From 2b9d05c496ceee4f237ac3cf3bfa178d69fb1941 Mon Sep 17 00:00:00 2001 From: Gary Spencer Date: Tue, 15 May 2007 12:36:31 +0000 Subject: [PATCH] Added a custom I/O control to CIFS that returns the authentication ticket for the session. AR-1458. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5681 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../includes/alfresco/Alfresco.hpp | 40 ++++++----- .../CAlfrescoApp/source/alfresco/Alfresco.cpp | 68 +++++++++++++------ .../filesys/alfresco/DesktopAction.java | 1 + .../alfresco/filesys/alfresco/IOControl.java | 1 + .../server/repo/ContentIOControlHandler.java | 59 ++++++++++++++++ 5 files changed, 127 insertions(+), 42 deletions(-) diff --git a/source/cpp/CAlfrescoApp/includes/alfresco/Alfresco.hpp b/source/cpp/CAlfrescoApp/includes/alfresco/Alfresco.hpp index 46fd4f1b4b..273cca3825 100644 --- a/source/cpp/CAlfrescoApp/includes/alfresco/Alfresco.hpp +++ b/source/cpp/CAlfrescoApp/includes/alfresco/Alfresco.hpp @@ -1,26 +1,18 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2006 Alfresco, Inc. * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - * As a special exception to the terms and conditions of version 2.0 of - * the GPL, you may redistribute this Program in connection with Free/Libre - * and Open Source Software ("FLOSS") applications as described in Alfresco's - * FLOSS exception. You should have recieved a copy of the text describing - * the FLOSS exception, and it is also available here: - * http://www.alfresco.com/legal/licensing" + * Licensed under the Mozilla Public License version 1.1 + * with a permitted attribution clause. You may obtain a + * copy of the License at + * + * http://www.alfresco.org/legal/license.txt + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the + * License. */ #ifndef _Alfresco_H @@ -63,6 +55,7 @@ namespace Alfresco { // Version 1 FSCTL_ALFRESCO_CHECKIN - 0x803 #define FSCTL_ALFRESCO_GETACTIONINFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0x804, METHOD_BUFFERED, FILE_WRITE_DATA) #define FSCTL_ALFRESCO_RUNACTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0x805, METHOD_BUFFERED, FILE_WRITE_DATA) + #define FSCTL_ALFRESCO_GETAUTHTICKET CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS) // Request signature bytes @@ -86,6 +79,7 @@ namespace Alfresco { #define StsNoSuchAction 6 #define StsLaunchURL 7 #define StsCommandLine 8 + #define StsAuthTicket 9 // Boolean field values @@ -181,6 +175,10 @@ public: bool setRootPath( const wchar_t* rootPath); + // Return the authentication ticket for this session + + DesktopResponse getAuthenticationTicket( void); + private: // Send an I/O control request, receive and validate the response diff --git a/source/cpp/CAlfrescoApp/source/alfresco/Alfresco.cpp b/source/cpp/CAlfrescoApp/source/alfresco/Alfresco.cpp index 7f5368c0b7..9dc1f947ff 100644 --- a/source/cpp/CAlfrescoApp/source/alfresco/Alfresco.cpp +++ b/source/cpp/CAlfrescoApp/source/alfresco/Alfresco.cpp @@ -1,26 +1,18 @@ /* - * Copyright (C) 2005-2007 Alfresco Software Limited. + * Copyright (C) 2005-2006 Alfresco, Inc. * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - * As a special exception to the terms and conditions of version 2.0 of - * the GPL, you may redistribute this Program in connection with Free/Libre - * and Open Source Software ("FLOSS") applications as described in Alfresco's - * FLOSS exception. You should have recieved a copy of the text describing - * the FLOSS exception, and it is also available here: - * http://www.alfresco.com/legal/licensing" + * Licensed under the Mozilla Public License version 1.1 + * with a permitted attribution clause. You may obtain a + * copy of the License at + * + * http://www.alfresco.org/legal/license.txt + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the + * License. */ #include "alfresco\Alfresco.hpp" @@ -290,6 +282,40 @@ DesktopResponse AlfrescoInterface::runAction(AlfrescoActionInfo& action, Desktop return response; } +/** + * Get the authentication ticket for this session + * + * @return DesktopResponse + */ +DesktopResponse AlfrescoInterface::getAuthenticationTicket( void) { + + // Check if the folder handle is valid + + if ( m_handle == INVALID_HANDLE_VALUE) + throw BadInterfaceException(); + + // Build the run action I/O control request + + DataBuffer reqbuf( 32); + DataBuffer respbuf( 256); + + reqbuf.putFixedString( IOSignature, IOSignatureLen); + + // Send the get auth ticket request + + sendIOControl( FSCTL_ALFRESCO_GETAUTHTICKET, reqbuf, respbuf); + + // Unpack the get auth ticket response + + unsigned int actionSts = respbuf.getInt(); + String actionMsg = respbuf.getString(); + + // Return the desktop response + + DesktopResponse response(actionSts, actionMsg); + return response; +} + /** * Send an I/O control request to the Alfresco CIFS server, receive and validate the response * diff --git a/source/java/org/alfresco/filesys/alfresco/DesktopAction.java b/source/java/org/alfresco/filesys/alfresco/DesktopAction.java index 086409bc0c..e7f28be3e1 100644 --- a/source/java/org/alfresco/filesys/alfresco/DesktopAction.java +++ b/source/java/org/alfresco/filesys/alfresco/DesktopAction.java @@ -89,6 +89,7 @@ public abstract class DesktopAction { public static final int StsNoSuchAction = 6; public static final int StsLaunchURL = 7; public static final int StsCommandLine = 8; + public static final int StsAuthTicket = 9; // Token name to substitute current servers DNS name or TCP/IP address into the webapp URL diff --git a/source/java/org/alfresco/filesys/alfresco/IOControl.java b/source/java/org/alfresco/filesys/alfresco/IOControl.java index dd4ad3a155..c0820c4f2b 100644 --- a/source/java/org/alfresco/filesys/alfresco/IOControl.java +++ b/source/java/org/alfresco/filesys/alfresco/IOControl.java @@ -44,6 +44,7 @@ public class IOControl // Version 1 CmdCheckIn = NTIOCtl.FsCtlCustom + 3 public static final int CmdGetActionInfo = NTIOCtl.FsCtlCustom + 4; public static final int CmdRunAction = NTIOCtl.FsCtlCustom + 5; + public static final int CmdGetAuthTicket = NTIOCtl.FsCtlCustom + 6; // I/O control request/response signature diff --git a/source/java/org/alfresco/filesys/smb/server/repo/ContentIOControlHandler.java b/source/java/org/alfresco/filesys/smb/server/repo/ContentIOControlHandler.java index a78fd30708..79a0f8f678 100644 --- a/source/java/org/alfresco/filesys/smb/server/repo/ContentIOControlHandler.java +++ b/source/java/org/alfresco/filesys/smb/server/repo/ContentIOControlHandler.java @@ -283,6 +283,15 @@ public class ContentIOControlHandler implements IOControlHandler retBuffer = procRunAction(sess, tree, dataBuf, folderNode, netFile); break; + // Return the authentication ticket + + case IOControl.CmdGetAuthTicket: + + // Process the get auth ticket request + + retBuffer = procGetAuthTicket(sess, tree, dataBuf, folderNode, netFile); + break; + // Unknown I/O control code default: @@ -673,6 +682,56 @@ public class ContentIOControlHandler implements IOControlHandler return respBuf; } + /** + * Process the get authentication ticket request + * + * @param sess Server session + * @param tree Tree connection + * @param reqBuf Request buffer + * @param folderNode NodeRef of parent folder + * @param netFile NetworkFile for the folder + * @return DataBuffer + */ + private final DataBuffer procGetAuthTicket( SrvSession sess, TreeConnection tree, DataBuffer reqBuf, NodeRef folderNode, + NetworkFile netFile) + { + // DEBUG + + if ( logger.isDebugEnabled()) + logger.debug(" Get Auth Ticket"); + + // Create a response buffer + + DataBuffer respBuf = new DataBuffer(256); + respBuf.putFixedString(IOControl.Signature, IOControl.Signature.length()); + + // Start a transaction + + sess.beginReadTransaction( getTransactionService()); + + // Get an authentication ticket for the client, or validate the existing ticket. The ticket can be used when + // generating URLs for the client-side application so that the user does not have to re-authenticate + + getTicketForClient( sess); + + // Pack the response + + ClientInfo cInfo = sess.getClientInformation(); + + if ( cInfo != null && cInfo.getAuthenticationTicket() != null) { + respBuf.putInt(DesktopAction.StsAuthTicket); + respBuf.putString( cInfo.getAuthenticationTicket(), true); + } + else { + respBuf.putInt(DesktopAction.StsError); + respBuf.putString( "Client information invalid", true); + } + + // Return the response + + return respBuf; + } + /** * Get, or validate, an authentication ticket for the client *