From Tacky Agouti, 4 Months ago, written in SQL.
Embed
  1. --
  2. -- Licensed to the Apache Software Foundation (ASF) under one
  3. -- or more contributor license agreements.  See the NOTICE file
  4. -- distributed with this work for additional information
  5. -- regarding copyright ownership.  The ASF licenses this file
  6. -- to you under the Apache License, Version 2.0 (the
  7. -- "License"); you may not use this file except in compliance
  8. -- with the License.  You may obtain a copy of the License at
  9. --
  10. --   http://www.apache.org/licenses/LICENSE-2.0
  11. --
  12. -- Unless required by applicable law or agreed to in writing,
  13. -- software distributed under the License is distributed on an
  14. -- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  15. -- KIND, either express or implied.  See the License for the
  16. -- specific language governing permissions and limitations
  17. -- under the License.
  18. --
  19.  
  20. --
  21. -- Table of connection groups. Each connection group has a name.
  22. --
  23.  
  24. CREATE TABLE `guacamole_connection_group` (
  25.  
  26.   `connection_group_id`   INT(11)      NOT NULL AUTO_INCREMENT,
  27.   `parent_id`             INT(11),
  28.   `connection_group_name` VARCHAR(128) NOT NULL,
  29.   `type`                  enum('ORGANIZATIONAL',
  30.                                'BALANCING') NOT NULL DEFAULT 'ORGANIZATIONAL',
  31.  
  32.   -- Concurrency limits
  33.   `max_connections`          INT(11),
  34.   `max_connections_per_user` INT(11),
  35.   `enable_session_affinity`  BOOLEAN NOT NULL DEFAULT 0,
  36.  
  37.   PRIMARY KEY (`connection_group_id`),
  38.   UNIQUE KEY `connection_group_name_parent` (`connection_group_name`, `parent_id`),
  39.  
  40.   CONSTRAINT `guacamole_connection_group_ibfk_1`
  41.     FOREIGN KEY (`parent_id`)
  42.     REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE
  43.  
  44. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  45.  
  46. --
  47. -- Table of connections. Each connection has a name, protocol, and
  48. -- associated set of parameters.
  49. -- A connection may belong to a connection group.
  50. --
  51.  
  52. CREATE TABLE `guacamole_connection` (
  53.  
  54.   `connection_id`       INT(11)      NOT NULL AUTO_INCREMENT,
  55.   `connection_name`     VARCHAR(128) NOT NULL,
  56.   `parent_id`           INT(11),
  57.   `protocol`            VARCHAR(32)  NOT NULL,
  58.  
  59.   -- Guacamole proxy (guacd) overrides
  60.   `proxy_port`              INTEGER,
  61.   `proxy_hostname`          VARCHAR(512),
  62.   `proxy_encryption_method` enum('NONE', 'SSL'),
  63.  
  64.   -- Concurrency limits
  65.   `max_connections`          INT(11),
  66.   `max_connections_per_user` INT(11),
  67.  
  68.   -- Load-balancing behavior
  69.   `connection_weight`        INT(11),
  70.   `failover_only`            BOOLEAN NOT NULL DEFAULT 0,
  71.  
  72.   PRIMARY KEY (`connection_id`),
  73.   UNIQUE KEY `connection_name_parent` (`connection_name`, `parent_id`),
  74.  
  75.   CONSTRAINT `guacamole_connection_ibfk_1`
  76.     FOREIGN KEY (`parent_id`)
  77.     REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE
  78.  
  79. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  80.  
  81. --
  82. -- Table of base entities which may each be either a user or user group. Other
  83. -- tables which represent qualities shared by both users and groups will point
  84. -- to guacamole_entity, while tables which represent qualities specific to
  85. -- users or groups will point to guacamole_user or guacamole_user_group.
  86. --
  87.  
  88. CREATE TABLE `guacamole_entity` (
  89.  
  90.   `entity_id`     INT(11)            NOT NULL AUTO_INCREMENT,
  91.   `name`          VARCHAR(128)       NOT NULL,
  92.   `type`          enum('USER',
  93.                        'USER_GROUP') NOT NULL,
  94.  
  95.   PRIMARY KEY (`entity_id`),
  96.   UNIQUE KEY `guacamole_entity_name_scope` (`type`, `name`)
  97.  
  98. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  99.  
  100. --
  101. -- Table of users. Each user has a unique username and a hashed password
  102. -- with corresponding salt. Although the authentication system will always set
  103. -- salted passwords, other systems may set unsalted passwords by simply not
  104. -- providing the salt.
  105. --
  106.  
  107. CREATE TABLE `guacamole_user` (
  108.  
  109.   `user_id`       INT(11)      NOT NULL AUTO_INCREMENT,
  110.   `entity_id`     INT(11)      NOT NULL,
  111.  
  112.   -- Optionally-salted password
  113.   `password_hash` BINARY(32)   NOT NULL,
  114.   `password_salt` BINARY(32),
  115.   `password_date` datetime     NOT NULL,
  116.  
  117.   -- Account disabled/expired status
  118.   `disabled`      BOOLEAN      NOT NULL DEFAULT 0,
  119.   `expired`       BOOLEAN      NOT NULL DEFAULT 0,
  120.  
  121.   -- Time-based access restriction
  122.   `access_window_start`    TIME,
  123.   `access_window_end`      TIME,
  124.  
  125.   -- Date-based access restriction
  126.   `valid_from`  DATE,
  127.   `valid_until` DATE,
  128.  
  129.   -- Timezone used for all date/time comparisons and interpretation
  130.   `timezone` VARCHAR(64),
  131.  
  132.   -- Profile information
  133.   `full_name`           VARCHAR(256),
  134.   `email_address`       VARCHAR(256),
  135.   `organization`        VARCHAR(256),
  136.   `organizational_role` VARCHAR(256),
  137.  
  138.   PRIMARY KEY (`user_id`),
  139.  
  140.   UNIQUE KEY `guacamole_user_single_entity` (`entity_id`),
  141.  
  142.   CONSTRAINT `guacamole_user_entity`
  143.     FOREIGN KEY (`entity_id`)
  144.     REFERENCES `guacamole_entity` (`entity_id`)
  145.     ON DELETE CASCADE
  146.  
  147. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  148.  
  149. --
  150. -- Table of user groups. Each user group may have an arbitrary set of member
  151. -- users and member groups, with those members inheriting the permissions
  152. -- granted to that group.
  153. --
  154.  
  155. CREATE TABLE `guacamole_user_group` (
  156.  
  157.   `user_group_id` INT(11)      NOT NULL AUTO_INCREMENT,
  158.   `entity_id`     INT(11)      NOT NULL,
  159.  
  160.   -- Group disabled status
  161.   `disabled`      BOOLEAN      NOT NULL DEFAULT 0,
  162.  
  163.   PRIMARY KEY (`user_group_id`),
  164.  
  165.   UNIQUE KEY `guacamole_user_group_single_entity` (`entity_id`),
  166.  
  167.   CONSTRAINT `guacamole_user_group_entity`
  168.     FOREIGN KEY (`entity_id`)
  169.     REFERENCES `guacamole_entity` (`entity_id`)
  170.     ON DELETE CASCADE
  171.  
  172. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  173.  
  174. --
  175. -- Table of users which are members of given user groups.
  176. --
  177.  
  178. CREATE TABLE `guacamole_user_group_member` (
  179.  
  180.   `user_group_id`    INT(11)     NOT NULL,
  181.   `member_entity_id` INT(11)     NOT NULL,
  182.  
  183.   PRIMARY KEY (`user_group_id`, `member_entity_id`),
  184.  
  185.   -- Parent must be a user group
  186.   CONSTRAINT `guacamole_user_group_member_parent_id`
  187.     FOREIGN KEY (`user_group_id`)
  188.     REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE,
  189.  
  190.   -- Member may be either a user or a user group (any entity)
  191.   CONSTRAINT `guacamole_user_group_member_entity_id`
  192.     FOREIGN KEY (`member_entity_id`)
  193.     REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE
  194.  
  195. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  196.  
  197. --
  198. -- Table of sharing profiles. Each sharing profile has a name, associated set
  199. -- of parameters, and a primary connection. The primary connection is the
  200. -- connection that the sharing profile shares, and the parameters dictate the
  201. -- restrictions/features which apply to the user joining the connection via the
  202. -- sharing profile.
  203. --
  204.  
  205. CREATE TABLE guacamole_sharing_profile (
  206.  
  207.   `sharing_profile_id`    INT(11)      NOT NULL AUTO_INCREMENT,
  208.   `sharing_profile_name`  VARCHAR(128) NOT NULL,
  209.   `primary_connection_id` INT(11)      NOT NULL,
  210.  
  211.   PRIMARY KEY (`sharing_profile_id`),
  212.   UNIQUE KEY `sharing_profile_name_primary` (sharing_profile_name, primary_connection_id),
  213.  
  214.   CONSTRAINT `guacamole_sharing_profile_ibfk_1`
  215.     FOREIGN KEY (`primary_connection_id`)
  216.     REFERENCES `guacamole_connection` (`connection_id`)
  217.     ON DELETE CASCADE
  218.  
  219. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  220.  
  221. --
  222. -- Table of connection parameters. Each parameter is simply a name/value pair
  223. -- associated with a connection.
  224. --
  225.  
  226. CREATE TABLE `guacamole_connection_parameter` (
  227.  
  228.   `connection_id`   INT(11)       NOT NULL,
  229.   `parameter_name`  VARCHAR(128)  NOT NULL,
  230.   `parameter_value` VARCHAR(4096) NOT NULL,
  231.  
  232.   PRIMARY KEY (`connection_id`,`parameter_name`),
  233.  
  234.   CONSTRAINT `guacamole_connection_parameter_ibfk_1`
  235.     FOREIGN KEY (`connection_id`)
  236.     REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE
  237.  
  238. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  239.  
  240. --
  241. -- Table of sharing profile parameters. Each parameter is simply
  242. -- name/value pair associated with a sharing profile. These parameters dictate
  243. -- the restrictions/features which apply to the user joining the associated
  244. -- connection via the sharing profile.
  245. --
  246.  
  247. CREATE TABLE guacamole_sharing_profile_parameter (
  248.  
  249.   `sharing_profile_id` INTEGER       NOT NULL,
  250.   `parameter_name`     VARCHAR(128)  NOT NULL,
  251.   `parameter_value`    VARCHAR(4096) NOT NULL,
  252.  
  253.   PRIMARY KEY (`sharing_profile_id`, `parameter_name`),
  254.  
  255.   CONSTRAINT `guacamole_sharing_profile_parameter_ibfk_1`
  256.     FOREIGN KEY (`sharing_profile_id`)
  257.     REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE
  258.  
  259. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  260.  
  261. --
  262. -- Table of arbitrary user attributes. Each attribute is simply a name/value
  263. -- pair associated with a user. Arbitrary attributes are defined by other
  264. -- extensions. Attributes defined by this extension will be mapped to
  265. -- properly-typed columns of a specific table.
  266. --
  267.  
  268. CREATE TABLE guacamole_user_attribute (
  269.  
  270.   `user_id`         INT(11)       NOT NULL,
  271.   `attribute_name`  VARCHAR(128)  NOT NULL,
  272.   `attribute_value` VARCHAR(4096) NOT NULL,
  273.  
  274.   PRIMARY KEY (user_id, attribute_name),
  275.   KEY `user_id` (`user_id`),
  276.  
  277.   CONSTRAINT guacamole_user_attribute_ibfk_1
  278.     FOREIGN KEY (user_id)
  279.     REFERENCES guacamole_user (user_id) ON DELETE CASCADE
  280.  
  281. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  282.  
  283. --
  284. -- Table of arbitrary user group attributes. Each attribute is simply a
  285. -- name/value pair associated with a user group. Arbitrary attributes are
  286. -- defined by other extensions. Attributes defined by this extension will be
  287. -- mapped to properly-typed columns of a specific table.
  288. --
  289.  
  290. CREATE TABLE guacamole_user_group_attribute (
  291.  
  292.   `user_group_id`   INT(11)       NOT NULL,
  293.   `attribute_name`  VARCHAR(128)  NOT NULL,
  294.   `attribute_value` VARCHAR(4096) NOT NULL,
  295.  
  296.   PRIMARY KEY (`user_group_id`, `attribute_name`),
  297.   KEY `user_group_id` (`user_group_id`),
  298.  
  299.   CONSTRAINT `guacamole_user_group_attribute_ibfk_1`
  300.     FOREIGN KEY (`user_group_id`)
  301.     REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE
  302.  
  303. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  304.  
  305. --
  306. -- Table of arbitrary connection attributes. Each attribute is simply a
  307. -- name/value pair associated with a connection. Arbitrary attributes are
  308. -- defined by other extensions. Attributes defined by this extension will be
  309. -- mapped to properly-typed columns of a specific table.
  310. --
  311.  
  312. CREATE TABLE guacamole_connection_attribute (
  313.  
  314.   `connection_id`   INT(11)       NOT NULL,
  315.   `attribute_name`  VARCHAR(128)  NOT NULL,
  316.   `attribute_value` VARCHAR(4096) NOT NULL,
  317.  
  318.   PRIMARY KEY (connection_id, attribute_name),
  319.   KEY `connection_id` (`connection_id`),
  320.  
  321.   CONSTRAINT guacamole_connection_attribute_ibfk_1
  322.     FOREIGN KEY (connection_id)
  323.     REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE
  324.  
  325. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  326.  
  327. --
  328. -- Table of arbitrary connection group attributes. Each attribute is simply a
  329. -- name/value pair associated with a connection group. Arbitrary attributes are
  330. -- defined by other extensions. Attributes defined by this extension will be
  331. -- mapped to properly-typed columns of a specific table.
  332. --
  333.  
  334. CREATE TABLE guacamole_connection_group_attribute (
  335.  
  336.   `connection_group_id` INT(11)       NOT NULL,
  337.   `attribute_name`      VARCHAR(128)  NOT NULL,
  338.   `attribute_value`     VARCHAR(4096) NOT NULL,
  339.  
  340.   PRIMARY KEY (connection_group_id, attribute_name),
  341.   KEY `connection_group_id` (`connection_group_id`),
  342.  
  343.   CONSTRAINT guacamole_connection_group_attribute_ibfk_1
  344.     FOREIGN KEY (connection_group_id)
  345.     REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE
  346.  
  347. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  348.  
  349. --
  350. -- Table of arbitrary sharing profile attributes. Each attribute is simply a
  351. -- name/value pair associated with a sharing profile. Arbitrary attributes are
  352. -- defined by other extensions. Attributes defined by this extension will be
  353. -- mapped to properly-typed columns of a specific table.
  354. --
  355.  
  356. CREATE TABLE guacamole_sharing_profile_attribute (
  357.  
  358.   `sharing_profile_id` INT(11)       NOT NULL,
  359.   `attribute_name`     VARCHAR(128)  NOT NULL,
  360.   `attribute_value`    VARCHAR(4096) NOT NULL,
  361.  
  362.   PRIMARY KEY (sharing_profile_id, attribute_name),
  363.   KEY `sharing_profile_id` (`sharing_profile_id`),
  364.  
  365.   CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1
  366.     FOREIGN KEY (sharing_profile_id)
  367.     REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE
  368.  
  369. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  370.  
  371. --
  372. -- Table of connection permissions. Each connection permission grants a user or
  373. -- user group specific access to a connection.
  374. --
  375.  
  376. CREATE TABLE `guacamole_connection_permission` (
  377.  
  378.   `entity_id`     INT(11) NOT NULL,
  379.   `connection_id` INT(11) NOT NULL,
  380.   `permission`    enum('READ',
  381.                        'UPDATE',
  382.                        'DELETE',
  383.                        'ADMINISTER') NOT NULL,
  384.  
  385.   PRIMARY KEY (`entity_id`,`connection_id`,`permission`),
  386.  
  387.   CONSTRAINT `guacamole_connection_permission_ibfk_1`
  388.     FOREIGN KEY (`connection_id`)
  389.     REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE,
  390.  
  391.   CONSTRAINT `guacamole_connection_permission_entity`
  392.     FOREIGN KEY (`entity_id`)
  393.     REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE
  394.  
  395. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  396.  
  397. --
  398. -- Table of connection group permissions. Each group permission grants a user
  399. -- or user group specific access to a connection group.
  400. --
  401.  
  402. CREATE TABLE `guacamole_connection_group_permission` (
  403.  
  404.   `entity_id`           INT(11) NOT NULL,
  405.   `connection_group_id` INT(11) NOT NULL,
  406.   `permission`          enum('READ',
  407.                              'UPDATE',
  408.                              'DELETE',
  409.                              'ADMINISTER') NOT NULL,
  410.  
  411.   PRIMARY KEY (`entity_id`,`connection_group_id`,`permission`),
  412.  
  413.   CONSTRAINT `guacamole_connection_group_permission_ibfk_1`
  414.     FOREIGN KEY (`connection_group_id`)
  415.     REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE,
  416.  
  417.   CONSTRAINT `guacamole_connection_group_permission_entity`
  418.     FOREIGN KEY (`entity_id`)
  419.     REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE
  420.  
  421. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  422.  
  423. --
  424. -- Table of sharing profile permissions. Each sharing profile permission grants
  425. -- a user or user group specific access to a sharing profile.
  426. --
  427.  
  428. CREATE TABLE guacamole_sharing_profile_permission (
  429.  
  430.   `entity_id`          INTEGER NOT NULL,
  431.   `sharing_profile_id` INTEGER NOT NULL,
  432.   `permission`         enum('READ',
  433.                             'UPDATE',
  434.                             'DELETE',
  435.                             'ADMINISTER') NOT NULL,
  436.  
  437.   PRIMARY KEY (`entity_id`, `sharing_profile_id`, `permission`),
  438.  
  439.   CONSTRAINT `guacamole_sharing_profile_permission_ibfk_1`
  440.     FOREIGN KEY (`sharing_profile_id`)
  441.     REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE,
  442.  
  443.   CONSTRAINT `guacamole_sharing_profile_permission_entity`
  444.     FOREIGN KEY (`entity_id`)
  445.     REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE
  446.  
  447. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  448.  
  449. --
  450. -- Table of system permissions. Each system permission grants a user or user
  451. -- group a system-level privilege of some kind.
  452. --
  453.  
  454. CREATE TABLE `guacamole_system_permission` (
  455.  
  456.   `entity_id`  INT(11) NOT NULL,
  457.   `permission` enum('CREATE_CONNECTION',
  458.                     'CREATE_CONNECTION_GROUP',
  459.                     'CREATE_SHARING_PROFILE',
  460.                     'CREATE_USER',
  461.                     'CREATE_USER_GROUP',
  462.                     'ADMINISTER') NOT NULL,
  463.  
  464.   PRIMARY KEY (`entity_id`,`permission`),
  465.  
  466.   CONSTRAINT `guacamole_system_permission_entity`
  467.     FOREIGN KEY (`entity_id`)
  468.     REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE
  469.  
  470. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  471.  
  472. --
  473. -- Table of user permissions. Each user permission grants a user or user group
  474. -- access to another user (the "affected" user) for a specific type of
  475. -- operation.
  476. --
  477.  
  478. CREATE TABLE `guacamole_user_permission` (
  479.  
  480.   `entity_id`        INT(11) NOT NULL,
  481.   `affected_user_id` INT(11) NOT NULL,
  482.   `permission`       enum('READ',
  483.                           'UPDATE',
  484.                           'DELETE',
  485.                           'ADMINISTER') NOT NULL,
  486.  
  487.   PRIMARY KEY (`entity_id`,`affected_user_id`,`permission`),
  488.  
  489.   CONSTRAINT `guacamole_user_permission_ibfk_1`
  490.     FOREIGN KEY (`affected_user_id`)
  491.     REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE,
  492.  
  493.   CONSTRAINT `guacamole_user_permission_entity`
  494.     FOREIGN KEY (`entity_id`)
  495.     REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE
  496.  
  497. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  498.  
  499. --
  500. -- Table of user group permissions. Each user group permission grants a user
  501. -- or user group access to a another user group (the "affected" user group) for
  502. -- a specific type of operation.
  503. --
  504.  
  505. CREATE TABLE `guacamole_user_group_permission` (
  506.  
  507.   `entity_id`              INT(11) NOT NULL,
  508.   `affected_user_group_id` INT(11) NOT NULL,
  509.   `permission`             enum('READ',
  510.                                 'UPDATE',
  511.                                 'DELETE',
  512.                                 'ADMINISTER') NOT NULL,
  513.  
  514.   PRIMARY KEY (`entity_id`, `affected_user_group_id`, `permission`),
  515.  
  516.   CONSTRAINT `guacamole_user_group_permission_affected_user_group`
  517.     FOREIGN KEY (`affected_user_group_id`)
  518.     REFERENCES `guacamole_user_group` (`user_group_id`) ON DELETE CASCADE,
  519.  
  520.   CONSTRAINT `guacamole_user_group_permission_entity`
  521.     FOREIGN KEY (`entity_id`)
  522.     REFERENCES `guacamole_entity` (`entity_id`) ON DELETE CASCADE
  523.  
  524. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  525.  
  526. --
  527. -- Table of connection history records. Each record defines a specific user's
  528. -- session, including the connection used, the start time, and the end time
  529. -- (if any).
  530. --
  531.  
  532. CREATE TABLE `guacamole_connection_history` (
  533.  
  534.   `history_id`           INT(11)      NOT NULL AUTO_INCREMENT,
  535.   `user_id`              INT(11)      DEFAULT NULL,
  536.   `username`             VARCHAR(128) NOT NULL,
  537.   `remote_host`          VARCHAR(256) DEFAULT NULL,
  538.   `connection_id`        INT(11)      DEFAULT NULL,
  539.   `connection_name`      VARCHAR(128) NOT NULL,
  540.   `sharing_profile_id`   INT(11)      DEFAULT NULL,
  541.   `sharing_profile_name` VARCHAR(128) DEFAULT NULL,
  542.   `start_date`           datetime     NOT NULL,
  543.   `end_date`             datetime     DEFAULT NULL,
  544.  
  545.   PRIMARY KEY (`history_id`),
  546.   KEY `user_id` (`user_id`),
  547.   KEY `connection_id` (`connection_id`),
  548.   KEY `sharing_profile_id` (`sharing_profile_id`),
  549.   KEY `start_date` (`start_date`),
  550.   KEY `end_date` (`end_date`),
  551.   KEY `connection_start_date` (`connection_id`, `start_date`),
  552.  
  553.   CONSTRAINT `guacamole_connection_history_ibfk_1`
  554.     FOREIGN KEY (`user_id`)
  555.     REFERENCES `guacamole_user` (`user_id`) ON DELETE SET NULL,
  556.  
  557.   CONSTRAINT `guacamole_connection_history_ibfk_2`
  558.     FOREIGN KEY (`connection_id`)
  559.     REFERENCES `guacamole_connection` (`connection_id`) ON DELETE SET NULL,
  560.  
  561.   CONSTRAINT `guacamole_connection_history_ibfk_3`
  562.     FOREIGN KEY (`sharing_profile_id`)
  563.     REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE SET NULL
  564.  
  565. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  566.  
  567. --
  568. -- User login/logout history
  569. --
  570.  
  571. CREATE TABLE guacamole_user_history (
  572.  
  573.   `history_id`           INT(11)      NOT NULL AUTO_INCREMENT,
  574.   `user_id`              INT(11)      DEFAULT NULL,
  575.   `username`             VARCHAR(128) NOT NULL,
  576.   `remote_host`          VARCHAR(256) DEFAULT NULL,
  577.   `start_date`           datetime     NOT NULL,
  578.   `end_date`             datetime     DEFAULT NULL,
  579.  
  580.   PRIMARY KEY (history_id),
  581.   KEY `user_id` (`user_id`),
  582.   KEY `start_date` (`start_date`),
  583.   KEY `end_date` (`end_date`),
  584.   KEY `user_start_date` (`user_id`, `start_date`),
  585.  
  586.   CONSTRAINT guacamole_user_history_ibfk_1
  587.     FOREIGN KEY (user_id)
  588.     REFERENCES guacamole_user (user_id) ON DELETE SET NULL
  589.  
  590. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  591.  
  592. --
  593. -- User password history
  594. --
  595.  
  596. CREATE TABLE guacamole_user_password_history (
  597.  
  598.   `password_history_id` INT(11) NOT NULL AUTO_INCREMENT,
  599.   `user_id`             INT(11) NOT NULL,
  600.  
  601.   -- Salted password
  602.   `password_hash` BINARY(32) NOT NULL,
  603.   `password_salt` BINARY(32),
  604.   `password_date` datetime   NOT NULL,
  605.  
  606.   PRIMARY KEY (`password_history_id`),
  607.   KEY `user_id` (`user_id`),
  608.  
  609.   CONSTRAINT `guacamole_user_password_history_ibfk_1`
  610.     FOREIGN KEY (`user_id`)
  611.     REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
  612.  
  613. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  614. --
  615. -- Licensed to the Apache Software Foundation (ASF) under one
  616. -- or more contributor license agreements.  See the NOTICE file
  617. -- distributed with this work for additional information
  618. -- regarding copyright ownership.  The ASF licenses this file
  619. -- to you under the Apache License, Version 2.0 (the
  620. -- "License"); you may not use this file except in compliance
  621. -- with the License.  You may obtain a copy of the License at
  622. --
  623. --   http://www.apache.org/licenses/LICENSE-2.0
  624. --
  625. -- Unless required by applicable law or agreed to in writing,
  626. -- software distributed under the License is distributed on an
  627. -- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  628. -- KIND, either express or implied.  See the License for the
  629. -- specific language governing permissions and limitations
  630. -- under the License.
  631. --
  632.  
  633. -- Create default user "guacadmin" with password "guacadmin"
  634. INSERT INTO guacamole_entity (name, TYPE) VALUES ('guacadmin', 'USER');
  635. INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
  636. SELECT
  637.     entity_id,
  638.     x'CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960',  -- 'guacadmin'
  639.     x'FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264',
  640.     NOW()
  641. FROM guacamole_entity WHERE name = 'guacadmin';
  642.  
  643. -- Grant this user all system permissions
  644. INSERT INTO guacamole_system_permission (entity_id, permission)
  645. SELECT entity_id, permission
  646. FROM (
  647.           SELECT 'guacadmin'  AS username, 'CREATE_CONNECTION'       AS permission
  648.     UNION SELECT 'guacadmin'  AS username, 'CREATE_CONNECTION_GROUP' AS permission
  649.     UNION SELECT 'guacadmin'  AS username, 'CREATE_SHARING_PROFILE'  AS permission
  650.     UNION SELECT 'guacadmin'  AS username, 'CREATE_USER'             AS permission
  651.     UNION SELECT 'guacadmin'  AS username, 'CREATE_USER_GROUP'       AS permission
  652.     UNION SELECT 'guacadmin'  AS username, 'ADMINISTER'              AS permission
  653. ) permissions
  654. JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER';
  655.  
  656. -- Grant admin permission to read/update/administer self
  657. INSERT INTO guacamole_user_permission (entity_id, affected_user_id, permission)
  658. SELECT guacamole_entity.entity_id, guacamole_user.user_id, permission
  659. FROM (
  660.           SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'READ'       AS permission
  661.     UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'UPDATE'     AS permission
  662.     UNION SELECT 'guacadmin' AS username, 'guacadmin' AS affected_username, 'ADMINISTER' AS permission
  663. ) permissions
  664. JOIN guacamole_entity          ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER'
  665. JOIN guacamole_entity affected ON permissions.affected_username = affected.name AND guacamole_entity.type = 'USER'
  666. JOIN guacamole_user            ON guacamole_user.entity_id = affected.entity_id;
  667.