diff options
author | Morris Jobke <hey@morrisjobke.de> | 2018-06-08 09:23:47 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-08 09:23:47 +0200 |
commit | bbfc028169ea453fb561d4e5ffe73f90bd1139a9 (patch) | |
tree | a3272e8a78694fd984a028c8229a31767f1f015f /apps | |
parent | b34111bfc9230670819e7894476977c09cf83adf (diff) | |
parent | 2b19add6b07d8339e4d6dbc63434142ca5022170 (diff) | |
download | nextcloud-server-bbfc028169ea453fb561d4e5ffe73f90bd1139a9.tar.gz nextcloud-server-bbfc028169ea453fb561d4e5ffe73f90bd1139a9.zip |
Merge pull request #9786 from nextcloud/feature/noid/external_sftp_password_and_key
Add SFTP auth mechanism to use a password and private key for SFTP
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files_external/js/public_key.js | 2 | ||||
-rw-r--r-- | apps/files_external/lib/AppInfo/Application.php | 2 | ||||
-rw-r--r-- | apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php | 65 | ||||
-rw-r--r-- | apps/files_external/lib/Lib/Storage/SFTP.php | 23 |
4 files changed, 85 insertions, 7 deletions
diff --git a/apps/files_external/js/public_key.js b/apps/files_external/js/public_key.js index 669f1095735..6856c7d021f 100644 --- a/apps/files_external/js/public_key.js +++ b/apps/files_external/js/public_key.js @@ -1,7 +1,7 @@ $(document).ready(function() { OCA.External.Settings.mountConfig.whenSelectAuthMechanism(function($tr, authMechanism, scheme, onCompletion) { - if (scheme === 'publickey') { + if (scheme === 'publickey' && authMechanism === 'publickey::rsa') { var config = $tr.find('.configuration'); if ($(config).find('[name="public_key_generate"]').length === 0) { setupTableRow($tr, config); diff --git a/apps/files_external/lib/AppInfo/Application.php b/apps/files_external/lib/AppInfo/Application.php index f312e065114..e372a906bab 100644 --- a/apps/files_external/lib/AppInfo/Application.php +++ b/apps/files_external/lib/AppInfo/Application.php @@ -29,6 +29,7 @@ namespace OCA\Files_External\AppInfo; +use OCA\Files_External\Lib\Auth\PublicKey\RSAPrivateKey; use \OCP\AppFramework\App; use OCP\AppFramework\IAppContainer; use \OCA\Files_External\Service\BackendService; @@ -138,6 +139,7 @@ class Application extends App implements IBackendProvider, IAuthMechanismProvide // AuthMechanism::SCHEME_PUBLICKEY mechanisms $container->query(RSA::class), + $container->query(RSAPrivateKey::class), // AuthMechanism::SCHEME_OPENSTACK mechanisms $container->query(OpenStackV2::class), diff --git a/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php b/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php new file mode 100644 index 00000000000..fecdbae9e4e --- /dev/null +++ b/apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php @@ -0,0 +1,65 @@ +<?php +/** + * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +namespace OCA\Files_External\Lib\Auth\PublicKey; + +use \OCP\IL10N; +use \OCA\Files_External\Lib\DefinitionParameter; +use \OCA\Files_External\Lib\Auth\AuthMechanism; +use \OCA\Files_External\Lib\StorageConfig; +use \OCP\IConfig; +use OCP\IUser; +use \phpseclib\Crypt\RSA as RSACrypt; + +/** + * RSA public key authentication + */ +class RSAPrivateKey extends AuthMechanism { + + /** @var IConfig */ + private $config; + + public function __construct(IL10N $l, IConfig $config) { + $this->config = $config; + + $this + ->setIdentifier('publickey::rsa_private') + ->setScheme(self::SCHEME_PUBLICKEY) + ->setText($l->t('RSA private key')) + ->addParameters([ + new DefinitionParameter('user', $l->t('Username')), + (new DefinitionParameter('password', $l->t('Password'))) + ->setFlag(DefinitionParameter::FLAG_OPTIONAL) + ->setType(DefinitionParameter::VALUE_PASSWORD), + new DefinitionParameter('private_key', $l->t('Private key')), + ]); + } + + public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) { + $auth = new RSACrypt(); + $auth->setPassword($this->config->getSystemValue('secret', '')); + if (!$auth->loadKey($storage->getBackendOption('private_key'))) { + throw new \RuntimeException('unable to load private key'); + } + $storage->setBackendOption('public_key_auth', $auth); + } +} diff --git a/apps/files_external/lib/Lib/Storage/SFTP.php b/apps/files_external/lib/Lib/Storage/SFTP.php index 6bd77dd2496..9340b08fefc 100644 --- a/apps/files_external/lib/Lib/Storage/SFTP.php +++ b/apps/files_external/lib/Lib/Storage/SFTP.php @@ -47,7 +47,7 @@ class SFTP extends \OC\Files\Storage\Common { private $root; private $port = 22; - private $auth; + private $auth = []; /** * @var \phpseclib\Net\SFTP @@ -93,10 +93,13 @@ class SFTP extends \OC\Files\Storage\Common { $this->user = $params['user']; if (isset($params['public_key_auth'])) { - $this->auth = $params['public_key_auth']; - } elseif (isset($params['password'])) { - $this->auth = $params['password']; - } else { + $this->auth[] = $params['public_key_auth']; + } + if (isset($params['password']) && $params['password'] !== '') { + $this->auth[] = $params['password']; + } + + if ($this->auth === []) { throw new \UnexpectedValueException('no authentication parameters specified'); } @@ -132,7 +135,15 @@ class SFTP extends \OC\Files\Storage\Common { $this->writeHostKeys($hostKeys); } - if (!$this->client->login($this->user, $this->auth)) { + $login = false; + foreach ($this->auth as $auth) { + $login = $this->client->login($this->user, $auth); + if ($login === true) { + break; + } + } + + if ($login === false) { throw new \Exception('Login failed'); } return $this->client; |