Implement claim space, I hope, the way it should work if the specs are right.
git-svn-id: https://svn.apache.org/repos/asf/manifoldcf/branches/CONNECTORS-754@1534885 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SPSProxyHelper.java b/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SPSProxyHelper.java
index 02d8c2b..9c5be78 100644
--- a/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SPSProxyHelper.java
+++ b/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SPSProxyHelper.java
@@ -137,6 +137,7 @@
throw new ManifoldCFException("Bad response - outer node should have been 'GetUserInfo' node");
String userID = null;
+ String userName = null;
Iterator userIter = users.getChildElements();
while (userIter.hasNext())
@@ -145,6 +146,7 @@
if (child.getElementName().getLocalName().equals("User"))
{
userID = child.getAttribute("ID");
+ userName = child.getAttribute("LoginName");
}
}
@@ -153,7 +155,7 @@
return null;
List<String> accessTokens = new ArrayList<String>();
- accessTokens.add("U"+userID);
+ accessTokens.add("U"+userName);
com.microsoft.schemas.sharepoint.soap.directory.GetGroupCollectionFromUserResponseGetGroupCollectionFromUserResult userGroupResp =
userCall.getGroupCollectionFromUser( userLoginName );
@@ -199,7 +201,7 @@
String groupID = group.getAttribute("ID");
String groupName = group.getAttribute("Name");
// Add to the access token list
- accessTokens.add("G"+groupID);
+ accessTokens.add("G"+groupName);
}
}
}
@@ -245,7 +247,7 @@
String roleID = role.getAttribute("ID");
String roleName = role.getAttribute("Name");
// Add to the access token list
- accessTokens.add("R"+roleID);
+ accessTokens.add("R"+roleName);
}
}
}
diff --git a/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SharePointAuthority.java b/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SharePointAuthority.java
index 7a98906..0e24e63 100644
--- a/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SharePointAuthority.java
+++ b/connectors/sharepoint/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/sharepoint/SharePointAuthority.java
@@ -414,7 +414,7 @@
{
try
{
- List<String> adTokens = getADTokens(userPart,domainPart);
+ List<String> adTokens = getADTokens(userPart,domainPart,userName);
// User not present in AD is perfectly OK provided the user exists in SharePoint
if (adTokens != null)
theGroups.addAll(adTokens);
@@ -446,7 +446,7 @@
}
/** Get the AD-derived access tokens for a user and domain */
- protected List<String> getADTokens(String userPart, String domainPart)
+ protected List<String> getADTokens(String userPart, String domainPart, String userName)
throws NameNotFoundException, NamingException, ManifoldCFException
{
// Now, look through the rules for the matching domain controller
@@ -473,9 +473,14 @@
return null;
// Use the complete fqn if the field is the "userPrincipalName"
+ String userBase;
String userACLsUsername = dcParams.getUserACLsUsername();
if (userACLsUsername != null && userACLsUsername.equals("userPrincipalName")){
- userPart = userName;
+ userBase = userName;
+ }
+ else
+ {
+ userBase = userPart;
}
//Build the DN searchBase from domain part
@@ -500,7 +505,7 @@
LdapContext ctx = createDCSession(domainController);
//Get DistinguishedName (for this method we are using DomainPart as a searchBase ie: DC=qa-ad-76,DC=metacarta,DC=com")
- String searchBase = getDistinguishedName(ctx, userPart, domainsb.toString(), userACLsUsername);
+ String searchBase = getDistinguishedName(ctx, userBase, domainsb.toString(), userACLsUsername);
if (searchBase == null)
return null;
@@ -521,7 +526,10 @@
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
List<String> theGroups = new ArrayList<String>();
-
+ String userToken = userTokenFromLoginName(domainPart + "\\" + userPart);
+ if (userToken != null)
+ theGroups.add(userToken);
+
//Loop through the search results
while (answer.hasMoreElements())
{
@@ -539,7 +547,9 @@
Attribute attr = (Attribute)ae.next();
for (NamingEnumeration e = attr.getAll();e.hasMore();)
{
- theGroups.add(groupTokenFromSID(sid2String((byte[])e.next())));
+ String sid = sid2String((byte[])e.next());
+ String token = attr.getID().equals("objectSid")?userTokenFromSID(sid):groupTokenFromSID(sid);
+ theGroups.add(token);
}
}
}
@@ -547,7 +557,6 @@
{
throw new ManifoldCFException(e.getMessage(),e);
}
-
}
}
@@ -555,14 +564,40 @@
return null;
// User is in AD, so add the 'everyone' group
- theGroups.add(groupTokenFromSID("S-1-1-0"));
+ theGroups.add(everyoneGroup());
return theGroups;
}
+ protected String everyoneGroup()
+ {
+ if (isClaimSpace)
+ return "c:0!.s|windows";
+ else
+ return "S-1-1-0";
+ }
+
protected String groupTokenFromSID(String SID)
{
- // MHL; called only if Claim Space enabled
- return SID;
+ if (isClaimSpace)
+ return "c:0+.w|"+SID.toLowerCase(Locale.ROOT);
+ else
+ return SID;
+ }
+
+ protected String userTokenFromSID(String SID)
+ {
+ if (isClaimSpace)
+ return "i:0+.w|"+SID.toLowerCase(Locale.ROOT);
+ else
+ return SID;
+ }
+
+ protected String userTokenFromLoginName(String loginName)
+ {
+ if (isClaimSpace)
+ return "i:0#.w|"+URLEncoder.encode(loginName);
+ else
+ return null;
}
// UI support methods.
