diff --git a/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java b/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java index f26a8bfdd2..61ef74e35f 100644 --- a/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java +++ b/source/java/org/alfresco/filesys/server/auth/AlfrescoAuthenticator.java @@ -250,6 +250,10 @@ public class AlfrescoAuthenticator extends CifsAuthenticator */ private final int doMD4UserAuthentication(ClientInfo client, SrvSession sess, int alg) { + // Start a transaction + + sess.beginReadTransaction( m_transactionService); + // Get the stored MD4 hashed password for the user, or null if the user does not exist String md4hash = m_authComponent.getMD4HashedPassword(client.getUserName()); @@ -352,6 +356,10 @@ public class AlfrescoAuthenticator extends CifsAuthenticator */ private final int doPassthruUserAuthentication(ClientInfo client, SrvSession sess, int alg) { + // Start a transaction + + sess.beginReadTransaction( m_transactionService); + // Get the authentication token for the session NTLMPassthruToken authToken = (NTLMPassthruToken) sess.getAuthenticationToken(); diff --git a/source/java/org/alfresco/filesys/server/auth/EnterpriseCifsAuthenticator.java b/source/java/org/alfresco/filesys/server/auth/EnterpriseCifsAuthenticator.java index 460cf77b3e..c5cc753e18 100644 --- a/source/java/org/alfresco/filesys/server/auth/EnterpriseCifsAuthenticator.java +++ b/source/java/org/alfresco/filesys/server/auth/EnterpriseCifsAuthenticator.java @@ -1161,6 +1161,10 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca negTokenTarg = new NegTokenTarg( SPNEGO.AcceptCompleted, OID.KERBEROS5, krbDetails.getResponseToken()); + // Start a transaction + + sess.beginReadTransaction( m_transactionService); + // Setup the Acegi authenticated user m_authComponent.setCurrentUser( mapUserNameToPerson(krbDetails.getUserName())); @@ -1350,6 +1354,10 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca throw new SMBSrvException( SMBStatus.NTLogonFailure, SMBStatus.DOSAccessDenied, SMBStatus.ErrDos); } + // Start a transaction + + sess.beginReadTransaction( m_transactionService); + // Check if we are using local MD4 password hashes or passthru authentication if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER) @@ -1474,7 +1482,11 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca Type2NTLMMessage type2Msg = (Type2NTLMMessage) sess.getSetupObject( client.getProcessId()); sess.removeSetupObject( client.getProcessId()); - // Check if we are using local MD4 password hashes or passthru authentication + // Start a transaction + + sess.beginReadTransaction( m_transactionService); + + // Check if we are using local MD4 password hashes or passthru authentication if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER) { @@ -1591,6 +1603,10 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca private final void doNTLMv2Logon(SMBSrvSession sess, ClientInfo client) throws SMBSrvException { + // Start a transaction + + sess.beginReadTransaction( m_transactionService); + // Check if we are using local MD4 password hashes or passthru authentication if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER) @@ -1718,6 +1734,10 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticator implements Ca Type2NTLMMessage type2Msg = (Type2NTLMMessage) sess.getSetupObject( client.getProcessId()); sess.removeSetupObject( client.getProcessId()); + + // Start a transaction + + sess.beginReadTransaction( m_transactionService); // Check if we are using local MD4 password hashes or passthru authentication diff --git a/source/java/org/alfresco/filesys/server/auth/passthru/PassthruAuthenticator.java b/source/java/org/alfresco/filesys/server/auth/passthru/PassthruAuthenticator.java index 967fd772a4..bcbda9aaa8 100644 --- a/source/java/org/alfresco/filesys/server/auth/passthru/PassthruAuthenticator.java +++ b/source/java/org/alfresco/filesys/server/auth/passthru/PassthruAuthenticator.java @@ -119,6 +119,10 @@ public class PassthruAuthenticator extends CifsAuthenticator implements SessionL return CifsAuthenticator.AUTH_ALLOW; } + // Start a transaction + + sess.beginReadTransaction( m_transactionService); + // Check if the client is already authenticated, and it is not a null logon if ( client.getAuthenticationToken() != null && client.getLogonType() != ClientInfo.LogonNull) @@ -207,59 +211,33 @@ public class PassthruAuthenticator extends CifsAuthenticator implements SessionL } else { - // Wrap the service calls in a transaction - - UserTransaction tx = m_transactionService.getUserTransaction( true); - - try - { - // Start the transaction - - tx.begin(); - - // Map the passthru username to an Alfresco person - - String username = client.getUserName(); - String personName = m_personService.getUserIdentifier( username); - - if ( personName != null) - { - // Use the person name as the current user - - m_authComponent.setCurrentUser(personName); - - // DEBUG - - if ( logger.isDebugEnabled()) - logger.debug("Setting current user using person " + personName + " (username " + username + ")"); + // Map the passthru username to an Alfresco person - // Allow the user full access to the server - - authSts = CifsAuthenticator.AUTH_ALLOW; - - // Debug - - if (logger.isDebugEnabled()) - logger.debug("Passthru authenticate user=" + client.getUserName() + ", FULL"); - } - else if ( logger.isDebugEnabled()) - logger.debug("Failed to find person matching user " + username); - } - finally + String username = client.getUserName(); + String personName = m_personService.getUserIdentifier( username); + + if ( personName != null) { - // Commit the transaction + // Use the person name as the current user + + m_authComponent.setCurrentUser(personName); - if ( tx != null) - { - try { - tx.commit(); - } - catch (Exception ex) - { - // Sink it - } - } + // DEBUG + + if ( logger.isDebugEnabled()) + logger.debug("Setting current user using person " + personName + " (username " + username + ")"); + + // Allow the user full access to the server + + authSts = CifsAuthenticator.AUTH_ALLOW; + + // Debug + + if (logger.isDebugEnabled()) + logger.debug("Passthru authenticate user=" + client.getUserName() + ", FULL"); } + else if ( logger.isDebugEnabled()) + logger.debug("Failed to find person matching user " + username); } } catch (Exception ex)