Skip to content
This repository has been archived by the owner on Jul 17, 2023. It is now read-only.

Commit

Permalink
Merge pull request #105 from glyptodon/postgres
Browse files Browse the repository at this point in the history 
GUAC-1103: Add support for PostgresQL.
  • Loading branch information
@jmuehlner
jmuehlner committed Mar 6, 2015
2 parents d731d9a + 40bdfb5 commit f63b247
Show file tree
Hide file tree
Showing 24 changed files with 1,926 additions and 23 deletions.
19 changes: 15 additions & 4 deletions extensions/guacamole-auth-jdbc/README
View file
Expand Up @@ -51,19 +51,19 @@ in the library directory configured in guacamole.properties.
created in the target/ subdirectory of the current directory.

4) Extract the .tar.gz file now present in the target/ directory, and
place the .jar files in the extracted lib/ subdirectory in the library
directory specified in guacamole.properties.
place the .jar files from the extracted database-specific subdirectory in
the library directory specified in guacamole.properties.

You will likely need to do this as root.

If you do not have a library directory configured in your
guacamole.properties, you will need to specify one. The directory
is specified using the "lib-directory" property.

5) Set up your MySQL database to authenticate Guacamole users
5) Set up your database to authenticate Guacamole users

A schema file is provided in the schema directory for creating
the guacamole authentication tables in your MySQL database.
the guacamole authentication tables in your database of choice.

Additionally, a script is provided to create a default admin user
with username 'guacadmin' and password 'guacadmin'. This user can
Expand All @@ -90,6 +90,17 @@ in the library directory configured in guacamole.properties.

mysql-disallow-simultaneous-connections: true

For PostgreSQL, the properties are the same, but have different prefixes:

# Database connection configuration
postgresql-hostname: database.host.name
postgresql-port: 5432
postgresql-database: guacamole.database.name
postgresql-username: user
postgresql-password: pass

postgresql-disallow-simultaneous-connections: true


------------------------------------------------------------
Reporting problems
Expand Down
13 changes: 9 additions & 4 deletions ...e/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
View file
Expand Up @@ -30,11 +30,16 @@ public interface PasswordEncryptionService {

/**
* Creates a password hash based on the provided username, password, and
* salt.
* salt. If the provided salt is null, only the password itself is hashed.
*
* @param password The password to hash.
* @param salt The salt to use when hashing the password.
* @return The generated password hash.
* @param password
* The password to hash.
*
* @param salt
* The salt to use when hashing the password, if any.
*
* @return
* The generated password hash.
*/
public byte[] createPasswordHash(String password, byte[] salt);

Expand Down
20 changes: 10 additions & 10 deletions ...main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
View file
Expand Up @@ -38,26 +38,26 @@ public byte[] createPasswordHash(String password, byte[] salt) {

try {

// Build salted password
// Build salted password, if a salt was provided
StringBuilder builder = new StringBuilder();
builder.append(password);
builder.append(DatatypeConverter.printHexBinary(salt));

// Hash UTF-8 bytes of salted password
if (salt != null)
builder.append(DatatypeConverter.printHexBinary(salt));

// Hash UTF-8 bytes of possibly-salted password
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(builder.toString().getBytes("UTF-8"));
return md.digest();

}

// Should not happen
catch (UnsupportedEncodingException ex) {
throw new RuntimeException(ex);
// Throw hard errors if standard pieces of Java are missing
catch (UnsupportedEncodingException e) {
throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
}

// Should not happen
catch (NoSuchAlgorithmException ex) {
throw new RuntimeException(ex);
catch (NoSuchAlgorithmException e) {
throw new UnsupportedOperationException("Unexpected lack of SHA-256 support.", e);
}

}
Expand Down
6 changes: 4 additions & 2 deletions ...nsions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
View file
Expand Up @@ -65,15 +65,17 @@ CREATE TABLE `guacamole_connection` (

--
-- Table of users. Each user has a unique username and a hashed password
-- with corresponding salt.
-- with corresponding salt. Although the authentication system will always set
-- salted passwords, other systems may set unsalted passwords by simply not
-- providing the salt.
--

CREATE TABLE `guacamole_user` (

`user_id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(128) NOT NULL,
`password_hash` binary(32) NOT NULL,
`password_salt` binary(32) NOT NULL,
`password_salt` binary(32),

PRIMARY KEY (`user_id`),
UNIQUE KEY `username` (`username`)
Expand Down
4 changes: 2 additions & 2 deletions ...-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
View file
Expand Up @@ -47,7 +47,7 @@
JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
WHERE
guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'read'
AND permission = 'READ'
</select>

<!-- Select multiple users by username -->
Expand Down Expand Up @@ -83,7 +83,7 @@
#{identifier,jdbcType=VARCHAR}
</foreach>
AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
AND permission = 'read'
AND permission = 'READ'

</select>

Expand Down
2 changes: 2 additions & 0 deletions extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/.gitignore
View file
@@ -0,0 +1,2 @@
target/
*~
78 changes: 78 additions & 0 deletions extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/pom.xml
View file
@@ -0,0 +1,78 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>
<groupId>org.glyptodon.guacamole</groupId>
<artifactId>guacamole-auth-jdbc-postgresql</artifactId>
<packaging>jar</packaging>
<name>guacamole-auth-jdbc-postgresql</name>
<url>http://guac-dev.org/</url>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>

<parent>
<groupId>org.glyptodon.guacamole</groupId>
<artifactId>guacamole-auth-jdbc</artifactId>
<version>0.9.5</version>
<relativePath>../../</relativePath>
</parent>

<build>
<plugins>

<!-- Written for 1.6 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>

<!-- Assembly plugin - for easy distribution -->
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.2-beta-5</version>
<executions>
<execution>
<id>jar-with-dependencies</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<finalName>extension/${project.artifactId}-${project.version}</finalName>
<appendAssemblyId>false</appendAssemblyId>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>

</plugins>
</build>

<dependencies>

<!-- Guacamole Extension API -->
<dependency>
<groupId>org.glyptodon.guacamole</groupId>
<artifactId>guacamole-ext</artifactId>
<scope>provided</scope>
</dependency>

<!-- Guacamole JDBC Authentication -->
<dependency>
<groupId>org.glyptodon.guacamole</groupId>
<artifactId>guacamole-auth-jdbc-base</artifactId>
<version>0.9.5</version>
</dependency>

</dependencies>

</project>

0 comments on commit f63b247

Please sign in to comment.