From c0f04f50b497663ef203fb0f6316f1d0a0989b12 Mon Sep 17 00:00:00 2001 From: Kevin Roast Date: Thu, 18 Dec 2008 12:06:12 +0000 Subject: [PATCH] Merged V3.0 to HEAD 11849: Code/doc clean-up 11850: Show Folders and Simple View buttons not showing correct caption for overridden default 11851: DocLib "move" action needs delete permission 11852: ETHREEOH-662 Incorrect display of 'Invite', 'Edit Site Details', 'Customize Site', 'Customize Dashboard' buttons group in several cases 11855: Removal of obsolete PageRenderer source and config 11856: Log4j added to classpath for Eclipse project build (for recent NTLM filter logging changes) 11857: Added logging settings for various useful connector/ntlm classes 11858: Fixed the passthru authentication logic when a domain name is not specified by the client. The first passthru server that does not have a domain name set will be used. 11868: Output errors message(s) when the Share URL is configured incorrectly 11871: Removed file checked in accidentally, this is generated by continuous build 11872: Changed the WebDAV user object session attribute so that it does not clash with the web-client user attribute. The WebDAV user object is not derived from the User object that the web-client uses. 11874: Fixed ETHREEOH-732: Enabling benchmark-override-context.xml leads to ClassNotFoundException 11875: Fixed ETHREEOH-733: Spring jar missing benchmark remote client git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12484 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../benchmark-override-context.xml.sample | 14 +-- .../ntlm/NTLMAuthenticationComponentImpl.java | 94 ++++++++++++++++++- 2 files changed, 94 insertions(+), 14 deletions(-) diff --git a/config/alfresco/extension/benchmark-override-context.xml.sample b/config/alfresco/extension/benchmark-override-context.xml.sample index c7f579de1e..2cdef1e0d0 100644 --- a/config/alfresco/extension/benchmark-override-context.xml.sample +++ b/config/alfresco/extension/benchmark-override-context.xml.sample @@ -1,4 +1,4 @@ - + @@ -8,18 +8,6 @@ --> - - - - - - - - - - - - diff --git a/source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java b/source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java index 83e33f462b..fda4d945ce 100644 --- a/source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java +++ b/source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java @@ -33,6 +33,7 @@ import java.security.Provider; import java.security.Security; import java.util.Enumeration; import java.util.Hashtable; +import java.util.StringTokenizer; import javax.transaction.UserTransaction; @@ -45,8 +46,10 @@ import net.sf.acegisecurity.GrantedAuthorityImpl; import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.jlan.server.auth.PasswordEncryptor; +import org.alfresco.jlan.server.auth.passthru.AuthSessionFactory; import org.alfresco.jlan.server.auth.passthru.AuthenticateSession; import org.alfresco.jlan.server.auth.passthru.PassthruServers; +import org.alfresco.jlan.smb.Protocol; import org.alfresco.jlan.smb.SMBException; import org.alfresco.jlan.smb.SMBStatus; import org.alfresco.model.ContentModel; @@ -118,6 +121,10 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo private PassthruReaperThread m_reaperThread; + // Null domain uses any available server option + + private boolean m_nullDomainUseAnyServer; + /** * Passthru Session Reaper Thread */ @@ -247,6 +254,8 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo m_passthruServers = new PassthruServers(); + m_passthruServers.setDebug( logger.isDebugEnabled()); + // Create the password encryptor for local password hashing m_encryptor = new PasswordEncryptor(); @@ -381,6 +390,20 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo { m_allowAuthUserAsGuest = Boolean.parseBoolean(auth); } + + /** + * Allow null domain passthru logons to use the first available passthru server + * + * @param nullDomain String + */ + public void setNullDomainUseAnyServer(String nullDomain) + { + m_nullDomainUseAnyServer = Boolean.parseBoolean(nullDomain); + + // Push the setting to the passthru server component + + m_passthruServers.setNullDomainUseAnyServer( m_nullDomainUseAnyServer); + } /** * Set the JCE provider @@ -460,7 +483,67 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo throw new AlfrescoRuntimeException("Invalid authenication session timeout value"); } } - + + /** + * Set the protocol order for passthru connections + * + * @param protoOrder String + */ + public void setProtocolOrder(String protoOrder) + { + // Parse the protocol order list + + StringTokenizer tokens = new StringTokenizer( protoOrder, ","); + int primaryProto = Protocol.None; + int secondaryProto = Protocol.None; + + // There should only be one or two tokens + + if ( tokens.countTokens() > 2) + throw new AlfrescoRuntimeException("Invalid protocol order list, " + protoOrder); + + // Get the primary protocol + + if ( tokens.hasMoreTokens()) + { + // Parse the primary protocol + + String primaryStr = tokens.nextToken(); + + if ( primaryStr.equalsIgnoreCase( "TCPIP")) + primaryProto = Protocol.NativeSMB; + else if ( primaryStr.equalsIgnoreCase( "NetBIOS")) + primaryProto = Protocol.TCPNetBIOS; + else + throw new AlfrescoRuntimeException("Invalid protocol type, " + primaryStr); + + // Check if there is a secondary protocol, and validate + + if ( tokens.hasMoreTokens()) + { + // Parse the secondary protocol + + String secondaryStr = tokens.nextToken(); + + if ( secondaryStr.equalsIgnoreCase( "TCPIP") && primaryProto != Protocol.NativeSMB) + secondaryProto = Protocol.NativeSMB; + else if ( secondaryStr.equalsIgnoreCase( "NetBIOS") && primaryProto != Protocol.TCPNetBIOS) + secondaryProto = Protocol.TCPNetBIOS; + else + throw new AlfrescoRuntimeException("Invalid secondary protocol, " + secondaryStr); + } + } + + // Set the protocol order used for passthru authentication sessions + + AuthSessionFactory.setProtocolOrder( primaryProto, secondaryProto); + + // DEBUG + + if (logger.isDebugEnabled()) + logger.debug("Protocol order primary=" + Protocol.asString(primaryProto) + ", secondary=" + Protocol.asString(secondaryProto)); + } + /** * Return the authentication session timeout, in milliseconds * @@ -538,8 +621,17 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo authSess = m_passthruServers.openSession(); + // Check fi the passthru session is valid + if ( authSess == null) + { + // DEBUG + + if ( logger.isDebugEnabled()) + logger.debug( "Failed to open passthru session, or no valid passthru server available for " + ntlmToken); + throw new AuthenticationException("Failed to open session to passthru server"); + } // Authenticate using the credentials supplied