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.10.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.10.sql new file mode 100644 index 0000000..4e60132 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.10.sql @@ -0,0 +1,184 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- User and connection IDs within history table can now be null +-- + +ALTER TABLE guacamole_connection_history + MODIFY COLUMN user_id INT(11) DEFAULT NULL; + +ALTER TABLE guacamole_connection_history + MODIFY COLUMN connection_id INT(11) DEFAULT NULL; + +-- +-- Add new username and connection_name columns to history table +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN username VARCHAR(128); + +ALTER TABLE guacamole_connection_history + ADD COLUMN connection_name VARCHAR(128); + +-- +-- Populate new name columns by joining corresponding tables +-- + +UPDATE guacamole_connection_history +JOIN guacamole_user + ON guacamole_user.user_id = guacamole_connection_history.user_id +SET guacamole_connection_history.username = guacamole_user.username; + +UPDATE guacamole_connection_history +JOIN guacamole_connection + ON guacamole_connection.connection_id = + guacamole_connection_history.connection_id +SET guacamole_connection_history.connection_name = + guacamole_connection.connection_name; + +-- +-- Set NOT NULL now that the column is fully populated +-- + +ALTER TABLE guacamole_connection_history + MODIFY username VARCHAR(128) NOT NULL; + +ALTER TABLE guacamole_connection_history + MODIFY connection_name VARCHAR(128) NOT NULL; + +-- +-- Remove old foreign key constraints with ON DELETE CASCADE +-- + +ALTER TABLE guacamole_connection_history + DROP FOREIGN KEY guacamole_connection_history_ibfk_1; + +ALTER TABLE guacamole_connection_history + DROP FOREIGN KEY guacamole_connection_history_ibfk_2; + +-- +-- Recreate foreign key constraints with ON DELETE SET NULL +-- + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL; + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_2 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL; + +-- +-- Add session affinity column +-- + +ALTER TABLE guacamole_connection_group + ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT 0; + +-- +-- Add new system-level permission +-- + +ALTER TABLE `guacamole_system_permission` + MODIFY `permission` enum('CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'ADMINISTER') NOT NULL; + +-- +-- Add sharing profile table +-- + +CREATE TABLE guacamole_sharing_profile ( + + `sharing_profile_id` int(11) NOT NULL AUTO_INCREMENT, + `sharing_profile_name` varchar(128) NOT NULL, + `primary_connection_id` int(11) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`), + UNIQUE KEY `sharing_profile_name_primary` (sharing_profile_name, primary_connection_id), + + CONSTRAINT `guacamole_sharing_profile_ibfk_1` + FOREIGN KEY (`primary_connection_id`) + REFERENCES `guacamole_connection` (`connection_id`) + ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Add table of sharing profile parameters +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + `sharing_profile_id` integer NOT NULL, + `parameter_name` varchar(128) NOT NULL, + `parameter_value` varchar(4096) NOT NULL, + + PRIMARY KEY (`sharing_profile_id`, `parameter_name`), + + CONSTRAINT `guacamole_sharing_profile_parameter_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Object-level permission table for sharing profiles +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + `user_id` integer NOT NULL, + `sharing_profile_id` integer NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`user_id`, `sharing_profile_id`, `permission`), + + CONSTRAINT `guacamole_sharing_profile_permission_ibfk_1` + FOREIGN KEY (`sharing_profile_id`) + REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_sharing_profile_permission_ibfk_2` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Add new (optional) sharing profile ID and name columns to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_id INT(11); + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_name VARCHAR(128); + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.11.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.11.sql new file mode 100644 index 0000000..84576eb --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.11.sql @@ -0,0 +1,53 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user password set date +-- + +ALTER TABLE guacamole_user + ADD COLUMN password_date DATETIME; + +UPDATE guacamole_user SET password_date = NOW(); + +ALTER TABLE guacamole_user + MODIFY COLUMN password_date DATETIME NOT NULL; + +-- +-- User password history +-- + +CREATE TABLE guacamole_user_password_history ( + + `password_history_id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) NOT NULL, + + -- Salted password + `password_hash` binary(32) NOT NULL, + `password_salt` binary(32), + `password_date` datetime NOT NULL, + + PRIMARY KEY (`password_history_id`), + KEY `user_id` (`user_id`), + + CONSTRAINT `guacamole_user_password_history_ibfk_1` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.13.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.13.sql new file mode 100644 index 0000000..95bbc1c --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.13.sql @@ -0,0 +1,40 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add guacd per-connection override columns +-- + +ALTER TABLE guacamole_connection ADD COLUMN proxy_port INT(11); +ALTER TABLE guacamole_connection ADD COLUMN proxy_hostname VARCHAR(512); + +ALTER TABLE guacamole_connection ADD COLUMN proxy_encryption_method ENUM( + 'NONE', + 'SSL' +); + +-- +-- Add new user profile columns +-- + +ALTER TABLE guacamole_user ADD COLUMN full_name VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN email_address VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN organization VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN organizational_role VARCHAR(256); + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.14.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.14.sql new file mode 100644 index 0000000..ee586bf --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.14.sql @@ -0,0 +1,70 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-connection weight +-- + +ALTER TABLE guacamole_connection + ADD COLUMN connection_weight int(11); + +-- +-- Add failover-only flag +-- + +ALTER TABLE guacamole_connection + ADD COLUMN failover_only BOOLEAN NOT NULL DEFAULT 0; + +-- +-- Add remote_host to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN remote_host VARCHAR(256) DEFAULT NULL; + +-- +-- Add covering index for connection history connection and start date +-- + +ALTER TABLE guacamole_connection_history ADD KEY (connection_id, start_date); + +-- +-- User login/logout history +-- + +CREATE TABLE guacamole_user_history ( + + `history_id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) DEFAULT NULL, + `username` varchar(128) NOT NULL, + `remote_host` varchar(256) DEFAULT NULL, + `start_date` datetime NOT NULL, + `end_date` datetime DEFAULT NULL, + + PRIMARY KEY (history_id), + KEY `user_id` (`user_id`), + KEY `start_date` (`start_date`), + KEY `end_date` (`end_date`), + KEY `user_start_date` (`user_id`, `start_date`), + + CONSTRAINT guacamole_user_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.6.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.6.sql new file mode 100644 index 0000000..aeba2aa --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.6.sql @@ -0,0 +1,36 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Explicitly add permission for each user to READ him/herself +-- + +INSERT INTO guacamole_user_permission + (user_id, affected_user_id, permission) +SELECT user_id, user_id, 'READ' +FROM guacamole_user +WHERE + user_id NOT IN ( + SELECT user_id + FROM guacamole_user_permission + WHERE + user_id = affected_user_id + AND permission = 'READ' + ); + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.7.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.7.sql new file mode 100644 index 0000000..8d7ebfd --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.7.sql @@ -0,0 +1,31 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user disable flag +-- + +ALTER TABLE guacamole_user ADD COLUMN disabled BOOLEAN NOT NULL DEFAULT 0; + +-- +-- Add per-user password expiration flag +-- + +ALTER TABLE guacamole_user ADD COLUMN expired BOOLEAN NOT NULL DEFAULT 0; + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.8.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.8.sql new file mode 100644 index 0000000..f03d8e7 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.8.sql @@ -0,0 +1,52 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user time-based access restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN access_window_start TIME; +ALTER TABLE guacamole_user ADD COLUMN access_window_end TIME; + +-- +-- Add per-user date-based account validity restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN valid_from DATE; +ALTER TABLE guacamole_user ADD COLUMN valid_until DATE; + +-- +-- Add per-user timezone for sake of time comparisons/interpretation. +-- + +ALTER TABLE guacamole_user ADD COLUMN timezone VARCHAR(64); + +-- +-- Add connection concurrency limits +-- + +ALTER TABLE guacamole_connection ADD COLUMN max_connections INT(11); +ALTER TABLE guacamole_connection ADD COLUMN max_connections_per_user INT(11); + +-- +-- Add connection group concurrency limits +-- + +ALTER TABLE guacamole_connection_group ADD COLUMN max_connections INT(11); +ALTER TABLE guacamole_connection_group ADD COLUMN max_connections_per_user INT(11); diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.9.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.9.sql new file mode 100644 index 0000000..858ce94 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-0.9.9.sql @@ -0,0 +1,26 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Ensure history entry start/end dates are indexed. +-- + +ALTER TABLE guacamole_connection_history ADD KEY (start_date); +ALTER TABLE guacamole_connection_history ADD KEY (end_date); +ALTER TABLE guacamole_connection_history ADD KEY search_index (start_date, connection_id, user_id); diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-1.0.0.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-1.0.0.sql new file mode 100644 index 0000000..0fccb61 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/mysql/schema/upgrade/upgrade-pre-1.0.0.sql @@ -0,0 +1,441 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add new system-level permission +-- + +ALTER TABLE `guacamole_system_permission` + MODIFY `permission` enum('CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'CREATE_USER_GROUP', + 'ADMINISTER') NOT NULL; + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE `guacamole_entity` ( + + `entity_id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(128) NOT NULL, + `type` enum('USER', + 'USER_GROUP') NOT NULL, + + PRIMARY KEY (`entity_id`), + UNIQUE KEY `guacamole_entity_name_scope` (`type`, `name`) + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE `guacamole_user_group` ( + + `user_group_id` int(11) NOT NULL AUTO_INCREMENT, + `entity_id` int(11) NOT NULL, + + -- Group disabled status + `disabled` boolean NOT NULL DEFAULT 0, + + PRIMARY KEY (`user_group_id`), + + UNIQUE KEY `guacamole_user_group_single_entity` (`entity_id`), + + CONSTRAINT `guacamole_user_group_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) + ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE `guacamole_user_group_member` ( + + `user_group_id` int(11) NOT NULL, + `member_entity_id` int(11) NOT NULL, + + PRIMARY KEY (`user_group_id`, `member_entity_id`), + + -- Parent must be a user group + CONSTRAINT `guacamole_user_group_member_parent_id` + FOREIGN KEY (`user_group_id`) + REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT `guacamole_user_group_member_entity_id` + FOREIGN KEY (`member_entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of user group permissions. Each user group permission grants a user +-- or user group access to a another user group (the "affected" user group) for +-- a specific type of operation. +-- + +CREATE TABLE `guacamole_user_group_permission` ( + + `entity_id` int(11) NOT NULL, + `affected_user_group_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`entity_id`, `affected_user_group_id`, `permission`), + + CONSTRAINT `guacamole_user_group_permission_affected_user_group` + FOREIGN KEY (`affected_user_group_id`) + REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_user_group_permission_entity` + FOREIGN KEY (`entity_id`) + REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Modify guacamole_user table to use guacamole_entity as a base +-- + +-- Add new entity_id column +ALTER TABLE guacamole_user ADD COLUMN entity_id int(11); + +-- Create user entities for each guacamole_user entry +INSERT INTO guacamole_entity (name, type) +SELECT username, 'USER' FROM guacamole_user; + +-- Update guacamole_user to point to corresponding guacamole_entity +UPDATE guacamole_user SET entity_id = ( + SELECT entity_id FROM guacamole_entity + WHERE + username = guacamole_entity.name + AND type = 'USER' +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_user MODIFY entity_id int(11) NOT NULL; + +-- The entity_id column should now be unique for each user +ALTER TABLE guacamole_user + ADD CONSTRAINT guacamole_user_single_entity + UNIQUE (entity_id); + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_user + ADD CONSTRAINT guacamole_user_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- The username column can now safely be removed +ALTER TABLE guacamole_user DROP COLUMN username; + +-- +-- Modify guacamole_connection_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_connection_permission ADD COLUMN entity_id int(11); + +-- Update guacamole_connection_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_connection_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_connection_permission MODIFY entity_id int(11) NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_connection_permission + ADD CONSTRAINT guacamole_connection_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- Remove user_id column +ALTER TABLE guacamole_connection_permission DROP FOREIGN KEY guacamole_connection_permission_ibfk_2; +ALTER TABLE guacamole_connection_permission DROP PRIMARY KEY; +ALTER TABLE guacamole_connection_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_connection_permission + ADD PRIMARY KEY (entity_id, connection_id, permission); + +-- +-- Modify guacamole_connection_group_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_connection_group_permission ADD COLUMN entity_id int(11); + +-- Update guacamole_connection_group_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_connection_group_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_group_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_connection_group_permission MODIFY entity_id int(11) NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_connection_group_permission + ADD CONSTRAINT guacamole_connection_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- Remove user_id column +ALTER TABLE guacamole_connection_group_permission DROP FOREIGN KEY guacamole_connection_group_permission_ibfk_2; +ALTER TABLE guacamole_connection_group_permission DROP PRIMARY KEY; +ALTER TABLE guacamole_connection_group_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_connection_group_permission + ADD PRIMARY KEY (entity_id, connection_group_id, permission); + +-- +-- Modify guacamole_sharing_profile_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_sharing_profile_permission ADD COLUMN entity_id int(11); + +-- Update guacamole_sharing_profile_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_sharing_profile_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_sharing_profile_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_sharing_profile_permission MODIFY entity_id int(11) NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_sharing_profile_permission + ADD CONSTRAINT guacamole_sharing_profile_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- Remove user_id column +ALTER TABLE guacamole_sharing_profile_permission DROP FOREIGN KEY guacamole_sharing_profile_permission_ibfk_2; +ALTER TABLE guacamole_sharing_profile_permission DROP PRIMARY KEY; +ALTER TABLE guacamole_sharing_profile_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_sharing_profile_permission + ADD PRIMARY KEY (entity_id, sharing_profile_id, permission); + +-- +-- Modify guacamole_user_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_user_permission ADD COLUMN entity_id int(11); + +-- Update guacamole_user_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_user_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_user_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_user_permission MODIFY entity_id int(11) NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_user_permission + ADD CONSTRAINT guacamole_user_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- Remove user_id column +ALTER TABLE guacamole_user_permission DROP FOREIGN KEY guacamole_user_permission_ibfk_2; +ALTER TABLE guacamole_user_permission DROP PRIMARY KEY; +ALTER TABLE guacamole_user_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_user_permission + ADD PRIMARY KEY (entity_id, affected_user_id, permission); + +-- +-- Modify guacamole_system_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_system_permission ADD COLUMN entity_id int(11); + +-- Update guacamole_system_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_system_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_system_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_system_permission MODIFY entity_id int(11) NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_system_permission + ADD CONSTRAINT guacamole_system_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- Remove user_id column +ALTER TABLE guacamole_system_permission DROP FOREIGN KEY guacamole_system_permission_ibfk_1; +ALTER TABLE guacamole_system_permission DROP PRIMARY KEY; +ALTER TABLE guacamole_system_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_system_permission + ADD PRIMARY KEY (entity_id, permission); + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_attribute ( + + `user_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (user_id, attribute_name), + KEY `user_id` (`user_id`), + + CONSTRAINT guacamole_user_attribute_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_group_attribute ( + + `user_group_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (`user_group_id`, `attribute_name`), + KEY `user_group_id` (`user_group_id`), + + CONSTRAINT `guacamole_user_group_attribute_ibfk_1` + FOREIGN KEY (`user_group_id`) + REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_attribute ( + + `connection_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + KEY `connection_id` (`connection_id`), + + CONSTRAINT guacamole_connection_attribute_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_group_attribute ( + + `connection_group_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + KEY `connection_group_id` (`connection_group_id`), + + CONSTRAINT guacamole_connection_group_attribute_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_sharing_profile_attribute ( + + `sharing_profile_id` int(11) NOT NULL, + `attribute_name` varchar(128) NOT NULL, + `attribute_value` varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + KEY `sharing_profile_id` (`sharing_profile_id`), + + CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/guacamole-auth-jdbc-postgresql-1.5.4.jar b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/guacamole-auth-jdbc-postgresql-1.5.4.jar new file mode 100644 index 0000000..246e144 Binary files /dev/null and b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/guacamole-auth-jdbc-postgresql-1.5.4.jar differ diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/001-create-schema.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/001-create-schema.sql new file mode 100644 index 0000000..9bcf1c5 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/001-create-schema.sql @@ -0,0 +1,736 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Connection group types +-- + +CREATE TYPE guacamole_connection_group_type AS ENUM( + 'ORGANIZATIONAL', + 'BALANCING' +); + +-- +-- Entity types +-- + +CREATE TYPE guacamole_entity_type AS ENUM( + 'USER', + 'USER_GROUP' +); + +-- +-- Object permission types +-- + +CREATE TYPE guacamole_object_permission_type AS ENUM( + 'READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER' +); + +-- +-- System permission types +-- + +CREATE TYPE guacamole_system_permission_type AS ENUM( + 'CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'CREATE_USER_GROUP', + 'ADMINISTER' +); + +-- +-- Guacamole proxy (guacd) encryption methods +-- + +CREATE TYPE guacamole_proxy_encryption_method AS ENUM( + 'NONE', + 'SSL' +); + +-- +-- Table of connection groups. Each connection group has a name. +-- + +CREATE TABLE guacamole_connection_group ( + + connection_group_id serial NOT NULL, + parent_id integer, + connection_group_name varchar(128) NOT NULL, + type guacamole_connection_group_type + NOT NULL DEFAULT 'ORGANIZATIONAL', + + -- Concurrency limits + max_connections integer, + max_connections_per_user integer, + enable_session_affinity boolean NOT NULL DEFAULT FALSE, + + PRIMARY KEY (connection_group_id), + + CONSTRAINT connection_group_name_parent + UNIQUE (connection_group_name, parent_id), + + CONSTRAINT guacamole_connection_group_ibfk_1 + FOREIGN KEY (parent_id) + REFERENCES guacamole_connection_group (connection_group_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_parent_id + ON guacamole_connection_group(parent_id); + +-- +-- Table of connections. Each connection has a name, protocol, and +-- associated set of parameters. +-- A connection may belong to a connection group. +-- + +CREATE TABLE guacamole_connection ( + + connection_id serial NOT NULL, + connection_name varchar(128) NOT NULL, + parent_id integer, + protocol varchar(32) NOT NULL, + + -- Concurrency limits + max_connections integer, + max_connections_per_user integer, + + -- Connection Weight + connection_weight integer, + failover_only boolean NOT NULL DEFAULT FALSE, + + -- Guacamole proxy (guacd) overrides + proxy_port integer, + proxy_hostname varchar(512), + proxy_encryption_method guacamole_proxy_encryption_method, + + PRIMARY KEY (connection_id), + + CONSTRAINT connection_name_parent + UNIQUE (connection_name, parent_id), + + CONSTRAINT guacamole_connection_ibfk_1 + FOREIGN KEY (parent_id) + REFERENCES guacamole_connection_group (connection_group_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_parent_id + ON guacamole_connection(parent_id); + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE guacamole_entity ( + + entity_id serial NOT NULL, + name varchar(128) NOT NULL, + type guacamole_entity_type NOT NULL, + + PRIMARY KEY (entity_id), + + CONSTRAINT guacamole_entity_name_scope + UNIQUE (type, name) + +); + +-- +-- Table of users. Each user has a unique username and a hashed password +-- with corresponding salt. Although the authentication system will always set +-- salted passwords, other systems may set unsalted passwords by simply not +-- providing the salt. +-- + +CREATE TABLE guacamole_user ( + + user_id serial NOT NULL, + entity_id integer NOT NULL, + + -- Optionally-salted password + password_hash bytea NOT NULL, + password_salt bytea, + password_date timestamptz NOT NULL, + + -- Account disabled/expired status + disabled boolean NOT NULL DEFAULT FALSE, + expired boolean NOT NULL DEFAULT FALSE, + + -- Time-based access restriction + access_window_start time, + access_window_end time, + + -- Date-based access restriction + valid_from date, + valid_until date, + + -- Timezone used for all date/time comparisons and interpretation + timezone varchar(64), + + -- Profile information + full_name varchar(256), + email_address varchar(256), + organization varchar(256), + organizational_role varchar(256), + + PRIMARY KEY (user_id), + + CONSTRAINT guacamole_user_single_entity + UNIQUE (entity_id), + + CONSTRAINT guacamole_user_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE + +); + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE guacamole_user_group ( + + user_group_id serial NOT NULL, + entity_id integer NOT NULL, + + -- Group disabled status + disabled boolean NOT NULL DEFAULT FALSE, + + PRIMARY KEY (user_group_id), + + CONSTRAINT guacamole_user_group_single_entity + UNIQUE (entity_id), + + CONSTRAINT guacamole_user_group_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE + +); + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE guacamole_user_group_member ( + + user_group_id integer NOT NULL, + member_entity_id integer NOT NULL, + + PRIMARY KEY (user_group_id, member_entity_id), + + -- Parent must be a user group + CONSTRAINT guacamole_user_group_member_parent + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT guacamole_user_group_member_entity + FOREIGN KEY (member_entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +-- +-- Table of sharing profiles. Each sharing profile has a name, associated set +-- of parameters, and a primary connection. The primary connection is the +-- connection that the sharing profile shares, and the parameters dictate the +-- restrictions/features which apply to the user joining the connection via the +-- sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile ( + + sharing_profile_id serial NOT NULL, + sharing_profile_name varchar(128) NOT NULL, + primary_connection_id integer NOT NULL, + + PRIMARY KEY (sharing_profile_id), + + CONSTRAINT sharing_profile_name_primary + UNIQUE (sharing_profile_name, primary_connection_id), + + CONSTRAINT guacamole_sharing_profile_ibfk_1 + FOREIGN KEY (primary_connection_id) + REFERENCES guacamole_connection (connection_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_primary_connection_id + ON guacamole_sharing_profile(primary_connection_id); + +-- +-- Table of connection parameters. Each parameter is simply a name/value pair +-- associated with a connection. +-- + +CREATE TABLE guacamole_connection_parameter ( + + connection_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id,parameter_name), + + CONSTRAINT guacamole_connection_parameter_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_parameter_connection_id + ON guacamole_connection_parameter(connection_id); + +-- +-- Table of sharing profile parameters. Each parameter is simply +-- name/value pair associated with a sharing profile. These parameters dictate +-- the restrictions/features which apply to the user joining the associated +-- connection via the sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + sharing_profile_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, parameter_name), + + CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_parameter_sharing_profile_id + ON guacamole_sharing_profile_parameter(sharing_profile_id); + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_attribute ( + + user_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_id, attribute_name), + + CONSTRAINT guacamole_user_attribute_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_attribute_user_id + ON guacamole_user_attribute(user_id); + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_group_attribute ( + + user_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_group_id, attribute_name), + + CONSTRAINT guacamole_user_group_attribute_ibfk_1 + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_attribute_user_group_id + ON guacamole_user_group_attribute(user_group_id); + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_attribute ( + + connection_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + + CONSTRAINT guacamole_connection_attribute_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_attribute_connection_id + ON guacamole_connection_attribute(connection_id); + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_group_attribute ( + + connection_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + + CONSTRAINT guacamole_connection_group_attribute_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_attribute_connection_group_id + ON guacamole_connection_group_attribute(connection_group_id); + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_sharing_profile_attribute ( + + sharing_profile_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + + CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_attribute_sharing_profile_id + ON guacamole_sharing_profile_attribute(sharing_profile_id); + +-- +-- Table of connection permissions. Each connection permission grants a user or +-- user group specific access to a connection. +-- + +CREATE TABLE guacamole_connection_permission ( + + entity_id integer NOT NULL, + connection_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, connection_id, permission), + + CONSTRAINT guacamole_connection_permission_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_connection_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_permission_connection_id + ON guacamole_connection_permission(connection_id); + +CREATE INDEX guacamole_connection_permission_entity_id + ON guacamole_connection_permission(entity_id); + +-- +-- Table of connection group permissions. Each group permission grants a user +-- or user group specific access to a connection group. +-- + +CREATE TABLE guacamole_connection_group_permission ( + + entity_id integer NOT NULL, + connection_group_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, connection_group_id, permission), + + CONSTRAINT guacamole_connection_group_permission_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_connection_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_permission_connection_group_id + ON guacamole_connection_group_permission(connection_group_id); + +CREATE INDEX guacamole_connection_group_permission_entity_id + ON guacamole_connection_group_permission(entity_id); + +-- +-- Table of sharing profile permissions. Each sharing profile permission grants +-- a user or user group specific access to a sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + entity_id integer NOT NULL, + sharing_profile_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, sharing_profile_id, permission), + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_sharing_profile_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_permission_sharing_profile_id + ON guacamole_sharing_profile_permission(sharing_profile_id); + +CREATE INDEX guacamole_sharing_profile_permission_entity_id + ON guacamole_sharing_profile_permission(entity_id); + +-- +-- Table of system permissions. Each system permission grants a user or user +-- group a system-level privilege of some kind. +-- + +CREATE TABLE guacamole_system_permission ( + + entity_id integer NOT NULL, + permission guacamole_system_permission_type NOT NULL, + + PRIMARY KEY (entity_id, permission), + + CONSTRAINT guacamole_system_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_system_permission_entity_id + ON guacamole_system_permission(entity_id); + +-- +-- Table of user permissions. Each user permission grants a user or user group +-- access to another user (the "affected" user) for a specific type of +-- operation. +-- + +CREATE TABLE guacamole_user_permission ( + + entity_id integer NOT NULL, + affected_user_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, affected_user_id, permission), + + CONSTRAINT guacamole_user_permission_ibfk_1 + FOREIGN KEY (affected_user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_user_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_permission_affected_user_id + ON guacamole_user_permission(affected_user_id); + +CREATE INDEX guacamole_user_permission_entity_id + ON guacamole_user_permission(entity_id); + +-- +-- Table of user group permissions. Each user group permission grants a user +-- or user group access to a another user group (the "affected" user group) for +-- a specific type of operation. +-- + +CREATE TABLE guacamole_user_group_permission ( + + entity_id integer NOT NULL, + affected_user_group_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, affected_user_group_id, permission), + + CONSTRAINT guacamole_user_group_permission_affected_user_group + FOREIGN KEY (affected_user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_user_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_permission_affected_user_group_id + ON guacamole_user_group_permission(affected_user_group_id); + +CREATE INDEX guacamole_user_group_permission_entity_id + ON guacamole_user_group_permission(entity_id); + +-- +-- Table of connection history records. Each record defines a specific user's +-- session, including the connection used, the start time, and the end time +-- (if any). +-- + +CREATE TABLE guacamole_connection_history ( + + history_id serial NOT NULL, + user_id integer DEFAULT NULL, + username varchar(128) NOT NULL, + remote_host varchar(256) DEFAULT NULL, + connection_id integer DEFAULT NULL, + connection_name varchar(128) NOT NULL, + sharing_profile_id integer DEFAULT NULL, + sharing_profile_name varchar(128) DEFAULT NULL, + start_date timestamptz NOT NULL, + end_date timestamptz DEFAULT NULL, + + PRIMARY KEY (history_id), + + CONSTRAINT guacamole_connection_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL, + + CONSTRAINT guacamole_connection_history_ibfk_2 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL, + + CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL + +); + +CREATE INDEX guacamole_connection_history_user_id + ON guacamole_connection_history(user_id); + +CREATE INDEX guacamole_connection_history_connection_id + ON guacamole_connection_history(connection_id); + +CREATE INDEX guacamole_connection_history_sharing_profile_id + ON guacamole_connection_history(sharing_profile_id); + +CREATE INDEX guacamole_connection_history_start_date + ON guacamole_connection_history(start_date); + +CREATE INDEX guacamole_connection_history_end_date + ON guacamole_connection_history(end_date); + +CREATE INDEX guacamole_connection_history_connection_id_start_date + ON guacamole_connection_history(connection_id, start_date); + +-- +-- User login/logout history +-- + +CREATE TABLE guacamole_user_history ( + + history_id serial NOT NULL, + user_id integer DEFAULT NULL, + username varchar(128) NOT NULL, + remote_host varchar(256) DEFAULT NULL, + start_date timestamptz NOT NULL, + end_date timestamptz DEFAULT NULL, + + PRIMARY KEY (history_id), + + CONSTRAINT guacamole_user_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL + +); + +CREATE INDEX guacamole_user_history_user_id + ON guacamole_user_history(user_id); + +CREATE INDEX guacamole_user_history_start_date + ON guacamole_user_history(start_date); + +CREATE INDEX guacamole_user_history_end_date + ON guacamole_user_history(end_date); + +CREATE INDEX guacamole_user_history_user_id_start_date + ON guacamole_user_history(user_id, start_date); + +-- +-- User password history +-- + +CREATE TABLE guacamole_user_password_history ( + + password_history_id serial NOT NULL, + user_id integer NOT NULL, + + -- Salted password + password_hash bytea NOT NULL, + password_salt bytea, + password_date timestamptz NOT NULL, + + PRIMARY KEY (password_history_id), + + CONSTRAINT guacamole_user_password_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_password_history_user_id + ON guacamole_user_password_history(user_id); + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/002-create-admin-user.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/002-create-admin-user.sql new file mode 100644 index 0000000..c7cd7c9 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/002-create-admin-user.sql @@ -0,0 +1,55 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- Create default user "guacadmin" with password "guacadmin" +INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER'); +INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date) +SELECT + entity_id, + decode('CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960', 'hex'), -- 'guacadmin' + decode('FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264', 'hex'), + CURRENT_TIMESTAMP +FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER'; + +-- Grant this user all system permissions +INSERT INTO guacamole_system_permission (entity_id, permission) +SELECT entity_id, permission::guacamole_system_permission_type +FROM ( + VALUES + ('guacadmin', 'CREATE_CONNECTION'), + ('guacadmin', 'CREATE_CONNECTION_GROUP'), + ('guacadmin', 'CREATE_SHARING_PROFILE'), + ('guacadmin', 'CREATE_USER'), + ('guacadmin', 'CREATE_USER_GROUP'), + ('guacadmin', 'ADMINISTER') +) permissions (username, permission) +JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER'; + +-- Grant admin permission to read/update/administer self +INSERT INTO guacamole_user_permission (entity_id, affected_user_id, permission) +SELECT guacamole_entity.entity_id, guacamole_user.user_id, permission::guacamole_object_permission_type +FROM ( + VALUES + ('guacadmin', 'guacadmin', 'READ'), + ('guacadmin', 'guacadmin', 'UPDATE'), + ('guacadmin', 'guacadmin', 'ADMINISTER') +) permissions (username, affected_username, permission) +JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER' +JOIN guacamole_entity affected ON permissions.affected_username = affected.name AND guacamole_entity.type = 'USER' +JOIN guacamole_user ON guacamole_user.entity_id = affected.entity_id; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.10.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.10.sql new file mode 100644 index 0000000..9e41204 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.10.sql @@ -0,0 +1,196 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- User and connection IDs within history table can now be null +-- + +ALTER TABLE guacamole_connection_history + ALTER COLUMN user_id SET DEFAULT NULL, + ALTER COLUMN user_id DROP NOT NULL; + +ALTER TABLE guacamole_connection_history + ALTER COLUMN connection_id SET DEFAULT NULL, + ALTER COLUMN connection_id DROP NOT NULL; + +-- +-- Add new username and connection_name columns to history table +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN username varchar(128); + +ALTER TABLE guacamole_connection_history + ADD COLUMN connection_name varchar(128); + +-- +-- Populate new name columns by joining corresponding tables +-- + +UPDATE guacamole_connection_history + SET username = guacamole_user.username + FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_history.user_id; + +UPDATE guacamole_connection_history + SET connection_name = guacamole_connection.connection_name + FROM guacamole_connection + WHERE guacamole_connection.connection_id = + guacamole_connection_history.connection_id; + +-- +-- Set NOT NULL now that the column is fully populated +-- + +ALTER TABLE guacamole_connection_history + ALTER COLUMN username SET NOT NULL; + +ALTER TABLE guacamole_connection_history + ALTER COLUMN connection_name SET NOT NULL; + +-- +-- Remove old foreign key constraints with ON DELETE CASCADE +-- + +ALTER TABLE guacamole_connection_history + DROP CONSTRAINT guacamole_connection_history_ibfk_1; + +ALTER TABLE guacamole_connection_history + DROP CONSTRAINT guacamole_connection_history_ibfk_2; + +-- +-- Recreate foreign key constraints with ON DELETE SET NULL +-- + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL; + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_2 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL; + +-- +-- Add session affinity column +-- + +ALTER TABLE guacamole_connection_group + ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT FALSE; + +-- +-- Add new system-level permission +-- + +ALTER TYPE guacamole_system_permission_type + ADD VALUE 'CREATE_SHARING_PROFILE' + AFTER 'CREATE_CONNECTION_GROUP'; + +-- +-- Add sharing profile table +-- + +CREATE TABLE guacamole_sharing_profile ( + + sharing_profile_id serial NOT NULL, + sharing_profile_name varchar(128) NOT NULL, + primary_connection_id integer NOT NULL, + + PRIMARY KEY (sharing_profile_id), + + CONSTRAINT sharing_profile_name_primary + UNIQUE (sharing_profile_name, primary_connection_id), + + CONSTRAINT guacamole_sharing_profile_ibfk_1 + FOREIGN KEY (primary_connection_id) + REFERENCES guacamole_connection (connection_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_primary_connection_id + ON guacamole_sharing_profile(primary_connection_id); + +-- +-- Add table of sharing profile parameters +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + sharing_profile_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, parameter_name), + + CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_parameter_sharing_profile_id + ON guacamole_sharing_profile_parameter(sharing_profile_id); + +-- +-- Object-level permission table for sharing profiles +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + user_id integer NOT NULL, + sharing_profile_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (user_id,sharing_profile_id,permission), + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_2 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_permission_sharing_profile_id + ON guacamole_sharing_profile_permission(sharing_profile_id); + +CREATE INDEX guacamole_sharing_profile_permission_user_id + ON guacamole_sharing_profile_permission(user_id); + +-- +-- Add new (optional) sharing profile ID and name columns to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_id integer; + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_name varchar(128); + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL; + +CREATE INDEX guacamole_connection_history_sharing_profile_id + ON guacamole_connection_history(sharing_profile_id); diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.11.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.11.sql new file mode 100644 index 0000000..95d6372 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.11.sql @@ -0,0 +1,55 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user password set date +-- + +ALTER TABLE guacamole_user + ADD COLUMN password_date timestamptz; + +UPDATE guacamole_user SET password_date = CURRENT_TIMESTAMP; + +ALTER TABLE guacamole_user + ALTER COLUMN password_date SET NOT NULL; + +-- +-- User password history +-- + +CREATE TABLE guacamole_user_password_history ( + + password_history_id serial NOT NULL, + user_id integer NOT NULL, + + -- Salted password + password_hash bytea NOT NULL, + password_salt bytea, + password_date timestamptz NOT NULL, + + PRIMARY KEY (password_history_id), + + CONSTRAINT guacamole_user_password_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_password_history_user_id + ON guacamole_user_password_history(user_id); diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.13.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.13.sql new file mode 100644 index 0000000..0fac528 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.13.sql @@ -0,0 +1,45 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add new guacd encryption method type +-- + +CREATE TYPE guacamole_proxy_encryption_method AS ENUM( + 'NONE', + 'SSL' +); + +-- +-- Add guacd per-connection override columns +-- + +ALTER TABLE guacamole_connection ADD COLUMN proxy_port integer; +ALTER TABLE guacamole_connection ADD COLUMN proxy_hostname varchar(512); +ALTER TABLE guacamole_connection ADD COLUMN proxy_encryption_method guacamole_proxy_encryption_method; + +-- +-- Add new user profile columns +-- + +ALTER TABLE guacamole_user ADD COLUMN full_name VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN email_address VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN organization VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN organizational_role VARCHAR(256); + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.14.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.14.sql new file mode 100644 index 0000000..534d4dc --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.14.sql @@ -0,0 +1,79 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-connection weight +-- + +ALTER TABLE guacamole_connection + ADD COLUMN connection_weight int; + +-- +-- Add failover-only flag +-- + +ALTER TABLE guacamole_connection + ADD COLUMN failover_only BOOLEAN NOT NULL DEFAULT FALSE; + +-- +-- Add remote_host to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN remote_host VARCHAR(256) DEFAULT NULL; + +-- +-- Add covering index for connection history connection and start date +-- + +CREATE INDEX guacamole_connection_history_connection_id_start_date + ON guacamole_connection_history(connection_id, start_date); + +-- +-- User login/logout history +-- + +CREATE TABLE guacamole_user_history ( + + history_id serial NOT NULL, + user_id integer DEFAULT NULL, + username varchar(128) NOT NULL, + remote_host varchar(256) DEFAULT NULL, + start_date timestamptz NOT NULL, + end_date timestamptz DEFAULT NULL, + + PRIMARY KEY (history_id), + + CONSTRAINT guacamole_user_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL + +); + +CREATE INDEX guacamole_user_history_user_id + ON guacamole_user_history(user_id); + +CREATE INDEX guacamole_user_history_start_date + ON guacamole_user_history(start_date); + +CREATE INDEX guacamole_user_history_end_date + ON guacamole_user_history(end_date); + +CREATE INDEX guacamole_user_history_user_id_start_date + ON guacamole_user_history(user_id, start_date); diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.7.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.7.sql new file mode 100644 index 0000000..37aacf4 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.7.sql @@ -0,0 +1,31 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user disable flag +-- + +ALTER TABLE guacamole_user ADD COLUMN disabled boolean NOT NULL DEFAULT FALSE; + +-- +-- Add per-user password expiration flag +-- + +ALTER TABLE guacamole_user ADD COLUMN expired boolean NOT NULL DEFAULT FALSE; + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.8.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.8.sql new file mode 100644 index 0000000..f6146dc --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.8.sql @@ -0,0 +1,52 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user time-based access restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN access_window_start time; +ALTER TABLE guacamole_user ADD COLUMN access_window_end time; + +-- +-- Add per-user date-based account validity restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN valid_from date; +ALTER TABLE guacamole_user ADD COLUMN valid_until date; + +-- +-- Add per-user timezone for sake of time comparisons/interpretation. +-- + +ALTER TABLE guacamole_user ADD COLUMN timezone varchar(64); + +-- +-- Add connection concurrency limits +-- + +ALTER TABLE guacamole_connection ADD COLUMN max_connections integer; +ALTER TABLE guacamole_connection ADD COLUMN max_connections_per_user integer; + +-- +-- Add connection group concurrency limits +-- + +ALTER TABLE guacamole_connection_group ADD COLUMN max_connections integer; +ALTER TABLE guacamole_connection_group ADD COLUMN max_connections_per_user integer; diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.9.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.9.sql new file mode 100644 index 0000000..eab419b --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-0.9.9.sql @@ -0,0 +1,32 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Ensure history entry start/end dates are indexed. +-- + +CREATE INDEX guacamole_connection_history_start_date + ON guacamole_connection_history(start_date); + +CREATE INDEX guacamole_connection_history_end_date + ON guacamole_connection_history(end_date); + +CREATE INDEX guacamole_connection_history_search_index + ON guacamole_connection_history(start_date, connection_id, user_id); + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-1.0.0.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-1.0.0.sql new file mode 100644 index 0000000..83dfa86 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/postgresql/schema/upgrade/upgrade-pre-1.0.0.sql @@ -0,0 +1,471 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add new system-level permission +-- + +ALTER TYPE guacamole_system_permission_type + ADD VALUE 'CREATE_USER_GROUP' + AFTER 'CREATE_USER'; + +-- +-- Entity types +-- + +CREATE TYPE guacamole_entity_type AS ENUM( + 'USER', + 'USER_GROUP' +); + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE guacamole_entity ( + + entity_id serial NOT NULL, + name varchar(128) NOT NULL, + type guacamole_entity_type NOT NULL, + + PRIMARY KEY (entity_id), + + CONSTRAINT guacamole_entity_name_scope + UNIQUE (type, name) + +); + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE guacamole_user_group ( + + user_group_id serial NOT NULL, + entity_id integer NOT NULL, + + -- Group disabled status + disabled boolean NOT NULL DEFAULT FALSE, + + PRIMARY KEY (user_group_id), + + CONSTRAINT guacamole_user_group_single_entity + UNIQUE (entity_id), + + CONSTRAINT guacamole_user_group_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE + +); + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE guacamole_user_group_member ( + + user_group_id integer NOT NULL, + member_entity_id integer NOT NULL, + + PRIMARY KEY (user_group_id, member_entity_id), + + -- Parent must be a user group + CONSTRAINT guacamole_user_group_member_parent + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT guacamole_user_group_member_entity + FOREIGN KEY (member_entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +-- +-- Table of user group permissions. Each user group permission grants a user +-- access to a particular user group for a specific type of operation. +-- + +CREATE TABLE guacamole_user_group_permission ( + + entity_id integer NOT NULL, + affected_user_group_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, affected_user_group_id, permission), + + CONSTRAINT guacamole_user_group_permission_affected_user_group + FOREIGN KEY (affected_user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_user_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_permission_affected_user_group_id + ON guacamole_user_group_permission(affected_user_group_id); + +CREATE INDEX guacamole_user_group_permission_entity_id + ON guacamole_user_group_permission(entity_id); + +-- +-- Modify guacamole_user table to use guacamole_entity as a base +-- + +-- Add new entity_id column +ALTER TABLE guacamole_user ADD COLUMN entity_id integer; + +-- Create user entities for each guacamole_user entry +INSERT INTO guacamole_entity (name, type) +SELECT username, 'USER' FROM guacamole_user; + +-- Update guacamole_user to point to corresponding guacamole_entity +UPDATE guacamole_user SET entity_id = ( + SELECT entity_id FROM guacamole_entity + WHERE + username = guacamole_entity.name + AND type = 'USER' +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_user + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now be unique for each user +ALTER TABLE guacamole_user + ADD CONSTRAINT guacamole_user_single_entity + UNIQUE (entity_id); + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_user + ADD CONSTRAINT guacamole_user_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- The username column can now safely be removed +ALTER TABLE guacamole_user DROP COLUMN username; + +-- +-- Modify guacamole_connection_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_connection_permission ADD COLUMN entity_id integer; + +-- Update guacamole_connection_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_connection_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_connection_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_connection_permission + ADD CONSTRAINT guacamole_connection_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_connection_permission_entity_id + ON guacamole_connection_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_connection_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_connection_permission + ADD PRIMARY KEY (entity_id, connection_id, permission); + +-- +-- Modify guacamole_connection_group_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_connection_group_permission ADD COLUMN entity_id integer; + +-- Update guacamole_connection_group_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_connection_group_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_group_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_connection_group_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_connection_group_permission + ADD CONSTRAINT guacamole_connection_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_connection_group_permission_entity_id + ON guacamole_connection_group_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_connection_group_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_connection_group_permission + ADD PRIMARY KEY (entity_id, connection_group_id, permission); + +-- +-- Modify guacamole_sharing_profile_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_sharing_profile_permission ADD COLUMN entity_id integer; + +-- Update guacamole_sharing_profile_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_sharing_profile_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_sharing_profile_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_sharing_profile_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_sharing_profile_permission + ADD CONSTRAINT guacamole_sharing_profile_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_sharing_profile_permission_entity_id + ON guacamole_sharing_profile_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_sharing_profile_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_sharing_profile_permission + ADD PRIMARY KEY (entity_id, sharing_profile_id, permission); + +-- +-- Modify guacamole_user_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_user_permission ADD COLUMN entity_id integer; + +-- Update guacamole_user_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_user_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_user_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_user_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_user_permission + ADD CONSTRAINT guacamole_user_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_user_permission_entity_id + ON guacamole_user_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_user_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_user_permission + ADD PRIMARY KEY (entity_id, affected_user_id, permission); + +-- +-- Modify guacamole_system_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_system_permission ADD COLUMN entity_id integer; + +-- Update guacamole_system_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_system_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_system_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_system_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_system_permission + ADD CONSTRAINT guacamole_system_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_system_permission_entity_id + ON guacamole_system_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_system_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_system_permission + ADD PRIMARY KEY (entity_id, permission); + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_attribute ( + + user_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_id, attribute_name), + + CONSTRAINT guacamole_user_attribute_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_attribute_user_id + ON guacamole_user_attribute(user_id); + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_group_attribute ( + + user_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_group_id, attribute_name), + + CONSTRAINT guacamole_user_group_attribute_ibfk_1 + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_attribute_user_group_id + ON guacamole_user_group_attribute(user_group_id); + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_attribute ( + + connection_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + + CONSTRAINT guacamole_connection_attribute_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_attribute_connection_id + ON guacamole_connection_attribute(connection_id); + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_group_attribute ( + + connection_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + + CONSTRAINT guacamole_connection_group_attribute_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_attribute_connection_group_id + ON guacamole_connection_group_attribute(connection_group_id); + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_sharing_profile_attribute ( + + sharing_profile_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + + CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_attribute_sharing_profile_id + ON guacamole_sharing_profile_attribute(sharing_profile_id); diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/guacamole-auth-jdbc-sqlserver-1.5.4.jar b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/guacamole-auth-jdbc-sqlserver-1.5.4.jar new file mode 100644 index 0000000..311d691 Binary files /dev/null and b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/guacamole-auth-jdbc-sqlserver-1.5.4.jar differ diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/001-create-schema.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/001-create-schema.sql new file mode 100644 index 0000000..54be792 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/001-create-schema.sql @@ -0,0 +1,972 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Connection group types +-- + +CREATE RULE [guacamole_connection_group_type_list] AS @list IN ( + 'ORGANIZATIONAL', + 'BALANCING' +); +GO + +CREATE TYPE [guacamole_connection_group_type] FROM [nvarchar](16); +EXEC sp_bindrule + 'guacamole_connection_group_type_list', + 'guacamole_connection_group_type'; +GO + +-- +-- Entity types +-- + +CREATE RULE [guacamole_entity_type_list] AS @list IN ( + 'USER', + 'USER_GROUP' +); +GO + +CREATE TYPE [guacamole_entity_type] FROM [nvarchar](16); +EXEC sp_bindrule + 'guacamole_entity_type_list', + 'guacamole_entity_type'; +GO + +-- +-- Object permission types +-- + +CREATE RULE [guacamole_object_permission_list] AS @list IN ( + 'READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER' +); +GO + +CREATE TYPE [guacamole_object_permission] FROM [nvarchar](16); +EXEC sp_bindrule + 'guacamole_object_permission_list', + 'guacamole_object_permission'; +GO + +-- +-- System permission types +-- + +CREATE RULE [guacamole_system_permission_list] AS @list IN ( + 'CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'CREATE_USER_GROUP', + 'ADMINISTER' +); +GO + +CREATE TYPE [guacamole_system_permission] FROM [nvarchar](32); +EXEC sp_bindrule + 'guacamole_system_permission_list', + 'guacamole_system_permission'; +GO + +-- +-- Guacamole proxy (guacd) encryption methods. +-- + +CREATE RULE [guacamole_proxy_encryption_method_list] AS @list IN ( + 'NONE', + 'SSL' +); +GO + +CREATE TYPE [guacamole_proxy_encryption_method] FROM [nvarchar](8); +EXEC sp_bindrule + 'guacamole_proxy_encryption_method_list', + 'guacamole_proxy_encryption_method'; +GO + +-- +-- Table of connection groups. Each connection group has a name, type, and +-- optional parent connection group. +-- + +CREATE TABLE [guacamole_connection_group] ( + + [connection_group_id] [int] IDENTITY(1,1) NOT NULL, + [parent_id] [int], + [connection_group_name] [nvarchar](128) NOT NULL, + [type] [guacamole_connection_group_type] + NOT NULL DEFAULT 'ORGANIZATIONAL', + + -- Concurrency limits + [max_connections] [int], + [max_connections_per_user] [int], + [enable_session_affinity] [bit] NOT NULL DEFAULT 0, + + CONSTRAINT [PK_guacamole_connection_group] + PRIMARY KEY CLUSTERED ([connection_group_id]), + + CONSTRAINT [AK_guacamole_connection_group_name_parent] + UNIQUE ([connection_group_name], [parent_id]), + + CONSTRAINT [FK_guacamole_connection_group_parent_id] + FOREIGN KEY ([parent_id]) + REFERENCES [guacamole_connection_group] ([connection_group_id]) + -- ON DELETE CASCADE handled by guacamole_delete_connection_group trigger + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_parent_id] + ON [guacamole_connection_group] ([parent_id]); +GO + +-- +-- Table of connections. Each connection has a name, protocol, and +-- associated set of parameters. A connection may belong to a connection group. +-- + +CREATE TABLE [guacamole_connection] ( + + [connection_id] [int] IDENTITY(1,1) NOT NULL, + [connection_name] [nvarchar](128) NOT NULL, + [parent_id] [int], + [protocol] [nvarchar](32) NOT NULL, + + -- Concurrency limits + [max_connections] [int], + [max_connections_per_user] [int], + + -- Connection Weight + [connection_weight] [int], + [failover_only] [bit] NOT NULL DEFAULT 0, + + -- Guacamole proxy (guacd) overrides + [proxy_port] [int], + [proxy_hostname] [nvarchar](512), + [proxy_encryption_method] [guacamole_proxy_encryption_method], + + CONSTRAINT [PK_guacamole_connection] + PRIMARY KEY CLUSTERED ([connection_id]), + + CONSTRAINT [AK_guacamole_connection_name_parent] + UNIQUE ([connection_name], [parent_id]), + + CONSTRAINT [FK_guacamole_connection_parent_id] + FOREIGN KEY ([parent_id]) + REFERENCES [guacamole_connection_group] ([connection_group_id]) + -- ON DELETE CASCADE handled by guacamole_delete_connection_group trigger + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_parent_id] + ON [guacamole_connection] ([parent_id]); +GO + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE [guacamole_entity] ( + + [entity_id] [int] IDENTITY(1,1) NOT NULL, + [name] [nvarchar](128) NOT NULL, + [type] [guacamole_entity_type] NOT NULL, + + CONSTRAINT [PK_guacamole_entity] + PRIMARY KEY CLUSTERED ([entity_id]), + + CONSTRAINT [AK_guacamole_entity_name_scope] + UNIQUE ([type], [name]) + +); +GO + +-- +-- Table of users. Each user has a unique username and a hashed password +-- with corresponding salt. Although the authentication system will always set +-- salted passwords, other systems may set unsalted passwords by simply not +-- providing the salt. +-- + +CREATE TABLE [guacamole_user] ( + + [user_id] [int] IDENTITY(1,1) NOT NULL, + [entity_id] [int] NOT NULL, + + -- Optionally-salted password + [password_hash] [binary](32) NOT NULL, + [password_salt] [binary](32), + [password_date] [datetime] NOT NULL, + + -- Account disabled/expired status + [disabled] [bit] NOT NULL DEFAULT 0, + [expired] [bit] NOT NULL DEFAULT 0, + + -- Time-based access restriction + [access_window_start] [time](7), + [access_window_end] [time](7), + + -- Date-based access restriction + [valid_from] [date], + [valid_until] [date], + + -- Timezone used for all date/time comparisons and interpretation + [timezone] [nvarchar](64), + + -- Profile information + [full_name] [nvarchar](256), + [email_address] [nvarchar](256), + [organization] [nvarchar](256), + [organizational_role] [nvarchar](256), + + CONSTRAINT [PK_guacamole_user] + PRIMARY KEY CLUSTERED ([user_id]), + + CONSTRAINT [AK_guacamole_user_single_entity] + UNIQUE ([entity_id]), + + CONSTRAINT [FK_guacamole_user_entity] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE + +); +GO + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE [guacamole_user_group] ( + + [user_group_id] [int] IDENTITY(1,1) NOT NULL, + [entity_id] [int] NOT NULL, + + -- Group disabled status + [disabled] [bit] NOT NULL DEFAULT 0, + + CONSTRAINT [PK_guacamole_user_group] + PRIMARY KEY CLUSTERED ([user_group_id]), + + CONSTRAINT [guacamole_user_group_single_entity] + UNIQUE ([entity_id]), + + CONSTRAINT [guacamole_user_group_entity] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE + +); +GO + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE [guacamole_user_group_member] ( + + [user_group_id] [int] NOT NULL, + [member_entity_id] [int] NOT NULL, + + CONSTRAINT [PK_guacamole_user_group_member] + PRIMARY KEY CLUSTERED ([user_group_id], [member_entity_id]), + + -- Parent must be a user group + CONSTRAINT [guacamole_user_group_member_parent_id] + FOREIGN KEY ([user_group_id]) + REFERENCES [guacamole_user_group] ([user_group_id]) + ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT [guacamole_user_group_member_entity_id] + FOREIGN KEY ([member_entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + -- ON DELETE CASCADE handled by guacamole_delete_entity trigger + +); +GO + +-- +-- Table of sharing profiles. Each sharing profile has a name, associated set +-- of parameters, and a primary connection. The primary connection is the +-- connection that the sharing profile shares, and the parameters dictate the +-- restrictions/features which apply to the user joining the connection via the +-- sharing profile. +-- + +CREATE TABLE [guacamole_sharing_profile] ( + + [sharing_profile_id] [int] IDENTITY(1,1) NOT NULL, + [sharing_profile_name] [nvarchar](128) NOT NULL, + [primary_connection_id] [int] NOT NULL, + + CONSTRAINT [PK_guacamole_sharing_profile] + PRIMARY KEY CLUSTERED ([sharing_profile_id]), + + CONSTRAINT [AK_guacamole_sharing_profile_name_primary_connection] + UNIQUE ([sharing_profile_name], [primary_connection_id]), + + CONSTRAINT [FK_guacamole_sharing_profile_primary_connection_id] + FOREIGN KEY ([primary_connection_id]) + REFERENCES [guacamole_connection] ([connection_id]) + -- ON DELETE CASCADE handled by guacamole_delete_connection trigger + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_primary_connection_id] + ON [guacamole_sharing_profile] ([primary_connection_id]); +GO + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_user_attribute] ( + + [user_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + CONSTRAINT [PK_guacamole_user_attribute] + PRIMARY KEY CLUSTERED ([user_id], [attribute_name]), + + CONSTRAINT [FK_guacamole_user_attribute_user_id] + FOREIGN KEY ([user_id]) + REFERENCES [guacamole_user] ([user_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_attribute_user_id] + ON [guacamole_user_attribute] ([user_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_user_group_attribute] ( + + [user_group_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + CONSTRAINT [PK_guacamole_user_group_attribute] + PRIMARY KEY CLUSTERED ([user_group_id], [attribute_name]), + + CONSTRAINT [FK_guacamole_user_attribute_user_group_id] + FOREIGN KEY ([user_group_id]) + REFERENCES [guacamole_user_group] ([user_group_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_attribute_user_id] + ON [guacamole_user_group_attribute] ([user_group_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_connection_attribute] ( + + [connection_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + + CONSTRAINT [FK_guacamole_connection_attribute_connection_id] + FOREIGN KEY ([connection_id]) + REFERENCES [guacamole_connection] ([connection_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_attribute_connection_id] + ON [guacamole_connection_attribute] ([connection_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_connection_group_attribute] ( + + [connection_group_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + + CONSTRAINT [FK_guacamole_connection_group_attribute_connection_group_id] + FOREIGN KEY ([connection_group_id]) + REFERENCES [guacamole_connection_group] ([connection_group_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_attribute_connection_group_id] + ON [guacamole_connection_group_attribute] ([connection_group_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_sharing_profile_attribute] ( + + [sharing_profile_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + + CONSTRAINT [FK_guacamole_sharing_profile_attribute_sharing_profile_id] + FOREIGN KEY ([sharing_profile_id]) + REFERENCES [guacamole_sharing_profile] ([sharing_profile_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_attribute_sharing_profile_id] + ON [guacamole_sharing_profile_attribute] ([sharing_profile_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of connection parameters. Each parameter is simply a name/value pair +-- associated with a connection. +-- + +CREATE TABLE [guacamole_connection_parameter] ( + + [connection_id] [int] NOT NULL, + [parameter_name] [nvarchar](128) NOT NULL, + [parameter_value] [nvarchar](4000) NOT NULL, + + CONSTRAINT [PK_guacamole_connection_parameter] + PRIMARY KEY CLUSTERED ([connection_id], [parameter_name]), + + CONSTRAINT [FK_guacamole_connection_parameter_connection_id] + FOREIGN KEY ([connection_id]) + REFERENCES [guacamole_connection] ([connection_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_parameter_connection_id] + ON [guacamole_connection_parameter] ([connection_id]); +GO + +-- +-- Table of sharing profile parameters. Each parameter is simply +-- name/value pair associated with a sharing profile. These parameters dictate +-- the restrictions/features which apply to the user joining the associated +-- connection via the sharing profile. +-- + +CREATE TABLE [guacamole_sharing_profile_parameter] ( + + [sharing_profile_id] [int] NOT NULL, + [parameter_name] [nvarchar](128) NOT NULL, + [parameter_value] [nvarchar](4000) NOT NULL, + + CONSTRAINT [PK_guacamole_sharing_profile_parameter] + PRIMARY KEY CLUSTERED ([sharing_profile_id], [parameter_name]), + + CONSTRAINT [FK_guacamole_sharing_profile_parameter_connection_id] + FOREIGN KEY ([sharing_profile_id]) + REFERENCES [guacamole_sharing_profile] ([sharing_profile_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_parameter_sharing_profile_id] + ON [guacamole_sharing_profile_parameter] ([sharing_profile_id]); +GO + +-- +-- Table of connection permissions. Each connection permission grants a user or +-- user group specific access to a connection. +-- + +CREATE TABLE [guacamole_connection_permission] ( + + [entity_id] [int] NOT NULL, + [connection_id] [int] NOT NULL, + [permission] [guacamole_object_permission] NOT NULL, + + CONSTRAINT [PK_guacamole_connection_permission] + PRIMARY KEY CLUSTERED ([entity_id], [connection_id], [permission]), + + CONSTRAINT [FK_guacamole_connection_permission_connection_id] + FOREIGN KEY ([connection_id]) + REFERENCES [guacamole_connection] ([connection_id]) + ON DELETE CASCADE, + + CONSTRAINT [FK_guacamole_connection_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_permission_connection_id] + ON [guacamole_connection_permission] ([connection_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_permission_entity_id] + ON [guacamole_connection_permission] ([entity_id]); +GO + +-- +-- Table of connection group permissions. Each group permission grants a user +-- or user group specific access to a connection group. +-- + +CREATE TABLE [guacamole_connection_group_permission] ( + + [entity_id] [int] NOT NULL, + [connection_group_id] [int] NOT NULL, + [permission] [guacamole_object_permission] NOT NULL, + + CONSTRAINT [PK_guacamole_connection_group_permission] + PRIMARY KEY CLUSTERED ([entity_id], [connection_group_id], [permission]), + + CONSTRAINT [FK_guacamole_connection_group_permission_connection_group_id] + FOREIGN KEY ([connection_group_id]) + REFERENCES [guacamole_connection_group] ([connection_group_id]) + ON DELETE CASCADE, + + CONSTRAINT [FK_guacamole_connection_group_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_permission_connection_group_id] + ON [guacamole_connection_group_permission] ([connection_group_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_permission_entity_id] + ON [guacamole_connection_group_permission] ([entity_id]); +GO + +-- +-- Table of sharing profile permissions. Each sharing profile permission grants +-- a user or user group specific access to a sharing profile. +-- + +CREATE TABLE [guacamole_sharing_profile_permission] ( + + [entity_id] [int] NOT NULL, + [sharing_profile_id] [int] NOT NULL, + [permission] [guacamole_object_permission] NOT NULL, + + CONSTRAINT [PK_guacamole_sharing_profile_permission] + PRIMARY KEY CLUSTERED ([entity_id], [sharing_profile_id], [permission]), + + CONSTRAINT [FK_guacamole_sharing_profile_permission_sharing_profile_id] + FOREIGN KEY ([sharing_profile_id]) + REFERENCES [guacamole_sharing_profile] ([sharing_profile_id]) + ON DELETE CASCADE, + + CONSTRAINT [FK_guacamole_sharing_profile_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_permission_sharing_profile_id] + ON [guacamole_sharing_profile_permission] ([sharing_profile_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_permission_entity_id] + ON [guacamole_sharing_profile_permission] ([entity_id]); +GO + +-- +-- Table of system permissions. Each system permission grants a user or user +-- group a system-level privilege of some kind. +-- + +CREATE TABLE [guacamole_system_permission] ( + + [entity_id] [int] NOT NULL, + [permission] [guacamole_system_permission] NOT NULL, + + CONSTRAINT [PK_guacamole_system_permission] + PRIMARY KEY CLUSTERED ([entity_id], [permission]), + + CONSTRAINT [FK_guacamole_system_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_system_permission_entity_id] + ON [guacamole_system_permission] ([entity_id]); +GO + +-- +-- Table of user permissions. Each user permission grants a user or user group +-- access to another user (the "affected" user) for a specific type of +-- operation. +-- + +CREATE TABLE [guacamole_user_permission] ( + + [entity_id] [int] NOT NULL, + [affected_user_id] [int] NOT NULL, + [permission] [guacamole_object_permission] NOT NULL, + + CONSTRAINT [PK_guacamole_user_permission] + PRIMARY KEY CLUSTERED ([entity_id], [affected_user_id], [permission]), + + CONSTRAINT [FK_guacamole_user_permission_affected_user_id] + FOREIGN KEY ([affected_user_id]) + REFERENCES [guacamole_user] ([user_id]) + ON DELETE CASCADE, + + CONSTRAINT [FK_guacamole_user_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + -- ON DELETE CASCADE handled by guacamole_delete_entity trigger + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_permission_entity_id] + ON [guacamole_user_permission] ([entity_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_permission_affected_user_id] + ON [guacamole_user_permission] ([affected_user_id]); +GO + +-- +-- Table of user group permissions. Each user group permission grants a user +-- or user group access to a another user group (the "affected" user group) for +-- a specific type of operation. +-- + +CREATE TABLE [guacamole_user_group_permission] ( + + [entity_id] [int] NOT NULL, + [affected_user_group_id] [int] NOT NULL, + [permission] [guacamole_object_permission] NOT NULL, + + CONSTRAINT [PK_guacamole_user_group_permission] + PRIMARY KEY CLUSTERED ([entity_id], [affected_user_group_id], [permission]), + + CONSTRAINT [FK_guacamole_user_group_permission_affected_user_group_id] + FOREIGN KEY ([affected_user_group_id]) + REFERENCES [guacamole_user_group] ([user_group_id]) + ON DELETE CASCADE, + + CONSTRAINT [FK_guacamole_user_group_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + -- ON DELETE CASCADE handled by guacamole_delete_entity trigger + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_entity_id] + ON [guacamole_user_group_permission] ([entity_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_affected_user_group_id] + ON [guacamole_user_group_permission] ([affected_user_group_id]); +GO + +-- +-- Table of connection history records. Each record defines a specific user's +-- session, including the connection used, the start time, and the end time +-- (if any). +-- + +CREATE TABLE [guacamole_connection_history] ( + + [history_id] [int] IDENTITY(1,1) NOT NULL, + [user_id] [int], + [username] [nvarchar](128) NOT NULL, + [remote_host] [nvarchar](256), + [connection_id] [int], + [connection_name] [nvarchar](128) NOT NULL, + [sharing_profile_id] [int], + [sharing_profile_name] [nvarchar](128), + [start_date] [datetime] NOT NULL, + [end_date] [datetime], + + CONSTRAINT [PK_guacamole_connection_history] + PRIMARY KEY CLUSTERED ([history_id]), + + CONSTRAINT [FK_guacamole_connection_history_user_id] + FOREIGN KEY ([user_id]) + REFERENCES [guacamole_user] ([user_id]) + ON DELETE SET NULL, + + CONSTRAINT [FK_guacamole_connection_history_connection_id] + FOREIGN KEY ([connection_id]) + REFERENCES [guacamole_connection] ([connection_id]) + ON DELETE SET NULL, + + CONSTRAINT [FK_guacamole_connection_history_sharing_profile_id] + FOREIGN KEY ([sharing_profile_id]) + REFERENCES [guacamole_sharing_profile] ([sharing_profile_id]) + -- ON DELETE SET NULL handled by guacamole_delete_sharing profile trigger + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_user_id] + ON [guacamole_connection_history] ([user_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_connection_id] + ON [guacamole_connection_history] ([connection_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_sharing_profile_id] + ON [guacamole_connection_history] ([sharing_profile_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_start_date] + ON [guacamole_connection_history] ([start_date]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_end_date] + ON [guacamole_connection_history] ([end_date]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_history_connection_id_start_date] + ON [guacamole_connection_history] ([connection_id], [start_date]); +GO + +-- +-- User login/logout history +-- + +CREATE TABLE [guacamole_user_history] ( + + [history_id] [int] IDENTITY(1,1) NOT NULL, + [user_id] [int] DEFAULT NULL, + [username] [nvarchar](128) NOT NULL, + [remote_host] [nvarchar](256) DEFAULT NULL, + [start_date] [datetime] NOT NULL, + [end_date] [datetime] DEFAULT NULL, + + PRIMARY KEY (history_id), + + CONSTRAINT FK_guacamole_user_history_user_id + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_user_id] + ON [guacamole_user_history] ([user_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_start_date] + ON [guacamole_user_history] ([start_date]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_end_date] + ON [guacamole_user_history] ([end_date]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_history_user_id_start_date] + ON [guacamole_user_history] ([user_id], [start_date]); +GO + +-- +-- The user_password_history table stores password history +-- for users, allowing for enforcing rules associated with +-- reuse of passwords. +-- + +CREATE TABLE [guacamole_user_password_history] ( + + [password_history_id] [int] IDENTITY(1,1) NOT NULL, + [user_id] [int] NOT NULL, + + -- Salted password + [password_hash] [binary](32) NOT NULL, + [password_salt] [binary](32), + [password_date] [datetime] NOT NULL, + + CONSTRAINT [PK_guacamole_user_password_history] + PRIMARY KEY CLUSTERED ([password_history_id]), + + CONSTRAINT [FK_guacamole_user_password_history_user_id] + FOREIGN KEY ([user_id]) + REFERENCES [guacamole_user] ([user_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_password_history_user_id] + ON [guacamole_user_password_history] ([user_id]); +GO + +-- +-- Handle cascading deletion/updates of records in response to deletion of +-- guacamole_entity records, where such deletion is not already covered by +-- ON DELETE CASCADE or ON DELETE SET NULL. +-- + +CREATE TRIGGER [guacamole_delete_entity] + ON [guacamole_entity] + INSTEAD OF DELETE +AS BEGIN + + -- Do not take trigger into account when producing row counts for the DELETE + SET NOCOUNT ON; + + -- Delete all associated permissions not covered by ON DELETE CASCADE + DELETE FROM [guacamole_user_permission] + WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED); + + DELETE FROM [guacamole_user_group_permission] + WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED); + + -- Delete all associated group memberships not covered by ON DELETE CASCADE + DELETE FROM [guacamole_user_group_member] + WHERE [member_entity_id] IN (SELECT [entity_id] FROM DELETED); + + -- Perform original deletion + DELETE FROM [guacamole_entity] + WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED); + +END +GO + +-- +-- Handle cascading deletion/updates of records in response to deletion of +-- guacamole_connection records, where such deletion is not already covered by +-- ON DELETE CASCADE or ON DELETE SET NULL. +-- + +CREATE TRIGGER [guacamole_delete_connection] + ON [guacamole_connection] + INSTEAD OF DELETE +AS BEGIN + + -- Do not take trigger into account when producing row counts for the DELETE + SET NOCOUNT ON; + + -- Delete associated sharing profiles + DELETE FROM [guacamole_sharing_profile] + WHERE [primary_connection_id] IN (SELECT [connection_id] FROM DELETED); + + -- Perform original deletion + DELETE FROM [guacamole_connection] + WHERE [connection_id] IN (SELECT [connection_id] FROM DELETED); + +END +GO + +-- +-- Handle cascading deletion/updates of records in response to deletion of +-- guacamole_connection_group records, where such deletion is not already +-- covered by ON DELETE CASCADE or ON DELETE SET NULL. +-- + +CREATE TRIGGER [guacamole_delete_connection_group] + ON [guacamole_connection_group] + INSTEAD OF DELETE +AS BEGIN + + -- Do not take trigger into account when producing row counts for the DELETE + SET NOCOUNT ON; + + -- Delete all descendant connections + WITH [connection_groups] ([connection_group_id]) AS ( + SELECT [connection_group_id] FROM DELETED + UNION ALL + SELECT [guacamole_connection_group].[connection_group_id] + FROM [guacamole_connection_group] + JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id] + ) + DELETE FROM [guacamole_connection] + WHERE [parent_id] IN ( + SELECT [connection_group_id] + FROM [connection_groups] + ); + + -- Delete all requested connection groups, including descendants + WITH [connection_groups] ([connection_group_id]) AS ( + SELECT [connection_group_id] FROM DELETED + UNION ALL + SELECT [guacamole_connection_group].[connection_group_id] + FROM [guacamole_connection_group] + JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id] + ) + DELETE FROM [guacamole_connection_group] + WHERE [connection_group_id] IN ( + SELECT [connection_group_id] + FROM [connection_groups] + ); + +END +GO + +-- +-- Handle cascading deletion/updates of records in response to deletion of +-- guacamole_sharing_profile records, where such deletion is not already +-- covered by ON DELETE CASCADE or ON DELETE SET NULL. +-- + +CREATE TRIGGER [guacamole_delete_sharing_profile] + ON [guacamole_sharing_profile] + INSTEAD OF DELETE +AS BEGIN + + -- Do not take trigger into account when producing row counts for the DELETE + SET NOCOUNT ON; + + -- Delete all associated permissions not covered by ON DELETE CASCADE + UPDATE [guacamole_connection_history] + SET [sharing_profile_id] = NULL + WHERE [sharing_profile_id] IN (SELECT [sharing_profile_id] FROM DELETED); + + -- Perform original deletion + DELETE FROM [guacamole_sharing_profile] + WHERE [sharing_profile_id] IN (SELECT [sharing_profile_id] FROM DELETED); + +END +GO + diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/002-create-admin-user.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/002-create-admin-user.sql new file mode 100644 index 0000000..dcb4257 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/002-create-admin-user.sql @@ -0,0 +1,63 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- Create default user "guacadmin" with password "guacadmin" +INSERT INTO [guacamole_entity] ([name], [type]) VALUES ('guacadmin', 'USER'); +INSERT INTO [guacamole_user] ( + [entity_id], + [password_hash], + [password_salt], + [password_date] +) +SELECT + [entity_id], + 0xCA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960, + 0xFE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264, + getdate() +FROM [guacamole_entity] WHERE [name] = 'guacadmin'; + +-- Grant this user all system permissions +INSERT INTO [guacamole_system_permission] +SELECT + [entity_id], + [permission] +FROM ( + SELECT 'guacadmin', 'CREATE_CONNECTION' + UNION SELECT 'guacadmin', 'CREATE_CONNECTION_GROUP' + UNION SELECT 'guacadmin', 'CREATE_SHARING_PROFILE' + UNION SELECT 'guacadmin', 'CREATE_USER' + UNION SELECT 'guacadmin', 'CREATE_USER_GROUP' + UNION SELECT 'guacadmin', 'ADMINISTER' +) [permissions] ([username], [permission]) +JOIN [guacamole_entity] ON [permissions].[username] = [guacamole_entity].[name] AND [guacamole_entity].[type] = 'USER'; + +INSERT INTO [guacamole_user_permission] +SELECT + [guacamole_entity].[entity_id], + [guacamole_user].[user_id], + [permission] +FROM ( + SELECT 'guacadmin', 'guacadmin', 'READ' + UNION SELECT 'guacadmin', 'guacadmin', 'UPDATE' + UNION SELECT 'guacadmin', 'guacadmin', 'ADMINISTER' +) [permissions] ([username], [affected_username], [permission]) +JOIN [guacamole_entity] ON [permissions].[username] = [guacamole_entity].[name] AND [guacamole_entity].[type] = 'USER' +JOIN [guacamole_entity] [affected] ON [permissions].[affected_username] = [affected].[name] AND [guacamole_entity].[type] = 'USER' +JOIN [guacamole_user] ON [guacamole_user].[entity_id] = [affected].[entity_id]; +GO diff --git a/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/upgrade/upgrade-pre-1.0.0.sql b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/upgrade/upgrade-pre-1.0.0.sql new file mode 100644 index 0000000..7b4fc88 --- /dev/null +++ b/SH/guacamole/guacamole-auth-jdbc-1.5.4/sqlserver/schema/upgrade/upgrade-pre-1.0.0.sql @@ -0,0 +1,659 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add new system-level permission +-- + +EXEC sp_unbindrule 'guacamole_system_permission'; +DROP RULE [guacamole_system_permission_list]; +GO + +CREATE RULE [guacamole_system_permission_list] AS @list IN ( + 'CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'CREATE_USER_GROUP', + 'ADMINISTER' +); +GO + +EXEC sp_bindrule + 'guacamole_system_permission_list', + 'guacamole_system_permission'; +GO + +-- +-- Entity types +-- + +CREATE RULE [guacamole_entity_type_list] AS @list IN ( + 'USER', + 'USER_GROUP' +); +GO + +CREATE TYPE [guacamole_entity_type] FROM [nvarchar](16); +EXEC sp_bindrule + 'guacamole_entity_type_list', + 'guacamole_entity_type'; +GO + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE [guacamole_entity] ( + + [entity_id] [int] IDENTITY(1,1) NOT NULL, + [name] [nvarchar](128) NOT NULL, + [type] [guacamole_entity_type] NOT NULL, + + CONSTRAINT [PK_guacamole_entity] + PRIMARY KEY CLUSTERED ([entity_id]), + + CONSTRAINT [AK_guacamole_entity_name_scope] + UNIQUE ([type], [name]) + +); +GO + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE [guacamole_user_group] ( + + [user_group_id] [int] IDENTITY(1,1) NOT NULL, + [entity_id] [int] NOT NULL, + + -- Group disabled status + [disabled] [bit] NOT NULL DEFAULT 0, + + CONSTRAINT [PK_guacamole_user_group] + PRIMARY KEY CLUSTERED ([user_group_id]), + + CONSTRAINT [guacamole_user_group_single_entity] + UNIQUE ([entity_id]), + + CONSTRAINT [guacamole_user_group_entity] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE + +); +GO + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE [guacamole_user_group_member] ( + + [user_group_id] [int] NOT NULL, + [member_entity_id] [int] NOT NULL, + + CONSTRAINT [PK_guacamole_user_group_member] + PRIMARY KEY CLUSTERED ([user_group_id], [member_entity_id]), + + -- Parent must be a user group + CONSTRAINT [guacamole_user_group_member_parent_id] + FOREIGN KEY ([user_group_id]) + REFERENCES [guacamole_user_group] ([user_group_id]) + ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT [guacamole_user_group_member_entity_id] + FOREIGN KEY ([member_entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + -- ON DELETE CASCADE handled by guacamole_delete_entity trigger + +); +GO + +-- +-- Table of user group permissions. Each user group permission grants a user +-- or user group access to a another user group (the "affected" user group) for +-- a specific type of operation. +-- + +CREATE TABLE [guacamole_user_group_permission] ( + + [entity_id] [int] NOT NULL, + [affected_user_group_id] [int] NOT NULL, + [permission] [guacamole_object_permission] NOT NULL, + + CONSTRAINT [PK_guacamole_user_group_permission] + PRIMARY KEY CLUSTERED ([entity_id], [affected_user_group_id], [permission]), + + CONSTRAINT [FK_guacamole_user_group_permission_affected_user_group_id] + FOREIGN KEY ([affected_user_group_id]) + REFERENCES [guacamole_user_group] ([user_group_id]) + ON DELETE CASCADE, + + CONSTRAINT [FK_guacamole_user_group_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + -- ON DELETE CASCADE handled by guacamole_delete_entity trigger + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_entity_id] + ON [guacamole_user_group_permission] ([entity_id]); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_permission_affected_user_group_id] + ON [guacamole_user_group_permission] ([affected_user_group_id]); +GO + +-- +-- The guacamole_delete_entity trigger effectively replaces the +-- guacamole_delete_user trigger, which is no longer necessary and will cease +-- being correct after the columns of existing tables are updated. +-- + +DROP TRIGGER [guacamole_delete_user]; +GO + +-- +-- Modify guacamole_user table to use guacamole_entity as a base +-- + +-- Add new entity_id column +ALTER TABLE [guacamole_user] ADD [entity_id] [int]; +GO + +-- Create user entities for each guacamole_user entry +INSERT INTO [guacamole_entity] ([name], [type]) +SELECT [username], 'USER' FROM [guacamole_user]; +GO + +-- Update guacamole_user to point to corresponding guacamole_entity +UPDATE [guacamole_user] SET [entity_id] = ( + SELECT [entity_id] FROM [guacamole_entity] + WHERE + [username] = [guacamole_entity].[name] + AND type = 'USER' +); +GO + +-- The entity_id column should now be safely non-NULL +ALTER TABLE [guacamole_user] + ALTER COLUMN [entity_id] [int] NOT NULL; + +-- The entity_id column should now be unique for each user +ALTER TABLE [guacamole_user] + ADD CONSTRAINT [AK_guacamole_user_single_entity] + UNIQUE ([entity_id]); + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE [guacamole_user] + ADD CONSTRAINT [FK_guacamole_user_entity] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE; + +-- The username column can now safely be removed +ALTER TABLE [guacamole_user] DROP [AK_guacamole_user_username]; +ALTER TABLE [guacamole_user] DROP COLUMN [username]; +GO + +-- +-- Modify guacamole_connection_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE [guacamole_connection_permission] ADD [entity_id] [int]; +GO + +-- Update guacamole_connection_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE [guacamole_connection_permission] SET [entity_id] = ( + SELECT [entity_id] FROM [guacamole_user] + WHERE [guacamole_user].[user_id] = [guacamole_connection_permission].[user_id] +); +GO + +-- The entity_id column should now be safely non-NULL +ALTER TABLE [guacamole_connection_permission] + ALTER COLUMN [entity_id] [int] NOT NULL; + +-- Remove user_id column +DROP INDEX [IX_guacamole_connection_permission_user_id] ON [guacamole_connection_permission]; +ALTER TABLE [guacamole_connection_permission] DROP [PK_guacamole_connection_permission]; +ALTER TABLE [guacamole_connection_permission] DROP [FK_guacamole_connection_permission_user_id]; +ALTER TABLE [guacamole_connection_permission] DROP COLUMN [user_id]; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE [guacamole_connection_permission] + ADD CONSTRAINT [FK_guacamole_connection_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE; + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_permission_entity_id] + ON [guacamole_connection_permission] ([entity_id]); + +-- Add new primary key which uses entity_id +ALTER TABLE [guacamole_connection_permission] + ADD CONSTRAINT [PK_guacamole_connection_permission] + PRIMARY KEY CLUSTERED ([entity_id], [connection_id], [permission]); +GO + +-- +-- Modify guacamole_connection_group_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE [guacamole_connection_group_permission] ADD [entity_id] [int]; +GO + +-- Update guacamole_connection_group_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_connection_group_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_group_permission.user_id +); +GO + +-- The entity_id column should now be safely non-NULL +ALTER TABLE [guacamole_connection_group_permission] + ALTER COLUMN [entity_id] [int] NOT NULL; + +-- Remove user_id column +DROP INDEX [IX_guacamole_connection_group_permission_user_id] ON [guacamole_connection_group_permission]; +ALTER TABLE [guacamole_connection_group_permission] DROP [PK_guacamole_connection_group_permission]; +ALTER TABLE [guacamole_connection_group_permission] DROP [FK_guacamole_connection_group_permission_user_id]; +ALTER TABLE [guacamole_connection_group_permission] DROP COLUMN user_id; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE [guacamole_connection_group_permission] + ADD CONSTRAINT [FK_guacamole_connection_group_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE; + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_permission_entity_id] + ON [guacamole_connection_group_permission] ([entity_id]); + +-- Add new primary key which uses entity_id +ALTER TABLE [guacamole_connection_group_permission] + ADD CONSTRAINT [PK_guacamole_connection_group_permission] + PRIMARY KEY CLUSTERED ([entity_id], [connection_group_id], [permission]); +GO + +-- +-- Modify guacamole_sharing_profile_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE [guacamole_sharing_profile_permission] ADD [entity_id] [int]; +GO + +-- Update guacamole_sharing_profile_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_sharing_profile_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_sharing_profile_permission.user_id +); +GO + +-- The entity_id column should now be safely non-NULL +ALTER TABLE [guacamole_sharing_profile_permission] + ALTER COLUMN [entity_id] [int] NOT NULL; + +-- Remove user_id column +DROP INDEX [IX_guacamole_sharing_profile_permission_user_id] ON [guacamole_sharing_profile_permission]; +ALTER TABLE [guacamole_sharing_profile_permission] DROP [PK_guacamole_sharing_profile_permission]; +ALTER TABLE [guacamole_sharing_profile_permission] DROP [FK_guacamole_sharing_profile_permission_user_id]; +ALTER TABLE [guacamole_sharing_profile_permission] DROP COLUMN user_id; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE [guacamole_sharing_profile_permission] + ADD CONSTRAINT [FK_guacamole_sharing_profile_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE; + +CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_permission_entity_id] + ON [guacamole_sharing_profile_permission] ([entity_id]); + +-- Add new primary key which uses entity_id +ALTER TABLE [guacamole_sharing_profile_permission] + ADD CONSTRAINT [PK_guacamole_sharing_profile_permission] + PRIMARY KEY CLUSTERED ([entity_id], [sharing_profile_id], [permission]); +GO + +-- +-- Modify guacamole_user_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE [guacamole_user_permission] ADD [entity_id] [int]; +GO + +-- Update guacamole_user_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_user_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_user_permission.user_id +); +GO + +-- The entity_id column should now be safely non-NULL +ALTER TABLE [guacamole_user_permission] + ALTER COLUMN [entity_id] [int] NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE [guacamole_user_permission] + ADD CONSTRAINT [FK_guacamole_user_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]); + -- ON DELETE CASCADE handled by guacamole_delete_entity trigger + +-- The affected_user_id column now has ON DELETE CASCADE +ALTER TABLE [guacamole_user_permission] DROP [FK_guacamole_user_permission_affected_user_id]; +ALTER TABLE [guacamole_user_permission] + ADD CONSTRAINT [FK_guacamole_user_permission_affected_user_id] + FOREIGN KEY ([affected_user_id]) + REFERENCES [guacamole_user] ([user_id]) + ON DELETE CASCADE; + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_permission_entity_id] + ON [guacamole_user_permission] ([entity_id]); + +-- Remove user_id column +DROP INDEX [IX_guacamole_user_permission_user_id] ON [guacamole_user_permission]; +ALTER TABLE [guacamole_user_permission] DROP [PK_guacamole_user_permission]; +ALTER TABLE [guacamole_user_permission] DROP [FK_guacamole_user_permission_user_id]; +ALTER TABLE [guacamole_user_permission] DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE [guacamole_user_permission] + ADD CONSTRAINT [PK_guacamole_user_permission] + PRIMARY KEY CLUSTERED ([entity_id], [affected_user_id], [permission]); +GO + +-- +-- Modify guacamole_system_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE [guacamole_system_permission] ADD [entity_id] [int]; +GO + +-- Update guacamole_system_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE [guacamole_system_permission] SET [entity_id] = ( + SELECT [entity_id] FROM [guacamole_user] + WHERE [guacamole_user].[user_id] = [guacamole_system_permission].[user_id] +); +GO + +-- The entity_id column should now be safely non-NULL +ALTER TABLE [guacamole_system_permission] + ALTER COLUMN [entity_id] [int] NOT NULL; + +-- Remove user_id column +DROP INDEX [IX_guacamole_system_permission_user_id] ON [guacamole_system_permission]; +ALTER TABLE [guacamole_system_permission] DROP [PK_guacamole_system_permission]; +ALTER TABLE [guacamole_system_permission] DROP [FK_guacamole_system_permission_user_id]; +ALTER TABLE [guacamole_system_permission] DROP COLUMN [user_id]; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE [guacamole_system_permission] + ADD CONSTRAINT [FK_guacamole_system_permission_entity_id] + FOREIGN KEY ([entity_id]) + REFERENCES [guacamole_entity] ([entity_id]) + ON DELETE CASCADE; + +CREATE NONCLUSTERED INDEX [IX_guacamole_system_permission_entity_id] + ON [guacamole_system_permission] ([entity_id]); + +-- Add new primary key which uses entity_id +ALTER TABLE [guacamole_system_permission] + ADD CONSTRAINT [PK_guacamole_system_permission] + PRIMARY KEY CLUSTERED ([entity_id], [permission]); +GO + +-- +-- Handle cascading deletion/updates of records in response to deletion of +-- guacamole_entity records, where such deletion is not already covered by +-- ON DELETE CASCADE or ON DELETE SET NULL. +-- + +CREATE TRIGGER [guacamole_delete_entity] + ON [guacamole_entity] + INSTEAD OF DELETE +AS BEGIN + + -- Do not take trigger into account when producing row counts for the DELETE + SET NOCOUNT ON; + + -- Delete all associated permissions not covered by ON DELETE CASCADE + DELETE FROM [guacamole_user_permission] + WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED); + + DELETE FROM [guacamole_user_group_permission] + WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED); + + -- Delete all associated group memberships not covered by ON DELETE CASCADE + DELETE FROM [guacamole_user_group_member] + WHERE [member_entity_id] IN (SELECT [entity_id] FROM DELETED); + + -- Perform original deletion + DELETE FROM [guacamole_entity] + WHERE [entity_id] IN (SELECT [entity_id] FROM DELETED); + +END +GO + +-- +-- Update guacamole_delete_connection_group trigger to remove descendant +-- connections first. +-- + +DROP TRIGGER [guacamole_delete_connection_group]; +GO + +CREATE TRIGGER [guacamole_delete_connection_group] + ON [guacamole_connection_group] + INSTEAD OF DELETE +AS BEGIN + + -- Do not take trigger into account when producing row counts for the DELETE + SET NOCOUNT ON; + + -- Delete all descendant connections + WITH [connection_groups] ([connection_group_id]) AS ( + SELECT [connection_group_id] FROM DELETED + UNION ALL + SELECT [guacamole_connection_group].[connection_group_id] + FROM [guacamole_connection_group] + JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id] + ) + DELETE FROM [guacamole_connection] + WHERE [parent_id] IN ( + SELECT [connection_group_id] + FROM [connection_groups] + ); + + -- Delete all requested connection groups, including descendants + WITH [connection_groups] ([connection_group_id]) AS ( + SELECT [connection_group_id] FROM DELETED + UNION ALL + SELECT [guacamole_connection_group].[connection_group_id] + FROM [guacamole_connection_group] + JOIN [connection_groups] ON [connection_groups].[connection_group_id] = [guacamole_connection_group].[parent_id] + ) + DELETE FROM [guacamole_connection_group] + WHERE [connection_group_id] IN ( + SELECT [connection_group_id] + FROM [connection_groups] + ); + +END +GO + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_user_attribute] ( + + [user_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + CONSTRAINT [PK_guacamole_user_attribute] + PRIMARY KEY CLUSTERED ([user_id], [attribute_name]), + + CONSTRAINT [FK_guacamole_user_attribute_user_id] + FOREIGN KEY ([user_id]) + REFERENCES [guacamole_user] ([user_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_attribute_user_id] + ON [guacamole_user_attribute] ([user_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_user_group_attribute] ( + + [user_group_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + CONSTRAINT [PK_guacamole_user_group_attribute] + PRIMARY KEY CLUSTERED ([user_group_id], [attribute_name]), + + CONSTRAINT [FK_guacamole_user_attribute_user_group_id] + FOREIGN KEY ([user_group_id]) + REFERENCES [guacamole_user_group] ([user_group_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_user_group_attribute_user_id] + ON [guacamole_user_group_attribute] ([user_group_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_connection_attribute] ( + + [connection_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + + CONSTRAINT [FK_guacamole_connection_attribute_connection_id] + FOREIGN KEY ([connection_id]) + REFERENCES [guacamole_connection] ([connection_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_attribute_connection_id] + ON [guacamole_connection_attribute] ([connection_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_connection_group_attribute] ( + + [connection_group_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + + CONSTRAINT [FK_guacamole_connection_group_attribute_connection_group_id] + FOREIGN KEY ([connection_group_id]) + REFERENCES [guacamole_connection_group] ([connection_group_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_connection_group_attribute_connection_group_id] + ON [guacamole_connection_group_attribute] ([connection_group_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE [guacamole_sharing_profile_attribute] ( + + [sharing_profile_id] [int] NOT NULL, + [attribute_name] [nvarchar](128) NOT NULL, + [attribute_value] [nvarchar](4000) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + + CONSTRAINT [FK_guacamole_sharing_profile_attribute_sharing_profile_id] + FOREIGN KEY ([sharing_profile_id]) + REFERENCES [guacamole_sharing_profile] ([sharing_profile_id]) + ON DELETE CASCADE + +); + +CREATE NONCLUSTERED INDEX [IX_guacamole_sharing_profile_attribute_sharing_profile_id] + ON [guacamole_sharing_profile_attribute] ([sharing_profile_id]) + INCLUDE ([attribute_name], [attribute_value]); +GO diff --git a/SH/guacamole/init/001-create-schema.sql b/SH/guacamole/init/001-create-schema.sql new file mode 100644 index 0000000..9bcf1c5 --- /dev/null +++ b/SH/guacamole/init/001-create-schema.sql @@ -0,0 +1,736 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Connection group types +-- + +CREATE TYPE guacamole_connection_group_type AS ENUM( + 'ORGANIZATIONAL', + 'BALANCING' +); + +-- +-- Entity types +-- + +CREATE TYPE guacamole_entity_type AS ENUM( + 'USER', + 'USER_GROUP' +); + +-- +-- Object permission types +-- + +CREATE TYPE guacamole_object_permission_type AS ENUM( + 'READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER' +); + +-- +-- System permission types +-- + +CREATE TYPE guacamole_system_permission_type AS ENUM( + 'CREATE_CONNECTION', + 'CREATE_CONNECTION_GROUP', + 'CREATE_SHARING_PROFILE', + 'CREATE_USER', + 'CREATE_USER_GROUP', + 'ADMINISTER' +); + +-- +-- Guacamole proxy (guacd) encryption methods +-- + +CREATE TYPE guacamole_proxy_encryption_method AS ENUM( + 'NONE', + 'SSL' +); + +-- +-- Table of connection groups. Each connection group has a name. +-- + +CREATE TABLE guacamole_connection_group ( + + connection_group_id serial NOT NULL, + parent_id integer, + connection_group_name varchar(128) NOT NULL, + type guacamole_connection_group_type + NOT NULL DEFAULT 'ORGANIZATIONAL', + + -- Concurrency limits + max_connections integer, + max_connections_per_user integer, + enable_session_affinity boolean NOT NULL DEFAULT FALSE, + + PRIMARY KEY (connection_group_id), + + CONSTRAINT connection_group_name_parent + UNIQUE (connection_group_name, parent_id), + + CONSTRAINT guacamole_connection_group_ibfk_1 + FOREIGN KEY (parent_id) + REFERENCES guacamole_connection_group (connection_group_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_parent_id + ON guacamole_connection_group(parent_id); + +-- +-- Table of connections. Each connection has a name, protocol, and +-- associated set of parameters. +-- A connection may belong to a connection group. +-- + +CREATE TABLE guacamole_connection ( + + connection_id serial NOT NULL, + connection_name varchar(128) NOT NULL, + parent_id integer, + protocol varchar(32) NOT NULL, + + -- Concurrency limits + max_connections integer, + max_connections_per_user integer, + + -- Connection Weight + connection_weight integer, + failover_only boolean NOT NULL DEFAULT FALSE, + + -- Guacamole proxy (guacd) overrides + proxy_port integer, + proxy_hostname varchar(512), + proxy_encryption_method guacamole_proxy_encryption_method, + + PRIMARY KEY (connection_id), + + CONSTRAINT connection_name_parent + UNIQUE (connection_name, parent_id), + + CONSTRAINT guacamole_connection_ibfk_1 + FOREIGN KEY (parent_id) + REFERENCES guacamole_connection_group (connection_group_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_parent_id + ON guacamole_connection(parent_id); + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE guacamole_entity ( + + entity_id serial NOT NULL, + name varchar(128) NOT NULL, + type guacamole_entity_type NOT NULL, + + PRIMARY KEY (entity_id), + + CONSTRAINT guacamole_entity_name_scope + UNIQUE (type, name) + +); + +-- +-- Table of users. Each user has a unique username and a hashed password +-- with corresponding salt. Although the authentication system will always set +-- salted passwords, other systems may set unsalted passwords by simply not +-- providing the salt. +-- + +CREATE TABLE guacamole_user ( + + user_id serial NOT NULL, + entity_id integer NOT NULL, + + -- Optionally-salted password + password_hash bytea NOT NULL, + password_salt bytea, + password_date timestamptz NOT NULL, + + -- Account disabled/expired status + disabled boolean NOT NULL DEFAULT FALSE, + expired boolean NOT NULL DEFAULT FALSE, + + -- Time-based access restriction + access_window_start time, + access_window_end time, + + -- Date-based access restriction + valid_from date, + valid_until date, + + -- Timezone used for all date/time comparisons and interpretation + timezone varchar(64), + + -- Profile information + full_name varchar(256), + email_address varchar(256), + organization varchar(256), + organizational_role varchar(256), + + PRIMARY KEY (user_id), + + CONSTRAINT guacamole_user_single_entity + UNIQUE (entity_id), + + CONSTRAINT guacamole_user_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE + +); + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE guacamole_user_group ( + + user_group_id serial NOT NULL, + entity_id integer NOT NULL, + + -- Group disabled status + disabled boolean NOT NULL DEFAULT FALSE, + + PRIMARY KEY (user_group_id), + + CONSTRAINT guacamole_user_group_single_entity + UNIQUE (entity_id), + + CONSTRAINT guacamole_user_group_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE + +); + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE guacamole_user_group_member ( + + user_group_id integer NOT NULL, + member_entity_id integer NOT NULL, + + PRIMARY KEY (user_group_id, member_entity_id), + + -- Parent must be a user group + CONSTRAINT guacamole_user_group_member_parent + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT guacamole_user_group_member_entity + FOREIGN KEY (member_entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +-- +-- Table of sharing profiles. Each sharing profile has a name, associated set +-- of parameters, and a primary connection. The primary connection is the +-- connection that the sharing profile shares, and the parameters dictate the +-- restrictions/features which apply to the user joining the connection via the +-- sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile ( + + sharing_profile_id serial NOT NULL, + sharing_profile_name varchar(128) NOT NULL, + primary_connection_id integer NOT NULL, + + PRIMARY KEY (sharing_profile_id), + + CONSTRAINT sharing_profile_name_primary + UNIQUE (sharing_profile_name, primary_connection_id), + + CONSTRAINT guacamole_sharing_profile_ibfk_1 + FOREIGN KEY (primary_connection_id) + REFERENCES guacamole_connection (connection_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_primary_connection_id + ON guacamole_sharing_profile(primary_connection_id); + +-- +-- Table of connection parameters. Each parameter is simply a name/value pair +-- associated with a connection. +-- + +CREATE TABLE guacamole_connection_parameter ( + + connection_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id,parameter_name), + + CONSTRAINT guacamole_connection_parameter_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_parameter_connection_id + ON guacamole_connection_parameter(connection_id); + +-- +-- Table of sharing profile parameters. Each parameter is simply +-- name/value pair associated with a sharing profile. These parameters dictate +-- the restrictions/features which apply to the user joining the associated +-- connection via the sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + sharing_profile_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, parameter_name), + + CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_parameter_sharing_profile_id + ON guacamole_sharing_profile_parameter(sharing_profile_id); + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_attribute ( + + user_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_id, attribute_name), + + CONSTRAINT guacamole_user_attribute_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_attribute_user_id + ON guacamole_user_attribute(user_id); + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_group_attribute ( + + user_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_group_id, attribute_name), + + CONSTRAINT guacamole_user_group_attribute_ibfk_1 + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_attribute_user_group_id + ON guacamole_user_group_attribute(user_group_id); + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_attribute ( + + connection_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + + CONSTRAINT guacamole_connection_attribute_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_attribute_connection_id + ON guacamole_connection_attribute(connection_id); + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_group_attribute ( + + connection_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + + CONSTRAINT guacamole_connection_group_attribute_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_attribute_connection_group_id + ON guacamole_connection_group_attribute(connection_group_id); + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_sharing_profile_attribute ( + + sharing_profile_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + + CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_attribute_sharing_profile_id + ON guacamole_sharing_profile_attribute(sharing_profile_id); + +-- +-- Table of connection permissions. Each connection permission grants a user or +-- user group specific access to a connection. +-- + +CREATE TABLE guacamole_connection_permission ( + + entity_id integer NOT NULL, + connection_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, connection_id, permission), + + CONSTRAINT guacamole_connection_permission_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_connection_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_permission_connection_id + ON guacamole_connection_permission(connection_id); + +CREATE INDEX guacamole_connection_permission_entity_id + ON guacamole_connection_permission(entity_id); + +-- +-- Table of connection group permissions. Each group permission grants a user +-- or user group specific access to a connection group. +-- + +CREATE TABLE guacamole_connection_group_permission ( + + entity_id integer NOT NULL, + connection_group_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, connection_group_id, permission), + + CONSTRAINT guacamole_connection_group_permission_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_connection_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_permission_connection_group_id + ON guacamole_connection_group_permission(connection_group_id); + +CREATE INDEX guacamole_connection_group_permission_entity_id + ON guacamole_connection_group_permission(entity_id); + +-- +-- Table of sharing profile permissions. Each sharing profile permission grants +-- a user or user group specific access to a sharing profile. +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + entity_id integer NOT NULL, + sharing_profile_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, sharing_profile_id, permission), + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_sharing_profile_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_permission_sharing_profile_id + ON guacamole_sharing_profile_permission(sharing_profile_id); + +CREATE INDEX guacamole_sharing_profile_permission_entity_id + ON guacamole_sharing_profile_permission(entity_id); + +-- +-- Table of system permissions. Each system permission grants a user or user +-- group a system-level privilege of some kind. +-- + +CREATE TABLE guacamole_system_permission ( + + entity_id integer NOT NULL, + permission guacamole_system_permission_type NOT NULL, + + PRIMARY KEY (entity_id, permission), + + CONSTRAINT guacamole_system_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_system_permission_entity_id + ON guacamole_system_permission(entity_id); + +-- +-- Table of user permissions. Each user permission grants a user or user group +-- access to another user (the "affected" user) for a specific type of +-- operation. +-- + +CREATE TABLE guacamole_user_permission ( + + entity_id integer NOT NULL, + affected_user_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, affected_user_id, permission), + + CONSTRAINT guacamole_user_permission_ibfk_1 + FOREIGN KEY (affected_user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_user_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_permission_affected_user_id + ON guacamole_user_permission(affected_user_id); + +CREATE INDEX guacamole_user_permission_entity_id + ON guacamole_user_permission(entity_id); + +-- +-- Table of user group permissions. Each user group permission grants a user +-- or user group access to a another user group (the "affected" user group) for +-- a specific type of operation. +-- + +CREATE TABLE guacamole_user_group_permission ( + + entity_id integer NOT NULL, + affected_user_group_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, affected_user_group_id, permission), + + CONSTRAINT guacamole_user_group_permission_affected_user_group + FOREIGN KEY (affected_user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_user_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_permission_affected_user_group_id + ON guacamole_user_group_permission(affected_user_group_id); + +CREATE INDEX guacamole_user_group_permission_entity_id + ON guacamole_user_group_permission(entity_id); + +-- +-- Table of connection history records. Each record defines a specific user's +-- session, including the connection used, the start time, and the end time +-- (if any). +-- + +CREATE TABLE guacamole_connection_history ( + + history_id serial NOT NULL, + user_id integer DEFAULT NULL, + username varchar(128) NOT NULL, + remote_host varchar(256) DEFAULT NULL, + connection_id integer DEFAULT NULL, + connection_name varchar(128) NOT NULL, + sharing_profile_id integer DEFAULT NULL, + sharing_profile_name varchar(128) DEFAULT NULL, + start_date timestamptz NOT NULL, + end_date timestamptz DEFAULT NULL, + + PRIMARY KEY (history_id), + + CONSTRAINT guacamole_connection_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL, + + CONSTRAINT guacamole_connection_history_ibfk_2 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL, + + CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL + +); + +CREATE INDEX guacamole_connection_history_user_id + ON guacamole_connection_history(user_id); + +CREATE INDEX guacamole_connection_history_connection_id + ON guacamole_connection_history(connection_id); + +CREATE INDEX guacamole_connection_history_sharing_profile_id + ON guacamole_connection_history(sharing_profile_id); + +CREATE INDEX guacamole_connection_history_start_date + ON guacamole_connection_history(start_date); + +CREATE INDEX guacamole_connection_history_end_date + ON guacamole_connection_history(end_date); + +CREATE INDEX guacamole_connection_history_connection_id_start_date + ON guacamole_connection_history(connection_id, start_date); + +-- +-- User login/logout history +-- + +CREATE TABLE guacamole_user_history ( + + history_id serial NOT NULL, + user_id integer DEFAULT NULL, + username varchar(128) NOT NULL, + remote_host varchar(256) DEFAULT NULL, + start_date timestamptz NOT NULL, + end_date timestamptz DEFAULT NULL, + + PRIMARY KEY (history_id), + + CONSTRAINT guacamole_user_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL + +); + +CREATE INDEX guacamole_user_history_user_id + ON guacamole_user_history(user_id); + +CREATE INDEX guacamole_user_history_start_date + ON guacamole_user_history(start_date); + +CREATE INDEX guacamole_user_history_end_date + ON guacamole_user_history(end_date); + +CREATE INDEX guacamole_user_history_user_id_start_date + ON guacamole_user_history(user_id, start_date); + +-- +-- User password history +-- + +CREATE TABLE guacamole_user_password_history ( + + password_history_id serial NOT NULL, + user_id integer NOT NULL, + + -- Salted password + password_hash bytea NOT NULL, + password_salt bytea, + password_date timestamptz NOT NULL, + + PRIMARY KEY (password_history_id), + + CONSTRAINT guacamole_user_password_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_password_history_user_id + ON guacamole_user_password_history(user_id); + diff --git a/SH/guacamole/init/002-create-admin-user.sql b/SH/guacamole/init/002-create-admin-user.sql new file mode 100644 index 0000000..c7cd7c9 --- /dev/null +++ b/SH/guacamole/init/002-create-admin-user.sql @@ -0,0 +1,55 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- Create default user "guacadmin" with password "guacadmin" +INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER'); +INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date) +SELECT + entity_id, + decode('CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960', 'hex'), -- 'guacadmin' + decode('FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264', 'hex'), + CURRENT_TIMESTAMP +FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER'; + +-- Grant this user all system permissions +INSERT INTO guacamole_system_permission (entity_id, permission) +SELECT entity_id, permission::guacamole_system_permission_type +FROM ( + VALUES + ('guacadmin', 'CREATE_CONNECTION'), + ('guacadmin', 'CREATE_CONNECTION_GROUP'), + ('guacadmin', 'CREATE_SHARING_PROFILE'), + ('guacadmin', 'CREATE_USER'), + ('guacadmin', 'CREATE_USER_GROUP'), + ('guacadmin', 'ADMINISTER') +) permissions (username, permission) +JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER'; + +-- Grant admin permission to read/update/administer self +INSERT INTO guacamole_user_permission (entity_id, affected_user_id, permission) +SELECT guacamole_entity.entity_id, guacamole_user.user_id, permission::guacamole_object_permission_type +FROM ( + VALUES + ('guacadmin', 'guacadmin', 'READ'), + ('guacadmin', 'guacadmin', 'UPDATE'), + ('guacadmin', 'guacadmin', 'ADMINISTER') +) permissions (username, affected_username, permission) +JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER' +JOIN guacamole_entity affected ON permissions.affected_username = affected.name AND guacamole_entity.type = 'USER' +JOIN guacamole_user ON guacamole_user.entity_id = affected.entity_id; diff --git a/SH/guacamole/init/upgrade/upgrade-pre-0.9.10.sql b/SH/guacamole/init/upgrade/upgrade-pre-0.9.10.sql new file mode 100644 index 0000000..9e41204 --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-0.9.10.sql @@ -0,0 +1,196 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- User and connection IDs within history table can now be null +-- + +ALTER TABLE guacamole_connection_history + ALTER COLUMN user_id SET DEFAULT NULL, + ALTER COLUMN user_id DROP NOT NULL; + +ALTER TABLE guacamole_connection_history + ALTER COLUMN connection_id SET DEFAULT NULL, + ALTER COLUMN connection_id DROP NOT NULL; + +-- +-- Add new username and connection_name columns to history table +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN username varchar(128); + +ALTER TABLE guacamole_connection_history + ADD COLUMN connection_name varchar(128); + +-- +-- Populate new name columns by joining corresponding tables +-- + +UPDATE guacamole_connection_history + SET username = guacamole_user.username + FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_history.user_id; + +UPDATE guacamole_connection_history + SET connection_name = guacamole_connection.connection_name + FROM guacamole_connection + WHERE guacamole_connection.connection_id = + guacamole_connection_history.connection_id; + +-- +-- Set NOT NULL now that the column is fully populated +-- + +ALTER TABLE guacamole_connection_history + ALTER COLUMN username SET NOT NULL; + +ALTER TABLE guacamole_connection_history + ALTER COLUMN connection_name SET NOT NULL; + +-- +-- Remove old foreign key constraints with ON DELETE CASCADE +-- + +ALTER TABLE guacamole_connection_history + DROP CONSTRAINT guacamole_connection_history_ibfk_1; + +ALTER TABLE guacamole_connection_history + DROP CONSTRAINT guacamole_connection_history_ibfk_2; + +-- +-- Recreate foreign key constraints with ON DELETE SET NULL +-- + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL; + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_2 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL; + +-- +-- Add session affinity column +-- + +ALTER TABLE guacamole_connection_group + ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT FALSE; + +-- +-- Add new system-level permission +-- + +ALTER TYPE guacamole_system_permission_type + ADD VALUE 'CREATE_SHARING_PROFILE' + AFTER 'CREATE_CONNECTION_GROUP'; + +-- +-- Add sharing profile table +-- + +CREATE TABLE guacamole_sharing_profile ( + + sharing_profile_id serial NOT NULL, + sharing_profile_name varchar(128) NOT NULL, + primary_connection_id integer NOT NULL, + + PRIMARY KEY (sharing_profile_id), + + CONSTRAINT sharing_profile_name_primary + UNIQUE (sharing_profile_name, primary_connection_id), + + CONSTRAINT guacamole_sharing_profile_ibfk_1 + FOREIGN KEY (primary_connection_id) + REFERENCES guacamole_connection (connection_id) + ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_primary_connection_id + ON guacamole_sharing_profile(primary_connection_id); + +-- +-- Add table of sharing profile parameters +-- + +CREATE TABLE guacamole_sharing_profile_parameter ( + + sharing_profile_id integer NOT NULL, + parameter_name varchar(128) NOT NULL, + parameter_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, parameter_name), + + CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_parameter_sharing_profile_id + ON guacamole_sharing_profile_parameter(sharing_profile_id); + +-- +-- Object-level permission table for sharing profiles +-- + +CREATE TABLE guacamole_sharing_profile_permission ( + + user_id integer NOT NULL, + sharing_profile_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (user_id,sharing_profile_id,permission), + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_sharing_profile_permission_ibfk_2 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_permission_sharing_profile_id + ON guacamole_sharing_profile_permission(sharing_profile_id); + +CREATE INDEX guacamole_sharing_profile_permission_user_id + ON guacamole_sharing_profile_permission(user_id); + +-- +-- Add new (optional) sharing profile ID and name columns to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_id integer; + +ALTER TABLE guacamole_connection_history + ADD COLUMN sharing_profile_name varchar(128); + +ALTER TABLE guacamole_connection_history + ADD CONSTRAINT guacamole_connection_history_ibfk_3 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL; + +CREATE INDEX guacamole_connection_history_sharing_profile_id + ON guacamole_connection_history(sharing_profile_id); diff --git a/SH/guacamole/init/upgrade/upgrade-pre-0.9.11.sql b/SH/guacamole/init/upgrade/upgrade-pre-0.9.11.sql new file mode 100644 index 0000000..95d6372 --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-0.9.11.sql @@ -0,0 +1,55 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user password set date +-- + +ALTER TABLE guacamole_user + ADD COLUMN password_date timestamptz; + +UPDATE guacamole_user SET password_date = CURRENT_TIMESTAMP; + +ALTER TABLE guacamole_user + ALTER COLUMN password_date SET NOT NULL; + +-- +-- User password history +-- + +CREATE TABLE guacamole_user_password_history ( + + password_history_id serial NOT NULL, + user_id integer NOT NULL, + + -- Salted password + password_hash bytea NOT NULL, + password_salt bytea, + password_date timestamptz NOT NULL, + + PRIMARY KEY (password_history_id), + + CONSTRAINT guacamole_user_password_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_password_history_user_id + ON guacamole_user_password_history(user_id); diff --git a/SH/guacamole/init/upgrade/upgrade-pre-0.9.13.sql b/SH/guacamole/init/upgrade/upgrade-pre-0.9.13.sql new file mode 100644 index 0000000..0fac528 --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-0.9.13.sql @@ -0,0 +1,45 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add new guacd encryption method type +-- + +CREATE TYPE guacamole_proxy_encryption_method AS ENUM( + 'NONE', + 'SSL' +); + +-- +-- Add guacd per-connection override columns +-- + +ALTER TABLE guacamole_connection ADD COLUMN proxy_port integer; +ALTER TABLE guacamole_connection ADD COLUMN proxy_hostname varchar(512); +ALTER TABLE guacamole_connection ADD COLUMN proxy_encryption_method guacamole_proxy_encryption_method; + +-- +-- Add new user profile columns +-- + +ALTER TABLE guacamole_user ADD COLUMN full_name VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN email_address VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN organization VARCHAR(256); +ALTER TABLE guacamole_user ADD COLUMN organizational_role VARCHAR(256); + diff --git a/SH/guacamole/init/upgrade/upgrade-pre-0.9.14.sql b/SH/guacamole/init/upgrade/upgrade-pre-0.9.14.sql new file mode 100644 index 0000000..534d4dc --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-0.9.14.sql @@ -0,0 +1,79 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-connection weight +-- + +ALTER TABLE guacamole_connection + ADD COLUMN connection_weight int; + +-- +-- Add failover-only flag +-- + +ALTER TABLE guacamole_connection + ADD COLUMN failover_only BOOLEAN NOT NULL DEFAULT FALSE; + +-- +-- Add remote_host to connection history +-- + +ALTER TABLE guacamole_connection_history + ADD COLUMN remote_host VARCHAR(256) DEFAULT NULL; + +-- +-- Add covering index for connection history connection and start date +-- + +CREATE INDEX guacamole_connection_history_connection_id_start_date + ON guacamole_connection_history(connection_id, start_date); + +-- +-- User login/logout history +-- + +CREATE TABLE guacamole_user_history ( + + history_id serial NOT NULL, + user_id integer DEFAULT NULL, + username varchar(128) NOT NULL, + remote_host varchar(256) DEFAULT NULL, + start_date timestamptz NOT NULL, + end_date timestamptz DEFAULT NULL, + + PRIMARY KEY (history_id), + + CONSTRAINT guacamole_user_history_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE SET NULL + +); + +CREATE INDEX guacamole_user_history_user_id + ON guacamole_user_history(user_id); + +CREATE INDEX guacamole_user_history_start_date + ON guacamole_user_history(start_date); + +CREATE INDEX guacamole_user_history_end_date + ON guacamole_user_history(end_date); + +CREATE INDEX guacamole_user_history_user_id_start_date + ON guacamole_user_history(user_id, start_date); diff --git a/SH/guacamole/init/upgrade/upgrade-pre-0.9.7.sql b/SH/guacamole/init/upgrade/upgrade-pre-0.9.7.sql new file mode 100644 index 0000000..37aacf4 --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-0.9.7.sql @@ -0,0 +1,31 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user disable flag +-- + +ALTER TABLE guacamole_user ADD COLUMN disabled boolean NOT NULL DEFAULT FALSE; + +-- +-- Add per-user password expiration flag +-- + +ALTER TABLE guacamole_user ADD COLUMN expired boolean NOT NULL DEFAULT FALSE; + diff --git a/SH/guacamole/init/upgrade/upgrade-pre-0.9.8.sql b/SH/guacamole/init/upgrade/upgrade-pre-0.9.8.sql new file mode 100644 index 0000000..f6146dc --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-0.9.8.sql @@ -0,0 +1,52 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user time-based access restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN access_window_start time; +ALTER TABLE guacamole_user ADD COLUMN access_window_end time; + +-- +-- Add per-user date-based account validity restrictions. +-- + +ALTER TABLE guacamole_user ADD COLUMN valid_from date; +ALTER TABLE guacamole_user ADD COLUMN valid_until date; + +-- +-- Add per-user timezone for sake of time comparisons/interpretation. +-- + +ALTER TABLE guacamole_user ADD COLUMN timezone varchar(64); + +-- +-- Add connection concurrency limits +-- + +ALTER TABLE guacamole_connection ADD COLUMN max_connections integer; +ALTER TABLE guacamole_connection ADD COLUMN max_connections_per_user integer; + +-- +-- Add connection group concurrency limits +-- + +ALTER TABLE guacamole_connection_group ADD COLUMN max_connections integer; +ALTER TABLE guacamole_connection_group ADD COLUMN max_connections_per_user integer; diff --git a/SH/guacamole/init/upgrade/upgrade-pre-0.9.9.sql b/SH/guacamole/init/upgrade/upgrade-pre-0.9.9.sql new file mode 100644 index 0000000..eab419b --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-0.9.9.sql @@ -0,0 +1,32 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Ensure history entry start/end dates are indexed. +-- + +CREATE INDEX guacamole_connection_history_start_date + ON guacamole_connection_history(start_date); + +CREATE INDEX guacamole_connection_history_end_date + ON guacamole_connection_history(end_date); + +CREATE INDEX guacamole_connection_history_search_index + ON guacamole_connection_history(start_date, connection_id, user_id); + diff --git a/SH/guacamole/init/upgrade/upgrade-pre-1.0.0.sql b/SH/guacamole/init/upgrade/upgrade-pre-1.0.0.sql new file mode 100644 index 0000000..83dfa86 --- /dev/null +++ b/SH/guacamole/init/upgrade/upgrade-pre-1.0.0.sql @@ -0,0 +1,471 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add new system-level permission +-- + +ALTER TYPE guacamole_system_permission_type + ADD VALUE 'CREATE_USER_GROUP' + AFTER 'CREATE_USER'; + +-- +-- Entity types +-- + +CREATE TYPE guacamole_entity_type AS ENUM( + 'USER', + 'USER_GROUP' +); + +-- +-- Table of base entities which may each be either a user or user group. Other +-- tables which represent qualities shared by both users and groups will point +-- to guacamole_entity, while tables which represent qualities specific to +-- users or groups will point to guacamole_user or guacamole_user_group. +-- + +CREATE TABLE guacamole_entity ( + + entity_id serial NOT NULL, + name varchar(128) NOT NULL, + type guacamole_entity_type NOT NULL, + + PRIMARY KEY (entity_id), + + CONSTRAINT guacamole_entity_name_scope + UNIQUE (type, name) + +); + +-- +-- Table of user groups. Each user group may have an arbitrary set of member +-- users and member groups, with those members inheriting the permissions +-- granted to that group. +-- + +CREATE TABLE guacamole_user_group ( + + user_group_id serial NOT NULL, + entity_id integer NOT NULL, + + -- Group disabled status + disabled boolean NOT NULL DEFAULT FALSE, + + PRIMARY KEY (user_group_id), + + CONSTRAINT guacamole_user_group_single_entity + UNIQUE (entity_id), + + CONSTRAINT guacamole_user_group_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE + +); + +-- +-- Table of users which are members of given user groups. +-- + +CREATE TABLE guacamole_user_group_member ( + + user_group_id integer NOT NULL, + member_entity_id integer NOT NULL, + + PRIMARY KEY (user_group_id, member_entity_id), + + -- Parent must be a user group + CONSTRAINT guacamole_user_group_member_parent + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + -- Member may be either a user or a user group (any entity) + CONSTRAINT guacamole_user_group_member_entity + FOREIGN KEY (member_entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +-- +-- Table of user group permissions. Each user group permission grants a user +-- access to a particular user group for a specific type of operation. +-- + +CREATE TABLE guacamole_user_group_permission ( + + entity_id integer NOT NULL, + affected_user_group_id integer NOT NULL, + permission guacamole_object_permission_type NOT NULL, + + PRIMARY KEY (entity_id, affected_user_group_id, permission), + + CONSTRAINT guacamole_user_group_permission_affected_user_group + FOREIGN KEY (affected_user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE, + + CONSTRAINT guacamole_user_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_permission_affected_user_group_id + ON guacamole_user_group_permission(affected_user_group_id); + +CREATE INDEX guacamole_user_group_permission_entity_id + ON guacamole_user_group_permission(entity_id); + +-- +-- Modify guacamole_user table to use guacamole_entity as a base +-- + +-- Add new entity_id column +ALTER TABLE guacamole_user ADD COLUMN entity_id integer; + +-- Create user entities for each guacamole_user entry +INSERT INTO guacamole_entity (name, type) +SELECT username, 'USER' FROM guacamole_user; + +-- Update guacamole_user to point to corresponding guacamole_entity +UPDATE guacamole_user SET entity_id = ( + SELECT entity_id FROM guacamole_entity + WHERE + username = guacamole_entity.name + AND type = 'USER' +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_user + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now be unique for each user +ALTER TABLE guacamole_user + ADD CONSTRAINT guacamole_user_single_entity + UNIQUE (entity_id); + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_user + ADD CONSTRAINT guacamole_user_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +-- The username column can now safely be removed +ALTER TABLE guacamole_user DROP COLUMN username; + +-- +-- Modify guacamole_connection_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_connection_permission ADD COLUMN entity_id integer; + +-- Update guacamole_connection_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_connection_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_connection_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_connection_permission + ADD CONSTRAINT guacamole_connection_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_connection_permission_entity_id + ON guacamole_connection_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_connection_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_connection_permission + ADD PRIMARY KEY (entity_id, connection_id, permission); + +-- +-- Modify guacamole_connection_group_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_connection_group_permission ADD COLUMN entity_id integer; + +-- Update guacamole_connection_group_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_connection_group_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_connection_group_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_connection_group_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_connection_group_permission + ADD CONSTRAINT guacamole_connection_group_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_connection_group_permission_entity_id + ON guacamole_connection_group_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_connection_group_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_connection_group_permission + ADD PRIMARY KEY (entity_id, connection_group_id, permission); + +-- +-- Modify guacamole_sharing_profile_permission to use guacamole_entity instead +-- of guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_sharing_profile_permission ADD COLUMN entity_id integer; + +-- Update guacamole_sharing_profile_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_sharing_profile_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_sharing_profile_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_sharing_profile_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_sharing_profile_permission + ADD CONSTRAINT guacamole_sharing_profile_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_sharing_profile_permission_entity_id + ON guacamole_sharing_profile_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_sharing_profile_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_sharing_profile_permission + ADD PRIMARY KEY (entity_id, sharing_profile_id, permission); + +-- +-- Modify guacamole_user_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_user_permission ADD COLUMN entity_id integer; + +-- Update guacamole_user_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_user_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_user_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_user_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_user_permission + ADD CONSTRAINT guacamole_user_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_user_permission_entity_id + ON guacamole_user_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_user_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_user_permission + ADD PRIMARY KEY (entity_id, affected_user_id, permission); + +-- +-- Modify guacamole_system_permission to use guacamole_entity instead of +-- guacamole_user +-- + +-- Add new entity_id column +ALTER TABLE guacamole_system_permission ADD COLUMN entity_id integer; + +-- Update guacamole_system_permission to point to the guacamole_entity +-- that has been granted the permission +UPDATE guacamole_system_permission SET entity_id = ( + SELECT entity_id FROM guacamole_user + WHERE guacamole_user.user_id = guacamole_system_permission.user_id +); + +-- The entity_id column should now be safely non-NULL +ALTER TABLE guacamole_system_permission + ALTER COLUMN entity_id SET NOT NULL; + +-- The entity_id column should now safely point to guacamole_entity entries +ALTER TABLE guacamole_system_permission + ADD CONSTRAINT guacamole_system_permission_entity + FOREIGN KEY (entity_id) + REFERENCES guacamole_entity (entity_id) + ON DELETE CASCADE; + +CREATE INDEX guacamole_system_permission_entity_id + ON guacamole_system_permission(entity_id); + +-- Remove user_id column (implicitly drops associated contraints/keys) +ALTER TABLE guacamole_system_permission DROP COLUMN user_id; + +-- Add new primary key which uses entity_id +ALTER TABLE guacamole_system_permission + ADD PRIMARY KEY (entity_id, permission); + +-- +-- Table of arbitrary user attributes. Each attribute is simply a name/value +-- pair associated with a user. Arbitrary attributes are defined by other +-- extensions. Attributes defined by this extension will be mapped to +-- properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_attribute ( + + user_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_id, attribute_name), + + CONSTRAINT guacamole_user_attribute_ibfk_1 + FOREIGN KEY (user_id) + REFERENCES guacamole_user (user_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_attribute_user_id + ON guacamole_user_attribute(user_id); + +-- +-- Table of arbitrary user group attributes. Each attribute is simply a +-- name/value pair associated with a user group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_user_group_attribute ( + + user_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (user_group_id, attribute_name), + + CONSTRAINT guacamole_user_group_attribute_ibfk_1 + FOREIGN KEY (user_group_id) + REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_user_group_attribute_user_group_id + ON guacamole_user_group_attribute(user_group_id); + +-- +-- Table of arbitrary connection attributes. Each attribute is simply a +-- name/value pair associated with a connection. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_attribute ( + + connection_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_id, attribute_name), + + CONSTRAINT guacamole_connection_attribute_ibfk_1 + FOREIGN KEY (connection_id) + REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_attribute_connection_id + ON guacamole_connection_attribute(connection_id); + +-- +-- Table of arbitrary connection group attributes. Each attribute is simply a +-- name/value pair associated with a connection group. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_connection_group_attribute ( + + connection_group_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (connection_group_id, attribute_name), + + CONSTRAINT guacamole_connection_group_attribute_ibfk_1 + FOREIGN KEY (connection_group_id) + REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_connection_group_attribute_connection_group_id + ON guacamole_connection_group_attribute(connection_group_id); + +-- +-- Table of arbitrary sharing profile attributes. Each attribute is simply a +-- name/value pair associated with a sharing profile. Arbitrary attributes are +-- defined by other extensions. Attributes defined by this extension will be +-- mapped to properly-typed columns of a specific table. +-- + +CREATE TABLE guacamole_sharing_profile_attribute ( + + sharing_profile_id integer NOT NULL, + attribute_name varchar(128) NOT NULL, + attribute_value varchar(4096) NOT NULL, + + PRIMARY KEY (sharing_profile_id, attribute_name), + + CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1 + FOREIGN KEY (sharing_profile_id) + REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE + +); + +CREATE INDEX guacamole_sharing_profile_attribute_sharing_profile_id + ON guacamole_sharing_profile_attribute(sharing_profile_id); diff --git a/SH/hsphnline.sh b/SH/hsphnline.sh new file mode 100644 index 0000000..ee61e7c --- /dev/null +++ b/SH/hsphnline.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Kiểm tra số lượng tham số đầu vào +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Gán tham số đầu vào vào biến +COURSEID=$1 +TOPICID=$2 + +# Lấy đường dẫn thư mục hiện tại +CURRENT_DIR=$(pwd) + +# Chạy lệnh PHP với các tham số, sử dụng mdl.media từ thư mục hiện tại +php /home/online.linkvn.vn/public_html/online/objpage.php "$CURRENT_DIR/mdl.media" "$COURSEID" "$TOPICID" + +# Hiển thị thông báo hoàn tất +echo "Command executed with mdl.media from $CURRENT_DIR, courseid=$COURSEID, and topicid=$TOPICID" diff --git a/SH/hsphonline.sh b/SH/hsphonline.sh new file mode 100644 index 0000000..d6e6c9c --- /dev/null +++ b/SH/hsphonline.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Kiểm tra số lượng tham số đầu vào +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Gán tham số đầu vào vào biến +COURSEID=$1 +TOPICID=$2 + +# Lấy đường dẫn thư mục hiện tại +CURRENT_DIR=$(pwd) + +# Chạy lệnh PHP với các tham số, sử dụng mdl.media từ thư mục hiện tại +php /home/online.linkvn.vn/public_html/online/page.php "$CURRENT_DIR/mdl.media" "$COURSEID" "$TOPICID" + +# Hiển thị thông báo hoàn tất +echo "Command executed with mdl.media from $CURRENT_DIR, courseid=$COURSEID, and topicid=$TOPICID" diff --git a/SH/mkv2mp4.sh b/SH/mkv2mp4.sh new file mode 100644 index 0000000..41f3353 --- /dev/null +++ b/SH/mkv2mp4.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +# Kịch bản chuyển đổi tất cả các file .mkv sang .mp4 một cách đệ quy. +# Phiên bản cải tiến: dễ cấu hình, ghi log cho từng file và dùng tùy chọn ffmpeg hiện đại. + +# --- Phần cấu hình --- +# Bạn có thể thay đổi các giá trị này để phù hợp với nhu cầu. +# CRF (Constant Rate Factor) cho video: 0-51. Càng thấp chất lượng càng cao. 18-28 là khoảng hợp lý. +CRF="23" +# Preset cho tốc độ encode: ultrafast, superfast, veryfast, faster, fast, medium, slow, slower, veryslow. +# Càng chậm thì nén càng tốt (file nhỏ hơn) nhưng tốn thời gian hơn. 'medium' là mặc định cân bằng. +PRESET="medium" +# Bitrate cho audio. '128k' hoặc '192k' là phổ biến cho codec AAC. +AUDIO_BITRATE="128k" + +# --- Bắt đầu kịch bản --- + +# 1. Kiểm tra xem ffmpeg đã được cài đặt chưa +if ! command -v ffmpeg >/dev/null 2>&1; then + echo "❌ Lỗi: Lệnh 'ffmpeg' không tồn tại. Vui lòng cài đặt ffmpeg." + exit 1 +fi + +# 2. Xác định thư mục mục tiêu (lấy tham số đầu vào, mặc định là thư mục hiện tại) +DIR="${1:-.}" +echo "🔍 Bắt đầu quét thư mục '$DIR'..." +echo "---" + +# 3. Tìm và lặp qua từng file .mkv +# -print0 và -d '' là cách an toàn nhất để xử lý tên file có chứa ký tự đặc biệt hoặc dấu cách. +find "$DIR" -type f -iname '*.mkv' -print0 | while IFS= read -r -d '' file; do + # Tạo tên file output bằng cách thay thế đuôi .mkv thành .mp4 một cách hiệu quả + out_file="${file%.mkv}.mp4" + log_file="${out_file}.log" + + # Kiểm tra nếu file .mp4 đã tồn tại thì bỏ qua + if [ -f "$out_file" ]; then + echo "⚠️ Bỏ qua (đã tồn tại): '$out_file'" + continue + fi + + echo "▶️ Đang chuyển đổi: '$file'" + + # 4. Thực thi lệnh ffmpeg + # -hide_banner: Ẩn thông tin banner của ffmpeg cho log gọn hơn. + # -c:v libx264 -crf $CRF -preset $PRESET: Tùy chọn encode video H.264 chất lượng cao. + # -c:a aac -b:a $AUDIO_BITRATE: Tùy chọn encode audio AAC. + # Ghi log (cả stdout và stderr) vào một file riêng cho mỗi video để tránh ghi đè. + ffmpeg -nostdin -hide_banner -i "$file" \ + -c:v libx264 -crf "$CRF" -preset "$PRESET" \ + -c:a aac -b:a "$AUDIO_BITRATE" \ + "$out_file" > "$log_file" 2>&1 + + # 5. Kiểm tra kết quả chuyển đổi và thông báo + if [ $? -eq 0 ]; then + echo "✅ Hoàn thành: '$out_file'" + # Nếu muốn tự động xóa log khi thành công, bỏ comment dòng dưới + # rm "$log_file" + else + echo "❌ Lỗi khi chuyển đổi file trên. Xem chi tiết trong log: '$log_file'" + fi + echo "---" +done + +echo "🎉 Tất cả đã xong!" \ No newline at end of file diff --git a/SH/objonline.sh b/SH/objonline.sh new file mode 100644 index 0000000..ee61e7c --- /dev/null +++ b/SH/objonline.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Kiểm tra số lượng tham số đầu vào +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Gán tham số đầu vào vào biến +COURSEID=$1 +TOPICID=$2 + +# Lấy đường dẫn thư mục hiện tại +CURRENT_DIR=$(pwd) + +# Chạy lệnh PHP với các tham số, sử dụng mdl.media từ thư mục hiện tại +php /home/online.linkvn.vn/public_html/online/objpage.php "$CURRENT_DIR/mdl.media" "$COURSEID" "$TOPICID" + +# Hiển thị thông báo hoàn tất +echo "Command executed with mdl.media from $CURRENT_DIR, courseid=$COURSEID, and topicid=$TOPICID" diff --git a/SH/online.sh b/SH/online.sh new file mode 100644 index 0000000..5c64e4f --- /dev/null +++ b/SH/online.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Kiểm tra số lượng tham số đầu vào +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Gán tham số đầu vào vào biến + +COURSEID=$1 +TOPICID=$2 + +# Lấy đường dẫn thư mục hiện tại +CURRENT_DIR=$(pwd) + +# Chạy lệnh PHP với các tham số, sử dụng mdl.media từ thư mục hiện tại +/usr/local/lsws/lsphp82/bin/php /home/online.huph.edu.vn/public_html/online/page.php "$CURRENT_DIR/mdl.media" "$COURSEID" "$TOPICID" + +# Hiển thị thông báo hoàn tất +echo "Command executed with mdl.media from $CURRENT_DIR, courseid=$COURSEID, and topicid=$TOPICID" diff --git a/SH/removeblank.sh b/SH/removeblank.sh new file mode 100644 index 0000000..d179808 --- /dev/null +++ b/SH/removeblank.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +BASE_DIR="." + +find "$BASE_DIR" -depth | while IFS= read -r path; do + current_name=$(basename "$path") + parent_dir=$(dirname "$path") + + # Loại bỏ ký tự đặc biệt: # ! ' [ ] @ bằng tr + tr -d + new_name=$(echo "$current_name" | tr -d "#!'\[\]@") + + # Loại bỏ khoảng trắng thừa (chỉ giữ 1 dấu cách, loại bỏ cuối) + new_name=$(echo "$new_name" | tr -s ' ' | sed 's/ *$//') + + # Nếu tên thay đổi thì đổi tên + if [[ "$current_name" != "$new_name" ]]; then + mv -- "$path" "$parent_dir/$new_name" + echo "Đã đổi tên: '$path' → '$parent_dir/$new_name'" + fi +done + +echo "✅ Hoàn thành." diff --git a/SH/rename_topics.sh b/SH/rename_topics.sh new file mode 100644 index 0000000..59302c5 --- /dev/null +++ b/SH/rename_topics.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Lấy thư mục hiện hành nơi người dùng đang gọi lệnh +TARGET_DIR="$(pwd)" + +# Đổi tên các thư mục con cấp 1 theo mẫu: 1 - ABC → 1. ABC +find "$TARGET_DIR" -mindepth 1 -maxdepth 1 -type d -regextype posix-extended -regex '.*/[0-9]+ - .+' | while read dir; do + base=$(basename "$dir") + newname=$(echo "$base" | sed -E 's/^([0-9]+) - (.+)$/\1. \2/') + if [ "$base" != "$newname" ]; then + echo "🔁 Đổi tên: $base → $newname" + mv "$TARGET_DIR/$base" "$TARGET_DIR/$newname" + fi +done diff --git a/SH/scan.sh b/SH/scan.sh new file mode 100644 index 0000000..ff01b6a --- /dev/null +++ b/SH/scan.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# Thư mục gốc của khóa học +COURSE_FOLDER="$(pwd)" + +# Tìm tất cả các thư mục con +mapfile -t DIRS < <(find "$COURSE_FOLDER" -type d) + +for dir in "${DIRS[@]}"; do + relative_path="${dir#*/vod/}" + OUTPUT_JSON="$dir/filelist.txt" + + # Xóa tệp mdl.media cũ nếu tồn tại + rm -f "$OUTPUT_JSON" + + # Tìm và sắp xếp các file .pdf và .xlsx theo thứ tự tự nhiên + mapfile -d '' -t FILES < <(find "$dir" -maxdepth 1 -type f \( -name '*.pdf' -o -name '*.xlsx' \) -print0 | sort -z -V) + + for file in "${FILES[@]}"; do + filename=$(basename "$file") + vid="$relative_path/$filename" + echo "$vid" >> "$OUTPUT_JSON" + done + + echo "File filelist.txt created successfully in $dir." +done diff --git a/SH/scan1.sh b/SH/scan1.sh new file mode 100644 index 0000000..9a26229 --- /dev/null +++ b/SH/scan1.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +COURSE_FOLDER="$(pwd)" + +# Kiểm tra tham số +if [ -z "$1" ]; then + echo "Usage: $0 ext1,ext2,..." + exit 1 +fi + +# Tạo mảng extension +IFS=',' read -ra EXT_ARRAY <<< "$1" + +# Quét tất cả thư mục con +mapfile -t DIRS < <(find "$COURSE_FOLDER" -type d) + +for dir in "${DIRS[@]}"; do + relative_path="${dir#*/vod/}" + OUTPUT_FILE="$dir/filelist.txt" + rm -f "$OUTPUT_FILE" + + # Duyệt tất cả file trong thư mục + for file in "$dir"/*; do + [ -f "$file" ] || continue + filename=$(basename "$file") + ext="${filename##*.}" + # Kiểm tra extension có trong danh sách không + for allowed_ext in "${EXT_ARRAY[@]}"; do + if [[ "${ext,,}" == "${allowed_ext,,}" ]]; then # ignore case + echo "$relative_path/$filename" >> "$OUTPUT_FILE" + break + fi + done + done + + # Sắp xếp tự nhiên filelist.txt + if [ -s "$OUTPUT_FILE" ]; then + sort -V -o "$OUTPUT_FILE" "$OUTPUT_FILE" + echo "File filelist.txt created successfully in $dir." + fi +done diff --git a/stacks/hsphweb/audiobooks.yml b/stacks/hsphweb/audiobooks.yml new file mode 100644 index 0000000..76b5e98 --- /dev/null +++ b/stacks/hsphweb/audiobooks.yml @@ -0,0 +1,13 @@ +version: "3.8" + +services: + audiobookshelf: + image: ghcr.io/advplyr/audiobookshelf:latest + container_name: audiobookshelf + ports: + - "13378:80" # HostPort:ContainerPort + volumes: + - /srv/audiobookshelf/config:/config + - /srv/audiobookshelf/audiobooks:/audiobooks + - /srv/audiobookshelf/podcasts:/podcasts + restart: always diff --git a/stacks/hsphweb/metabase.yml b/stacks/hsphweb/metabase.yml new file mode 100644 index 0000000..88b5247 --- /dev/null +++ b/stacks/hsphweb/metabase.yml @@ -0,0 +1,29 @@ +version: "3.8" + +services: + metabase-db: + image: postgres:16 + container_name: metabase-db + environment: + POSTGRES_USER: metabase + POSTGRES_PASSWORD: HP_LE1851w + POSTGRES_DB: metabase + volumes: + - /dockers/metabase-data:/var/lib/postgresql/data + ports: + - "5433:5432" + + metabase: + image: metabase/metabase:latest + container_name: metabase + environment: + MB_DB_TYPE: postgres + MB_DB_HOST: metabase-db + MB_DB_PORT: 5432 + MB_DB_DBNAME: metabase + MB_DB_USER: metabase + MB_DB_PASS: HP_LE1851w + depends_on: + - metabase-db + ports: + - "3000:3000" diff --git a/stacks/hsphweb/redash.yml b/stacks/hsphweb/redash.yml new file mode 100644 index 0000000..7665d1f --- /dev/null +++ b/stacks/hsphweb/redash.yml @@ -0,0 +1,56 @@ +version: "3.8" + +x-redash-service: &redash-service + image: redash/redash:10.1.0.b50633 + depends_on: + - redis + - postgres + environment: + PYTHONUNBUFFERED: 0 + REDASH_LOG_LEVEL: INFO + REDASH_REDIS_URL: redis://redis:6379/0 + REDASH_DATABASE_URL: postgresql://redash:redash@postgres/redash + REDASH_COOKIE_SECRET: "2f8a7d0e9c4f48c1a6c8c9b9d55e8f12" + REDASH_SECRET_KEY: "7d2b94d5e3a44198a1f3a0f6c2b6a4d9" + restart: always + +services: + server: + <<: *redash-service + command: server + ports: + - "5000:5000" + environment: + PYTHONUNBUFFERED: 0 + REDASH_LOG_LEVEL: INFO + REDASH_REDIS_URL: redis://redis:6379/0 + REDASH_DATABASE_URL: postgresql://redash:redash@postgres/redash + REDASH_COOKIE_SECRET: "2f8a7d0e9c4f48c1a6c8c9b9d55e8f12" + REDASH_SECRET_KEY: "7d2b94d5e3a44198a1f3a0f6c2b6a4d9" + REDASH_WEB_WORKERS: 4 + + scheduler: + <<: *redash-service + command: scheduler + + worker: + <<: *redash-service + command: worker + + redis: + image: redis:6.2-alpine + restart: always + + postgres: + image: postgres:12-alpine + environment: + POSTGRES_USER: redash + POSTGRES_PASSWORD: redash + POSTGRES_DB: redash + volumes: + - postgres-data:/var/lib/postgresql/data + restart: always + +volumes: + postgres-data: +#docker exec -it redash-server-1 ./manage.py database create_tables diff --git a/stacks/hsphweb/sqlpad.yml b/stacks/hsphweb/sqlpad.yml new file mode 100644 index 0000000..31ed661 --- /dev/null +++ b/stacks/hsphweb/sqlpad.yml @@ -0,0 +1,24 @@ +version: '3.8' + +services: + sqlpad: + image: sqlpad/sqlpad:latest + environment: + # Tài khoản admin mặc định + SQLPAD_ADMIN: pvc2@huph.edu.vn + SQLPAD_ADMIN_PASSWORD: pHC@14101999 + + # Cấu hình DB backend cho SQLPad (Postgres ngoài) + SQLPAD_DB_TYPE: postgres + SQLPAD_DB_HOST: 192.168.1.140 + SQLPAD_DB_PORT: 5432 + SQLPAD_DB_NAME: sqlpad + SQLPAD_DB_USER: postgres + SQLPAD_DB_PASS: HP_LE1851w + ports: + - "3002:3000" + networks: + - sqlpadnet + +networks: + sqlpadnet: