diff options
author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2022-01-20 23:25:58 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-20 23:25:58 +0300 |
commit | c0b03000a507f7bdce57eb91deaf4e7d2d67a3b4 (patch) | |
tree | 86019acc692b5e207a2c2efa226620e611b0dfa1 /apps/files_external/lib/Lib/Backend/SMB.php | |
parent | 4466eb1f42c037ed3a71e4a0d549fbe7c7295703 (diff) | |
parent | 13b8179912630acede43aff844f2d302f552cb80 (diff) |
Merge pull request #30782 from nextcloud/backport/29349/stable23v23.0.1rc3
Diffstat (limited to 'apps/files_external/lib/Lib/Backend/SMB.php')
-rw-r--r-- | apps/files_external/lib/Lib/Backend/SMB.php | 48 |
1 files changed, 43 insertions, 5 deletions
diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php index 867648824ac..57ee866f3c7 100644 --- a/apps/files_external/lib/Lib/Backend/SMB.php +++ b/apps/files_external/lib/Lib/Backend/SMB.php @@ -24,16 +24,19 @@ * along with this program. If not, see <http://www.gnu.org/licenses/> * */ + namespace OCA\Files_External\Lib\Backend; use Icewind\SMB\BasicAuth; +use Icewind\SMB\KerberosApacheAuth; use Icewind\SMB\KerberosAuth; use OCA\Files_External\Lib\Auth\AuthMechanism; use OCA\Files_External\Lib\Auth\Password\Password; +use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism; use OCA\Files_External\Lib\DefinitionParameter; +use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill; use OCA\Files_External\Lib\StorageConfig; - use OCP\IL10N; use OCP\IUser; @@ -69,10 +72,6 @@ class SMB extends Backend { ->setLegacyAuthMechanism($legacyAuth); } - /** - * @param StorageConfig $storage - * @param IUser $user - */ public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) { $auth = $storage->getAuthMechanism(); if ($auth->getScheme() === AuthMechanism::SCHEME_PASSWORD) { @@ -90,6 +89,45 @@ class SMB extends Backend { case 'smb::kerberos': $smbAuth = new KerberosAuth(); break; + case 'smb::kerberosapache': + if (!$auth instanceof KerberosApacheAuthMechanism) { + throw new \InvalidArgumentException('invalid authentication backend'); + } + $credentialsStore = $auth->getCredentialsStore(); + $kerbAuth = new KerberosApacheAuth(); + // check if a kerberos ticket is available, else fallback to session credentials + if ($kerbAuth->checkTicket()) { + $smbAuth = $kerbAuth; + } else { + try { + $credentials = $credentialsStore->getLoginCredentials(); + $user = $credentials->getLoginName(); + $pass = $credentials->getPassword(); + preg_match('/(.*)@(.*)/', $user, $matches); + $realm = $storage->getBackendOption('default_realm'); + if (empty($realm)) { + $realm = 'WORKGROUP'; + } + $userPart = $matches[1]; + $domainPart = $matches[2]; + if (count($matches) === 0) { + $username = $user; + $workgroup = $realm; + } else { + $username = $userPart; + $workgroup = $domainPart; + } + $smbAuth = new BasicAuth( + $username, + $workgroup, + $pass + ); + } catch (\Exception $e) { + throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved'); + } + } + + break; default: throw new \InvalidArgumentException('unknown authentication backend'); } |