From 69568f130e75ec997c0cae0140ce221f55acb308 Mon Sep 17 00:00:00 2001
From: Gary Spencer <gary.spencer@alfresco.com>
Date: Tue, 16 Feb 2010 14:04:34 +0000
Subject: [PATCH] Merge 3.2 to HEAD:    18450: Port of FTP data port
 configuration values. ETHREEOH-4103.    18559: NFS fixes, NFS/FTP/CIFS config
 properties. ETHREEOH-4102, ETHREEOH-4101, ETHREEOH-4104 (partial)    18642:
 Do not allow null NFS authentication type, core NFS/mount server code now
 allows null requests with null authentication type.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18654 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../default/file-servers-context.xml          | 56 ++++++++++++--
 .../default/file-servers.properties           | 39 +++++++++-
 .../AbstractServerConfigurationBean.java      |  4 +-
 .../filesys/ServerConfigurationBean.java      | 75 ++++++++++++++++++-
 .../auth/nfs/AlfrescoRpcAuthenticator.java    | 17 +----
 .../filesys/config/FTPConfigBean.java         | 41 ++++++++++
 .../filesys/config/NFSConfigBean.java         |  4 +-
 .../config/ServerConfigurationBean.java       | 47 ++++++++++--
 8 files changed, 251 insertions(+), 32 deletions(-)

diff --git a/config/alfresco/subsystems/fileServers/default/file-servers-context.xml b/config/alfresco/subsystems/fileServers/default/file-servers-context.xml
index 7820c91e21..637a5de5e7 100644
--- a/config/alfresco/subsystems/fileServers/default/file-servers-context.xml
+++ b/config/alfresco/subsystems/fileServers/default/file-servers-context.xml
@@ -183,9 +183,10 @@
          </bean>
       </property>
 
-      <!--
-      <property name="sessionDebugFlags"> <value>Negotiate,Socket</value> </property>
-      -->
+      <property name="sessionDebugFlags">
+		  <value>${cifs.sessionDebug}</value>
+	  </property>
+
    </bean>
 
    <bean id="ftpServerConfig" class="org.alfresco.filesys.config.FTPConfigBean">
@@ -209,10 +210,17 @@
 
       <!-- FTP server debug settings -->
       <!-- Enable 'log4j.logger.org.alfresco.fileserver=debug' in log4j.properties file -->
-      <!--
-         <property name="debugFlags"> <value>File,Search,Error,Directory,Info,DataPort</value> </property>
-      -->
+      <property name="debugFlags">
+		  <value>${ftp.sessionDebug}</value>
+	  </property>
 
+	  <!-- Data ports range -->
+	  <property name="dataPortFrom">
+		  <value>${ftp.dataPortFrom}</value>
+	  </property>
+	  <property name="dataPortTo">
+		  <value>${ftp.dataPortTo}</value>
+	  </property>
    </bean>
 
    <!--The configurable RPC user mappings - actually a post-processed composite property! -->
@@ -239,14 +247,50 @@
          <value>${nfs.enabled}</value>
       </property>
 
+	  <property name="nfsServerPort">
+		  <value>${nfs.nfsServerPort}</value>
+	  </property>
+	   
+	  <property name="mountServerPort">
+		  <value>${nfs.mountServerPort}</value>
+	  </property>
+	   
+	  <!-- Setting a portMapper port of -1 stops the NFS and mount server registering with a portmapper -->
+	  <property name="portMapperPort">
+		  <value>${nfs.portMapperPort}</value>  
+	  </property>
+	   
+	  <!-- Enable/disable the builtin portMapper service --> 
+	  <property name="portMapperEnabled">
+		  <value>${nfs.portMapperEnabled}</value>
+      </property>
+	   
       <!-- Map NFS user/group ids to Alfresco users -->
       <property name="rpcAuthenticator">
          <bean class="org.alfresco.filesys.auth.nfs.AlfrescoRpcAuthenticator">
             <property name="userMappings">
                <ref bean="nfs.user.mappings" />
             </property>
+			 
+			<property name="transactionService">
+				<ref bean="transactionService"/>
+			</property>
+			 
+			<property name="authenticationComponent">
+				<ref bean="authenticationComponent"/>
+			</property>
          </bean>
       </property>
+	   
+      <!-- NFS server debug settings -->
+      <!-- Enable 'log4j.logger.org.alfresco.fileserver=debug' in log4j.properties file -->
+	  <property name="debugFlags">
+		  <value>${nfs.sessionDebug}</value>
+	  </property>
+	   
+	  <property name="mountServerDebug">
+		  <value>${nfs.mountServerDebug}</value>
+	  </property>		  
    </bean>
 
    <bean id="filesystemContexts" class="org.springframework.beans.factory.config.ListFactoryBean">
diff --git a/config/alfresco/subsystems/fileServers/default/file-servers.properties b/config/alfresco/subsystems/fileServers/default/file-servers.properties
index ea9bb66fda..43a9ed64f1 100644
--- a/config/alfresco/subsystems/fileServers/default/file-servers.properties
+++ b/config/alfresco/subsystems/fileServers/default/file-servers.properties
@@ -1,6 +1,7 @@
 filesystem.name=Alfresco
 filesystem.acl.global.defaultAccessLevel=
 
+### CIFS Server Configuration ###
 cifs.enabled=true
 cifs.serverName=${localname}A
 cifs.domain=
@@ -28,10 +29,44 @@ cifs.WINS.autoDetectEnabled=true
 cifs.WINS.primary=1.2.3.4
 cifs.WINS.secondary=5.6.7.8
 
+cifs.urlfile.prefix=http://${localname}:8080/alfresco/
+
+# CIFS session debug flags (also enable org.alfresco.fileserver=debug logging level)
+# Comma delimeted list of levels :-
+#    NETBIOS, STATE, RXDATA, TXDATA, DUMPDATA, NEGOTIATE, TREE, SEARCH, INFO, FILE, FILEIO, TRANSACT
+#    ECHO, ERROR, IPC, LOCK, PKTTYPE, DCERPC, STATECACHE, TIMING, NOTIFY, STREAMS, SOCKET, PKTPOOL
+#    PKTSTATS, THREADPOOL, BENCHMARK
+cifs.sessionDebug=
+
+### FTP Server Configuration ###
 ftp.enabled=true
 ftp.port=21
 ftp.ipv6.enabled=false
 
-nfs.enabled=false
+# FTP data port range, a value of 0:0 disables the data port range and will use the next available port
+# Valid range is 1024-65535
+ftp.dataPortFrom=0
+ftp.dataPortTo=0
 
-cifs.urlfile.prefix=http://${localname}:8080/alfresco/
+# FTP session debug flags (also enable org.alfresco.fileserver=debug logging level)
+# Comma delimeted list of levels :-
+#	 STATE, RXDATA, TXDATA, DUMPDATA, SEARCH, INFO, FILE, FILEIO, ERROR, PKTTYPE, TIMING, DATAPORT, DIRECTORY
+ftp.sessionDebug=
+
+### NFS Server Configuration ###
+nfs.enabled=false
+# Mount/NFS server ports, 0 will allocate next available port
+nfs.mountServerPort=0
+nfs.nfsServerPort=2049
+
+# To disable NFS and mount server registering with a portmapper set nfs.portMapperPort to -1
+nfs.portMapperPort=111
+# Enable the builtin portmapper service
+nfs.portMapperEnabled=false
+
+# NFS session debug flags (also enable org.alfresco.fileserver=debug logging level)
+# Comma delimeted list of levels :-
+#	 RXDATA, TXDATA, DUMPDATA, SEARCH, INFO, FILE, FILEIO, ERROR, TIMING, DIRECTORY, SESSION
+nfs.sessionDebug=
+
+nfs.mountServerDebug=false
diff --git a/source/java/org/alfresco/filesys/AbstractServerConfigurationBean.java b/source/java/org/alfresco/filesys/AbstractServerConfigurationBean.java
index aad41cf056..eecefaff35 100644
--- a/source/java/org/alfresco/filesys/AbstractServerConfigurationBean.java
+++ b/source/java/org/alfresco/filesys/AbstractServerConfigurationBean.java
@@ -96,8 +96,8 @@ public abstract class AbstractServerConfigurationBean extends ServerConfiguratio
 
   // FTP server debug type strings
 
-  protected static final String m_ftpDebugStr[] = { "STATE", "SEARCH", "INFO", "FILE", "FILEIO", "ERROR", "PKTTYPE",
-          "TIMING", "DATAPORT", "DIRECTORY" };
+  protected static final String m_ftpDebugStr[] = { "STATE", "RXDATA", "TXDATA", "DUMPDATA", "SEARCH", "INFO", "FILE", "FILEIO", "ERROR", "PKTTYPE",
+      "TIMING", "DATAPORT", "DIRECTORY" };
 
   // Default FTP server port
   
diff --git a/source/java/org/alfresco/filesys/ServerConfigurationBean.java b/source/java/org/alfresco/filesys/ServerConfigurationBean.java
index d90d37b6fc..a8ccf22405 100644
--- a/source/java/org/alfresco/filesys/ServerConfigurationBean.java
+++ b/source/java/org/alfresco/filesys/ServerConfigurationBean.java
@@ -1508,7 +1508,80 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean {
         }
         else
           throw new AlfrescoRuntimeException("FTP authenticator not specified");
-      
+        
+		// Check if a data port range has been specified
+
+		elem = config.getConfigElement("dataPorts");
+		if ( elem != null) {
+
+			// Split the value string into from and to range strings
+
+			StringTokenizer tok = new StringTokenizer( elem.getValue(), ":");
+			if ( tok.countTokens() != 2)
+				throw new InvalidConfigurationException( "Invalid FTP data port range, specify as 'n:n'");
+
+			String rangeFromStr = tok.nextToken();
+			String rangeToStr   = tok.nextToken();
+			
+			// Validate the from/to data port range values
+			
+			int rangeFrom = -1;
+			int rangeTo = -1;
+
+			if ( rangeFromStr != null && rangeFromStr.length() > 0) {
+
+				// Validate the range string
+
+				try {
+					rangeFrom = Integer.parseInt(rangeFromStr);
+				}
+				catch (NumberFormatException ex) {
+					throw new InvalidConfigurationException("Invalid FTP range from value, " + rangeFromStr);
+				}
+			}
+
+			// Check for the to port range value
+
+			if ( rangeToStr != null && rangeToStr.length() > 0) {
+
+				// Validate the range string
+
+				try {
+					rangeTo = Integer.parseInt(rangeToStr);
+				}
+				catch (NumberFormatException ex) {
+					throw new InvalidConfigurationException("Invalid FTP range to value, " + rangeToStr);
+				}
+			}
+
+			// Validate the data port range values
+
+			if ( rangeFrom != 0 && rangeTo != 0) {
+
+				// Validate the FTp data port range
+				
+				if ( rangeFrom == -1 || rangeTo == -1)
+					throw new InvalidConfigurationException("FTP data port range from/to must be specified");
+	
+				if ( rangeFrom < 1024 || rangeFrom > 65535)
+					throw new InvalidConfigurationException("Invalid FTP data port range from value, " + rangeFrom);
+	
+				if ( rangeTo < 1024 || rangeTo > 65535)
+					throw new InvalidConfigurationException("Invalid FTP data port range to value, " + rangeTo);
+	
+				if ( rangeFrom >= rangeTo)
+					throw new InvalidConfigurationException("Invalid FTP data port range, " + rangeFrom + "-" + rangeTo);
+	
+				// Set the FTP data port range
+	
+				ftpConfig.setFTPDataPortLow(rangeFrom);
+				ftpConfig.setFTPDataPortHigh(rangeTo);
+				
+				// Log the data port range
+				
+				logger.info("FTP server data ports restricted to range " + rangeFrom + ":" + rangeTo);
+			}
+		}
       }
       catch (InvalidConfigurationException ex)
       {
diff --git a/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java b/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java
index a0d280467c..9c6ff5878f 100644
--- a/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java
+++ b/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java
@@ -63,7 +63,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
 
     private static final Log logger = LogFactory.getLog("org.alfresco.nfs.protocol.auth");
 
-    // Authentication types aupported by this implementation
+    // Authentication types supported by this implementation
 
     private int[] _authTypes = { AuthType.Unix };
 
@@ -136,18 +136,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
 
             sessKey = new Long((((long) rpc.getClientAddress().hashCode()) << 32) + (gid << 16) + uid);
         }
-        else if ( authType == AuthType.Null)
-        {
-            // Set the session key for the null authentication
-            
-            sessKey = new Integer(rpc.getClientAddress().hashCode());
-
-            // DEBUG
-            
-            if ( logger.isDebugEnabled())
-                logger.debug( "RpcAuth: Type=Null client=" + rpc.getClientAddress());
-        }
-
+        
         // Check if the session key is valid, if not then the authentication
         // type is unsupported
 
@@ -516,7 +505,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
     }
     
     /**
-     * Create a transaction, this will be a wrteable transaction unless the system is in read-only mode.
+     * Create a transaction, this will be a writable transaction unless the system is in read-only mode.
      * 
      * return UserTransaction
      */
diff --git a/source/java/org/alfresco/filesys/config/FTPConfigBean.java b/source/java/org/alfresco/filesys/config/FTPConfigBean.java
index 3c57975a54..df7db0ae03 100644
--- a/source/java/org/alfresco/filesys/config/FTPConfigBean.java
+++ b/source/java/org/alfresco/filesys/config/FTPConfigBean.java
@@ -65,6 +65,11 @@ public class FTPConfigBean
     /** Is IP v6 enabled? */
     private boolean ipv6Enabled;
 
+    // Data port range
+    
+    private int dataPortFrom;
+    private int dataPortTo;
+    
     /**
      * Checks if is server enabled.
      * 
@@ -274,4 +279,40 @@ public class FTPConfigBean
     {
         this.ipv6Enabled = ipv6Enabled;
     }
+    
+    /**
+     * Return the data port range from port
+     * 
+     * @return int
+     */
+    public int getDataPortFrom() {
+    	return dataPortFrom;
+    }
+    
+    /**
+     * Set the data port range from port
+     * 
+     * @param fromPort int
+     */
+    public void setDataPortFrom(int fromPort) {
+    	dataPortFrom = fromPort;
+    }
+    
+    /**
+     * Return the data port to range port
+     * 
+     * @return int
+     */
+    public int getDataPortTo() {
+    	return dataPortTo;
+    }
+    
+    /**
+     * Set the data port range to port
+     * 
+     * @param toPort int
+     */
+    public void setDataPortTo(int toPort) {
+    	dataPortTo = toPort;
+    }
 }
diff --git a/source/java/org/alfresco/filesys/config/NFSConfigBean.java b/source/java/org/alfresco/filesys/config/NFSConfigBean.java
index f45fad5839..77cba3a275 100644
--- a/source/java/org/alfresco/filesys/config/NFSConfigBean.java
+++ b/source/java/org/alfresco/filesys/config/NFSConfigBean.java
@@ -199,7 +199,7 @@ public class NFSConfigBean
      * 
      * @return the nFS server port
      */
-    public Integer getNFSServerPort()
+    public Integer getNfsServerPort()
     {
         return NFSServerPort;
     }
@@ -210,7 +210,7 @@ public class NFSConfigBean
      * @param serverPort
      *            the new nFS server port
      */
-    public void setNFSServerPort(Integer serverPort)
+    public void setNfsServerPort(Integer serverPort)
     {
         NFSServerPort = serverPort;
     }
diff --git a/source/java/org/alfresco/filesys/config/ServerConfigurationBean.java b/source/java/org/alfresco/filesys/config/ServerConfigurationBean.java
index d9b0f7c08d..f4fafff256 100644
--- a/source/java/org/alfresco/filesys/config/ServerConfigurationBean.java
+++ b/source/java/org/alfresco/filesys/config/ServerConfigurationBean.java
@@ -1304,6 +1304,38 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean
             else
                 throw new AlfrescoRuntimeException("FTP authenticator not specified");
 
+            // Check if a data port range has been specified
+            
+            if ( ftpConfigBean.getDataPortFrom() != 0 && ftpConfigBean.getDataPortTo() != 0) {
+            	
+            	// Range check the data port values
+            	
+            	int rangeFrom = ftpConfigBean.getDataPortFrom();
+            	int rangeTo   = ftpConfigBean.getDataPortTo();
+            	
+            	if ( rangeFrom != 0 && rangeTo != 0) {
+            		
+            		// Validate the FTP data port range
+            	
+	    			if ( rangeFrom < 1024 || rangeFrom > 65535)
+	    				throw new InvalidConfigurationException("Invalid FTP data port range from value, " + rangeFrom);
+	
+	    			if ( rangeTo < 1024 || rangeTo > 65535)
+	    				throw new InvalidConfigurationException("Invalid FTP data port range to value, " + rangeTo);
+	
+	    			if ( rangeFrom >= rangeTo)
+	    				throw new InvalidConfigurationException("Invalid FTP data port range, " + rangeFrom + "-" + rangeTo);
+	
+	    			// Set the FTP data port range
+	
+	    			ftpConfig.setFTPDataPortLow(rangeFrom);
+	    			ftpConfig.setFTPDataPortHigh(rangeTo);
+	    			
+	    			// Log the data port range
+	    			
+	    			logger.info("FTP server data ports restricted to range " + rangeFrom + ":" + rangeTo);
+            	}
+            }
         }
         catch (InvalidConfigurationException ex)
         {
@@ -1386,8 +1418,13 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean
             if (portMapperPort != null)
             {
                 nfsConfig.setPortMapperPort(portMapperPort);
-                if (nfsConfig.getPortMapperPort() <= 0 || nfsConfig.getPortMapperPort() >= 65535)
-                    throw new AlfrescoRuntimeException("Port mapper server port out of valid range");
+                if ( nfsConfig.getPortMapperPort() == -1) {
+                	logger.info("NFS portmapper registration disabled");
+                }
+                else {
+                	if (nfsConfig.getPortMapperPort() <= 0 || nfsConfig.getPortMapperPort() >= 65535)
+                		throw new AlfrescoRuntimeException("Port mapper server port out of valid range");
+                }
             }
 
             // Check for a mount server port
@@ -1396,17 +1433,17 @@ public class ServerConfigurationBean extends AbstractServerConfigurationBean
             if (mountServerPort != null)
             {
                 nfsConfig.setMountServerPort(mountServerPort);
-                if (nfsConfig.getMountServerPort() <= 0 || nfsConfig.getMountServerPort() >= 65535)
+                if (nfsConfig.getMountServerPort() < 0 || nfsConfig.getMountServerPort() >= 65535)
                     throw new AlfrescoRuntimeException("Mount server port out of valid range");
             }
 
             // Check for an NFS server port
 
-            Integer nfsServerPort = nfsConfigBean.getNFSServerPort();
+            Integer nfsServerPort = nfsConfigBean.getNfsServerPort();
             if (nfsServerPort != null)
             {
                 nfsConfig.setNFSServerPort(nfsServerPort);
-                if (nfsConfig.getNFSServerPort() <= 0 || nfsConfig.getNFSServerPort() >= 65535)
+                if (nfsConfig.getNFSServerPort() < 0 || nfsConfig.getNFSServerPort() >= 65535)
                     throw new AlfrescoRuntimeException("NFS server port out of valid range");
             }