inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-06-30 18:15:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V2.1 to HEAD

Browse Source 
6833: Kerberos web filter for the web client.
   6834: Kerberos web filter for WebDAV
   6835: Updates to CIFS Kerberos logon support.
   6836: Fix issue with editing properties of AVM nodes and changed clipboard to use lock aware AVM service
   6837: Commented out the unknown opcode reporting as it can quickly fill the log files. AR-1742.
   6839: Patch to allow * and ? wildcard characters within a term in any web-client search
   6840: Fixed AR-1769: InvalidNameEndingPatch fails when running on 2.1
   6841: AR-1761.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6873 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley 2007-09-27 12:47:37 +00:00
parent 45ea44b784
commit 0911547299
5 changed files with 141 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/java/org/alfresco/filesys/netbios/server/NetBIOSNameServer.java
View File

@ -1758,7 +1758,7 @@ public class NetBIOSNameServer extends NetworkServer implements Runnable
// Unknown opcode // Unknown opcode
default: default:
logger.error("Unknown OpCode 0x" + Integer.toHexString(nbPkt.getOpcode())); // logger.error("Unknown OpCode 0x" + Integer.toHexString(nbPkt.getOpcode()));
break; break;
} }
} }

19
source/java/org/alfresco/filesys/server/auth/CifsAuthenticator.java
View File

@ -912,19 +912,32 @@ public abstract class CifsAuthenticator
*/ */
protected final String mapUserNameToPerson(String userName) protected final String mapUserNameToPerson(String userName)
{ {
// Get the home folder for the user // Get, or create, the person for this user
UserTransaction tx = m_transactionService.getUserTransaction(); UserTransaction tx = m_transactionService.getUserTransaction( false);
String personName = null; String personName = null;
try try
{ {
tx.begin(); tx.begin();
personName = m_personService.getUserIdentifier( userName);
NodeRef userNode = m_personService.getPerson(userName);
if ( userNode != null)
{
// Get the person name and use that as the current user to line up with permission checks
personName = (String) m_nodeService.getProperty(userNode, ContentModel.PROP_USERNAME);
}
tx.commit(); tx.commit();
} }
catch (Throwable ex) catch (Throwable ex)
{ {
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "Error mapping person for user " + userName, ex);
try try
{ {
tx.rollback(); tx.rollback();

135
source/java/org/alfresco/filesys/server/auth/EnterpriseCifsAuthenticator.java
View File

@ -71,6 +71,7 @@ import org.alfresco.filesys.smb.server.SMBSrvSession;
import org.alfresco.filesys.smb.server.VirtualCircuit; import org.alfresco.filesys.smb.server.VirtualCircuit;
import org.alfresco.filesys.util.DataPacker; import org.alfresco.filesys.util.DataPacker;
import org.alfresco.filesys.util.HexDump; import org.alfresco.filesys.util.HexDump;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.NTLMMode; import org.alfresco.repo.security.authentication.NTLMMode;
import org.ietf.jgss.Oid; import org.ietf.jgss.Oid;
@ -202,25 +203,54 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
throw new InvalidConfigurationException("Invalid login entry specified"); throw new InvalidConfigurationException("Invalid login entry specified");
} }
// Build the CIFS service account name // Get the server principal name
StringBuilder cifsAccount = new StringBuilder(); ConfigElement principal = params.getChild("Principal");
cifsAccount.append("cifs/"); if ( principal != null) {
cifsAccount.append( config.getServerName().toLowerCase());
cifsAccount.append("@"); // Use the supplied principal name to build the account name
cifsAccount.append(m_krbRealm);
StringBuffer cifsAccount = new StringBuffer();
m_accountName = cifsAccount.toString();
cifsAccount.append( principal.getValue());
cifsAccount.append("@");
cifsAccount.append(m_krbRealm);
m_accountName = cifsAccount.toString();
}
else {
// Build the CIFS service account name
StringBuffer cifsAccount = new StringBuffer();
cifsAccount.append("cifs/");
cifsAccount.append( config.getServerName().toLowerCase());
cifsAccount.append("@");
cifsAccount.append(m_krbRealm);
m_accountName = cifsAccount.toString();
}
// Create a login context for the CIFS server service // Create a login context for the CIFS server service
try try
{ {
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "CIFS Kerberos login using account " + m_accountName);
// Login the CIFS server service // Login the CIFS server service
m_loginContext = new LoginContext( m_loginEntryName, this); m_loginContext = new LoginContext( m_loginEntryName, this);
m_loginContext.login(); m_loginContext.login();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "CIFS Kerberos login successful");
} }
catch ( LoginException ex) catch ( LoginException ex)
{ {
@ -236,9 +266,9 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
Vector<Oid> mechTypes = new Vector<Oid>(); Vector<Oid> mechTypes = new Vector<Oid>();
mechTypes.add(OID.NTLMSSP);
mechTypes.add(OID.KERBEROS5); mechTypes.add(OID.KERBEROS5);
mechTypes.add(OID.MSKERBEROS5); mechTypes.add(OID.MSKERBEROS5);
mechTypes.add(OID.NTLMSSP);
// Build the SPNEGO NegTokenInit blob // Build the SPNEGO NegTokenInit blob
@ -1172,33 +1202,92 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca
// Start a transaction // Start a transaction
sess.beginReadTransaction( m_transactionService); sess.beginReadTransaction( m_transactionService);
// Check if this is a null logon
String userName = krbDetails.getUserName();
if ( userName != null)
{
// Check for the machine account name
if ( userName.endsWith( "$") && userName.equals( userName.toUpperCase()))
{
// Null logon
client.setLogonType( ClientInfo.LogonNull);
// Debug
if ( logger.isDebugEnabled())
logger.debug("Machine account logon, " + userName + ", as null logon");
}
else
{
// Map the user name to an Alfresco person name
String alfPersonName = mapUserNameToPerson( userName);
// Check if the user name was mapped, if not then check if this is a domain client system name, ie. ends with '$'
if ( alfPersonName != null)
{
// Setup the Acegi authenticated user
AuthenticationUtil.setCurrentUser( alfPersonName);
// Store the full user name in the client information, indicate that this is not a guest logon
client.setUserName( krbDetails.getSourceName());
client.setGuest( false);
client.setAuthenticationToken( m_authComponent.getCurrentAuthentication());
// Indicate that the session is logged on
sess.setLoggedOn(true);
}
else
{
// Return a logon failure status
throw new SMBSrvException( SMBStatus.NTLogonFailure, SMBStatus.ErrDos, SMBStatus.DOSAccessDenied);
}
}
}
else
{
// Null logon
client.setLogonType( ClientInfo.LogonNull);
}
// Setup the Acegi authenticated user
// Set the current user to be authenticated, save the authentication token
client.setAuthenticationToken( m_authComponent.setCurrentUser( mapUserNameToPerson(krbDetails.getUserName())));
// Store the full user name in the client information, indicate that this is not a guest logon
client.setUserName( krbDetails.getSourceName());
client.setGuest( false);
// Indicate that the session is logged on // Indicate that the session is logged on
sess.setLoggedOn(true); sess.setLoggedOn(true);
// Debug // Debug
if ( logger.isDebugEnabled()) if ( logger.isDebugEnabled())
logger.debug("Logged on using Kerberos"); logger.debug("Logged on using Kerberos, user " + userName);
}
else
{
// Debug
if ( logger.isDebugEnabled())
logger.debug( "No SPNEGO response, Kerberos logon failed");
// Return a logon failure status
throw new SMBSrvException( SMBStatus.NTLogonFailure, SMBStatus.ErrDos, SMBStatus.DOSAccessDenied);
} }
} }
catch (Exception ex) catch (Exception ex)
{ {
// Log the error // Log the error
logger.error(ex); logger.error("Kerberos logon error", ex);
// Return a logon failure status // Return a logon failure status

3
source/java/org/alfresco/filesys/server/auth/passthru/PassthruAuthenticator.java
View File

@ -802,6 +802,9 @@ public class PassthruAuthenticator extends CifsAuthenticator implements SessionL
NTLanManAuthContext ntlmCtx = (NTLanManAuthContext) getAuthContext( sess); NTLanManAuthContext ntlmCtx = (NTLanManAuthContext) getAuthContext( sess);
if ( ntlmCtx == null)
throw new SMBSrvException( SMBStatus.NTLogonFailure, SMBStatus.ErrDos, SMBStatus.DOSAccessDenied);
// Build a type2 message to send back to the client, containing the challenge // Build a type2 message to send back to the client, containing the challenge
String domain = sess.getSMBServer().getServerName(); String domain = sess.getSMBServer().getServerName();

9
source/java/org/alfresco/filesys/server/auth/spnego/NegTokenInit.java
View File

@ -30,6 +30,7 @@ import java.io.IOException;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.Vector; import java.util.Vector;
import org.alfresco.filesys.util.HexDump;
import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERApplicationSpecific; import org.bouncycastle.asn1.DERApplicationSpecific;
@ -401,6 +402,14 @@ public class NegTokenInit
str.append(" token="); str.append(" token=");
str.append(m_mechToken.length); str.append(m_mechToken.length);
str.append(" bytes"); str.append(" bytes");
if ( m_mechToken.length > 16)
{
str.append(" [");
str.append ( HexDump.hexString(m_mechToken, 0, 16, " "));
str.append("]");
}
} }
if ( m_mecListMICPrincipal != null) if ( m_mecListMICPrincipal != null)