diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2021-10-29 18:27:30 +0200 |
---|---|---|
committer | Robin Appelman <robin@icewind.nl> | 2022-01-20 16:08:44 +0100 |
commit | a836aa34a66da4d970d0120a08ea15d70f5e1894 (patch) | |
tree | 2addfe4c69248962ecd108785538a328ed9eb398 | |
parent | a96d46198871f1c77fc160a6da0814c91a57338e (diff) | |
download | nextcloud-server-a836aa34a66da4d970d0120a08ea15d70f5e1894.tar.gz nextcloud-server-a836aa34a66da4d970d0120a08ea15d70f5e1894.zip |
add changes from Sebastian/dassIT and move default_realm to backend
- Sebastian added the switch depending on the preg_match result and with it
the fall back to login credentials
- I turned default_realm to a backend option (was previously suggested as
system config key)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
-rw-r--r-- | apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php | 9 | ||||
-rw-r--r-- | apps/files_external/lib/Lib/Backend/SMB.php | 23 |
2 files changed, 27 insertions, 5 deletions
diff --git a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php index 64503810225..88aaa417a87 100644 --- a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php +++ b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php @@ -25,6 +25,7 @@ namespace OCA\Files_External\Lib\Auth\SMB; use OCA\Files_External\Lib\Auth\AuthMechanism; +use OCA\Files_External\Lib\DefinitionParameter; use OCP\Authentication\LoginCredentials\IStore; use OCP\IL10N; @@ -33,10 +34,16 @@ class KerberosApacheAuth extends AuthMechanism { private $credentialsStore; public function __construct(IL10N $l, IStore $credentialsStore) { + $realm = new DefinitionParameter('default_realm', 'Default realm'); + $realm + ->setType(DefinitionParameter::VALUE_TEXT) + ->setFlag(DefinitionParameter::FLAG_OPTIONAL) + ->setTooltip($l->t('Kerberos default realm, defaults to "WORKGROUP"')); $this ->setIdentifier('smb::kerberosapache') ->setScheme(self::SCHEME_SMB) - ->setText($l->t('Kerberos ticket apache mode')); + ->setText($l->t('Kerberos ticket apache mode')) + ->addParameter($realm); $this->credentialsStore = $credentialsStore; } diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php index 99e48b1433d..b6854e6938d 100644 --- a/apps/files_external/lib/Lib/Backend/SMB.php +++ b/apps/files_external/lib/Lib/Backend/SMB.php @@ -32,6 +32,7 @@ use Icewind\SMB\KerberosApacheAuth; use Icewind\SMB\KerberosAuth; use OCA\Files_External\Lib\Auth\AuthMechanism; use OCA\Files_External\Lib\Auth\Password\Password; +use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism; use OCA\Files_External\Lib\DefinitionParameter; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill; @@ -89,6 +90,9 @@ class SMB extends Backend { $smbAuth = new KerberosAuth(); break; case 'smb::kerberosapache': + if (!$auth instanceof KerberosApacheAuthMechanism) { + throw new \InvalidArgumentException('invalid authentication backend'); + } $credentialsStore = $auth->getCredentialsStore(); $kerb_auth = new KerberosApacheAuth(); if ($kerb_auth->checkTicket()) { @@ -99,12 +103,23 @@ class SMB extends Backend { $credentials = $credentialsStore->getLoginCredentials(); $user = $credentials->getLoginName(); $pass = $credentials->getPassword(); - if (preg_match('/(.*)@(.*)/', $user, $matches) !== 1) { - throw new InsufficientDataForMeaningfulAnswerException('No valid session credentials'); + preg_match('/(.*)@(.*)/', $user, $matches); + $realm = $storage->getBackendOption('default_realm'); + if (empty($realm)) { + $realm = 'WORKGROUP'; + } + $userPart = $matches[1]; + $domainPart = $matches[2]; + if (count($matches) === 0) { + $username = $user; + $workgroup = $realm; + } else { + $username = $userPart; + $workgroup = $domainPart; } $smbAuth = new BasicAuth( - $matches[0], - $matches[1], + $username, + $workgroup, $pass ); } catch (\Exception $e) { |