inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Moving to root below branch label

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2005 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2005-12-08 07:13:07 +00:00
commit e1e6508fec
1095 changed files with 230566 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
source/java/org/alfresco/filesys/server/auth/acl/ACLParseException.java Normal file
View File

@@ -0,0 +1,43 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
/**
* Access Control Parse Exception Class
*/
public class ACLParseException extends Exception
{
private static final long serialVersionUID = 3978983284405776688L;
/**
* Default constructor.
*/
public ACLParseException()
{
super();
}
/**
* Class constructor.
*
* @param s java.lang.String
*/
public ACLParseException(String s)
{
super(s);
}
}

246
source/java/org/alfresco/filesys/server/auth/acl/AccessControl.java Normal file
View File

@@ -0,0 +1,246 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import java.util.StringTokenizer;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.core.SharedDevice;
/**
* Access Control Base Class
* <p>
* Controls access to a shared filesystem.
*/
public abstract class AccessControl
{
// Access control type/status
public final static int NoAccess = 0;
public final static int ReadOnly = 1;
public final static int ReadWrite = 2;
public final static int MaxLevel = 2;
// Default access status, indicates that the access conrol did not apply
public final static int Default = -1;
// Access type strings
private final static String[] _accessType = { "None", "Read", "Write" };
// Access control name and type
private String m_name;
private String m_type;
// Access type
private int m_access;
/**
* Class constructor
*
* @param name String
* @param type String
* @param access int
*/
protected AccessControl(String name, String type, int access)
{
setName(name);
setType(type);
m_access = access;
}
/**
* Return the access control name
*
* @return String
*/
public final String getName()
{
return m_name;
}
/**
* Return the access control type
*
* @return String
*/
public final String getType()
{
return m_type;
}
/**
* Return the access control check type
*
* @return int
*/
public final int getAccess()
{
return m_access;
}
/**
* Return the access control check type as a string
*
* @return String
*/
public final String getAccessString()
{
return _accessType[m_access];
}
/**
* Check if the specified session has access to the shared device.
*
* @param sess SrvSession
* @param share SharedDevice
* @param mgr AccessControlManager
* @return int
*/
public abstract int allowsAccess(SrvSession sess, SharedDevice share, AccessControlManager mgr);
/**
* Return the index of a value from a list of valid values, or 01 if not valid
*
* @param val String
* @param list String[]
* @param caseSensitive boolean
* @return int
*/
protected final static int indexFromList(String val, String[] valid, boolean caseSensitive)
{
// Check if the value is valid
if (val == null || val.length() == 0)
return -1;
// Search for the matching value in the valid list
for (int i = 0; i < valid.length; i++)
{
// Check the current value in the valid list
if (caseSensitive)
{
if (valid[i].equals(val))
return i;
}
else if (valid[i].equalsIgnoreCase(val))
return i;
}
// Value does not match any of the valid values
return -1;
}
/**
* Create a list of valid strings from a comma delimeted list
*
* @param str String
* @return String[]
*/
protected final static String[] listFromString(String str)
{
// Check if the string is valid
if (str == null || str.length() == 0)
return null;
// Split the comma delimeted string into an array of strings
StringTokenizer token = new StringTokenizer(str, ",");
int numStrs = token.countTokens();
if (numStrs == 0)
return null;
String[] list = new String[numStrs];
// Parse the string into a list of strings
int i = 0;
while (token.hasMoreTokens())
list[i++] = token.nextToken();
// Return the string list
return list;
}
/**
* Set the access control type
*
* @param typ String
*/
protected final void setType(String typ)
{
m_type = typ;
}
/**
* Set the access control name
*
* @param name String
*/
protected final void setName(String name)
{
m_name = name;
}
/**
* Return the access control type as a string
*
* @param access int
* @return String
*/
public static final String asAccessString(int access)
{
if (access == Default)
return "Default";
return _accessType[access];
}
/**
* Return the access control as a string
*
* @return String
*/
public String toString()
{
StringBuffer str = new StringBuffer();
str.append("[");
str.append(getType());
str.append(":");
str.append(getName());
str.append(",");
str.append(getAccessString());
str.append("]");
return str.toString();
}
}

91
source/java/org/alfresco/filesys/server/auth/acl/AccessControlFactory.java Normal file
View File

@@ -0,0 +1,91 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import java.util.Hashtable;
import org.alfresco.config.ConfigElement;
/**
* Access Control Factoy Class
* <p>
* The AccessControlFactory class holds a table of available AccessControlParsers that are used to
* generate AccessControl instances.
* <p>
* An AccessControlParser has an associated unique type name that is used to call the appropriate
* parser.
*/
public class AccessControlFactory
{
// Access control parsers
private Hashtable<String, AccessControlParser> m_parsers;
/**
* Class constructor
*/
public AccessControlFactory()
{
m_parsers = new Hashtable<String, AccessControlParser>();
}
/**
* Create an access control using the specified parameters
*
* @param type String
* @param params ConfigElement
* @return AccessControl
* @exception ACLParseException
* @exception InvalidACLTypeException
*/
public final AccessControl createAccessControl(String type, ConfigElement params) throws ACLParseException,
InvalidACLTypeException
{
// Find the access control parser
AccessControlParser parser = m_parsers.get(type);
if (parser == null)
throw new InvalidACLTypeException(type);
// Parse the parameters and create a new AccessControl instance
return parser.createAccessControl(params);
}
/**
* Add a parser to the list of available parsers
*
* @param parser AccessControlParser
*/
public final void addParser(AccessControlParser parser)
{
m_parsers.put(parser.getType(), parser);
}
/**
* Remove a parser from the available parser list
*
* @param type String
* @return AccessControlParser
*/
public final AccessControlParser removeParser(String type)
{
return (AccessControlParser) m_parsers.remove(type);
}
}

158
source/java/org/alfresco/filesys/server/auth/acl/AccessControlList.java Normal file
View File

@@ -0,0 +1,158 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import java.util.Vector;
/**
* Access Control List Class
* <p>
* Contains a list of access controls for a shared filesystem.
*/
public class AccessControlList
{
// Access control list
private Vector<AccessControl> m_list;
// Default access level applied when rules return a default status
private int m_defaultAccess = AccessControl.ReadWrite;
/**
* Create an access control list.
*/
public AccessControlList()
{
m_list = new Vector<AccessControl>();
}
/**
* Get the default access level
*
* @return int
*/
public final int getDefaultAccessLevel()
{
return m_defaultAccess;
}
/**
* Set the default access level
*
* @param level int
* @exception InvalidACLTypeException If the access level is invalid
*/
public final void setDefaultAccessLevel(int level) throws InvalidACLTypeException
{
// Check the default access level
if (level < AccessControl.NoAccess || level > AccessControl.MaxLevel)
throw new InvalidACLTypeException();
// Set the default access level for the access control list
m_defaultAccess = level;
}
/**
* Add an access control to the list
*
* @param accCtrl AccessControl
*/
public final void addControl(AccessControl accCtrl)
{
// Add the access control to the list
m_list.add(accCtrl);
}
/**
* Return the specified access control
*
* @param idx int
* @return AccessControl
*/
public final AccessControl getControlAt(int idx)
{
if (idx < 0 || idx >= m_list.size())
return null;
return m_list.get(idx);
}
/**
* Return the number of access controls in the list
*
* @return int
*/
public final int numberOfControls()
{
return m_list.size();
}
/**
* Remove all access controls from the list
*/
public final void removeAllControls()
{
m_list.removeAllElements();
}
/**
* Remove the specified access control from the list.
*
* @param idx int
* @return AccessControl
*/
public final AccessControl removeControl(int idx)
{
if (idx < 0 || idx >= m_list.size())
return null;
return m_list.remove(idx);
}
/**
* Return the access control list as a string.
*
* @return java.lang.String
*/
public String toString()
{
StringBuffer str = new StringBuffer();
str.append("[");
str.append(m_list.size());
str.append(":");
str.append(":");
str.append(AccessControl.asAccessString(getDefaultAccessLevel()));
str.append(":");
for (int i = 0; i < m_list.size(); i++)
{
AccessControl ctrl = m_list.get(i);
str.append(ctrl.toString());
str.append(",");
}
str.append("]");
return str.toString();
}
}

80
source/java/org/alfresco/filesys/server/auth/acl/AccessControlManager.java Normal file
View File

@@ -0,0 +1,80 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.config.ServerConfiguration;
import org.alfresco.filesys.server.core.SharedDevice;
import org.alfresco.filesys.server.core.SharedDeviceList;
/**
* Access Control Manager Interface
* <p>
* Used to control access to shared filesystems.
*
* @author Gary K. Spencer
*/
public interface AccessControlManager
{
/**
* Initialize the access control manager
*
* @param config ServerConfiguration
* @param params ConfigElement
*/
public void initialize(ServerConfiguration config, ConfigElement params);
/**
* Check access to the shared filesystem for the specified session
*
* @param sess SrvSession
* @param share SharedDevice
* @return int
*/
public int checkAccessControl(SrvSession sess, SharedDevice share);
/**
* Filter a shared device list to remove shares that are not visible or the session does not
* have access to.
*
* @param sess SrvSession
* @param shares SharedDeviceList
* @return SharedDeviceList
*/
public SharedDeviceList filterShareList(SrvSession sess, SharedDeviceList shares);
/**
* Create an access control
*
* @param type String
* @param params ConfigElement
* @return AccessControl
* @exception ACLParseException
* @exception InvalidACLTypeException
*/
public AccessControl createAccessControl(String type, ConfigElement params) throws ACLParseException,
InvalidACLTypeException;
/**
* Add an access control parser to the list of available access control types.
*
* @param parser AccessControlParser
*/
public void addAccessControlType(AccessControlParser parser);
}

135
source/java/org/alfresco/filesys/server/auth/acl/AccessControlParser.java Normal file
View File

@@ -0,0 +1,135 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.config.ConfigElement;
/**
* Access Control Parser Class
* <p>
* Creates an AccessControl instance by parsing a set of name/value parameters.
*/
public abstract class AccessControlParser
{
// Constants
//
// Standard parameter names
public final static String ParameterAccess = "access";
// Access control type names
private final static String[] _accessTypes = { "None", "Read", "Write" };
/**
* Return the access control type name that uniquely identifies this type of access control.
*
* @return String
*/
public abstract String getType();
/**
* Create an AccessControl instance by parsing the set of name/value parameters
*
* @param params ConfigElement
* @return AccessControl
* @exception ACLParseException
*/
public abstract AccessControl createAccessControl(ConfigElement params) throws ACLParseException;
/**
* Find the access parameter and parse the value
*
* @param params ConfigElement
* @return int
* @exception ACLParseException
*/
protected final int parseAccessType(ConfigElement params) throws ACLParseException
{
// Check if the parameter list is valid
if (params == null)
throw new ACLParseException("Empty parameter list");
// Find the access type parameter
String accessType = params.getAttribute(ParameterAccess);
if (accessType == null || accessType.length() == 0)
throw new ACLParseException("Required parameter 'access' missing");
// Parse the access type value
return parseAccessTypeString(accessType);
}
/**
* Parse the access level type and validate
*
* @param accessType String
* @return int
* @exception ACLParseException
*/
public static final int parseAccessTypeString(String accessType) throws ACLParseException
{
// Check if the access type is valid
if (accessType == null || accessType.length() == 0)
throw new ACLParseException("Empty access type string");
// Parse the access type value
int access = -1;
for (int i = 0; i < _accessTypes.length; i++)
{
// Check if the access type matches the current type
if (accessType.equalsIgnoreCase(_accessTypes[i]))
access = i;
}
// Check if we found a valid access type
if (access == -1)
throw new ACLParseException("Invalid access type, " + accessType);
// Return the access type
return access;
}
/**
* Return the parser details as a string
*
* @return String
*/
public String toString()
{
StringBuffer str = new StringBuffer();
str.append("[");
str.append(getType());
str.append("]");
return str.toString();
}
}

281
source/java/org/alfresco/filesys/server/auth/acl/DefaultAccessControlManager.java Normal file
View File

@@ -0,0 +1,281 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import java.util.Enumeration;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.config.ServerConfiguration;
import org.alfresco.filesys.server.core.SharedDevice;
import org.alfresco.filesys.server.core.SharedDeviceList;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Default Access Control Manager Class
* <p>
* Default access control manager implementation.
*
* @author Gary K. Spencer
*/
public class DefaultAccessControlManager implements AccessControlManager
{
// Debug logging
private static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol");
// Access control factory
private AccessControlFactory m_factory;
// Debug enable flag
private boolean m_debug;
/**
* Class constructor
*/
public DefaultAccessControlManager()
{
// Create the access control factory
m_factory = new AccessControlFactory();
}
/**
* Check if the session has access to the shared device.
*
* @param sess SrvSession
* @param share SharedDevice
* @return int
*/
public int checkAccessControl(SrvSession sess, SharedDevice share)
{
// Check if the shared device has any access control configured
if (share.hasAccessControls() == false)
{
// DEBUG
if (logger.isDebugEnabled() && hasDebug())
logger.debug("Check access control for " + share.getName() + ", no ACLs");
// Allow full access to the share
return AccessControl.ReadWrite;
}
// Process the access control list
AccessControlList acls = share.getAccessControls();
int access = AccessControl.Default;
// DEBUG
if (logger.isDebugEnabled() && hasDebug())
logger.debug("Check access control for " + share.getName() + ", ACLs=" + acls.numberOfControls());
for (int i = 0; i < acls.numberOfControls(); i++)
{
// Get the current access control and run
AccessControl acl = acls.getControlAt(i);
int curAccess = acl.allowsAccess(sess, share, this);
// Debug
if (logger.isDebugEnabled() && hasDebug())
logger.debug(" Check access ACL=" + acl + ", access=" + AccessControl.asAccessString(curAccess));
// Update the allowed access
if (curAccess != AccessControl.Default)
access = curAccess;
}
// Check if the default access level is still selected, if so then get the default level
// from the
// access control list
if (access == AccessControl.Default)
{
// Use the default access level
access = acls.getDefaultAccessLevel();
// Debug
if (logger.isDebugEnabled() && hasDebug())
logger.debug("Access defaulted=" + AccessControl.asAccessString(access) + ", share=" + share);
}
else if (logger.isDebugEnabled() && hasDebug())
logger.debug("Access allowed=" + AccessControl.asAccessString(access) + ", share=" + share);
// Return the access type
return access;
}
/**
* Filter the list of shared devices to return a list that contains only the shares that are
* visible or accessible by the session.
*
* @param sess SrvSession
* @param shares SharedDeviceList
* @return SharedDeviceList
*/
public SharedDeviceList filterShareList(SrvSession sess, SharedDeviceList shares)
{
// Check if the share list is valid or empty
if (shares == null || shares.numberOfShares() == 0)
return shares;
// Debug
if (logger.isDebugEnabled() && hasDebug())
logger.debug("Filter share list for " + sess + ", shares=" + shares);
// For each share in the list check the access, remove any shares that the session does not
// have access to.
SharedDeviceList filterList = new SharedDeviceList();
Enumeration<SharedDevice> enm = shares.enumerateShares();
while (enm.hasMoreElements())
{
// Get the current share
SharedDevice share = enm.nextElement();
// Check if the share has any access controls
if (share.hasAccessControls())
{
// Check if the session has access to this share
int access = checkAccessControl(sess, share);
if (access != AccessControl.NoAccess)
filterList.addShare(share);
}
else
{
// Add the share to the filtered list
filterList.addShare(share);
}
}
// Debug
if (logger.isDebugEnabled() && hasDebug())
logger.debug("Filtered share list " + filterList);
// Return the filtered share list
return filterList;
}
/**
* Initialize the access control manager
*
* @param config ServerConfiguration
* @param params ConfigElement
*/
public void initialize(ServerConfiguration config, ConfigElement params)
{
// Check if debug output is enabled
if (params != null && params.getChild("debug") != null)
setDebug(true);
// Add the default access control types
addAccessControlType(new UserAccessControlParser());
addAccessControlType(new ProtocolAccessControlParser());
addAccessControlType(new DomainAccessControlParser());
addAccessControlType(new IpAddressAccessControlParser());
}
/**
* Create an access control.
*
* @param type String
* @param params ConfigElement
* @return AccessControl
* @throws ACLParseException
* @throws InvalidACLTypeException
*/
public AccessControl createAccessControl(String type, ConfigElement params) throws ACLParseException,
InvalidACLTypeException
{
// Use the access control factory to create the access control instance
return m_factory.createAccessControl(type, params);
}
/**
* Add an access control parser to the list of available access control types.
*
* @param parser AccessControlParser
*/
public void addAccessControlType(AccessControlParser parser)
{
// Debug
if (logger.isDebugEnabled() && hasDebug())
logger.debug("AccessControlManager Add rule type " + parser.getType());
// Add the new access control type to the factory
m_factory.addParser(parser);
}
/**
* Determine if debug output is enabled
*
* @return boolean
*/
public final boolean hasDebug()
{
return m_debug;
}
/**
* Enable/disable debug output
*
* @param dbg boolean
*/
public final void setDebug(boolean dbg)
{
m_debug = dbg;
}
}

69
source/java/org/alfresco/filesys/server/auth/acl/DomainAccessControl.java Normal file
View File

@@ -0,0 +1,69 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.auth.ClientInfo;
import org.alfresco.filesys.server.core.SharedDevice;
/**
* Domain Name Access Control Class
* <p>
* Allow/disallow access based on the SMB/CIFS session callers domain name.
*/
public class DomainAccessControl extends AccessControl
{
/**
* Class constructor
*
* @param domainName String
* @param type String
* @param access int
*/
protected DomainAccessControl(String domainName, String type, int access)
{
super(domainName, type, access);
}
/**
* Check if the domain name matches the access control domain name and return the allowed
* access.
*
* @param sess SrvSession
* @param share SharedDevice
* @param mgr AccessControlManager
* @return int
*/
public int allowsAccess(SrvSession sess, SharedDevice share, AccessControlManager mgr)
{
// Check if the session has client information
if (sess.hasClientInformation() == false
|| sess instanceof org.alfresco.filesys.smb.server.SMBSrvSession == false)
return Default;
// Check if the domain name matches the access control name
ClientInfo cInfo = sess.getClientInformation();
if (cInfo.getDomain() != null && cInfo.getDomain().equalsIgnoreCase(getName()))
return getAccess();
return Default;
}
}

68
source/java/org/alfresco/filesys/server/auth/acl/DomainAccessControlParser.java Normal file
View File

@@ -0,0 +1,68 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.config.ConfigElement;
/**
* Domain Name Access Control Parser Class
*/
public class DomainAccessControlParser extends AccessControlParser
{
/**
* Default constructor
*/
public DomainAccessControlParser()
{
}
/**
* Return the parser type
*
* @return String
*/
public String getType()
{
return "domain";
}
/**
* Validate the parameters and create a user access control
*
* @param params ConfigElement
* @return AccessControl
* @throws ACLParseException
*/
public AccessControl createAccessControl(ConfigElement params) throws ACLParseException
{
// Get the access type
int access = parseAccessType(params);
// Get the domain name to check for
String domainName = params.getAttribute("name");
if (domainName == null || domainName.length() == 0)
throw new ACLParseException("Domain name not specified");
// Create the domain access control
return new DomainAccessControl(domainName, getType(), access);
}
}

43
source/java/org/alfresco/filesys/server/auth/acl/InvalidACLTypeException.java Normal file
View File

@@ -0,0 +1,43 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
/**
* Invalid ACL Type Exception Class
*/
public class InvalidACLTypeException extends Exception
{
private static final long serialVersionUID = 3257844398418310708L;
/**
* Default constructor.
*/
public InvalidACLTypeException()
{
super();
}
/**
* Class constructor.
*
* @param s java.lang.String
*/
public InvalidACLTypeException(String s)
{
super(s);
}
}

109
source/java/org/alfresco/filesys/server/auth/acl/IpAddressAccessControl.java Normal file
View File

@@ -0,0 +1,109 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import java.net.InetAddress;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.core.SharedDevice;
import org.alfresco.filesys.util.IPAddress;
/**
* Ip Address Access Control Class
* <p>
* Allow/disallow access by checking for a particular TCP/IP address or checking that the address is
* within a specified subnet.
*/
public class IpAddressAccessControl extends AccessControl
{
// Subnet and network mask if the address specifies the subnet
private String m_subnet;
private String m_netMask;
/**
* Class constructor
*
* @param address String
* @param mask String
* @param type String
* @param access int
*/
protected IpAddressAccessControl(String address, String mask, String type, int access)
{
super(address, type, access);
// Save the subnet and network mask, if specified
m_subnet = address;
m_netMask = mask;
// Change the rule name if a network mask has been specified
if (m_netMask != null)
setName(m_subnet + "/" + m_netMask);
}
/**
* Check if the TCP/IP address matches the specifed address or is within the subnet.
*
* @param sess SrvSession
* @param share SharedDevice
* @param mgr AccessControlManager
* @return int
*/
public int allowsAccess(SrvSession sess, SharedDevice share, AccessControlManager mgr)
{
// Check if the remote address is set for the session
InetAddress remoteAddr = sess.getRemoteAddress();
if (remoteAddr == null)
return Default;
// Get the remote address as a numeric IP address string
String ipAddr = remoteAddr.getHostAddress();
// Check if the access control is a single TCP/IP address check
int sts = Default;
if (m_netMask == null)
{
// Check if the TCP/IP address matches the check address
if (IPAddress.parseNumericAddress(ipAddr) == IPAddress.parseNumericAddress(getName()))
sts = getAccess();
}
else
{
// Check if the address is within the subnet range
if (IPAddress.isInSubnet(ipAddr, m_subnet, m_netMask) == true)
sts = getAccess();
}
// Return the access status
return sts;
}
}

108
source/java/org/alfresco/filesys/server/auth/acl/IpAddressAccessControlParser.java Normal file
View File

@@ -0,0 +1,108 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.config.ConfigElement;
import org.alfresco.filesys.util.IPAddress;
/**
* Ip Address Access Control Parser Class
*/
public class IpAddressAccessControlParser extends AccessControlParser
{
/**
* Default constructor
*/
public IpAddressAccessControlParser()
{
}
/**
* Return the parser type
*
* @return String
*/
public String getType()
{
return "address";
}
/**
* Validate the parameters and create an address access control
*
* @param params ConfigElement
* @return AccessControl
* @throws ACLParseException
*/
public AccessControl createAccessControl(ConfigElement params) throws ACLParseException
{
// Get the access type
int access = parseAccessType(params);
// Check if the single IP address format has been specified
String ipAddr = params.getAttribute("ip");
if (ipAddr != null)
{
// Validate the parameters
if (ipAddr.length() == 0 || IPAddress.isNumericAddress(ipAddr) == false)
throw new ACLParseException("Invalid IP address, " + ipAddr);
if (params.getAttributeCount() != 2)
throw new ACLParseException("Invalid parameter(s) specified for address");
// Create a single TCP/IP address access control rule
return new IpAddressAccessControl(ipAddr, null, getType(), access);
}
// Check if a subnet address and mask have been specified
String subnet = params.getAttribute("subnet");
if (subnet != null)
{
// Get the network mask parameter
String netmask = params.getAttribute("mask");
// Validate the parameters
if (subnet.length() == 0 || netmask == null || netmask.length() == 0)
throw new ACLParseException("Invalid subnet/mask parameter");
if (IPAddress.isNumericAddress(subnet) == false)
throw new ACLParseException("Invalid subnet parameter, " + subnet);
if (IPAddress.isNumericAddress(netmask) == false)
throw new ACLParseException("Invalid mask parameter, " + netmask);
// Create a subnet address access control rule
return new IpAddressAccessControl(subnet, netmask, getType(), access);
}
// Invalid parameters
throw new ACLParseException("Unknown address parameter(s)");
}
}

118
source/java/org/alfresco/filesys/server/auth/acl/ProtocolAccessControl.java Normal file
View File

@@ -0,0 +1,118 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import java.util.StringTokenizer;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.core.SharedDevice;
/**
* Protocol Access Control Class
* <p>
* Allow/disallow access to a share based on the protocol type.
*/
public class ProtocolAccessControl extends AccessControl
{
// Available protocol type names
private static final String[] _protoTypes = { "SMB", "CIFS", "NFS", "FTP" };
// Parsed list of protocol types
private String[] m_checkList;
/**
* Class constructor
*
* @param protList String
* @param type String
* @param access int
*/
protected ProtocolAccessControl(String protList, String type, int access)
{
super(protList, type, access);
// Parse the protocol list
m_checkList = listFromString(protList);
}
/**
* Check if the protocol matches the access control protocol list and return the allowed access.
*
* @param sess SrvSession
* @param share SharedDevice
* @param mgr AccessControlManager
* @return int
*/
public int allowsAccess(SrvSession sess, SharedDevice share, AccessControlManager mgr)
{
// Determine the session protocol type
String sessProto = null;
String sessName = sess.getClass().getName();
if (sessName.endsWith(".SMBSrvSession"))
sessProto = "CIFS";
else if (sessName.endsWith(".FTPSrvSession"))
sessProto = "FTP";
else if (sessName.endsWith(".NFSSrvSession"))
sessProto = "NFS";
// Check if the session protocol type is in the protocols to be checked
if (sessProto != null && indexFromList(sessProto, m_checkList, false) != -1)
return getAccess();
return Default;
}
/**
* Validate the protocol list
*
* @param protList String
* @return boolean
*/
public static final boolean validateProtocolList(String protList)
{
// Check if the protocol list string is valid
if (protList == null || protList.length() == 0)
return false;
// Split the protocol list and validate each protocol name
StringTokenizer tokens = new StringTokenizer(protList, ",");
while (tokens.hasMoreTokens())
{
// Get the current protocol name and validate
String name = tokens.nextToken().toUpperCase();
if (indexFromList(name, _protoTypes, false) == -1)
return false;
}
// Protocol list is valid
return true;
}
}

72
source/java/org/alfresco/filesys/server/auth/acl/ProtocolAccessControlParser.java Normal file
View File

@@ -0,0 +1,72 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.config.ConfigElement;
/**
* Protocol Access Control Parser Class
*/
public class ProtocolAccessControlParser extends AccessControlParser
{
/**
* Default constructor
*/
public ProtocolAccessControlParser()
{
}
/**
* Return the parser type
*
* @return String
*/
public String getType()
{
return "protocol";
}
/**
* Validate the parameters and create a user access control
*
* @param params ConfigElement
* @return AccessControl
* @throws ACLParseException
*/
public AccessControl createAccessControl(ConfigElement params) throws ACLParseException
{
// Get the access type
int access = parseAccessType(params);
// Get the list of protocols to check for
String protos = params.getAttribute("type");
if (protos == null || protos.length() == 0)
throw new ACLParseException("Protocol type not specified");
// Validate the protocol list
if (ProtocolAccessControl.validateProtocolList(protos) == false)
throw new ACLParseException("Invalid protocol type");
// Create the protocol access control
return new ProtocolAccessControl(protos, getType(), access);
}
}

66
source/java/org/alfresco/filesys/server/auth/acl/UserAccessControl.java Normal file
View File

@@ -0,0 +1,66 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.filesys.server.SrvSession;
import org.alfresco.filesys.server.auth.ClientInfo;
import org.alfresco.filesys.server.core.SharedDevice;
/**
* User Access Control Class
* <p>
* Allow/disallow access to a shared device by checking the user name.
*/
public class UserAccessControl extends AccessControl
{
/**
* Class constructor
*
* @param userName String
* @param type String
* @param access int
*/
protected UserAccessControl(String userName, String type, int access)
{
super(userName, type, access);
}
/**
* Check if the user name matches the access control user name and return the allowed access.
*
* @param sess SrvSession
* @param share SharedDevice
* @param mgr AccessControlManager
* @return int
*/
public int allowsAccess(SrvSession sess, SharedDevice share, AccessControlManager mgr)
{
// Check if the session has client information
if (sess.hasClientInformation() == false)
return Default;
// Check if the user name matches the access control name
ClientInfo cInfo = sess.getClientInformation();
if (cInfo.getUserName() != null && cInfo.getUserName().equalsIgnoreCase(getName()))
return getAccess();
return Default;
}
}

67
source/java/org/alfresco/filesys/server/auth/acl/UserAccessControlParser.java Normal file
View File

@@ -0,0 +1,67 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.filesys.server.auth.acl;
import org.alfresco.config.ConfigElement;
/**
* User Access Control Parser Class
*/
public class UserAccessControlParser extends AccessControlParser
{
/**
* Default constructor
*/
public UserAccessControlParser()
{
}
/**
* Return the parser type
*
* @return String
*/
public String getType()
{
return "user";
}
/**
* Validate the parameters and create a user access control
*
* @param params ConfigElement
* @return AccessControl
* @throws ACLParseException
*/
public AccessControl createAccessControl(ConfigElement params) throws ACLParseException
{
// Get the access type
int access = parseAccessType(params);
// Get the user name to check for
String userName = params.getAttribute("name");
if (userName == null || userName.length() == 0)
throw new ACLParseException("User name not specified");
// Create the user access control
return new UserAccessControl(userName, getType(), access);
}
}