1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<?php
/**
* SPDX-FileCopyrightText: 2018-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OCA\Files_External\Lib\Backend;
use Icewind\SMB\BasicAuth;
use Icewind\SMB\KerberosApacheAuth;
use Icewind\SMB\KerberosAuth;
use Icewind\SMB\Native\NativeServer;
use Icewind\SMB\Wrapped\Server;
use OCA\Files_External\Lib\Auth\AuthMechanism;
use OCA\Files_External\Lib\Auth\Password\Password;
use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism;
use OCA\Files_External\Lib\DefinitionParameter;
use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
use OCA\Files_External\Lib\MissingDependency;
use OCA\Files_External\Lib\Storage\SystemBridge;
use OCA\Files_External\Lib\StorageConfig;
use OCP\IL10N;
use OCP\IUser;
class SMB extends Backend {
public function __construct(IL10N $l, Password $legacyAuth) {
$this
->setIdentifier('smb')
->addIdentifierAlias('\OC\Files\Storage\SMB')// legacy compat
->setStorageClass('\OCA\Files_External\Lib\Storage\SMB')
->setText($l->t('SMB/CIFS'))
->addParameters([
new DefinitionParameter('host', $l->t('Host')),
new DefinitionParameter('share', $l->t('Share')),
(new DefinitionParameter('root', $l->t('Remote subfolder')))
->setFlag(DefinitionParameter::FLAG_OPTIONAL),
(new DefinitionParameter('domain', $l->t('Domain')))
->setFlag(DefinitionParameter::FLAG_OPTIONAL),
(new DefinitionParameter('show_hidden', $l->t('Show hidden files')))
->setType(DefinitionParameter::VALUE_BOOLEAN)
->setFlag(DefinitionParameter::FLAG_OPTIONAL),
(new DefinitionParameter('case_sensitive', $l->t('Case sensitive file system')))
->setType(DefinitionParameter::VALUE_BOOLEAN)
->setFlag(DefinitionParameter::FLAG_OPTIONAL)
->setDefaultValue(true)
->setTooltip($l->t('Disabling it will allow to use a case insensitive file system, but comes with a performance penalty')),
(new DefinitionParameter('check_acl', $l->t('Verify ACL access when listing files')))
->setType(DefinitionParameter::VALUE_BOOLEAN)
->setFlag(DefinitionParameter::FLAG_OPTIONAL)
->setTooltip($l->t("Check the ACL's of each file or folder inside a directory to filter out items where the account has no read permissions, comes with a performance penalty")),
(new DefinitionParameter('timeout', $l->t('Timeout')))
->setType(DefinitionParameter::VALUE_TEXT)
->setFlag(DefinitionParameter::FLAG_OPTIONAL)
->setFlag(DefinitionParameter::FLAG_HIDDEN),
])
->addAuthScheme(AuthMechanism::SCHEME_PASSWORD)
->addAuthScheme(AuthMechanism::SCHEME_SMB)
->setLegacyAuthMechanism($legacyAuth);
}
/**
* @return void
*/
public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) {
$auth = $storage->getAuthMechanism();
if ($auth->getScheme() === AuthMechanism::SCHEME_PASSWORD) {
if (!is_string($storage->getBackendOption('user')) || !is_string($storage->getBackendOption('password'))) {
throw new \InvalidArgumentException('user or password is not set');
}
$smbAuth = new BasicAuth(
$storage->getBackendOption('user'),
$storage->getBackendOption('domain'),
$storage->getBackendOption('password')
);
} else {
switch ($auth->getIdentifier()) {
case 'smb::kerberos':
$smbAuth = new KerberosAuth();
break;
case 'smb::kerberosapache':
if (!$auth instanceof KerberosApacheAuthMechanism) {
throw new \InvalidArgumentException('invalid authentication backend');
}
$credentialsStore = $auth->getCredentialsStore();
$kerbAuth = new KerberosApacheAuth();
// check if a kerberos ticket is available, else fallback to session credentials
if ($kerbAuth->checkTicket()) {
$smbAuth = $kerbAuth;
} else {
try {
$credentials = $credentialsStore->getLoginCredentials();
$user = $credentials->getLoginName();
$pass = $credentials->getPassword();
preg_match('/(.*)@(.*)/', $user, $matches);
$realm = $storage->getBackendOption('default_realm');
if (empty($realm)) {
$realm = 'WORKGROUP';
}
if (count($matches) === 0) {
$username = $user;
$workgroup = $realm;
} else {
$username = $matches[1];
$workgroup = $matches[2];
}
$smbAuth = new BasicAuth(
$username,
$workgroup,
$pass
);
} catch (\Exception $e) {
throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved');
}
}
break;
default:
throw new \InvalidArgumentException('unknown authentication backend');
}
}
$storage->setBackendOption('auth', $smbAuth);
}
public function checkDependencies() {
$system = \OCP\Server::get(SystemBridge::class);
if (NativeServer::available($system)) {
return [];
} elseif (Server::available($system)) {
$missing = new MissingDependency('php-smbclient');
$missing->setOptional(true);
$missing->setMessage('The php-smbclient library provides improved compatibility and performance for SMB storages.');
return [$missing];
} else {
$missing = new MissingDependency('php-smbclient');
$missing->setMessage('Either the php-smbclient library (preferred) or the smbclient binary is required for SMB storages.');
return [$missing, new MissingDependency('smbclient')];
}
}
}
|
