-
-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #29349 from nextcloud/enh/noid/filesext_kerberos_a…
…pache_auth
- Loading branch information
Showing
25 changed files
with
633 additions
and
126 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
name: Samba Kerberos SSO | ||
on: | ||
push: | ||
branches: | ||
- master | ||
- stable* | ||
paths: | ||
- 'apps/files_external/**' | ||
pull_request: | ||
paths: | ||
- 'apps/files_external/**' | ||
|
||
jobs: | ||
smb-kerberos-tests: | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
php-versions: ['7.4', '8.0'] | ||
|
||
name: php${{ matrix.php-versions }}-${{ matrix.ftpd }} | ||
|
||
steps: | ||
- name: Checkout server | ||
uses: actions/checkout@v2 | ||
with: | ||
submodules: true | ||
- name: Pull images | ||
run: | | ||
docker pull icewind1991/samba-krb-test-dc | ||
docker pull icewind1991/samba-krb-test-apache | ||
docker pull icewind1991/samba-krb-test-client | ||
- name: Setup AD-DC | ||
run: | | ||
mkdir data | ||
sudo chown -R 33 data apps config | ||
apps/files_external/tests/setup-krb.sh | ||
- name: Set up Nextcloud | ||
run: | | ||
docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password | ||
docker exec --user 33 apache ./occ config:system:set trusted_domains 1 --value 'httpd.domain.test' | ||
# setup user_saml | ||
docker exec --user 33 apache ./occ app:enable user_saml --force | ||
docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable' | ||
docker exec --user 33 apache ./occ config:app:set user_saml general-uid_mapping --value REMOTE_USER | ||
# setup external storage | ||
docker exec --user 33 apache ./occ app:enable files_external --force | ||
docker exec --user 33 apache ./occ files_external:create smb smb smb::kerberosapache | ||
docker exec --user 33 apache ./occ files_external:config 1 host krb.domain.test | ||
docker exec --user 33 apache ./occ files_external:config 1 share netlogon | ||
docker exec --user 33 apache ./occ files_external:list | ||
- name: Test SSO | ||
run: | | ||
mkdir cookies | ||
chmod 0777 cookies | ||
DC_IP=$(docker inspect dc --format '{{.NetworkSettings.IPAddress}}') | ||
docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \ | ||
curl -c /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login | ||
CONTENT=$(docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \ | ||
curl -b /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt) | ||
echo $CONTENT | ||
CONTENT=$(echo $CONTENT | tr -d '[:space:]') | ||
[[ $CONTENT == "testfile" ]] | ||
smb-kerberos-summary: | ||
runs-on: ubuntu-latest | ||
needs: smb-kerberos-tests | ||
|
||
if: always() | ||
|
||
steps: | ||
- name: Summary status | ||
run: if ${{ needs.smb-kerberos-tests.result != 'success' }}; then exit 1; fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,6 +9,6 @@ | |
}, | ||
"require": { | ||
"icewind/streams": "0.7.4", | ||
"icewind/smb": "3.4.1" | ||
"icewind/smb": "3.5.2" | ||
} | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.