mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add SFTP auth mechanism to use a password and public key for SFTP 

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-06-07 13:31:39 +02:00
parent 6f5c7c1888
commit 2b19add6b0
No known key found for this signature in database
GPG Key ID: F941078878347C0C
4 changed files with 85 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files_external/js/public_key.js
View File

@ -1,7 +1,7 @@
$(document).ready(function() { $(document).ready(function() {
OCA.External.Settings.mountConfig.whenSelectAuthMechanism(function($tr, authMechanism, scheme, onCompletion) { OCA.External.Settings.mountConfig.whenSelectAuthMechanism(function($tr, authMechanism, scheme, onCompletion) {
if (scheme === 'publickey') { if (scheme === 'publickey' && authMechanism === 'publickey::rsa') {
var config = $tr.find('.configuration'); var config = $tr.find('.configuration');
if ($(config).find('[name="public_key_generate"]').length === 0) { if ($(config).find('[name="public_key_generate"]').length === 0) {
setupTableRow($tr, config); setupTableRow($tr, config);

2
apps/files_external/lib/AppInfo/Application.php
View File

@ -29,6 +29,7 @@
namespace OCA\Files_External\AppInfo; namespace OCA\Files_External\AppInfo;
use OCA\Files_External\Lib\Auth\PublicKey\RSAPrivateKey;
use \OCP\AppFramework\App; use \OCP\AppFramework\App;
use OCP\AppFramework\IAppContainer; use OCP\AppFramework\IAppContainer;
use \OCA\Files_External\Service\BackendService; use \OCA\Files_External\Service\BackendService;
@ -138,6 +139,7 @@ class Application extends App implements IBackendProvider, IAuthMechanismProvide
// AuthMechanism::SCHEME_PUBLICKEY mechanisms // AuthMechanism::SCHEME_PUBLICKEY mechanisms
$container->query(RSA::class), $container->query(RSA::class),
$container->query(RSAPrivateKey::class),
// AuthMechanism::SCHEME_OPENSTACK mechanisms // AuthMechanism::SCHEME_OPENSTACK mechanisms
$container->query(OpenStackV2::class), $container->query(OpenStackV2::class),

65
apps/files_external/lib/Lib/Auth/PublicKey/RSAPrivateKey.php Normal file
View File

@ -0,0 +1,65 @@
<?php
/**
* @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
*
* @author Roeland Jago Douma <roeland@famdouma.nl>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Files_External\Lib\Auth\PublicKey;
use \OCP\IL10N;
use \OCA\Files_External\Lib\DefinitionParameter;
use \OCA\Files_External\Lib\Auth\AuthMechanism;
use \OCA\Files_External\Lib\StorageConfig;
use \OCP\IConfig;
use OCP\IUser;
use \phpseclib\Crypt\RSA as RSACrypt;
/**
* RSA public key authentication
*/
class RSAPrivateKey extends AuthMechanism {
/** @var IConfig */
private $config;
public function __construct(IL10N $l, IConfig $config) {
$this->config = $config;
$this
->setIdentifier('publickey::rsa_private')
->setScheme(self::SCHEME_PUBLICKEY)
->setText($l->t('RSA private key'))
->addParameters([
new DefinitionParameter('user', $l->t('Username')),
(new DefinitionParameter('password', $l->t('Password')))
->setFlag(DefinitionParameter::FLAG_OPTIONAL)
->setType(DefinitionParameter::VALUE_PASSWORD),
new DefinitionParameter('private_key', $l->t('Private key')),
]);
}
public function manipulateStorageConfig(StorageConfig &$storage, IUser $user = null) {
$auth = new RSACrypt();
$auth->setPassword($this->config->getSystemValue('secret', ''));
if (!$auth->loadKey($storage->getBackendOption('private_key'))) {
throw new \RuntimeException('unable to load private key');
}
$storage->setBackendOption('public_key_auth', $auth);
}
}

23
apps/files_external/lib/Lib/Storage/SFTP.php
View File

@ -47,7 +47,7 @@ class SFTP extends \OC\Files\Storage\Common {
private $root; private $root;
private $port = 22; private $port = 22;
private $auth; private $auth = [];
/** /**
* @var \phpseclib\Net\SFTP * @var \phpseclib\Net\SFTP
@ -93,10 +93,13 @@ class SFTP extends \OC\Files\Storage\Common {
$this->user = $params['user']; $this->user = $params['user'];
if (isset($params['public_key_auth'])) { if (isset($params['public_key_auth'])) {
$this->auth = $params['public_key_auth']; $this->auth[] = $params['public_key_auth'];
} elseif (isset($params['password'])) { }
$this->auth = $params['password']; if (isset($params['password']) && $params['password'] !== '') {
} else { $this->auth[] = $params['password'];
}
if ($this->auth === []) {
throw new \UnexpectedValueException('no authentication parameters specified'); throw new \UnexpectedValueException('no authentication parameters specified');
} }
@ -132,7 +135,15 @@ class SFTP extends \OC\Files\Storage\Common {
$this->writeHostKeys($hostKeys); $this->writeHostKeys($hostKeys);
} }
if (!$this->client->login($this->user, $this->auth)) { $login = false;
foreach ($this->auth as $auth) {
$login = $this->client->login($this->user, $auth);
if ($login === true) {
break;
}
}
if ($login === false) {
throw new \Exception('Login failed'); throw new \Exception('Login failed');
} }
return $this->client; return $this->client;