inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.1 to HEAD

Browse Source 
13077: Abstracted ContentStore MBean operations
   13099: Merge V3.0 to V3.1
      13096  Merged V2.2 to V3.0
         13071: Fix ETWOTWO-1058: Hibernate exception while concurrently submitting from and updating same user sandbox.
         13079: Fix ETWOTWO-1117: Misleading exceptions reported during AVM flatten and update
   13102: [no comment]
   13112: Merged V3.0 to V3.1
      13111: Merged V2.2 to V3.0
         13110: Fix 2.1 -> 2.2 upgrade on Postgres
   13114: Build/test fix (Enterprise Remote API project does not yet have any Java files to generate Javadoc)
   13117: DM Index Check - unit test improvements
   13123: *RECORD ONLY* Removed svn:mergeinfo fluff
   13124: Used newer, more efficient NodeService.addProperties method instead of many NodeService.setProperty calls
   13125: Added M2Binding for 'child-association': propagateTimestamps'
   13126: WCM unit tests - reduce build/test time to check (async) submits
   13127: Minor test fix - to allow it to run locally (on Mac OS X)
   13130: Support for 'maxRetries' of zero or less
   13131: Merged V3.0 to V3.1
      13025 *RECORD-ONLY*: Removed unnecessary svn:mergeinfo
      13026: Merged V2.2 to V3.0
         12964: Fixed ETWOTWO-968: Space rules are not run when saving from MS Word
         12993 *RECORD-ONLY*: added openoffice bootstrap context to sample-extensions
         13009 *RECORD-ONLY*: Avoid default OOo config from causing problems on zip/gz installs
   13132: Updated svn:mergeinfo
   13134: ETHREEOH-1202 - initial fix and unit tests
   ___________________________________________________________________
   Modified: svn:mergeinfo
      Merged /alfresco/BRANCHES/V3.0:r13005,13025-13026,13030,13039,13042,13050,13053,13096,13098,13111
      Merged /alfresco/BRANCHES/V2.2:r12964,12993,13009,13071,13079,13110
      Merged /alfresco/BRANCHES/V3.1:r13077,13099,13102,13112,13114,13117,13123-13127,13130-13132,13134


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@13564 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2009-03-11 13:19:59 +00:00
parent 9d3fd6680d
commit cf86bf466c
46 changed files with 4765 additions and 4028 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/java/org/alfresco/filesys/auth/cifs/AlfrescoCifsAuthenticator.java
View File

@@ -166,7 +166,7 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
{
// Start a transaction
tx = getTransactionService().getUserTransaction( false);
tx = createTransaction();
tx.begin();
// Perform local MD4 password check
@@ -177,7 +177,7 @@ public class AlfrescoCifsAuthenticator extends CifsAuthenticatorBase
{
// Start a transaction
tx = getTransactionService().getUserTransaction( false);
tx = createTransaction();
tx.begin();
// Perform passthru authentication password check

23
source/java/org/alfresco/filesys/auth/cifs/CifsAuthenticatorBase.java
View File

@@ -369,7 +369,7 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator
// Check if the user name is an administrator
UserTransaction tx = getTransactionService().getUserTransaction();
UserTransaction tx = createTransaction();
try {
tx.begin();
@@ -400,4 +400,25 @@ public abstract class CifsAuthenticatorBase extends CifsAuthenticator
}
}
}
/**
* Create a transaction, this will be a wrteable transaction unless the system is in read-only mode.
*
* return UserTransaction
*/
protected final UserTransaction createTransaction()
{
// Get the transaction service
TransactionService txService = getTransactionService();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Using " + (txService.isReadOnly() ? "ReadOnly" : "Write") + " transaction");
// Create the transaction
return txService.getUserTransaction( txService.isReadOnly() ? true : false);
}
}

4
source/java/org/alfresco/filesys/auth/cifs/EnterpriseCifsAuthenticator.java
View File

@@ -561,7 +561,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
{
// Start a transaction
tx = getTransactionService().getUserTransaction( false);
tx = createTransaction();
tx.begin();
// Process the hashed password session setup
@@ -718,7 +718,7 @@ public class EnterpriseCifsAuthenticator extends CifsAuthenticatorBase implement
// Start a transaction
tx = getTransactionService().getUserTransaction( false);
tx = createTransaction();
tx.begin();
// Process the security blob

4
source/java/org/alfresco/filesys/auth/cifs/PassthruCifsAuthenticator.java
View File

@@ -174,7 +174,7 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements
// Start a transaction
UserTransaction tx = getTransactionService().getUserTransaction( false);
UserTransaction tx = createTransaction();
int authSts = AUTH_DISALLOW;
try
@@ -1015,7 +1015,7 @@ public class PassthruCifsAuthenticator extends CifsAuthenticatorBase implements
{
// Wrap the service calls in a transaction
UserTransaction tx = getTransactionService().getUserTransaction( false);
UserTransaction tx = createTransaction();
try
{

389
source/java/org/alfresco/filesys/auth/ftp/FTPAuthenticatorBase.java
View File

@@ -1,191 +1,198 @@
/*
* Copyright (C) 2006-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.filesys.auth.ftp;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.AlfrescoConfigSection;
import org.alfresco.jlan.ftp.FTPAuthenticator;
import org.alfresco.jlan.ftp.FTPSrvSession;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
*
* @author gkspencer
*/
public abstract class FTPAuthenticatorBase implements FTPAuthenticator {
// Logging
protected static final Log logger = LogFactory.getLog("org.alfresco.ftp.protocol.auth");
// Alfresco configuration section
private AlfrescoConfigSection m_alfrescoConfig;
/**
* Default constructor
*/
public FTPAuthenticatorBase() {
}
/**
* Initialize the authenticator
*
* @param config ServerConfiguration
* @param params ConfigElement
* @exception InvalidConfigurationException
*/
public void initialize(ServerConfiguration config, ConfigElement params)
throws InvalidConfigurationException {
// Get the alfresco configuration section, required to get hold of various
// services/components
m_alfrescoConfig = (AlfrescoConfigSection) config.getConfigSection(AlfrescoConfigSection.SectionName);
// Check that the required authentication classes are available
if ( m_alfrescoConfig == null || getAuthenticationComponent() == null)
throw new InvalidConfigurationException("Authentication component not available");
}
/**
* Authenticate the user
*
* @param client ClientInfo
* @param sess FTPSrvSession
* @return boolean
*/
public abstract boolean authenticateUser(ClientInfo info, FTPSrvSession sess);
/**
* Close the authenticator, perform any cleanup
*/
public void closeAuthenticator()
{
}
/**
* Return the authentication componenet
*
* @return AuthenticationComponent
*/
protected final AuthenticationComponent getAuthenticationComponent() {
return m_alfrescoConfig.getAuthenticationComponent();
}
/**
* Return the authentication service
*
* @return AuthenticationService
*/
protected final AuthenticationService getAuthenticationService() {
return m_alfrescoConfig.getAuthenticationService();
}
/**
* Return the transaction service
*
* @return TransactionService
*/
protected final TransactionService getTransactionService() {
return m_alfrescoConfig.getTransactionService();
}
/**
* Return the authority service
*
* @return AuthorityService
*/
protected final AuthorityService getAuthorityService() {
return m_alfrescoConfig.getAuthorityService();
}
/**
* Check if the user is an administrator user name
*
* @param cInfo ClientInfo
*/
protected final void checkForAdminUserName(ClientInfo cInfo) {
// Check if the user name is an administrator
UserTransaction tx = getTransactionService().getUserTransaction();
try {
tx.begin();
if ( cInfo.getLogonType() == ClientInfo.LogonNormal && getAuthorityService().isAdminAuthority(cInfo.getUserName())) {
// Indicate that this is an administrator logon
cInfo.setLogonType(ClientInfo.LogonAdmin);
}
tx.commit();
}
catch (Throwable ex) {
try {
tx.rollback();
}
catch (Throwable ex2) {
logger.error("Failed to rollback transaction", ex2);
}
// Re-throw the exception
if ( ex instanceof RuntimeException) {
throw (RuntimeException) ex;
}
else {
throw new RuntimeException("Error during execution of transaction.", ex);
}
}
}
/**
* Create a transaction, this will be a wrteable transaction unless the system is in read-only mode.
*
* return UserTransaction
*/
protected final UserTransaction createTransaction()
{
// Get the transaction service
TransactionService txService = getTransactionService();
return txService.getUserTransaction( txService.isReadOnly() ? true : false);
}
}
/*
* Copyright (C) 2006-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.filesys.auth.ftp;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.AlfrescoConfigSection;
import org.alfresco.jlan.ftp.FTPAuthenticator;
import org.alfresco.jlan.ftp.FTPSrvSession;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.repo.security.authentication.AuthenticationComponent;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
*
* @author gkspencer
*/
public abstract class FTPAuthenticatorBase implements FTPAuthenticator {
// Logging
protected static final Log logger = LogFactory.getLog("org.alfresco.ftp.protocol.auth");
// Alfresco configuration section
private AlfrescoConfigSection m_alfrescoConfig;
/**
* Default constructor
*/
public FTPAuthenticatorBase() {
}
/**
* Initialize the authenticator
*
* @param config ServerConfiguration
* @param params ConfigElement
* @exception InvalidConfigurationException
*/
public void initialize(ServerConfiguration config, ConfigElement params)
throws InvalidConfigurationException {
// Get the alfresco configuration section, required to get hold of various
// services/components
m_alfrescoConfig = (AlfrescoConfigSection) config.getConfigSection(AlfrescoConfigSection.SectionName);
// Check that the required authentication classes are available
if ( m_alfrescoConfig == null || getAuthenticationComponent() == null)
throw new InvalidConfigurationException("Authentication component not available");
}
/**
* Authenticate the user
*
* @param client ClientInfo
* @param sess FTPSrvSession
* @return boolean
*/
public abstract boolean authenticateUser(ClientInfo info, FTPSrvSession sess);
/**
* Close the authenticator, perform any cleanup
*/
public void closeAuthenticator()
{
}
/**
* Return the authentication componenet
*
* @return AuthenticationComponent
*/
protected final AuthenticationComponent getAuthenticationComponent() {
return m_alfrescoConfig.getAuthenticationComponent();
}
/**
* Return the authentication service
*
* @return AuthenticationService
*/
protected final AuthenticationService getAuthenticationService() {
return m_alfrescoConfig.getAuthenticationService();
}
/**
* Return the transaction service
*
* @return TransactionService
*/
protected final TransactionService getTransactionService() {
return m_alfrescoConfig.getTransactionService();
}
/**
* Return the authority service
*
* @return AuthorityService
*/
protected final AuthorityService getAuthorityService() {
return m_alfrescoConfig.getAuthorityService();
}
/**
* Check if the user is an administrator user name
*
* @param cInfo ClientInfo
*/
protected final void checkForAdminUserName(ClientInfo cInfo) {
// Check if the user name is an administrator
UserTransaction tx = getTransactionService().getUserTransaction();
try {
tx.begin();
if ( cInfo.getLogonType() == ClientInfo.LogonNormal && getAuthorityService().isAdminAuthority(cInfo.getUserName())) {
// Indicate that this is an administrator logon
cInfo.setLogonType(ClientInfo.LogonAdmin);
}
tx.commit();
}
catch (Throwable ex) {
try {
tx.rollback();
}
catch (Throwable ex2) {
logger.error("Failed to rollback transaction", ex2);
}
// Re-throw the exception
if ( ex instanceof RuntimeException) {
throw (RuntimeException) ex;
}
else {
throw new RuntimeException("Error during execution of transaction.", ex);
}
}
}
/**
* Create a transaction, this will be a wrteable transaction unless the system is in read-only mode.
*
* return UserTransaction
*/
protected final UserTransaction createTransaction()
{
// Get the transaction service
TransactionService txService = getTransactionService();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Using " + (txService.isReadOnly() ? "ReadOnly" : "Write") + " transaction");
// Create the transaction
return txService.getUserTransaction( txService.isReadOnly() ? true : false);
}
}

946
source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java
View File

@@ -1,462 +1,484 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.filesys.auth.nfs;
import java.util.HashMap;
import java.util.List;
import javax.transaction.Status;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.AlfrescoConfigSection;
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
import org.alfresco.jlan.oncrpc.AuthType;
import org.alfresco.jlan.oncrpc.Rpc;
import org.alfresco.jlan.oncrpc.RpcAuthenticationException;
import org.alfresco.jlan.oncrpc.RpcAuthenticator;
import org.alfresco.jlan.oncrpc.RpcPacket;
import org.alfresco.jlan.oncrpc.nfs.NFS;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Alfresco RPC Authenticator Class
*
* <p>Provides authentication support for the NFS server.
*
* @author gkspencer
*/
public class AlfrescoRpcAuthenticator implements RpcAuthenticator {
// Debug logging
private static final Log logger = LogFactory.getLog("org.alfresco.nfs.protocol.auth");
// Authentication types aupported by this implementation
private int[] _authTypes = { AuthType.Unix };
// UID/GID to username conversions
private HashMap<Integer, String> m_idMap;
// Alfresco configuration
protected AlfrescoConfigSection m_alfrescoConfig;
/**
* Authenticate an RPC client and create a unique session id key.
*
* @param authType int
* @param rpc RpcPacket
* @return Object
* @throws RpcAuthenticationException
*/
public Object authenticateRpcClient(int authType, RpcPacket rpc)
throws RpcAuthenticationException {
// Create a unique session key depending on the authentication type
Object sessKey = null;
if (authType == AuthType.Unix) {
// Get the gid and uid from the credentials data in the request
rpc.positionAtCredentialsData();
rpc.skipBytes(4);
int nameLen = rpc.unpackInt();
rpc.skipBytes(nameLen);
int uid = rpc.unpackInt();
int gid = rpc.unpackInt();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "RpcAuth: Type=Unix uid=" + uid + ", gid=" + gid);
// Check that there is a user name mapping for the uid/gid
Integer idKey = new Integer((gid << 16) + uid);
String userName = m_idMap.get( idKey);
if ( userName == null)
throw new RpcAuthenticationException( NFS.StsAccess);
// Check if the Unix authentication session table is valid
sessKey = new Long((((long) rpc.getClientAddress().hashCode()) << 32) + (gid << 16) + uid);
}
else if ( authType == AuthType.Null)
{
// Set the session key for the null authentication
sessKey = new Integer(rpc.getClientAddress().hashCode());
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "RpcAuth: Type=Null client=" + rpc.getClientAddress());
}
// Check if the session key is valid, if not then the authentication
// type is unsupported
if (sessKey == null)
throw new RpcAuthenticationException(Rpc.AuthBadCred, "Unsupported auth type, " + authType);
// DEBUG
if (logger.isDebugEnabled())
logger.debug("RpcAuth: RPC from " + rpc.getClientDetails()
+ ", authType=" + AuthType.getTypeAsString(authType)
+ ", sessKey=" + sessKey);
// Return the session key
return sessKey;
}
/**
* Return the authentication types that are supported by this
* implementation.
*
* @return int[]
*/
public int[] getRpcAuthenticationTypes() {
return _authTypes;
}
/**
* Return the client information for the specified RPC request
*
* @param sessKey Object
* @param rpc RpcPacket
* @return ClientInfo
*/
public ClientInfo getRpcClientInformation(Object sessKey, RpcPacket rpc)
{
// Create a client information object to hold the client details
ClientInfo cInfo = null;
// Get the authentication type
int authType = rpc.getCredentialsType();
// Unpack the client details from the RPC request
if ( authType == AuthType.Unix) {
// Unpack the credentials data
rpc.positionAtCredentialsData();
rpc.skipBytes(4); // stamp id
String clientAddr = rpc.unpackString();
int uid = rpc.unpackInt();
int gid = rpc.unpackInt();
// Check for an additional groups list
int grpLen = rpc.unpackInt();
int[] groups = null;
if (grpLen > 0) {
groups = new int[grpLen];
rpc.unpackIntArray(groups);
}
// Get the user name mapping for the uid/gid and authenticate
Integer idKey = new Integer((gid << 16) + uid);
String userName = m_idMap.get( idKey);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "RpcClientInfo: username=" + userName + ", uid=" + uid + ", gid=" + gid);
// Create the client information if there is a valid mapping
if ( userName != null)
{
// Create the client information and fill in relevant fields
cInfo = ClientInfo.getFactory().createInfo( userName, null);
cInfo.setNFSAuthenticationType( authType);
cInfo.setClientAddress( clientAddr);
cInfo.setUid( uid);
cInfo.setGid( gid);
cInfo.setGroupsList(groups);
}
// DEBUG
if (logger.isDebugEnabled())
logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(authType) + ", name="
+ clientAddr + ", uid=" + uid + ", gid=" + gid + ", groups=" + grpLen);
}
else if ( authType == AuthType.Null)
{
// Create the client information
cInfo = ClientInfo.getFactory().createInfo( "", null);
cInfo.setClientAddress(rpc.getClientAddress().getHostAddress());
// DEBUG
if (logger.isDebugEnabled())
logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(authType) + ", addr="
+ rpc.getClientAddress().getHostAddress());
}
// Return the client information
return cInfo;
}
/**
* Set the current authenticated user context for this thread
*
* @param sess SrvSession
* @param client ClientInfo
*/
public void setCurrentUser( SrvSession sess, ClientInfo client)
{
// Start a transaction
UserTransaction tx = m_alfrescoConfig.getTransactionService().getUserTransaction( false);
try
{
// start the transaction
tx.begin();
// Check the account type and setup the authentication context
if ( client == null || client.isNullSession() || client instanceof AlfrescoClientInfo == false)
{
// Clear the authentication, null user should not be allowed to do any service calls
m_alfrescoConfig.getAuthenticationComponent().clearCurrentSecurityContext();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Clear security context, client=" + client);
}
else if ( client.isGuest() == false)
{
// Access the Alfresco client
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
// Check if the authentication token has been set for the client
if ( alfClient.hasAuthenticationToken() == false)
{
// Set the current user and retrieve the authentication token
m_alfrescoConfig.getAuthenticationComponent().setCurrentUser( client.getUserName());
alfClient.setAuthenticationToken( m_alfrescoConfig.getAuthenticationComponent().getCurrentAuthentication());
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Set user name=" + client.getUserName() + ", token=" + alfClient.getAuthenticationToken());
}
else
{
// Set the authentication context for the request
m_alfrescoConfig.getAuthenticationComponent().setCurrentAuthentication( alfClient.getAuthenticationToken());
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Set user using auth token, token=" + alfClient.getAuthenticationToken());
}
}
else
{
// Enable guest access for the request
m_alfrescoConfig.getAuthenticationComponent().setGuestUserAsCurrentUser();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Set guest user");
}
}
catch ( Exception ex)
{
if ( logger.isDebugEnabled())
logger.debug( ex);
}
finally
{
// Commit the transaction
if ( tx != null)
{
try
{
// Commit or rollback the transaction
if ( tx.getStatus() == Status.STATUS_MARKED_ROLLBACK)
{
// Transaction is marked for rollback
tx.rollback();
}
else
{
// Commit the transaction
tx.commit();
}
}
catch ( Exception ex)
{
}
}
}
}
/**
* Initialize the RPC authenticator
*
* @param config ServerConfiguration
* @param params NameValueList
* @throws InvalidConfigurationException
*/
public void initialize(ServerConfiguration config, ConfigElement params)
throws InvalidConfigurationException {
// Get the Alfresco configuration section, for access to services
m_alfrescoConfig = (AlfrescoConfigSection) config.getConfigSection( AlfrescoConfigSection.SectionName);
// Check for the user mappings
ConfigElement userMappings = params.getChild("userMappings");
if ( userMappings != null)
{
// Allocate the id mappings table
m_idMap = new HashMap<Integer, String>();
// Get the user map elements
List<ConfigElement> userMaps = userMappings.getChildren();
// Process the user list
for ( ConfigElement userElem : userMaps)
{
// Validate the element type
if ( userElem.getName().equalsIgnoreCase( "user"))
{
// Get the user name, user id and group id
String userName = userElem.getAttribute("name");
String uidStr = userElem.getAttribute("uid");
String gidStr = userElem.getAttribute("gid");
if ( userName == null || userName.length() == 0)
throw new InvalidConfigurationException("Empty user name, or name not specified");
if ( uidStr == null || uidStr.length() == 0)
throw new InvalidConfigurationException("Invalid uid, or uid not specified, for user " + userName);
if ( gidStr == null || gidStr.length() == 0)
throw new InvalidConfigurationException("Invalid gid, or gid not specified, for user " + userName);
// Parse the uid/gid
int uid = -1;
int gid = -1;
try
{
uid = Integer.parseInt( uidStr);
}
catch ( NumberFormatException ex)
{
throw new InvalidConfigurationException("Invalid uid value, " + uidStr + " for user " + userName);
}
try
{
gid = Integer.parseInt( gidStr);
}
catch ( NumberFormatException ex)
{
throw new InvalidConfigurationException("Invalid gid value, " + gidStr + " for user " + userName);
}
// Check if the mapping already exists
Integer idKey = new Integer(( gid << 16) + uid);
if ( m_idMap.containsKey( idKey) == false)
{
// Add the username uid/gid mapping
m_idMap.put( idKey, userName);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Added RPC user mapping for user " + userName + " uid=" + uid + ", gid=" + gid);
}
else if ( logger.isDebugEnabled())
{
// DEBUG
logger.debug("Ignored duplicate mapping for uid=" + uid + ", gid=" + gid);
}
}
else
throw new InvalidConfigurationException( "Invalid user mapping, " + userElem.getName());
}
}
// Make sure there are some user mappings
if ( m_idMap == null || m_idMap.size() == 0)
throw new InvalidConfigurationException("No user mappings for RPC authenticator");
}
}
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.filesys.auth.nfs;
import java.util.HashMap;
import java.util.List;
import javax.transaction.Status;
import javax.transaction.UserTransaction;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.AlfrescoConfigSection;
import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
import org.alfresco.jlan.oncrpc.AuthType;
import org.alfresco.jlan.oncrpc.Rpc;
import org.alfresco.jlan.oncrpc.RpcAuthenticationException;
import org.alfresco.jlan.oncrpc.RpcAuthenticator;
import org.alfresco.jlan.oncrpc.RpcPacket;
import org.alfresco.jlan.oncrpc.nfs.NFS;
import org.alfresco.jlan.server.SrvSession;
import org.alfresco.jlan.server.auth.ClientInfo;
import org.alfresco.jlan.server.config.InvalidConfigurationException;
import org.alfresco.jlan.server.config.ServerConfiguration;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Alfresco RPC Authenticator Class
*
* <p>Provides authentication support for the NFS server.
*
* @author gkspencer
*/
public class AlfrescoRpcAuthenticator implements RpcAuthenticator {
// Debug logging
private static final Log logger = LogFactory.getLog("org.alfresco.nfs.protocol.auth");
// Authentication types aupported by this implementation
private int[] _authTypes = { AuthType.Unix };
// UID/GID to username conversions
private HashMap<Integer, String> m_idMap;
// Alfresco configuration
protected AlfrescoConfigSection m_alfrescoConfig;
/**
* Authenticate an RPC client and create a unique session id key.
*
* @param authType int
* @param rpc RpcPacket
* @return Object
* @throws RpcAuthenticationException
*/
public Object authenticateRpcClient(int authType, RpcPacket rpc)
throws RpcAuthenticationException {
// Create a unique session key depending on the authentication type
Object sessKey = null;
if (authType == AuthType.Unix) {
// Get the gid and uid from the credentials data in the request
rpc.positionAtCredentialsData();
rpc.skipBytes(4);
int nameLen = rpc.unpackInt();
rpc.skipBytes(nameLen);
int uid = rpc.unpackInt();
int gid = rpc.unpackInt();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "RpcAuth: Type=Unix uid=" + uid + ", gid=" + gid);
// Check that there is a user name mapping for the uid/gid
Integer idKey = new Integer((gid << 16) + uid);
String userName = m_idMap.get( idKey);
if ( userName == null)
throw new RpcAuthenticationException( NFS.StsAccess);
// Check if the Unix authentication session table is valid
sessKey = new Long((((long) rpc.getClientAddress().hashCode()) << 32) + (gid << 16) + uid);
}
else if ( authType == AuthType.Null)
{
// Set the session key for the null authentication
sessKey = new Integer(rpc.getClientAddress().hashCode());
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "RpcAuth: Type=Null client=" + rpc.getClientAddress());
}
// Check if the session key is valid, if not then the authentication
// type is unsupported
if (sessKey == null)
throw new RpcAuthenticationException(Rpc.AuthBadCred, "Unsupported auth type, " + authType);
// DEBUG
if (logger.isDebugEnabled())
logger.debug("RpcAuth: RPC from " + rpc.getClientDetails()
+ ", authType=" + AuthType.getTypeAsString(authType)
+ ", sessKey=" + sessKey);
// Return the session key
return sessKey;
}
/**
* Return the authentication types that are supported by this
* implementation.
*
* @return int[]
*/
public int[] getRpcAuthenticationTypes() {
return _authTypes;
}
/**
* Return the client information for the specified RPC request
*
* @param sessKey Object
* @param rpc RpcPacket
* @return ClientInfo
*/
public ClientInfo getRpcClientInformation(Object sessKey, RpcPacket rpc)
{
// Create a client information object to hold the client details
ClientInfo cInfo = null;
// Get the authentication type
int authType = rpc.getCredentialsType();
// Unpack the client details from the RPC request
if ( authType == AuthType.Unix) {
// Unpack the credentials data
rpc.positionAtCredentialsData();
rpc.skipBytes(4); // stamp id
String clientAddr = rpc.unpackString();
int uid = rpc.unpackInt();
int gid = rpc.unpackInt();
// Check for an additional groups list
int grpLen = rpc.unpackInt();
int[] groups = null;
if (grpLen > 0) {
groups = new int[grpLen];
rpc.unpackIntArray(groups);
}
// Get the user name mapping for the uid/gid and authenticate
Integer idKey = new Integer((gid << 16) + uid);
String userName = m_idMap.get( idKey);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug( "RpcClientInfo: username=" + userName + ", uid=" + uid + ", gid=" + gid);
// Create the client information if there is a valid mapping
if ( userName != null)
{
// Create the client information and fill in relevant fields
cInfo = ClientInfo.getFactory().createInfo( userName, null);
cInfo.setNFSAuthenticationType( authType);
cInfo.setClientAddress( clientAddr);
cInfo.setUid( uid);
cInfo.setGid( gid);
cInfo.setGroupsList(groups);
}
// DEBUG
if (logger.isDebugEnabled())
logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(authType) + ", name="
+ clientAddr + ", uid=" + uid + ", gid=" + gid + ", groups=" + grpLen);
}
else if ( authType == AuthType.Null)
{
// Create the client information
cInfo = ClientInfo.getFactory().createInfo( "", null);
cInfo.setClientAddress(rpc.getClientAddress().getHostAddress());
// DEBUG
if (logger.isDebugEnabled())
logger.debug("RpcAuth: Client info, type=" + AuthType.getTypeAsString(authType) + ", addr="
+ rpc.getClientAddress().getHostAddress());
}
// Return the client information
return cInfo;
}
/**
* Set the current authenticated user context for this thread
*
* @param sess SrvSession
* @param client ClientInfo
*/
public void setCurrentUser( SrvSession sess, ClientInfo client)
{
// Start a transaction
UserTransaction tx = createTransaction();
try
{
// start the transaction
tx.begin();
// Check the account type and setup the authentication context
if ( client == null || client.isNullSession() || client instanceof AlfrescoClientInfo == false)
{
// Clear the authentication, null user should not be allowed to do any service calls
m_alfrescoConfig.getAuthenticationComponent().clearCurrentSecurityContext();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Clear security context, client=" + client);
}
else if ( client.isGuest() == false)
{
// Access the Alfresco client
AlfrescoClientInfo alfClient = (AlfrescoClientInfo) client;
// Check if the authentication token has been set for the client
if ( alfClient.hasAuthenticationToken() == false)
{
// Set the current user and retrieve the authentication token
m_alfrescoConfig.getAuthenticationComponent().setCurrentUser( client.getUserName());
alfClient.setAuthenticationToken( m_alfrescoConfig.getAuthenticationComponent().getCurrentAuthentication());
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Set user name=" + client.getUserName() + ", token=" + alfClient.getAuthenticationToken());
}
else
{
// Set the authentication context for the request
m_alfrescoConfig.getAuthenticationComponent().setCurrentAuthentication( alfClient.getAuthenticationToken());
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Set user using auth token, token=" + alfClient.getAuthenticationToken());
}
}
else
{
// Enable guest access for the request
m_alfrescoConfig.getAuthenticationComponent().setGuestUserAsCurrentUser();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Set guest user");
}
}
catch ( Exception ex)
{
if ( logger.isDebugEnabled())
logger.debug( ex);
}
finally
{
// Commit the transaction
if ( tx != null)
{
try
{
// Commit or rollback the transaction
if ( tx.getStatus() == Status.STATUS_MARKED_ROLLBACK)
{
// Transaction is marked for rollback
tx.rollback();
}
else
{
// Commit the transaction
tx.commit();
}
}
catch ( Exception ex)
{
}
}
}
}
/**
* Initialize the RPC authenticator
*
* @param config ServerConfiguration
* @param params NameValueList
* @throws InvalidConfigurationException
*/
public void initialize(ServerConfiguration config, ConfigElement params)
throws InvalidConfigurationException {
// Get the Alfresco configuration section, for access to services
m_alfrescoConfig = (AlfrescoConfigSection) config.getConfigSection( AlfrescoConfigSection.SectionName);
// Check for the user mappings
ConfigElement userMappings = params.getChild("userMappings");
if ( userMappings != null)
{
// Allocate the id mappings table
m_idMap = new HashMap<Integer, String>();
// Get the user map elements
List<ConfigElement> userMaps = userMappings.getChildren();
// Process the user list
for ( ConfigElement userElem : userMaps)
{
// Validate the element type
if ( userElem.getName().equalsIgnoreCase( "user"))
{
// Get the user name, user id and group id
String userName = userElem.getAttribute("name");
String uidStr = userElem.getAttribute("uid");
String gidStr = userElem.getAttribute("gid");
if ( userName == null || userName.length() == 0)
throw new InvalidConfigurationException("Empty user name, or name not specified");
if ( uidStr == null || uidStr.length() == 0)
throw new InvalidConfigurationException("Invalid uid, or uid not specified, for user " + userName);
if ( gidStr == null || gidStr.length() == 0)
throw new InvalidConfigurationException("Invalid gid, or gid not specified, for user " + userName);
// Parse the uid/gid
int uid = -1;
int gid = -1;
try
{
uid = Integer.parseInt( uidStr);
}
catch ( NumberFormatException ex)
{
throw new InvalidConfigurationException("Invalid uid value, " + uidStr + " for user " + userName);
}
try
{
gid = Integer.parseInt( gidStr);
}
catch ( NumberFormatException ex)
{
throw new InvalidConfigurationException("Invalid gid value, " + gidStr + " for user " + userName);
}
// Check if the mapping already exists
Integer idKey = new Integer(( gid << 16) + uid);
if ( m_idMap.containsKey( idKey) == false)
{
// Add the username uid/gid mapping
m_idMap.put( idKey, userName);
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Added RPC user mapping for user " + userName + " uid=" + uid + ", gid=" + gid);
}
else if ( logger.isDebugEnabled())
{
// DEBUG
logger.debug("Ignored duplicate mapping for uid=" + uid + ", gid=" + gid);
}
}
else
throw new InvalidConfigurationException( "Invalid user mapping, " + userElem.getName());
}
}
// Make sure there are some user mappings
if ( m_idMap == null || m_idMap.size() == 0)
throw new InvalidConfigurationException("No user mappings for RPC authenticator");
}
/**
* Create a transaction, this will be a wrteable transaction unless the system is in read-only mode.
*
* return UserTransaction
*/
protected final UserTransaction createTransaction()
{
// Get the transaction service
TransactionService txService = m_alfrescoConfig.getTransactionService();
// DEBUG
if ( logger.isDebugEnabled())
logger.debug("Using " + (txService.isReadOnly() ? "ReadOnly" : "Write") + " transaction");
// Create the transaction
return txService.getUserTransaction( txService.isReadOnly() ? true : false);
}
}

1380
source/java/org/alfresco/filesys/repo/CifsHelper.java
View File

File diff suppressed because it is too large Load Diff