namespace OCA\Files_External\Lib\Auth\SMB;
use OCA\Files_External\Lib\Auth\AuthMechanism;
+use OCA\Files_External\Lib\DefinitionParameter;
use OCP\Authentication\LoginCredentials\IStore;
use OCP\IL10N;
private $credentialsStore;
public function __construct(IL10N $l, IStore $credentialsStore) {
+ $realm = new DefinitionParameter('default_realm', 'Default realm');
+ $realm
+ ->setType(DefinitionParameter::VALUE_TEXT)
+ ->setFlag(DefinitionParameter::FLAG_OPTIONAL)
+ ->setTooltip($l->t('Kerberos default realm, defaults to "WORKGROUP"'));
$this
->setIdentifier('smb::kerberosapache')
->setScheme(self::SCHEME_SMB)
- ->setText($l->t('Kerberos ticket apache mode'));
+ ->setText($l->t('Kerberos ticket apache mode'))
+ ->addParameter($realm);
$this->credentialsStore = $credentialsStore;
}
use Icewind\SMB\KerberosAuth;
use OCA\Files_External\Lib\Auth\AuthMechanism;
use OCA\Files_External\Lib\Auth\Password\Password;
+use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism;
use OCA\Files_External\Lib\DefinitionParameter;
use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill;
$smbAuth = new KerberosAuth();
break;
case 'smb::kerberosapache':
+ if (!$auth instanceof KerberosApacheAuthMechanism) {
+ throw new \InvalidArgumentException('invalid authentication backend');
+ }
$credentialsStore = $auth->getCredentialsStore();
$kerb_auth = new KerberosApacheAuth();
if ($kerb_auth->checkTicket()) {
$credentials = $credentialsStore->getLoginCredentials();
$user = $credentials->getLoginName();
$pass = $credentials->getPassword();
- if (preg_match('/(.*)@(.*)/', $user, $matches) !== 1) {
- throw new InsufficientDataForMeaningfulAnswerException('No valid session credentials');
+ preg_match('/(.*)@(.*)/', $user, $matches);
+ $realm = $storage->getBackendOption('default_realm');
+ if (empty($realm)) {
+ $realm = 'WORKGROUP';
+ }
+ $userPart = $matches[1];
+ $domainPart = $matches[2];
+ if (count($matches) === 0) {
+ $username = $user;
+ $workgroup = $realm;
+ } else {
+ $username = $userPart;
+ $workgroup = $domainPart;
}
$smbAuth = new BasicAuth(
- $matches[0],
- $matches[1],
+ $username,
+ $workgroup,
$pass
);
} catch (\Exception $e) {