diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-09 18:13:23 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-09 18:13:23 +0300 |
| commit | 2e53825665e716b25ed580693c3a1bb0ef0d4a39 (patch) | |
| tree | b905661d36fcb3b3f0e4489787862cdd41aaa22a | |
| parent | 6050ed87996c1073ce81da1d7d02305969b55487 (diff) | |
| parent | a8dfbcf5cf1fa2f6c161e126afd9872663621da6 (diff) | |
Merge pull request #8 from nextcloud/master-smb
Double verify the SMB response
| -rw-r--r-- | user_external/lib/smb.php | 43 |
1 files changed, 32 insertions, 11 deletions
diff --git a/user_external/lib/smb.php b/user_external/lib/smb.php index 5b19199d8..f2595a158 100644 --- a/user_external/lib/smb.php +++ b/user_external/lib/smb.php @@ -32,18 +32,14 @@ class OC_User_SMB extends \OCA\user_external\Base{ } /** - * Check if the password is correct without logging in the user - * - * @param string $uid The username - * @param string $password The password - * - * @return true/false + * @param string $uid + * @param string $password + * @return bool */ - public function checkPassword($uid, $password) { - $uidEscaped=escapeshellarg($uid); - $password=escapeshellarg($password); - $result=array(); - $command=self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password; + private function tryAuthentication($uid, $password) { + $uidEscaped = escapeshellarg($uid); + $password = escapeshellarg($password); + $command = self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password; $lastline = exec($command, $output, $retval); if ($retval === 127) { OCP\Util::writeLog( @@ -66,8 +62,33 @@ class OC_User_SMB extends \OCA\user_external\Base{ return false; } else { login: + return $uid; + } + } + + /** + * Check if the password is correct without logging in the user + * + * @param string $uid The username + * @param string $password The password + * + * @return true/false + */ + public function checkPassword($uid, $password) { + // Check with an invalid password, if the user authenticates then fail + $attemptWithInvalidPassword = $this->tryAuthentication($uid, base64_encode($password)); + if(is_string($attemptWithInvalidPassword)) { + return false; + } + + // Check with valid password + $attemptWithValidPassword = $this->tryAuthentication($uid, $password); + if(is_string($attemptWithValidPassword)) { $this->storeUser($uid); return $uid; } + + return false; } } + |