guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Cantle <>
Subject MySQL User disabling enhancement
Date Thu, 15 Sep 2016 17:53:24 GMT
Hi All,

I originally raised this query here -
but then read that those forums aren’t really used for help these days.

I will add in my question here to save clicking the link. Hoping someone can offer some help.

Thanks all.

I'm currently using Guacamole 0.9.9 on CentOS with the MySQL extension. All is working well.
I'm not however using the MySQL extension for authentication, I'm only using it for authorisation.
I'm using SSO to handle the authentication side of things. This is also working fine.
The way the SSO plugin works is based on "username matching" to the user in the DB. If the
names match, a login to the site is permitted, else it's denied and the user is shown the
login screen. To that end, because the DB isn't handling authentication, disabling a user
in the Guacamole GUI has no effect.

I'm wondering if I can enhance the following file: org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
to change what happens when a user is disabled:

Currently, this seems key:
<!-- Update single user -->
    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.user.UserModel">
        UPDATE guacamole_user
        SET password_hash = #{object.passwordHash,jdbcType=BINARY},
            password_salt = #{object.passwordSalt,jdbcType=BINARY},
            disabled = #{object.disabled,jdbcType=BOOLEAN},
            expired = #{object.expired,jdbcType=BOOLEAN},
            access_window_start = #{object.accessWindowStart,jdbcType=TIME},
            access_window_end = #{object.accessWindowEnd,jdbcType=TIME},
            valid_from = #{object.validFrom,jdbcType=DATE},
            valid_until = #{object.validUntil,jdbcType=DATE},
            timezone = #{object.timeZone,jdbcType=VARCHAR}
        WHERE user_id = #{object.objectID,jdbcType=VARCHAR}

What I would like is to rename the user to disabled_<user> when the disabled flag is
set. I know I can script this, but I'm trying to be "clever" by keeping it in the GUI. Something
like the following SQL statement would probably do the job:

UPDATE guacamole_user SET user_id = concat('disabled_', user_id) WHERE disabled=1 AND user_id
NOT LIKE 'disabled_%'

If I made that compatible with the above XML, would you suggest adding it as an entirely new
statement within the <update> tags or try to make it fit with the existing statement?
Is there a better place for it?

Either way, would it work, or would it possibly break everything? Happy to test, but would
just like some thoughts from the experts if that's possible
Thanks All.
View raw message