diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-09 11:58:01 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-09-09 11:59:08 +0300 |
| commit | a8dfbcf5cf1fa2f6c161e126afd9872663621da6 (patch) | |
| tree | a8ff221548e14ff75f88e2677244e1d933bd3620 | |
| parent | 8c94e23183584a82a64a6d62579f1d48a259ac27 (diff) | |
Double verify the SMB response
In case anonymous auth is allowed this can otherwise lead to unexpected actions.
| -rw-r--r-- | user_external/lib/smb.php | 43 |
1 files changed, 32 insertions, 11 deletions
diff --git a/user_external/lib/smb.php b/user_external/lib/smb.php index 5b19199d8..f2595a158 100644 --- a/user_external/lib/smb.php +++ b/user_external/lib/smb.php @@ -32,18 +32,14 @@ class OC_User_SMB extends \OCA\user_external\Base{ } /** - * Check if the password is correct without logging in the user - * - * @param string $uid The username - * @param string $password The password - * - * @return true/false + * @param string $uid + * @param string $password + * @return bool */ - public function checkPassword($uid, $password) { - $uidEscaped=escapeshellarg($uid); - $password=escapeshellarg($password); - $result=array(); - $command=self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password; + private function tryAuthentication($uid, $password) { + $uidEscaped = escapeshellarg($uid); + $password = escapeshellarg($password); + $command = self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password; $lastline = exec($command, $output, $retval); if ($retval === 127) { OCP\Util::writeLog( @@ -66,8 +62,33 @@ class OC_User_SMB extends \OCA\user_external\Base{ return false; } else { login: + return $uid; + } + } + + /** + * Check if the password is correct without logging in the user + * + * @param string $uid The username + * @param string $password The password + * + * @return true/false + */ + public function checkPassword($uid, $password) { + // Check with an invalid password, if the user authenticates then fail + $attemptWithInvalidPassword = $this->tryAuthentication($uid, base64_encode($password)); + if(is_string($attemptWithInvalidPassword)) { + return false; + } + + // Check with valid password + $attemptWithValidPassword = $this->tryAuthentication($uid, $password); + if(is_string($attemptWithValidPassword)) { $this->storeUser($uid); return $uid; } + + return false; } } + |