diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-09 18:13:18 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-09-09 18:13:18 +0300 |
commit | a11b9f3253b66b9bef6a7b36ea09dcd5a1e86bff (patch) | |
tree | 00b1fc72eb9aafab4902ddc703abb172c4aa47bd | |
parent | a17a78b0c503d39e0175c1e59c6013ec7145f934 (diff) | |
parent | b85ace6840b8a6704641086bc3b8eb8e81cb2274 (diff) |
Merge pull request #9 from nextcloud/stable10-smbv10.0.6RC1v10.0.6v10.0.5RC2v10.0.5RC1v10.0.5v10.0.4RC1v10.0.4v10.0.3RC1v10.0.3v10.0.2v10.0.1RC1v10.0.1stable10
[stable10] Double verify the SMB response
-rw-r--r-- | user_external/lib/smb.php | 43 |
1 files changed, 32 insertions, 11 deletions
diff --git a/user_external/lib/smb.php b/user_external/lib/smb.php index 5b19199d8..f2595a158 100644 --- a/user_external/lib/smb.php +++ b/user_external/lib/smb.php @@ -32,18 +32,14 @@ class OC_User_SMB extends \OCA\user_external\Base{ } /** - * Check if the password is correct without logging in the user - * - * @param string $uid The username - * @param string $password The password - * - * @return true/false + * @param string $uid + * @param string $password + * @return bool */ - public function checkPassword($uid, $password) { - $uidEscaped=escapeshellarg($uid); - $password=escapeshellarg($password); - $result=array(); - $command=self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password; + private function tryAuthentication($uid, $password) { + $uidEscaped = escapeshellarg($uid); + $password = escapeshellarg($password); + $command = self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password; $lastline = exec($command, $output, $retval); if ($retval === 127) { OCP\Util::writeLog( @@ -66,8 +62,33 @@ class OC_User_SMB extends \OCA\user_external\Base{ return false; } else { login: + return $uid; + } + } + + /** + * Check if the password is correct without logging in the user + * + * @param string $uid The username + * @param string $password The password + * + * @return true/false + */ + public function checkPassword($uid, $password) { + // Check with an invalid password, if the user authenticates then fail + $attemptWithInvalidPassword = $this->tryAuthentication($uid, base64_encode($password)); + if(is_string($attemptWithInvalidPassword)) { + return false; + } + + // Check with valid password + $attemptWithValidPassword = $this->tryAuthentication($uid, $password); + if(is_string($attemptWithValidPassword)) { $this->storeUser($uid); return $uid; } + + return false; } } + |