diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2021-10-29 19:27:30 +0300 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2022-01-20 22:14:08 +0300 |
| commit | ab983691dcc0e6eef438ce3f6bdbb66dcdab8e8a (patch) | |
| tree | 3e578abb79b135a50d78c8fb11dcfceba2d2687c /apps | |
| parent | 3dc1ed8eff3837052de00455165a76f39b6e2ebb (diff) | |
add changes from Sebastian/dassIT and move default_realm to backend
- Sebastian added the switch depending on the preg_match result and with it
the fall back to login credentials
- I turned default_realm to a backend option (was previously suggested as
system config key)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php | 9 | ||||
| -rw-r--r-- | apps/files_external/lib/Lib/Backend/SMB.php | 23 |
2 files changed, 27 insertions, 5 deletions
diff --git a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php index 64503810225..88aaa417a87 100644 --- a/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php +++ b/apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php @@ -25,6 +25,7 @@ namespace OCA\Files_External\Lib\Auth\SMB; use OCA\Files_External\Lib\Auth\AuthMechanism; +use OCA\Files_External\Lib\DefinitionParameter; use OCP\Authentication\LoginCredentials\IStore; use OCP\IL10N; @@ -33,10 +34,16 @@ class KerberosApacheAuth extends AuthMechanism { private $credentialsStore; public function __construct(IL10N $l, IStore $credentialsStore) { + $realm = new DefinitionParameter('default_realm', 'Default realm'); + $realm + ->setType(DefinitionParameter::VALUE_TEXT) + ->setFlag(DefinitionParameter::FLAG_OPTIONAL) + ->setTooltip($l->t('Kerberos default realm, defaults to "WORKGROUP"')); $this ->setIdentifier('smb::kerberosapache') ->setScheme(self::SCHEME_SMB) - ->setText($l->t('Kerberos ticket apache mode')); + ->setText($l->t('Kerberos ticket apache mode')) + ->addParameter($realm); $this->credentialsStore = $credentialsStore; } diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php index 99e48b1433d..b6854e6938d 100644 --- a/apps/files_external/lib/Lib/Backend/SMB.php +++ b/apps/files_external/lib/Lib/Backend/SMB.php @@ -32,6 +32,7 @@ use Icewind\SMB\KerberosApacheAuth; use Icewind\SMB\KerberosAuth; use OCA\Files_External\Lib\Auth\AuthMechanism; use OCA\Files_External\Lib\Auth\Password\Password; +use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism; use OCA\Files_External\Lib\DefinitionParameter; use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill; @@ -89,6 +90,9 @@ class SMB extends Backend { $smbAuth = new KerberosAuth(); break; case 'smb::kerberosapache': + if (!$auth instanceof KerberosApacheAuthMechanism) { + throw new \InvalidArgumentException('invalid authentication backend'); + } $credentialsStore = $auth->getCredentialsStore(); $kerb_auth = new KerberosApacheAuth(); if ($kerb_auth->checkTicket()) { @@ -99,12 +103,23 @@ class SMB extends Backend { $credentials = $credentialsStore->getLoginCredentials(); $user = $credentials->getLoginName(); $pass = $credentials->getPassword(); - if (preg_match('/(.*)@(.*)/', $user, $matches) !== 1) { - throw new InsufficientDataForMeaningfulAnswerException('No valid session credentials'); + preg_match('/(.*)@(.*)/', $user, $matches); + $realm = $storage->getBackendOption('default_realm'); + if (empty($realm)) { + $realm = 'WORKGROUP'; + } + $userPart = $matches[1]; + $domainPart = $matches[2]; + if (count($matches) === 0) { + $username = $user; + $workgroup = $realm; + } else { + $username = $userPart; + $workgroup = $domainPart; } $smbAuth = new BasicAuth( - $matches[0], - $matches[1], + $username, + $workgroup, $pass ); } catch (\Exception $e) { |