Merge pull request #79 from nextcloud/port/apps-56

SSH password authentication
nextcloud · May 24, 2019 · e2fb7e4 · e2fb7e4
2 parents 16ea6de + e7b9800
commit e2fb7e4
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -152,6 +152,28 @@ Add the following to your `config.php`:
 [BasicAuth_0]: https://en.wikipedia.org/wiki/Basic_access_authentication
 
 
+SSH
+---
+
+Authenticates users via SSH. You can use any SSH2 server, but it must accept password authentication.
+
+### Configuration
+The supported parameters are the hostname and the port (default `22`) of the remote machine.
+
+Add the following to your `config.php`:
+
+    'user_backends' => array(
+        array(
+            'class' => 'OC_User_SSH',
+            'arguments' => array('127.0.0.1', '22'),
+        ),
+    ),
+
+
+### Dependencies
+Requires the php-ssh2 PECL module installed.
+
+
 XMPP (Prosody)
 ----
 Authenticate Nextcloud users against a Prosody XMPP MySQL database.

diff --git a/appinfo/app.php b/appinfo/app.php
@@ -3,4 +3,5 @@
 OC::$CLASSPATH['OC_User_SMB']='user_external/lib/smb.php';
 OC::$CLASSPATH['OC_User_FTP']='user_external/lib/ftp.php';
 OC::$CLASSPATH['OC_User_BasicAuth']='user_external/lib/basicauth.php';
+OC::$CLASSPATH['OC_User_SSH']='user_external/lib/ssh.php';
 OC::$CLASSPATH['OC_User_XMPP']='user_external/lib/xmpp.php';
diff --git a/lib/ssh.php b/lib/ssh.php
@@ -0,0 +1,60 @@
+<?php
+/**
+ * Copyright (c) 2018 David Fullard <dave@theinternetmonkey.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+/**
+ * User authentication against a FTP/FTPS server
+ *
+ * @category Apps
+ * @package  UserExternal
+ * @author   David Fullard <dave@theinternetmonkey.com>
+ * @license  http://www.gnu.org/licenses/agpl AGPL
+ * @link     http://github.com/owncloud/apps
+ */
+
+
+class OC_User_SSH extends \OCA\user_external\Base {
+	private $host;
+  private $port;
+
+	/**
+ 	* Create a new SSH authentication provider
+ 	*
+ 	* @param string $host Hostname or IP address of SSH servr
+ 	*/
+	public function __construct($host, $port = 22) {
+		parent::__construct($host);
+		$this->host = $host;
+		$this->port = $port;
+	}
+
+	/**
+	* Check if the password is correct without logging in
+	* Requires the php-ssh2 pecl extension
+	*
+	* @param string $uid      The username
+	* @param string $password The password
+	*
+	* @return true/false
+	*/
+	public function checkPassword($uid, $password) {
+		if (!extension_loaded('ssh2')) {
+			OC::$server->getLogger()->error(
+				'ERROR: php-ssh2 PECL module missing',
+				['app' => 'user_external']
+			);
+			return false;
+		}
+		$connection = ssh2_connect($this->host, $this->port);
+		if (ssh2_auth_password($connection, $uid, $password)) {
+			$this->storeUser($uid);
+			return $uid;
+		} else {
+			return false;
+		}
+	}
+}