From bf217fe741365416ae2f1be9772385a53927f7ec Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Thu, 10 Jul 2025 15:08:22 +0200 Subject: [PATCH 1/2] fix(Krb): switch away from deprecated and broken KerberosApacheAuth() Signed-off-by: Arthur Schiwon --- apps/files_external/lib/Lib/Backend/SMB.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php index 3549f69cbe3..a09df74d35e 100644 --- a/apps/files_external/lib/Lib/Backend/SMB.php +++ b/apps/files_external/lib/Lib/Backend/SMB.php @@ -8,8 +8,8 @@ namespace OCA\Files_External\Lib\Backend; use Icewind\SMB\BasicAuth; -use Icewind\SMB\KerberosApacheAuth; use Icewind\SMB\KerberosAuth; +use Icewind\SMB\KerberosTicket; use Icewind\SMB\Native\NativeServer; use Icewind\SMB\Wrapped\Server; use OCA\Files_External\Lib\Auth\AuthMechanism; @@ -84,9 +84,10 @@ class SMB extends Backend { throw new \InvalidArgumentException('invalid authentication backend'); } $credentialsStore = $auth->getCredentialsStore(); - $kerbAuth = new KerberosApacheAuth(); + $kerbAuth = new KerberosAuth(); + $kerbAuth->setTicket(KerberosTicket::fromEnv()); // check if a kerberos ticket is available, else fallback to session credentials - if ($kerbAuth->checkTicket()) { + if ($kerbAuth->getTicket()?->isValid()) { $smbAuth = $kerbAuth; } else { try { From fb1fc94bc8dbf31fdcb0639c3ce2d1f087e481a8 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Thu, 10 Jul 2025 15:12:00 +0200 Subject: [PATCH 2/2] style(PHP): code cleanup, no effective changes Signed-off-by: Arthur Schiwon --- apps/files_external/lib/Lib/Backend/SMB.php | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php index a09df74d35e..f0a2d6da64f 100644 --- a/apps/files_external/lib/Lib/Backend/SMB.php +++ b/apps/files_external/lib/Lib/Backend/SMB.php @@ -59,10 +59,7 @@ class SMB extends Backend { ->setLegacyAuthMechanism($legacyAuth); } - /** - * @return void - */ - public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) { + public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null): void { $auth = $storage->getAuthMechanism(); if ($auth->getScheme() === AuthMechanism::SCHEME_PASSWORD) { if (!is_string($storage->getBackendOption('user')) || !is_string($storage->getBackendOption('password'))) { @@ -92,26 +89,25 @@ class SMB extends Backend { } else { try { $credentials = $credentialsStore->getLoginCredentials(); - $user = $credentials->getLoginName(); + $loginName = $credentials->getLoginName(); $pass = $credentials->getPassword(); - preg_match('/(.*)@(.*)/', $user, $matches); + preg_match('/(.*)@(.*)/', $loginName, $matches); $realm = $storage->getBackendOption('default_realm'); if (empty($realm)) { $realm = 'WORKGROUP'; } if (count($matches) === 0) { - $username = $user; + $username = $loginName; $workgroup = $realm; } else { - $username = $matches[1]; - $workgroup = $matches[2]; + [, $username, $workgroup] = $matches; } $smbAuth = new BasicAuth( $username, $workgroup, $pass ); - } catch (\Exception $e) { + } catch (\Exception) { throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved'); } } @@ -125,7 +121,7 @@ class SMB extends Backend { $storage->setBackendOption('auth', $smbAuth); } - public function checkDependencies() { + public function checkDependencies(): array { $system = \OCP\Server::get(SystemBridge::class); if (NativeServer::available($system)) { return [];