MySQL User disabling enhancement

[Paul Cantle]

Hi All,

I originally raised this query here - 
https://sourceforge.net/p/guacamole/discussion/1110834/thread/2f715af2/ but 
then read that those forums aren’t really used for help these days.

I will add in my question here to save clicking the link. Hoping someone can 
offer some help.

Thanks all.

I'm currently using Guacamole 0.9.9 on CentOS with the MySQL extension. All is 
working well. I'm not however using the MySQL extension for authentication, I'm 
only using it for authorisation. I'm using SSO to handle the authentication 
side of things. This is also working fine.
The way the SSO plugin works is based on "username matching" to the user in the 
DB. If the names match, a login to the site is permitted, else it's denied and 
the user is shown the login screen. To that end, because the DB isn't handling 
authentication, disabling a user in the Guacamole GUI has no effect.

I'm wondering if I can enhance the following file: 
org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml to change what happens 
when a user is disabled:

Currently, this seems key:
<!-- Update single user -->
    <update id="update" 
parameterType="org.glyptodon.guacamole.auth.jdbc.user.UserModel">
        UPDATE guacamole_user
        SET password_hash = #{object.passwordHash,jdbcType=BINARY},
            password_salt = #{object.passwordSalt,jdbcType=BINARY},
            disabled = #{object.disabled,jdbcType=BOOLEAN},
            expired = #{object.expired,jdbcType=BOOLEAN},
            access_window_start = #{object.accessWindowStart,jdbcType=TIME},
            access_window_end = #{object.accessWindowEnd,jdbcType=TIME},
            valid_from = #{object.validFrom,jdbcType=DATE},
            valid_until = #{object.validUntil,jdbcType=DATE},
            timezone = #{object.timeZone,jdbcType=VARCHAR}
        WHERE user_id = #{object.objectID,jdbcType=VARCHAR}
    </update>

What I would like is to rename the user to disabled_<user> when the disabled 
flag is set. I know I can script this, but I'm trying to be "clever" by keeping 
it in the GUI. Something like the following SQL statement would probably do the 
job:

UPDATE guacamole_user SET user_id = concat('disabled_', user_id) WHERE 
disabled=1 AND user_id NOT LIKE 'disabled_%'

If I made that compatible with the above XML, would you suggest adding it as an 
entirely new statement within the <update> tags or try to make it fit with the 
existing statement? Is there a better place for it?

Either way, would it work, or would it possibly break everything? Happy to 
test, but would just like some thoughts from the experts if that's possible
Thanks All.
Paul