summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2021-10-29 18:27:30 +0200
committerRobin Appelman <robin@icewind.nl>2022-01-20 16:08:44 +0100
commita836aa34a66da4d970d0120a08ea15d70f5e1894 (patch)
tree2addfe4c69248962ecd108785538a328ed9eb398
parenta96d46198871f1c77fc160a6da0814c91a57338e (diff)
downloadnextcloud-server-a836aa34a66da4d970d0120a08ea15d70f5e1894.tar.gz
nextcloud-server-a836aa34a66da4d970d0120a08ea15d70f5e1894.zip
add changes from Sebastian/dassIT and move default_realm to backend
- Sebastian added the switch depending on the preg_match result and with it the fall back to login credentials - I turned default_realm to a backend option (was previously suggested as system config key) Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
-rw-r--r--apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php9
-rw-r--r--apps/files_external/lib/Lib/Backend/SMB.php23
2 files changed, 27 insertions, 5 deletions
diff --git a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php
index 64503810225..88aaa417a87 100644
--- a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php
+++ b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php
@@ -25,6 +25,7 @@
namespace OCA\Files_External\Lib\Auth\SMB;
use OCA\Files_External\Lib\Auth\AuthMechanism;
+use OCA\Files_External\Lib\DefinitionParameter;
use OCP\Authentication\LoginCredentials\IStore;
use OCP\IL10N;
@@ -33,10 +34,16 @@ class KerberosApacheAuth extends AuthMechanism {
private $credentialsStore;
public function __construct(IL10N $l, IStore $credentialsStore) {
+ $realm = new DefinitionParameter('default_realm', 'Default realm');
+ $realm
+ ->setType(DefinitionParameter::VALUE_TEXT)
+ ->setFlag(DefinitionParameter::FLAG_OPTIONAL)
+ ->setTooltip($l->t('Kerberos default realm, defaults to "WORKGROUP"'));
$this
->setIdentifier('smb::kerberosapache')
->setScheme(self::SCHEME_SMB)
- ->setText($l->t('Kerberos ticket apache mode'));
+ ->setText($l->t('Kerberos ticket apache mode'))
+ ->addParameter($realm);
$this->credentialsStore = $credentialsStore;
}
diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php
index 99e48b1433d..b6854e6938d 100644
--- a/apps/files_external/lib/Lib/Backend/SMB.php
+++ b/apps/files_external/lib/Lib/Backend/SMB.php
@@ -32,6 +32,7 @@ use Icewind\SMB\KerberosApacheAuth;
use Icewind\SMB\KerberosAuth;
use OCA\Files_External\Lib\Auth\AuthMechanism;
use OCA\Files_External\Lib\Auth\Password\Password;
+use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism;
use OCA\Files_External\Lib\DefinitionParameter;
use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill;
@@ -89,6 +90,9 @@ class SMB extends Backend {
$smbAuth = new KerberosAuth();
break;
case 'smb::kerberosapache':
+ if (!$auth instanceof KerberosApacheAuthMechanism) {
+ throw new \InvalidArgumentException('invalid authentication backend');
+ }
$credentialsStore = $auth->getCredentialsStore();
$kerb_auth = new KerberosApacheAuth();
if ($kerb_auth->checkTicket()) {
@@ -99,12 +103,23 @@ class SMB extends Backend {
$credentials = $credentialsStore->getLoginCredentials();
$user = $credentials->getLoginName();
$pass = $credentials->getPassword();
- if (preg_match('/(.*)@(.*)/', $user, $matches) !== 1) {
- throw new InsufficientDataForMeaningfulAnswerException('No valid session credentials');
+ preg_match('/(.*)@(.*)/', $user, $matches);
+ $realm = $storage->getBackendOption('default_realm');
+ if (empty($realm)) {
+ $realm = 'WORKGROUP';
+ }
+ $userPart = $matches[1];
+ $domainPart = $matches[2];
+ if (count($matches) === 0) {
+ $username = $user;
+ $workgroup = $realm;
+ } else {
+ $username = $userPart;
+ $workgroup = $domainPart;
}
$smbAuth = new BasicAuth(
- $matches[0],
- $matches[1],
+ $username,
+ $workgroup,
$pass
);
} catch (\Exception $e) {