diff options
Diffstat (limited to 'apps/files_external/lib/Lib/Backend/SMB.php')
| -rw-r--r-- | apps/files_external/lib/Lib/Backend/SMB.php | 48 |
1 files changed, 43 insertions, 5 deletions
diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php index 867648824ac..57ee866f3c7 100644 --- a/apps/files_external/lib/Lib/Backend/SMB.php +++ b/apps/files_external/lib/Lib/Backend/SMB.php @@ -24,16 +24,19 @@ * along with this program. If not, see <http://www.gnu.org/licenses/> * */ + namespace OCA\Files_External\Lib\Backend; use Icewind\SMB\BasicAuth; +use Icewind\SMB\KerberosApacheAuth; use Icewind\SMB\KerberosAuth; use OCA\Files_External\Lib\Auth\AuthMechanism; use OCA\Files_External\Lib\Auth\Password\Password; +use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism; use OCA\Files_External\Lib\DefinitionParameter; +use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill; use OCA\Files_External\Lib\StorageConfig; - use OCP\IL10N; use OCP\IUser; @@ -69,10 +72,6 @@ class SMB extends Backend { ->setLegacyAuthMechanism($legacyAuth); } - /** - * @param StorageConfig $storage - * @param IUser $user - */ public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) { $auth = $storage->getAuthMechanism(); if ($auth->getScheme() === AuthMechanism::SCHEME_PASSWORD) { @@ -90,6 +89,45 @@ class SMB extends Backend { case 'smb::kerberos': $smbAuth = new KerberosAuth(); break; + case 'smb::kerberosapache': + if (!$auth instanceof KerberosApacheAuthMechanism) { + throw new \InvalidArgumentException('invalid authentication backend'); + } + $credentialsStore = $auth->getCredentialsStore(); + $kerbAuth = new KerberosApacheAuth(); + // check if a kerberos ticket is available, else fallback to session credentials + if ($kerbAuth->checkTicket()) { + $smbAuth = $kerbAuth; + } else { + try { + $credentials = $credentialsStore->getLoginCredentials(); + $user = $credentials->getLoginName(); + $pass = $credentials->getPassword(); + preg_match('/(.*)@(.*)/', $user, $matches); + $realm = $storage->getBackendOption('default_realm'); + if (empty($realm)) { + $realm = 'WORKGROUP'; + } + $userPart = $matches[1]; + $domainPart = $matches[2]; + if (count($matches) === 0) { + $username = $user; + $workgroup = $realm; + } else { + $username = $userPart; + $workgroup = $domainPart; + } + $smbAuth = new BasicAuth( + $username, + $workgroup, + $pass + ); + } catch (\Exception $e) { + throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved'); + } + } + + break; default: throw new \InvalidArgumentException('unknown authentication backend'); } |