add changes from Sebastian/dassIT and move default_realm to backend

- Sebastian added the switch depending on the preg_match result and with it
  the fall back to login credentials
- I turned default_realm to a backend option (was previously suggested as
  system config key)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

diff --git a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php
index 645038102256d4ba7d6eaea997ba4e657aaa79de..88aaa417a87e342cd01d55d354f011d0f86cba79 100644 (file)
--- a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php
+++ b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php
@@ -25,6 +25,7 @@
 namespace OCA\Files_External\Lib\Auth\SMB;
 
 use OCA\Files_External\Lib\Auth\AuthMechanism;
+use OCA\Files_External\Lib\DefinitionParameter;
 use OCP\Authentication\LoginCredentials\IStore;
 use OCP\IL10N;
 
@@ -33,10 +34,16 @@ class KerberosApacheAuth extends AuthMechanism {
        private $credentialsStore;
 
        public function __construct(IL10N $l, IStore $credentialsStore) {
+               $realm = new DefinitionParameter('default_realm', 'Default realm');
+               $realm
+                       ->setType(DefinitionParameter::VALUE_TEXT)
+                       ->setFlag(DefinitionParameter::FLAG_OPTIONAL)
+                       ->setTooltip($l->t('Kerberos default realm, defaults to "WORKGROUP"'));
                $this
                        ->setIdentifier('smb::kerberosapache')
                        ->setScheme(self::SCHEME_SMB)
-                       ->setText($l->t('Kerberos ticket apache mode'));
+                       ->setText($l->t('Kerberos ticket apache mode'))
+                       ->addParameter($realm);
                $this->credentialsStore = $credentialsStore;
        }
 

diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php
index 99e48b1433d081c17b8e2234b21373827b2618f3..b6854e6938d19d98a6a245a00a38185efd4ed461 100644 (file)
--- a/apps/files_external/lib/Lib/Backend/SMB.php
+++ b/apps/files_external/lib/Lib/Backend/SMB.php
@@ -32,6 +32,7 @@ use Icewind\SMB\KerberosApacheAuth;
 use Icewind\SMB\KerberosAuth;
 use OCA\Files_External\Lib\Auth\AuthMechanism;
 use OCA\Files_External\Lib\Auth\Password\Password;
+use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism;
 use OCA\Files_External\Lib\DefinitionParameter;
 use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
 use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill;
@@ -89,6 +90,9 @@ class SMB extends Backend {
                                        $smbAuth = new KerberosAuth();
                                        break;
                                case 'smb::kerberosapache':
+                                       if (!$auth instanceof KerberosApacheAuthMechanism) {
+                                               throw new \InvalidArgumentException('invalid authentication backend');
+                                       }
                                        $credentialsStore = $auth->getCredentialsStore();
                                        $kerb_auth = new KerberosApacheAuth();
                                        if ($kerb_auth->checkTicket()) {
@@ -99,12 +103,23 @@ class SMB extends Backend {
                                                        $credentials = $credentialsStore->getLoginCredentials();
                                                        $user = $credentials->getLoginName();
                                                        $pass = $credentials->getPassword();
-                                                       if (preg_match('/(.*)@(.*)/', $user, $matches) !== 1) {
-                                                               throw new InsufficientDataForMeaningfulAnswerException('No valid session credentials');
+                                                       preg_match('/(.*)@(.*)/', $user, $matches);
+                                                       $realm = $storage->getBackendOption('default_realm');
+                                                       if (empty($realm)) {
+                                                               $realm = 'WORKGROUP';
+                                                       }
+                                                       $userPart = $matches[1];
+                                                       $domainPart = $matches[2];
+                                                       if (count($matches) === 0) {
+                                                               $username = $user;
+                                                               $workgroup = $realm;
+                                                       } else {
+                                                               $username = $userPart;
+                                                               $workgroup = $domainPart;
                                                        }
                                                        $smbAuth = new BasicAuth(
-                                                               $matches[0],
-                                                               $matches[1],
+                                                               $username,
+                                                               $workgroup,
                                                                $pass
                                                        );
                                                } catch (\Exception $e) {