CN103067491B

CN103067491B - Method and device for achieving file sharing

Info

Publication number: CN103067491B
Application number: CN201210574826.XA
Authority: CN
Inventors: 陆舟; 于华章
Original assignee: Feitian Technologies Co Ltd
Current assignee: Feitian Technologies Co Ltd
Priority date: 2012-12-26
Filing date: 2012-12-26
Publication date: 2015-04-15
Anticipated expiration: 2032-12-26
Also published as: CN103067491A

Abstract

The invention discloses a method and a device for achieving file sharing. The method of achieving file sharing comprises the steps of analyzing a data package and obtaining register information and testing and verifying the register information when receiving a connecting request, storing a register account of the register information if the register information passed the testing and verifying and generating corresponding identification (ID) of a user and sending back to a client-side; obtaining ID of the user and a request access catalog from the data package when receiving an access-request, and judging whether an operating authorization of the catalog is open to the register account corresponding to the ID of the user or other accounts or other groups which the register account is located, if yes, generating corresponding session ID and storing the session ID and sending the session ID to the client-side; and when receiving an operation request, analyzing the data package to obtain the session ID and judging whether the stored session ID contains session ID which is analyzed and obtained or not, if yes, obtaining an operating catalog from the operation request data package, detecting a live operation signal in the operation request data package, carrying out an operation to a file corresponding to the operation catalog and sending back an operation result.

Description

A kind of method and device realizing file-sharing

Technical field

The present invention relates to field of information management, particularly relate to a kind of method and the device that realize file-sharing.

Background technology

Network brings many convenience to us, and we can share file with other people easily with file-sharing.File-sharing refers to by the file on other computers of computer access of oneself.

At present, although can mutually access between different operating system, but only have the user in the addressable user in share directory configuration or addressable group just can access, other users then have no right to access, and the All Files under share directory, the access rights of file are all identical, namely can not realize multi layer control; In prior art, multiple shared subdirectory in share directory, is managed by Senior Administrator, the operation such as others can not add share directory, delete, amendment, improper multidisciplinary use.

Summary of the invention

The access privilege that the object of the invention is to solve between different operating system computer is limited, and the defect that the operating right of All Files under shared resource is identical, provide a kind of method and the device that realize file-sharing.

The technical scheme that the inventive method adopts is as follows:

Realize a method for file-sharing, comprising:

Step S1: when device receives request, the Data Detection request type in byte is preset according to first, connection request then performs step S2 in this way, access request then performs step S3 in this way, operation requests then performs step S4 in this way, other requests are then carried out corresponding operating and are returned operation response in this way, return step S1;

Step S2: described device carries out parsing to connection request packet and obtains log-on message, and described log-on message is verified, login account in log-on message as described in then storing as being verified, generate corresponding user ID and return to client, return step S1, otherwise return connection error mark, return step S1;

Step S3: described device obtains user ID and access catalogue from access request data bag, and judge whether the operating right of described access catalogue organizes opening belonging to the login account corresponding with described user ID or described login account, generate the session id corresponding with described user ID and store, described session id is returned to client, return step S1, otherwise return connection error mark, return step S1;

Step S4: described device carries out parsing to operation requests packet and obtains session id, and judge whether include the session id that described parsing obtains in the session id stored, be perform step S5, otherwise return error message, return step S1;

Step S5: described device obtains operation catalogue from described operation requests packet, detects the valid function mark in described operation requests packet and the file corresponding to described operation catalogue carries out corresponding operating, and returns operating result;

When the described valid function in described operation requests packet is masked as establishment mark, described device obtains the logon account corresponding with user ID according to described session id, and judge belonging to described login account or described login account, whether group has the write permission of the parent directory of described operation catalogue, perform steps A 1, otherwise return error message, return step S1;

Steps A 1: described device creates file under described operation catalogue and to arrange the operating right of described file in drm controller consistent with parent directory, and judge that whether the operation creating file and arrange authority is successful, return successful operation information, return step S1, otherwise return error message, return step S1;

When the described valid function in described operation requests packet is masked as deleted marker, described device obtains the logon account corresponding with user ID according to described session id, and judge belonging to described login account or described login account, whether group has the write permission of the parent directory of described operation catalogue, perform step B1, otherwise return error message, return step S1;

Step B1: described device judges that belonging to described login account or described login account, whether group has the write permission of Action Target, is perform step B2, otherwise returns error message, return step S1;

Step B2: described device deletes Action Target corresponding to described operation catalogue, delete the operating right of described operation catalogue in described drm controller and subdirectory thereof, and judge that whether deletion action is successful, return successful operation information, return step S1, otherwise return error message, return step S1;

When the described valid function in described operation requests packet is masked as reading mark, returns successful operation information, return step S1.

Wherein, detect described request type in described step S1 to be specially: detect the data in the 9th byte in described request, as connection request as described in for the first preset data being then, as operation requests as described in for the second preset data being then, as access request as described in for the 3rd preset data being then.

Wherein, described login account and login password ciphertext is comprised in the described log-on message in described step S2; Describedly checking carried out to described log-on message comprise:

Step S21: described device judges whether described login account exists in identity authentication, is, performs step S22, otherwise return connection error mark, return step S1;

Step S22: described device obtains corresponding login password ciphertext according to described login account on described identity authentication;

Step S23: whether whether described device judges to resolve the described login password ciphertext obtained consistent with the described login password ciphertext obtained, store the login account in described log-on message, generate corresponding user ID and return to described client, returning step S1; Otherwise return connection error mark, return step S1.

Wherein, whether the operating right judging described access catalogue in described step S3 is open to group belonging to login account corresponding to described user ID or described login account, specifically comprises:

Step S31: described device judges that the root of described access catalogue is whether in share directory list, is perform step S32, otherwise returns connection error mark, returns step S1;

Step S32: described device judges belonging to described login account or described login account, whether group has the read right of the root of described access catalogue, generate the described session id corresponding with described user ID and store, described session id is returned to client, return step S1, otherwise return connection error mark, return step S1.

Wherein, detect the valid function mark in described operation requests packet in described step S5, specifically comprise:

Described device obtains operation information data from the predeterminated position described operation requests packet, described operation information data first half section and second half section are separately converted to binary data string, and latter three of described binary data string first half section are compared with the corresponding position of latter three of described binary data string second half section, as identical in the data on corresponding position, then the operation flag of described bit representation is effective; Wherein, latter three of binary data string first half section represent reading mark, establishment mark, deleted marker successively.

Realize a method for file-sharing, comprising:

Step P1: when device receives request, the Data Detection request type in byte is preset according to first, connection request then performs step P2 in this way, access request then performs step P3 in this way, operation requests then performs step P5 in this way, other requests are then carried out corresponding operating and are returned operation response in this way, return step P1;

Step P2: described device carries out parsing to connection request packet and obtains log-on message, and described log-on message is verified, as being verified, the login account in described log-on message is stored in drm controller, generate corresponding user ID and return client, return step P1, otherwise return connection error mark, return step P1; The capability identification of operation catalogue and the correspondence thereof pre-set also is stored in described drm controller;

Step P3: described device obtains user ID and access catalogue from access request data bag, and judge whether the operating right of described access catalogue organizes opening belonging to the login account corresponding with described user ID or described login account, generate the session id corresponding with described user ID and store, perform step P4, otherwise return connection error mark, return step P1;

Step P4: described device searches the capability identification of corresponding root according to described access catalogue in described drm controller, and judge its whether set, be return the link information of described session id and capability identification set, return step P1; Otherwise return the link information of the non-set of capability identification, return step P1;

Step P5: described device carries out parsing to operation requests packet and obtains session id, and judge whether include the session id that described parsing obtains in the session id stored, be perform step P6, otherwise return error message, return step P1;

Step P6: described device obtains operation catalogue from described operation requests packet, detects the valid function mark in described operation requests packet and the file corresponding to described operation catalogue carries out corresponding operating, and returns operating result;

When the described valid function in described operation requests packet is masked as establishment mark, described device obtains the logon account corresponding with user ID according to described session id, obtaining corresponding capability identification according to described session id and judge its whether set, is perform step L1; Otherwise perform step L2;

Step L1: described device judges that belonging to described login account or described login account, whether group has the write permission of the root of described operation catalogue in described drm controller, is perform step L5, otherwise returns error message, return step P1;

Step L2: described device judges whether described operation catalogue is stored in described drm controller, is perform step L3, otherwise perform step L4;

Step L3: described device judges belonging to described login account or described login account, whether group has the write permission of described operation catalogue in described drm controller, return successful operation information, return step P1, otherwise return error message, return step P1;

Step L4: described device finds the parent directory of first capability identification set in described operation catalogue, and judge belonging to described login account or described login account, whether group has the write permission of described parent directory in described drm controller, perform step L5, otherwise return error message, return step P1;

Step L5: described device creates file under described operation catalogue, and judges whether to create successfully, is, returns successful operation information, returns step P1, otherwise return error message, return step P1;

When the valid function in described operation requests packet is masked as deleted marker, described device obtains the logon account corresponding with user ID according to described session id, obtaining corresponding capability identification according to described session id and judge whether set, is perform step M1; Otherwise perform step M2;

Step M1: described device judges belonging to described login account or described login account, whether group has the write permission of the parent directory of described operation catalogue in described drm controller, return successful operation information, return step P1, otherwise return error message, return step P1;

Step M2: described device judges whether described operation catalogue is stored in described drm controller, is perform step M3, otherwise perform step M6;

Step M3: described device judges that belonging to described login account or described login account, whether group has the write permission of described operation catalogue in described drm controller, is perform step M4, otherwise returns error message, return step P1;

Step M4: described device judges whether the parent directory of described operation catalogue exists in described drm controller, is perform step M5, otherwise perform step M6;

Step M5: described device judges that belonging to described login account or described login account, whether group has the write permission of the parent directory of described operation catalogue in described drm controller, is perform step M8, otherwise returns error message, return step P1;

Step M6: described device finds the parent directory of first capability identification set in described operation catalogue;

Step M7: described device judges that belonging to described login account or described login account, whether group has the write permission of described parent directory in described drm controller, is perform step M8, otherwise returns error message, return step P1;

Step M8: described device deletes Action Target corresponding to described operation catalogue, delete the operating right of described operation catalogue in described drm controller and subdirectory thereof, and judge that whether deletion action is successful, return successful operation information, return step P1, otherwise return error message, return step P1;

Successful operation information is returned when the valid function in described operation requests packet is masked as and reads mark.

Wherein, detect request type in described step P1 to be specially: detect the data in the 9th byte in described request, as connection request as described in for the first preset data being then, as operation requests as described in for the second preset data being then, as access request as described in for the 3rd preset data being then.

Wherein, the described log-on message in described step P2 comprises described login account and login password ciphertext;

Describedly checking carried out to described log-on message comprise:

Step P21: described device judges whether described login account exists in identity authentication, is, performs step P22, otherwise return connection error mark, return step P1;

Step P22: described device obtains corresponding login password ciphertext according to described login account on described identity authentication;

Step P23: whether whether described device judges to resolve the described login password ciphertext obtained consistent with the described login password ciphertext obtained, login account in described log-on message is stored in described drm controller, generate corresponding user ID and return client, return step P1, otherwise return connection error mark, return step P1.

Wherein, whether the operating right judging described access catalogue in described step P3 is open to group belonging to login account corresponding to described user ID or described login account, specifically comprises:

Step P31: described device judges that the root of described access catalogue is whether in share directory list, is perform step P32, otherwise returns connection error mark, returns step P1;

Step P32: described device judges belonging to described login account or described login account, whether group has the read right of the root of described access catalogue, generate the session id corresponding with described user ID and store, return step P1, otherwise return connection error mark, return step P1.

Wherein, detect the valid function mark in described operation requests packet in step P6, specifically comprise:

Realize a device for file-sharing, comprising:

Receiver module, for receiving the request that client sends;

Detection module, for presetting the type of the request that receiver module receives described in the Data Detection in byte according to first, connection request then the first parsing module work in this way, access request then the first acquisition module work in this way, operation requests then the second parsing module work in this way, other ask then operational module work in this way;

Described operational module, for carrying out corresponding operating according to other requests;

Described first parsing module, obtains log-on message for carrying out parsing to connection request packet;

Authentication module, for verifying described log-on message, then stores generation module work as being verified, otherwise returns module and return connection error mark to client;

Described storage generation module, for storing the login account in described log-on message, generates corresponding user ID;

Described first acquisition module, for obtaining user ID and access catalogue from access request data bag;

First judge module, for judging whether the operating right of described access catalogue organizes opening belonging to the login account corresponding with described user ID or described login account, then generation module work, otherwise described in return module give described client return connection error mark;

Described generation module, for generating the session id corresponding with described user ID and storing;

Described second parsing module, obtains session id for carrying out parsing to operation requests packet;

Second judge module, for judging whether include the session id that described parsing obtains in the session id that stores, is obtain detection module work, otherwise described in return module and return connection error mark to described client;

Described acquisition detection module, for obtaining operation catalogue from described operation requests packet, detecting the valid function mark in described operation requests packet and the file corresponding to described operation catalogue carries out corresponding operating, specifically comprising:

Detecting unit, for detecting the valid function mark in described operation requests packet, when read mark effective time, described in return module give described client return permission operation information;

First acquiring unit, for obtaining the logon account corresponding with user ID according to described session id;

First judging unit, for judging the write permission organizing the parent directory whether having described operation catalogue belonging to described login account or described login account, create setting unit or the 3rd judging unit work, otherwise described in return module give described client return error message;

Described establishment setting unit, for creating file and to arrange the operating right of described file in drm controller consistent with parent directory under described operation catalogue;

Second judging unit, for judging the operation whether success creating file and arrange authority, is, described in return module and return successful operation information to described client, otherwise described in return module and return error message to described client;

Described 3rd judging unit, organizing the write permission whether having Action Target for judging belonging to described login account or described login account, is delete judging unit work, otherwise described in return module give described client return error message;

Described deletion judging unit, for deleting Action Target corresponding to described operation catalogue, delete the operating right of described operation catalogue in described drm controller and subdirectory thereof, and judge that whether deletion action is successful, be, described in return module give described client return successful operation information, otherwise described in return module give described client return error message;

Describedly return module, the error message when session id that connection error mark when being judged as NO for the user ID connection error of the operating result of described operational module, described authentication module authentication failed marked, described storage generation module generates, described first judge module, described generation module generate, described second judge module are judged as NO, the operating result of described acquisition detection module return to described client.

Wherein, described detection module specifically for detecting the data in the 9th byte in described request, as connection request as described in for the first preset data being then, as operation requests as described in for the second preset data being then, as access request as described in for the 3rd preset data being then.

Wherein, described login account and login password ciphertext is comprised in described log-on message; Described authentication module comprises:

4th judging unit, for judging whether described login account exists in identity authentication, is then second acquisition unit work, otherwise described in return module give described client return connection error mark;

Described second acquisition unit, for obtaining corresponding login password ciphertext on described identity authentication according to described login account;

5th judging unit, whether whether consistent with the described login password ciphertext obtained for judging to resolve the described login password ciphertext obtained, be then described storage generation module work; Otherwise described in return module give described client return connection error mark.

Wherein, described first judge module comprises:

6th judging unit, for judging that the root of described access catalogue is whether in share directory list, is then the 7th judging unit work, otherwise described in return module and return connection error mark to described client;

Described 7th judging unit, for judging the read right organizing the root whether having described access catalogue belonging to described login account or described login account, then described generation module work, otherwise described in return module give described client return connection error mark.

Wherein, described detecting unit is specifically for obtaining operation information data from the predeterminated position in described operation requests packet, described operation information data first half section and second half section are separately converted to binary data string, and latter three of described binary data string first half section are compared with the corresponding position of latter three of described binary data string second half section, as identical in the data on corresponding position, then the operation flag of described bit representation is effective; Wherein, latter three of binary data string first half section represent reading mark, establishment mark, deleted marker successively.

Realize a device for file-sharing, comprising:

Receiver module, for receiving the request that client sends;

Detection module, for presetting the Data Detection request type in byte according to first, connection request then the first parsing module work in this way, access request then the first acquisition module work in this way, operation requests then the second parsing module work in this way, other ask then operational module work in this way;

Described storage generation module, for being stored in drm controller by the login account in described log-on message, generates corresponding user ID; The capability identification of operation catalogue and the correspondence thereof pre-set also is stored in described drm controller;

Search judge module, for searching the capability identification of corresponding root in described drm controller according to described access catalogue, and judge its whether set, be, described in return module returns described session id and capability identification set link information to described client; Otherwise described in return module and return the link information of the non-set of capability identification to described client;

Obtaining judging unit, for obtaining corresponding capability identification according to described session id and judging its whether set, is then the first judging unit or the 5th judging unit work; Otherwise the second judging unit work;

Described first judging unit, for judging belonging to described login account or described login account, whether group has the write permission of the root of described operation catalogue in described drm controller, create setting unit work, otherwise described in return module give described client return error message;

Described second judging unit, for judging whether described operation catalogue is stored in described drm controller, is then the 3rd judging unit work, otherwise finds cell operation;

Described 3rd judging unit, for judging belonging to described login account or described login account, whether group has the write permission of described operation catalogue in described drm controller, be, described in return module give described client return successful operation information or the 6th judging unit work, otherwise described in return module give described client return error message or find cell operation;

Described searching unit, for the parent directory of searching first capability identification in described operation catalogue set;

4th judging unit, for judging belonging to described login account or described login account, whether group has the write permission of described parent directory in described drm controller, then described establishment setting unit or delete judging unit work, otherwise described in return module and return error message to described client;

Described establishment setting unit, for creating file under described operation catalogue, and judging whether to create successfully, being, described in return module give described client return successful operation information, otherwise described in return module give described client return error message;

Described 5th judging unit, for judging belonging to described login account or described login account, whether group has the write permission of the parent directory of described operation catalogue in described drm controller, be, described in return module give described client return successful operation information, otherwise described in return module give described client return error message;

Described 6th judging unit, for judging whether the parent directory of described operation catalogue exists in described drm controller, is then described 4th judge module work, otherwise described searching module work;

Describedly return module, connection error mark when being judged as NO for the user ID connection error of the operating result of described operational module, described authentication module authentication failed marked, described storage generation module generates, described first judge module, described in described session id when searching being judged as YES of judge module, the link information of capability identification set and the link information of the non-set of capability identification when being judged as NO, described second judge module connection error mark when being judged as NO, described acquisition detection module operating result return to described client.

Wherein, described log-on message comprises described login account and login password ciphertext; Described authentication module comprises:

7th judging unit, for judging whether described login account exists in identity authentication, is then second acquisition unit work, otherwise described in return module give described client return connection error mark;

8th judging unit, whether whether consistent with the described login password ciphertext obtained for judging to resolve the described login password ciphertext obtained, be then described storage generation module work; Otherwise described in return module give described client return connection error mark.

Wherein, described first judge module comprises:

9th judging unit, for judging that the root of described access catalogue is whether in share directory list, is then the tenth judging unit work, otherwise described in return module and return connection error mark to described client;

Described tenth judging unit, for judging the read right organizing the root whether having described access catalogue belonging to described login account or described login account, then described generation module work, otherwise described in return module give described client return connection error mark.

Wherein, described detecting unit obtains operation information data from the predeterminated position described operation requests packet, described operation information data first half section and second half section are separately converted to binary string serial data, and latter three of described binary data string first half section are compared with the corresponding position of latter three of described binary data string second half section, as identical in the data on corresponding position, then the operation flag of described bit representation is effective; Wherein, latter three of binary data string first half section represent reading mark, establishment mark, deleted marker successively.

Beneficial effect

Technical scheme of the present invention, file in shared resource is arranged different operation authority, no longer root is confined to the setting of access rights, but priority assignation is carried out to its subdirectory or darker catalogue, thus realize the access of All Files and file to open specific user, make different user access shared resource simple and convenient.

Accompanying drawing explanation

A kind of method flow diagram realizing file-sharing that Fig. 1 to Fig. 3 provides for the embodiment of the present invention one;

A kind of method flow diagram realizing file-sharing that Fig. 4 to Fig. 6 provides for the embodiment of the present invention two;

A kind of device schematic diagram realizing file-sharing that Fig. 7 provides for the embodiment of the present invention three;

A kind of device schematic diagram realizing file-sharing that Fig. 8 provides for the embodiment of the present invention four.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

Embodiment one

In the present embodiment, super keeper arranges different intermediate supervision persons for different files or file in advance, intermediate supervision person arranges management group information, access authority information to the subfile under this file, wherein access authority information comprises addressable user, may have access to user's group, inaccessible user, inaccessible user group and user operation authority, and operating right comprises establishment, deletion, reads etc.As shown in Figure 1, the present embodiment method comprises:

Step 101: when device receives request, detect request type, connection request then performs step 102 in this way, access request then performs step 106 in this way, operation requests then performs step 108 in this way, and other requests are then carried out corresponding operating and returned operation response in this way, return step 101;

In the present embodiment, be connection request when in the 9th byte in asking, data are 73, when for being operation requests during a2, when for 75 time be access request;

Step 102: device carries out parsing to connection request packet and obtains login account, login password ciphertext;

In the present embodiment, acquisition login account, login password ciphertext specifically comprise the following steps:

(1) parsing is carried out to connection request packet and obtain safe block; Concrete acquisition process for: the decimal number preset first of connection request packet corresponding to the data in byte is multiplied by the length that 2 add the packet header file of connection request packet, obtain the original position of safe block, using the decimal number corresponding to the data in default for second in connection request packet byte as safe block length, obtain corresponding data according to the length of safe block from original position and obtain safe block.Concrete, it is the 37th byte that first in the present embodiment presets byte, and the second default byte is the 56th, 57 two byte, and the length of the packet header file of the connection request packet of the present embodiment is 39;

Such as connection request packet is:00, 00, 01, b0, ff, 53, 4d, 427300, 00, 00, 00, 18, 07, c8, 00, 00, 00, 00, 00, 00, 00, 0000, 00, 00, 00, ff, ff, ff, fe, 6c, 00, 80, 040c, ff, 00, 00, 00, 04, 41, 32, 00, 00, 00, 00, 00, 00, 0070, 01, 00, 00, 00, 00, d4, 00, 00, a0, 75, 01, a1, 82, 016c, 30, 82, 01, 68, a2, 82, 01, 64, 04, 82, 01, 60, 4e, 544c, 4d, 53, 53, 50, 00, 03, 00, 00, 00, 18, 00, 18, 00, 7200, 00, 00, c6, 00, c6, 00, 8a, 00, 00, 00, 06, 00, 06, 0058, 00, 00, 00, 0e, 00, 0e, 00, 5e, 00, 00, 00, 06, 00, 0600, 6c, 00, 00, 00, 10, 00, 10, 00, 50, 01, 00, 00, 15, 8288, e2, 06, 01, b1, 1d, 00, 00, 00, 0f, 73, 1c, f9, fb, ca37, 8b, 1b, b8, 97, c9, f7, aa, e9, d3, 66, 4d, 00, 59, 0043, 00, 74, 00, 65, 00, 73, 00, 74, 00, 73, 00, 6d, 00, 6200, 4d, 00, 59, 00, 43, 00, 00, 00, 00, 00, 00, 00, 00, 0000, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0000, be, 3e, bb, 9f, 82, 18, c2, a5, af, 58, 69, 3d, 5f, 456a, 8b, 01, 01, 00, 00, 00, 00, 00, 00, 96, cf, 2b, 1f, 5092, cd, 01, fa, 4d, 04, d1, 55, cf, bf, f3, 00, 00, 00, 0002, 00, 06, 00, 4d, 00, 59, 00, 43, 00, 01, 00, 06, 00, 4d00, 59, 00, 43, 00, 04, 00, 00, 00, 03, 00, 06, 00, 6d, 0079, 00, 63, 00, 08, 00, 30, 00, 30, 00, 00, 00, 00, 00, 0000, 00, 00, 00, 00, 00, 30, 00, 00, dd, 7d, 12, c7, 3e, ab06, a6, ea, e3, 9f, 79, e7, 7a, 80, 65, d9, 7f, 25, 8e, eda9, c3, 99, d3, b1, 3D 18 ac 1b 61 5a 0a 00 10 0,000 00 00 00 00 00 00 00 00 00 00 00 00 00 0,000 09 00 24 00 63 00 69 00 66 00 73 00 2f 0,031 00 39 00 32 00 2e 00 31 00 36 00 38 00 2,e00 34 00 2e 00 32 00 30 00 36 00 00 00 00 0,000 00 00 00 de 7b 7f 8a da 32 7f 97 ec 1d feb3 15 83 76 f3 00 00 00 00 00;

37th byte is that 0c is metric 12, then the side-play amount of safe block is 12 × 2+39=63, the original position of safe block is the 64th byte, being converted into decimal number acquisition safe block length according to the data 7001 in the 56th, 57 two byte is 368, from the 64th, obtain safe block according to block length, the safe block of acquisition is specially:

a1 82 01 6c 30 82 01 68 a2 82 01 64 04 82 0160 4e 54 4c 4d 53 53 50 00 03 00 00 00 18 0018 00 72 00 00 00 c6 00 c6 00 8a 00 00 00 0600 06 00 58 00 00 00 0e 00 0e 00 5e 00 00 0006 00 06 00 6c 00 00 00 10 00 10 00 50 01 0000 15 82 88 e2 06 01 b1 1d 00 00 00 0f 73 1cf9 fb ca 37 8b 1b b8 97 c9 f7 aa e9 d3 66 4d00 59 0043 00 74 00 65 00 73 00 74 00 73 00 6d 00 6200 4d 00 59 00 43 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 be 3e bb 9f 82 18 c2 a5 af 58 69 3d 5f 456a 8b 01 01 00 00 00 00 00 00 96 cf 2b 1f 5092 cd 01 fa 4d 04 d1 55 cf bf f3 00 00 00 0002 00 06 00 4d 00 59 00 43 00 01 00 06 00 4d00 59 00 43 00 04 00 00 00 03 00 06 00 6d 0079 00 63 00 08 00 30 00 30 00 00 00 00 00 0000 00 00 00 00 00 30 00 00 dd 7d 12 c7 3e ab06 a6 ea e3 9f 79 e7 7a 80 65 d9 7f 25 8e eda9 c3 99 d3 b1 3d 18 ac 1b 61 5a 0a 00 10 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 09 00 24 00 63 00 69 00 66 00 73 00 2f 0031 00 39 00 32 00 2e 00 31 00 36 00 38 00 2e00 34 00 2e 00 32 00 30 00 36 00 00 00 00 0000 00 00 00 de 7b 7f 8a da 32 7f 97 ec 1d feb3 15 83 76 f3；

Front 104 bytes of safe block are header files, and safe block comprises: the information such as header file, user name, login password ciphertext;

(2) method obtaining login account from safe block comprises: the decimal number preset according to first in safe block corresponding to the data in byte adds that the length of header file obtains the original position of login account, using the decimal number corresponding to the data in default for second in safe block byte as the length of login account, obtain corresponding data the original position according to length login account from safe block of login account and obtain login account.Concrete first default byte is the 45th, 46 two byte, and the second default byte is the 53rd, 54 two byte.

Corresponding to the 45th, 46 two byte data 06 00 in above-mentioned safe block content, decimal number is 6, so the side-play amount of login account is: 104+6=110, the start bit of login account is the 111st byte, the the 53rd, 54 two in the above-mentioned safe block content decimal number corresponding to byte data 0e 00 is 14, be specially so the data obtaining 14 bytes from the 111st byte obtain login account: 74 00 65 00 73 00 74 00 73 00 6d 0,062 00, content: testsmb;

(3) method obtaining login password ciphertext from safe block comprises:

1. the side-play amount of computation requests data: safe block header file length+territory Name Length+login account length+computer name length+Lan Manager asks the side-play amount of length=request msg.Wherein, safe block header file length is 104 bytes, territory Name Length obtains according to the 45th, 46 two byte data, login account length obtains according to the 53rd, 54 two byte data, computer name length obtains according to the 61st, 62 two byte data, and Lan Manager asks length to obtain according to the 29th, 30 two byte data.Concrete, be 6(the 45th, 46 two byte datas from the above-mentioned territory Name Length obtained from safe block be 06 00), login account length be 14(the 53rd, 54 two byte datas is 0e 00), computer name length be 6(the 61st, 62 two byte datas is 06 00), to ask length to be 24(the 29th, 30 two byte datas be 18 00 to Lan Manager), the side-play amount of the request msg calculated is 154, and the original position of request msg is the 155th byte;

2. the length of request msg is obtained according to the byte data of the 37th, 38 two in safe block content.Particularly, the data in above-mentioned safe block the 37th, in 38 bytes are c6 00, and request msg length is 198;

3. obtain corresponding data according to request msg length from the request msg original position safe block and obtain request msg.

From the concrete security blocks acquisition was requested, according to: be 3e bb 9f 82 18c2 a5 af 58 69 3d 5f 45 6a 8b 01 01 00 00 0000 00 00 96 cf 2b 1f 50 92 cd 01 fa 4d 04 d155 cf bf f3 00 00 00 00 02 00 06 00 4d 00 5900 43 00 01 00 06 00 4d 00 59 00 43 00 04 0000 00 03 00 06 00 6d 00 79 00 63 00 08 00 3000 30 00 00 00 00 00 00 00 00 00 00 00 00 3000 00 dd 7d 12 c7 3e ab 06 a6 ea e3 9f 79 e77a 80 65 d9 7f 25 8e ed a9 c3 99 d3 b1 3d 18ac 1b 61 5a 0a 00 10 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 09 00 24 00 63 0069 00 66 00 73 00 2f 00 31 00 39 00 32 00 2e00 31 00 36 00 38 00 2e 00 34 00 2e 00 32 0030 00 36 00 00 00 00 00 00 00 00 00;

4. front 46 bytes in request msg are header file, according to the data acquisition type in the 47th, 48 two byte in request msg, 49th, the data acquisition content-length in 50 two bytes, obtains corresponding type content according to content-length from the 51st byte; Wherein, when the data in the present embodiment in the 47th, 48 two byte are 0x0008, type is cryptographic properties.Concrete, obtaining login password ciphertext length according to the data (30 00) in above-mentioned concrete request msg the 49th, in 50 bytes is 48, obtains the login password ciphertext that 48 data obtain to be from the 51st byte: 30 00 00 00 00 00 00 00 00 00 00 00 00 3,000 00 dd 7d 12 c7 3e ab 06 a6 ea e3 9f 79 e77a 80 65 d9 7f 25 8e ed a9 c3 99 d3 b1 3d 18ac 1b 61 5a;

Step 103: device judges whether login account exists in identity authentication, is, performs step 104, otherwise return connection error mark, return step 101;

In the present embodiment, in identity authentication, according to cryptographic algorithm, login password ciphertext is calculated to login password, different login account and the login password ciphertext corresponding with it are stored; Preferably, cryptographic algorithm is MD4 algorithm; The login password ciphertext of the login account stored in identity authentication in this concrete enforcement and correspondence is as shown in the table:

Preferably, the identity authentication in the present embodiment is Ldap server, and step 103 is specially: device judges whether there are the data identical with login account in the database in Ldap server, is that then login account exists, otherwise does not exist;

Step 104: device obtains corresponding login password ciphertext according to login account on identity authentication;

Concrete, the login password ciphertext obtained according to login account testsmb in the present embodiment is: 30 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 dd 7d 12 c7 3e ab 06 a6 ea e3 9f 79 e7 7a 80 65 d9 7f 25 8e ed a9 c3 99 d3 b1 3d 18 ac 1b 61 5a;

Step 105: whether device judges to resolve the login password ciphertext obtained consistent with the login password ciphertext of acquisition, is store the login account in log-on message, generates corresponding user ID and return to client, returning step 101; Otherwise return connection error mark, return step 101;

Persistence after user ID is generated in the present embodiment, as long as server is not restarted, logon account and user ID then one_to_one corresponding;

Step 106: device obtains user ID and access catalogue from access request data bag, and judge that the root of accessing catalogue is whether in share directory list performs step 107, otherwise return connection error and mark, and returns step 101;

The process obtaining access catalogue is in the present embodiment specially: the decimal number preset by first in access request data bag corresponding to the data in byte is multiplied by 2 adds the length of the packet header file of access request data bag and is connected the original position that the length indicated obtains access catalogue; The decimal number preset with second corresponding to the data in the byte decimal number corresponding to data deducted in the 3rd default byte deducts 6 again and obtains accessing DIRJLEN; In access request data bag the 3rd decimal number corresponding to data preset in byte obtains the length connecting mark; From the original position of access catalogue, obtain corresponding data according to access DIRJLEN to obtain accessing catalogue.Concrete, it is the 37th byte data that first in the present embodiment presets byte, and the second default byte is the 46th, 47 two byte, and the 3rd default byte is the 44th, 45 two byte; The length of the packet header file of the access request data bag of the present embodiment is 39;

Access request data bag in the present embodiment is described for 00 00 00 62 ff 53 4d 4,275 00 00 00 00 18 07 c8 00 00 00 00 00 00 0,000 00 00 00 00 03 00 ff fe 6d 00 40 07 04 ff00 62 00 08 00 01 00 37 00 00 5c 00 5c 00 3,100 39 00 32 00 2e 00 31 00 36 00 38 00 2e 0,034 00 2e 00 32 00 30 00 36 00 5c 00 54 00 4,500 53 00 54 00 53 00 4d 00 42 00 00 00 3f 3f3f 3f 3f 00, the corresponding decimal number 4 of data 04 of the 37th byte, 44th, the decimal number of data in 45 two bytes corresponding to 01 00 is 1, the side-play amount of access catalogue is 4 × 2+39+1=48, the original position of access catalogue is the 49th byte, 46th, the decimal system corresponding to data 37 00 in 47 two bytes is the decimal system 1 corresponding to several 01 00 in the 55,44th, 45 two byte, and access DIRJLEN is: 55-1-6=48, according to the catalogue that access DIRJLEN obtains from the original position of access catalogue be: 5c00 5c 00 31 00 39 00 32 00 2e 00 31 00 36 0,038 00 2e 00 34 00 2e 00 32 00 30 00 36 00 5,c00 54 00 45 00 53 00 54 00 53 00 4d 00 42 0,000 00, content is: 192.168.4.206 testsmb,

Step 107: device judges belonging to the login account corresponding with described user ID or login account, whether group has the read right of the root of accessing catalogue, generate the session id corresponding with user ID and store, session id is returned to client, return step 101, otherwise return connection error mark, return step 101;

Concrete, in the present embodiment, device judges whether comprise the root of accessing catalogue in the storage directory corresponding with this login account, is have read right, otherwise does not have read right;

In the present embodiment as in 600 seconds, have this session id corresponding operation time, this session id will be moved to first of session id list by server automatically; As the operation that this session id is not corresponding in 600 seconds, then server can delete all the elements of this session, comprises session id;

Step 108: device carries out parsing to operation requests packet and obtains session id, and judge whether include the session id of resolving and obtaining in the session id stored, be perform step 109, otherwise return error message, return step 101;

Then returning error message as resolved from operation requests packet less than session id in the present embodiment, returning step 101;

In the present embodiment, using the decimal number corresponding to the data in the first default byte in operation requests packet as session id, concrete, the first default byte is the 29th, 30 two byte;

Concrete, the following is example with operation requests in the present embodiment to be described, operation requests packet: 00 00 00 7c ff 53 4d 42 a2 00 00 00 00 18 0,7c8 00 00 00 00 00 00 00 00 00 00 00 00 03 0,070 06 6d 00 41 0f 18 ff 00 de de 00 26 00 1,600 00 00 00 00 00 00 89 00 02 00 00 00 00 0,000 00 00 00 00 00 00 00 07 00 00 00 02 00 0,000 44 00 00 00 02 00 00 00 03 20 00 00 5c 0,054 00 45 00 53 00 54 00 53 00 4d 00 42 00 5,c00 68 00 65 00 68 00 65 00 68 00 65 00 00 00, 29th, the decimal number of data corresponding to 03 00 in 30 two bytes is 3, then resolving the session id obtained is 3,

Step 109: device obtains operation catalogue from operation requests packet, detects the valid function mark in operation requests packet and the file corresponding to operation catalogue carries out corresponding operating, returns step 101;

The method obtaining the Methods and steps 106 of operation catalogue in the present embodiment is identical, does not repeat them here.In aforesaid operations request bag, the 37th byte is that 18 to be converted to decimal number be data in the 24,44th, 45 two byte is 00 00; The side-play amount calculating operation catalogue is 39+24 × 2+0=87, so expression operates catalogue from the 88th byte, 46th, the data of 47 liang of bytes are 16 00, the length then operating catalogue is 22, from the byte of the 88th in aforesaid operations request data package, obtain 24 byte datas obtain operating catalogue, operation catalogue is specially: 5c 0,054 00 45 00 53 00 54 00 53 00 4d 00 42 00 5,c00 6,800 65 00; Concrete data are: testsmb hehehe;

In the present embodiment, eight byte datas are obtained from the 69th in operation requests packet, (latter three of the corresponding binary number of front four data are followed successively by reading mark (if be file, representing opening operation) from low level to obtain Operation Definition according to front four byte datas, create mark, deleted marker, concrete operation is obtained according to rear four byte datas, by rear three successive appraximation of rear three binary numbers corresponding with rear four byte datas of binary number corresponding for front four byte datas, as identical in the data on corresponding position, the mark then carrying out this is effective, eight byte datas such as obtained from aforesaid operations request data package are 07 00 0,000 02 00 00 00,07 00 00 00 to convert binary system to be 111,02 0,000 00 to convert 2 system numbers to be 010, then the data of two binary number interpositions are identical, then expression creates mark effectively, and deleted marker is invalid with reading mark.

As shown in Figure 2, when the valid function in operation requests packet is masked as establishment mark, device creates file under operation catalogue, and specific implementation process comprises:

Step 201: device obtains the logon account corresponding with user ID according to described session id;

Concrete, in the present embodiment, session id and the login account of storage are as shown in the table:

The login account of resolving the session id acquisition obtained in the present embodiment according to step 108 is testsmb;

Step 202: judge whether group belonging to login account or this login account has the write permission of the parent directory of operation catalogue in drm controller, is perform step 203, otherwise returns error message, return step 101;

Step 203: device creates file under operation catalogue and to arrange the operating right of this file in drm controller consistent with parent directory;

Concrete, from the 77th byte, obtain four byte datas from operation requests packet in the present embodiment and be converted to binary number, the highest order of this binary number represents establishment flag bit, and the target as created for 1 expression is file, and the target as created for 0 expression is file.As obtained 4 byte datas from above-mentioned request data package be: 44 00 00 00, converting binary number to is 0,100 0100, represents that the target created is file;

Concrete, in the present embodiment, create file and be specially: under testsmb catalogue, create file hehehe, and give the authority identical with catalogue testsmb.

Step 204: judging that whether the operation creating file and arrange authority is successful, is return successful operation information, return step 101, otherwise return error message, return step 101.

When the valid function in operation requests packet is masked as deleted marker, the file destination corresponding to operation catalogue is deleted by device, and specific implementation process as shown in Figure 3, comprising:

Step 301: described device obtains the logon account corresponding with user ID according to described session id;

The implementation method obtaining logon account in this step of the present embodiment is identical with step 201, does not repeat them here;

Step 302: judge whether group belonging to login account or this login account has the write permission of the parent directory of operation catalogue in drm controller, is perform step 303, otherwise returns error message, return step 101;

Step 303: device judges whether group belonging to login account or login account has the write permission of Action Target in drm controller, is perform step 304, otherwise returns error message, return step 101;

Concrete, in the present embodiment, device judges whether comprise operation catalogue in the storage directory corresponding with this login account, is have write permission, otherwise does not have write permission;

Step 304: the Action Target that device deletion action catalogue is corresponding, the operation catalogue in erase right controller and the operating right of subdirectory thereof, judge that whether deletion action is successful, return successful operation information, return step 101, otherwise return error message, return step 101;

When the valid function in operation requests packet is masked as reading mark, returns successful operation information, return step 101; Correspond to document as operated catalogue, device allows user to read destination document, and as operation catalogue corresponds to file, then device opens destination folder;

Eight byte datas such as obtained from aforesaid operations request data package are 07 00 00 0,002 00 00 00,07 00 00 00 to convert binary system to be 111,02 00 00 00 to convert 2 system numbers to be 010, then in two binary numbers, the data of highest order are not identical, then represent that reading mark is invalid, login account can not carry out read operation to the file corresponding to operation catalogue.

The method of the invention, file in shared resource is arranged different operation authority, no longer root is confined to the setting of access rights, but priority assignation is carried out to its subdirectory or darker catalogue, thus realize the access of All Files and file to open specific user, facilitate multiple department to conduct interviews.

Embodiment two

The present embodiment two provides a kind of method realizing file-sharing, as shown in Figure 4, comprising:

Step 401: when device receives request, detect request type, connection request then performs step 402 in this way, access request then performs step 406 in this way, operation requests then performs step 409 in this way, and other requests are then carried out corresponding operating and returned operation response in this way, return step 401;

Step 402: device carries out parsing to connection request packet and obtains login account, login password ciphertext;

In the present embodiment, the parsing procurement process of this step is identical with the step 102 in embodiment one, does not repeat them here;

Step 403: device judges whether login account exists in identity authentication, is, performs step 404, otherwise return connection error mark, return step 401;

In the present embodiment, in identity authentication, according to cryptographic algorithm, login password ciphertext is calculated to login password, different login account and the login password ciphertext corresponding with it are stored; Preferably, cryptographic algorithm is MD4 algorithm;

Preferably, the identity authentication in the present embodiment is Ldap server;

Step 404: device obtains corresponding login password ciphertext according to login account on identity authentication;

Step 405: whether device judges to resolve the login password ciphertext obtained consistent with the login password ciphertext of acquisition, is store the login account in log-on message, generates corresponding user ID and return to client, returning step 401; Otherwise return connection error mark, return step 401;

Step 406: device obtains user ID and access catalogue from access request data bag, and judge that the root of accessing catalogue is whether in share directory list performs step 407, otherwise return connection error and mark, and returns step 401;

In the present embodiment, in this step, the method for acquisition access catalogue can refer to the step 106 in embodiment one;

Step 407: device judges belonging to the login account corresponding with described user ID or login account, whether group has the read right of the root of accessing catalogue, generate the session id corresponding with user ID and store, perform step 408, otherwise return connection error mark, return step 401;

Step 408: device searches the capability identification of corresponding root according to access catalogue in drm controller, and judge its whether set, be return the link information of session id and capability identification set, return step 401; Otherwise return the link information of the non-set of capability identification, return step 401;

Capability identification in the present embodiment comprises: not readablely can not to write, readablely can not to write, readablely to write;

As in the present embodiment, drm controller is as shown in the table,

User name	Path	Capability identification	Authority content
				testsmb1	/testsmb/ hehehe	1	Readablely to write
lilei	/ testsmb	1	Readablely can not to write
				testsmb2	/book/download/	0	Not readablely can not to write

As accessed catalogue for/testsmb/hehehe, then need the capability identification whether set of judgement/testsmb, in upper table, the capability identification set of/testsmb, then return the link information of capability identification set, returns step 401;

Step 409: device carries out parsing to operation requests packet and obtains session id, and judge whether include the session id of resolving and obtaining in the session id stored, be perform step 410, otherwise return error message, return step 401;

Step 410: device obtains operation catalogue from operation requests packet, detects the valid function mark in operation requests packet and the file corresponding to described operation catalogue carries out corresponding operating, returns step 401;

In the present embodiment, the implementation procedure of this step is identical with the implementation method of step 109 in embodiment one, repeats no more secondary.

As shown in Figure 5, when the valid function in operation requests packet is masked as establishment mark, device creates file under operation catalogue, and specific implementation process comprises:

Step 501: device obtains the login account corresponding with user ID according to session id;

Step 502: device obtains corresponding capability identification according to session id and judges whether set, is perform step 503; Otherwise perform step 504;

Concrete, in the present embodiment, represent when capability identification is 1 that all subdirectories inherit the authority of its parent directory completely, represent and revise the authority of subdirectory when capability identification is 0, the authority of subdirectory is different from his father's directory permission; Operating right as testsmb2 user in above table is 0, expression/book/download/ different with the authority of/book/;

Step 503: device judges whether group belonging to login account or logon account has the write permission of the root of operation catalogue in drm controller, is perform step 507, otherwise returns error message, return step 401;

Step 504: device judges whether operation catalogue is stored in drm controller, is perform step 505, otherwise performs step 506;

Step 505: device judges whether group belonging to login account or login account has the write permission of operation catalogue in drm controller, is return successful operation information, return step 401, otherwise return error message, return step 401;

Step 506: device finds the parent directory of first capability identification set in operation catalogue, and judge whether group belonging to login account or login account has the write permission of the parent directory found in drm controller, be perform step 507, otherwise return error message, return step 401;

Step 507: device creates file under operation catalogue, and judges whether to create successfully, is return successful operation information, return step 401, otherwise return error message, return step 401.

When the valid function in operation requests packet is masked as deleted marker, the file destination corresponding to operation catalogue is deleted by device, and specific implementation process as shown in Figure 6, comprising:

Step 601: described device obtains the logon account corresponding with user ID according to described session id;

In the present embodiment, the deterministic process of this step is identical with step 201 in embodiment one, does not repeat them here;

Step 602: device obtains corresponding capability identification according to session id and judges whether set, is perform step 603; Otherwise perform step 604;

Step 603: device judges whether group belonging to login account or login account has the write permission of the root of operation catalogue in drm controller, is return successful operation information, return step 401, otherwise return error message, return step 401;

Step 604: device judges whether operation catalogue is stored in drm controller, is perform step 605, otherwise performs step 608;

Step 605: device judges whether group belonging to login account or login account has the write permission of operation catalogue in drm controller, is perform step 606, otherwise returns error message, return step 401;

Step 606: device judges whether the parent directory operating catalogue exists in drm controller, is perform step 607, otherwise performs step 608;

Step 607: device judges whether group belonging to login account or login account has the write permission of the parent directory of operation catalogue, is perform step 610, otherwise returns error message, return step 401;

Step 608: device finds the parent directory of first capability identification set in operation catalogue;

Step 609: device judges whether group belonging to login account or login account has the write permission of the parent directory found in drm controller, is perform step 610, otherwise returns error message, return step 401;

Step 610: the Action Target that device deletion action catalogue is corresponding, the operation catalogue in erase right controller and operating right corresponding to subdirectory thereof, judge to delete whether success, return successful operation information, return step 401, otherwise return error message, return step 401;

When the valid function in operation requests packet is masked as reading mark, returns successful operation information, return step 401; Correspond to document as operated catalogue, device allows user to read destination document, and as operation catalogue corresponds to file, then device opens destination folder;

The method of the present embodiment is when user accesses, first search in drm controller the record of the parent directory whether having operation catalogue, if had, just can carry out corresponding operating (as read, deleting, create etc.) when login account has the write operation authority of this operation catalogue; If do not had, whether then device is searched in drm controller the record with this operation catalogue, if had, then device allows the login account of operating right to operate, achieve the object allowing specific user and user's group to carry out file and file to carry out operating, facilitate multiple department to conduct interviews.

Embodiment three

The embodiment of the present invention three provides a kind of device realizing file-sharing, as shown in Figure 7, comprising:

Receiver module 701, for receiving the request that client sends;

Detection module 702, for presetting the type of the request that the Data Detection receiver module 701 in byte receives according to first, in this way connection request then the first parsing module 704 work, in this way access request then the first acquisition module 707 work, in this way operation requests then the second parsing module 710 work, other are asked in this way, and operational module 703 works;

Concrete, in the present embodiment, detection module 702 specifically for detecting the data in the 9th byte in request, as being then connection request for the first preset data, as being then operation requests for the second preset data, as being then access request for the 3rd preset data;

Operational module 703, for carrying out corresponding operating according to other requests;

First parsing module 704, obtains log-on message for carrying out parsing to connection request packet;

Authentication module 705, for verifying log-on message, as being verified, store generation module 706 work, otherwise return module 713 to client return connection error mark;

In the present embodiment, login account and login password ciphertext is comprised in log-on message; Authentication module 705 comprises:

4th judging unit, for judging whether login account exists in identity authentication, is then second acquisition unit work, otherwise return module 713 to client return connection error mark;

Second acquisition unit, for obtaining corresponding login password ciphertext on identity authentication according to login account;

5th judging unit, whether whether consistent with the login password ciphertext obtained for judging to resolve the login password ciphertext obtained, be store generation module 706 and work; Otherwise return module 713 and return connection error mark to client;

Storing generation module 706, for storing the login account in log-on message, generating corresponding user ID;

First acquisition module 707, for obtaining user ID and access catalogue from access request data bag;

First judge module 708, for judge to access catalogue operating right whether to the login account corresponding with user ID or login account place group open, be that generation module 709 works, otherwise return module 713 and return connection error mark to client;

In the present embodiment, the first judge module 708 comprises:

6th judging unit, for judging that the root of accessing catalogue is whether in share directory list, is then the 7th judging unit work, otherwise returns module 713 and return connection error mark to client;

7th judging unit, for judging to organize belonging to login account or login account the read right of root whether having access catalogue, is that generation module 709 works, otherwise returns module 713 and return connection error mark to client;

Generation module 709, for generating the session id corresponding with user ID and storing;

Second parsing module 710, obtains session id for carrying out parsing to operation requests packet;

Second judge module 711, resolving for judging whether to include in the session id that stores the session id that obtains, is obtain detection module 712 and work, otherwise returns module and return connection error mark to 713 clients;

Obtain detection module 712, for obtaining operation catalogue from operation requests packet, detecting the valid function mark in operation requests packet and corresponding operating is carried out to the file operating catalogue corresponding, specifically comprising:

Detecting unit 7121, for detecting the valid function mark in operation requests packet, when reading mark and being effective, returning module 713 and returning permission operation information to client;

Concrete, in the present embodiment, detecting unit is specifically for obtaining operation information data from the predeterminated position in operation requests packet, operation information data first half section and second half section are separately converted to binary data string, and latter three of binary data string first half section are compared with the corresponding position of latter three of binary data string second half section, as identical in the data on corresponding position, then the operation flag of bit representation is effective; Wherein, latter three of binary data string first half section represent reading mark, establishment mark, deleted marker successively;

First acquiring unit 7122; For obtaining the logon account corresponding with user ID according to session id;

First judging unit 7123, for judging to organize belonging to login account or login account the write permission of the parent directory whether having operation catalogue, be create setting unit 7124 or the 3rd judging unit 7126 works, otherwise return module 713 and return error message to client;

Create setting unit 7124, for creating file and to arrange the operating right of file in drm controller consistent with parent directory under operation catalogue;

Second judging unit 7125, for judging the operation whether success creating file and arrange authority, is return module 713 and return successful operation information to client, otherwise returns module 713 and return error message to client;

3rd judging unit 7126, organizing for judging the write permission whether having Action Target, being belonging to login account or login account, delete judging unit 7127 and work, otherwise returns module 713 and return error message to client;

Delete judging unit 7127, for the Action Target that deletion action catalogue is corresponding, operation catalogue in erase right controller and the operating right of subdirectory thereof, and judge that whether deletion action is successful, be return module 713 and return successful operation information to client, otherwise return module 713 and return error message to client;

Return module 713, the error message when session id that the connection error mark when user ID, the first judge module 708 that generate for marking the connection error of the operating result of operational module 703, authentication module 705 authentication failed, storing generation module 706 are judged as NO, generation module 709 generate, the second judge module 711 are judged as NO, the operating result obtaining detection module 712 return to client.

Embodiment four

The embodiment of the present invention four provides a kind of device realizing file-sharing, as shown in Figure 8, comprising:

Receiver module 801, for receiving the request that client sends;

Detection module 802, for presetting the type of the request that the Data Detection receiver module 801 in byte receives according to first, in this way connection request then the first parsing module 804 work, in this way access request then the first acquisition module 807 work, in this way operation requests then the second parsing module 811 work, other are asked in this way, and operational module 803 works;

Concrete, in the present embodiment, detection module 802 specifically for detecting the data in the 9th byte in request, as being then connection request for the first preset data, as being then operation requests for the second preset data, as being then access request for the 3rd preset data;

Operational module 803, for carrying out corresponding operating according to other requests;

First parsing module 804, obtains log-on message for carrying out parsing to connection request packet;

Authentication module 805, for verifying log-on message, as being verified, store generation module 806 work, otherwise return module 814 to client return connection error mark;

Log-on message in the present embodiment comprises login account and login password ciphertext; Authentication module 805 comprises:

7th judging unit, for judging whether login account exists in identity authentication, is then second acquisition unit work, otherwise return module 814 to client return connection error mark;

8th judging unit, whether whether consistent with the login password ciphertext obtained for judging to resolve the login password ciphertext obtained, be store generation module 806 and work; Otherwise return module 814 and return connection error mark to client;

Storing generation module 806, for being stored in drm controller by the login account in log-on message, generating corresponding user ID; The capability identification of operation catalogue and the correspondence thereof pre-set also is stored in drm controller;

First acquisition module 807, for obtaining user ID and access catalogue from access request data bag;

First judge module 808, for judge to access catalogue operating right whether to the login account corresponding with user ID or login account place group open, be that generation module 809 works, otherwise return module 814 and return connection error mark to client;

Concrete, in the present embodiment, the first judge module 808 comprises:

9th judging unit, for judging that the root of accessing catalogue is whether in share directory list, is then the tenth judging unit work, otherwise returns module 814 and return connection error mark to client;

Tenth judging unit, for judging to organize belonging to login account or login account the read right of root whether having access catalogue, is that generation module 809 works, otherwise returns module 814 and return connection error mark to client;

Generation module 809, for generating the session id corresponding with user ID and storing;

Search judge module 810, for searching the capability identification of corresponding root according to access catalogue in drm controller, and judging its whether set, is return module 814 returns session id and capability identification set link information to client; Otherwise return module 814 returns the non-set of capability identification link information to client;

Second parsing module 811, obtains session id for carrying out parsing to operation requests packet;

Second judge module 812, resolving for judging whether to include in the session id that stores the session id that obtains, is obtain detection module 813 and work, otherwise returns module 814 and return connection error mark to client;

Obtain detection module 813, for obtaining operation catalogue from operation requests packet, detecting the valid function mark in operation requests packet and corresponding operating is carried out to the file operating catalogue corresponding, specifically comprising:

Detecting unit 8131, for detecting the valid function mark in operation requests packet, when reading mark and being effective, returning module 814 and returning permission operation information to client;

Concrete, in the present embodiment, detecting unit 8131 obtains operation information data from the predeterminated position operation requests packet, operation information data first half section and second half section are separately converted to binary string serial data, and latter three of binary data string first half section are compared with the corresponding position of latter three of binary data string second half section, as identical in the data on corresponding position, then the operation flag of bit representation is effective; Wherein, latter three of binary data string first half section represent reading mark, establishment mark, deleted marker successively;

First acquiring unit 8132; For obtaining the logon account corresponding with user ID according to session id;

Obtaining judging unit 8133, for obtaining corresponding capability identification according to session id and judging its whether set, is that the first judging unit 8134 or the 5th judging unit 81310 work; Otherwise the second judging unit 8135 works;

First judging unit 8134, for judging whether group belonging to login account or login account has the write permission of root of operation catalogue in drm controller, is create setting unit 8139 and work, otherwise returns module 814 and returns error message to client;

Second judging unit 8135, for judging whether operation catalogue is stored in drm controller, is that the 3rd judging unit 8136 works, otherwise searching unit 8137 works;

3rd judging unit 8136, for judging whether group belonging to login account or login account has the write permission of operation catalogue in drm controller, be return module 814 and return successful operation information to client or the 6th judging unit 81311 works, otherwise return module 814 and return error message to client or find cell operation;

Find unit 8137, for the parent directory of searching first capability identification in operation catalogue set;

4th judging unit 8138, for judging whether group belonging to login account or login account has the write permission of parent directory in drm controller, be create setting unit 8139 or delete judging unit 81312 and work, otherwise return module 814 and return error message to client;

Create setting unit 8139, for creating file under operation catalogue, and judging whether to create successfully, is return module 814 and return successful operation information to client, otherwise returns module 814 and return error message to client;

5th judging unit 81310, for judging whether group belonging to login account or login account has the write permission of the parent directory of operation catalogue in drm controller, be return module 814 and return successful operation information to client, otherwise return module 814 and return error message to client;

6th judging unit 81311, for judging whether the parent directory operating catalogue exists in drm controller, is that the 4th judge module 8138 works, otherwise searching module 8137 works;

Delete judging unit 81312, for the Action Target that deletion action catalogue is corresponding, operation catalogue in erase right controller and the operating right of subdirectory thereof, and judge that whether deletion action is successful, return module 814 and return successful operation information to client, otherwise return module give 814 clients return error message;

Return module 814, the connection error mark when link information of the connection error mark when user ID, the first judge module 808 that generate for marking the connection error of the operating result of operational module 803, authentication module 805 authentication failed, storing generation module 806 are judged as NO, session id when searching being judged as YES of judge module 810, the link information of capability identification set and the non-set of capability identification when being judged as NO, the second judge module 812 are judged as NO, the operating result obtaining detection module 813 return to client.

File in shared resource is arranged different operation authority by the device in the present embodiment, no longer root is confined to the setting of access rights, but priority assignation is carried out to its subdirectory or darker catalogue, thus realize the access of All Files and file to open specific user, make different user access shared resource simple and convenient.

The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in technical scope disclosed by the invention; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims

1. realize a method for file-sharing, it is characterized in that, comprising:

2. the method as shown in claim 1, it is characterized in that, detect described request type in described step S1 to be specially: detect the data in the 9th byte in described request, as connection request as described in for the first preset data being then, as operation requests as described in for the second preset data being then, as access request as described in for the 3rd preset data being then.

3. the method as shown in claim 1, is characterized in that, comprises described login account and login password ciphertext in the described log-on message in described step S2; Describedly checking carried out to described log-on message comprise:

4. the method as shown in claim 1, is characterized in that, whether the operating right judging described access catalogue in described step S3 is open to group belonging to login account corresponding to described user ID or described login account, specifically comprises:

5. the method as shown in claim 1, is characterized in that, detects the valid function mark in described operation requests packet, specifically comprise in described step S5:

Described device obtains operation information data from the predeterminated position described operation requests packet, described operation information data first half section and second half section are separately converted to binary data string, and latter three of described binary data string first half section are compared with the corresponding position in latter three of the described binary data string second half section, as identical in the data on corresponding position, then the operation flag represented by described corresponding position is effective; Wherein, rear three operation flag represented successively of binary data string first half section are for reading mark, creating mark, deleted marker.

6. realize a method for file-sharing, it is characterized in that, comprising:

7. the method as shown in claim 6, it is characterized in that, detect request type in described step P1 to be specially: detect the data in the 9th byte in described request, as connection request as described in for the first preset data being then, as operation requests as described in for the second preset data being then, as access request as described in for the 3rd preset data being then.

8. the method as shown in claim 6, is characterized in that, the described log-on message in described step P2 comprises described login account and login password ciphertext;

Describedly checking carried out to described log-on message comprise:

9. the method as shown in claim 6, is characterized in that, whether the operating right judging described access catalogue in described step P3 is open to group belonging to login account corresponding to described user ID or described login account, specifically comprises:

10. the method as shown in claim 6, is characterized in that, detects the valid function mark in described operation requests packet, specifically comprise in step P6:

11. 1 kinds of devices realizing file-sharing, is characterized in that, comprising:

Receiver module, for receiving the request that client sends;

12. devices as shown in claim 11, it is characterized in that, described detection module is specifically for detecting the data in the 9th byte in described request, as connection request as described in for the first preset data being then, as operation requests as described in for the second preset data being then, as access request as described in for the 3rd preset data being then.

13. devices as shown in claim 11, is characterized in that, comprise described login account and login password ciphertext in described log-on message; Described authentication module comprises:

14. devices as shown in claim 11, it is characterized in that, described first judge module comprises:

15. devices as shown in claim 11, it is characterized in that, described detecting unit is specifically for obtaining operation information data from the predeterminated position in described operation requests packet, described operation information data first half section and second half section are separately converted to binary data string, and latter three of described binary data string first half section are compared with the corresponding position in latter three of the described binary data string second half section, as identical in the data on corresponding position, then the operation flag represented by described corresponding position is effective; Wherein, rear three operation flag represented successively of binary data string first half section are for reading mark, creating mark, deleted marker.

16. 1 kinds of devices realizing file-sharing, is characterized in that, comprising:

Receiver module, for receiving the request that client sends;

17. devices as shown in claim 16, it is characterized in that, described detection module is specifically for detecting the data in the 9th byte in described request, as connection request as described in for the first preset data being then, as operation requests as described in for the second preset data being then, as access request as described in for the 3rd preset data being then.

18. devices as shown in claim 16, it is characterized in that, described log-on message comprises described login account and login password ciphertext; Described authentication module comprises:

19. devices as shown in claim 16, it is characterized in that, described first judge module comprises:

20. devices as shown in claim 16, it is characterized in that, described detecting unit obtains operation information data from the predeterminated position described operation requests packet, described operation information data first half section and second half section are separately converted to binary string serial data, and latter three of described binary data string first half section are compared with the corresponding position in latter three of the described binary data string second half section, as identical in the data on corresponding position, then the operation flag represented by described corresponding position is effective; Wherein, rear three operation flag represented successively of binary data string first half section are for reading mark, creating mark, deleted marker.