diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-09 18:13:11 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-09-09 18:13:11 +0300 |
commit | 78b1eda8f7166e848f9d8bf76d5155abb834d7e9 (patch) | |
tree | 8e2903738b0dc6dcd046e969206f2b66b7e6dda8 | |
parent | f101d8498ffac83924f3bd7acdda7ff181fd662c (diff) | |
parent | decb91fd31f4ffab191cbf09ce4e5c55c67a4087 (diff) |
Merge pull request #10 from nextcloud/stable9-smbv9.0.58RC1v9.0.58v9.0.57RC1v9.0.57v9.0.56RC1v9.0.56v9.0.55v9.0.54RC1v9.0.54stable9
[stable9] Double verify the SMB response
-rw-r--r-- | user_external/lib/smb.php | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/user_external/lib/smb.php b/user_external/lib/smb.php index ffc9b240e..ffc2ddd2c 100644 --- a/user_external/lib/smb.php +++ b/user_external/lib/smb.php @@ -32,18 +32,14 @@ class OC_User_SMB extends \OCA\user_external\Base{ } /** - * Check if the password is correct without logging in the user - * - * @param string $uid The username - * @param string $password The password - * - * @return true/false + * @param string $uid + * @param string $password + * @return bool */ - public function checkPassword($uid, $password) { - $uidEscaped=escapeshellarg($uid); - $password=escapeshellarg($password); - $result=array(); - $command=self::SMBCLIENT.' //'.$this->host.'/dummy -U'.$uidEscaped.'%'.$password; + private function tryAuthentication($uid, $password) { + $uidEscaped = escapeshellarg($uid); + $password = escapeshellarg($password); + $command = self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password; $lastline = exec($command, $output, $retval); if ($retval === 127) { OCP\Util::writeLog( @@ -66,8 +62,32 @@ class OC_User_SMB extends \OCA\user_external\Base{ return false; } else { login: + return $uid; + } + } + + /** + * Check if the password is correct without logging in the user + * + * @param string $uid The username + * @param string $password The password + * + * @return true/false + */ + public function checkPassword($uid, $password) { + // Check with an invalid password, if the user authenticates then fail + $attemptWithInvalidPassword = $this->tryAuthentication($uid, base64_encode($password)); + if(is_string($attemptWithInvalidPassword)) { + return false; + } + + // Check with valid password + $attemptWithValidPassword = $this->tryAuthentication($uid, $password); + if(is_string($attemptWithValidPassword)) { $this->storeUser($uid); return $uid; } + + return false; } } |