add changes from Sebastian/dassIT and move default_realm to backend

- Sebastian added the switch depending on the preg_match result and with it
  the fall back to login credentials
- I turned default_realm to a backend option (was previously suggested as
  system config key)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

apps/files_external/lib/Lib/Auth/SMB/KerberosApacheAuth.php

@@ -25,6 +25,7 @@
 namespace OCA\Files_External\Lib\Auth\SMB;
 
 use OCA\Files_External\Lib\Auth\AuthMechanism;
+use OCA\Files_External\Lib\DefinitionParameter;
 use OCP\Authentication\LoginCredentials\IStore;
 use OCP\IL10N;
 
@@ -33,10 +34,16 @@ class KerberosApacheAuth extends AuthMechanism {
 	private $credentialsStore;
 
 	public function __construct(IL10N $l, IStore $credentialsStore) {
+		$realm = new DefinitionParameter('default_realm', 'Default realm');
+		$realm
+			->setType(DefinitionParameter::VALUE_TEXT)
+			->setFlag(DefinitionParameter::FLAG_OPTIONAL)
+			->setTooltip($l->t('Kerberos default realm, defaults to "WORKGROUP"'));
 		$this
 			->setIdentifier('smb::kerberosapache')
 			->setScheme(self::SCHEME_SMB)
-			->setText($l->t('Kerberos ticket apache mode'));
+			->setText($l->t('Kerberos ticket apache mode'))
+			->addParameter($realm);
 		$this->credentialsStore = $credentialsStore;
 	}
 

apps/files_external/lib/Lib/Backend/SMB.php

@@ -32,6 +32,7 @@ use Icewind\SMB\KerberosApacheAuth;
 use Icewind\SMB\KerberosAuth;
 use OCA\Files_External\Lib\Auth\AuthMechanism;
 use OCA\Files_External\Lib\Auth\Password\Password;
+use OCA\Files_External\Lib\Auth\SMB\KerberosApacheAuth as KerberosApacheAuthMechanism;
 use OCA\Files_External\Lib\DefinitionParameter;
 use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
 use OCA\Files_External\Lib\LegacyDependencyCheckPolyfill;
@@ -89,6 +90,9 @@ class SMB extends Backend {
 					$smbAuth = new KerberosAuth();
 					break;
 				case 'smb::kerberosapache':
+					if (!$auth instanceof KerberosApacheAuthMechanism) {
+						throw new \InvalidArgumentException('invalid authentication backend');
+					}
 					$credentialsStore = $auth->getCredentialsStore();
 					$kerb_auth = new KerberosApacheAuth();
 					if ($kerb_auth->checkTicket()) {
@@ -99,12 +103,23 @@ class SMB extends Backend {
 							$credentials = $credentialsStore->getLoginCredentials();
 							$user = $credentials->getLoginName();
 							$pass = $credentials->getPassword();
-							if (preg_match('/(.*)@(.*)/', $user, $matches) !== 1) {
-								throw new InsufficientDataForMeaningfulAnswerException('No valid session credentials');
+							preg_match('/(.*)@(.*)/', $user, $matches);
+							$realm = $storage->getBackendOption('default_realm');
+							if (empty($realm)) {
+								$realm = 'WORKGROUP';
+							}
+							$userPart = $matches[1];
+							$domainPart = $matches[2];
+							if (count($matches) === 0) {
+								$username = $user;
+								$workgroup = $realm;
+							} else {
+								$username = $userPart;
+								$workgroup = $domainPart;
 							}
 							$smbAuth = new BasicAuth(
-								$matches[0],
-								$matches[1],
+								$username,
+								$workgroup,
 								$pass
 							);
 						} catch (\Exception $e) {