Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

[stable9] Merge pull request #2198 from owncloud/smb-auth-fix

Double verify the SMB response
  • Loading branch information...
DeepDiver1975 committed Sep 19, 2016
1 parent f101d84 commit 16cbccfc946c8711721fa684d78135ca1fb64791
Showing with 32 additions and 11 deletions.
  1. +32 −11 user_external/lib/smb.php
@@ -32,18 +32,14 @@ public function __construct($host) {
}
/**
* Check if the password is correct without logging in the user
*
* @param string $uid The username
* @param string $password The password
*
* @return true/false
* @param string $uid
* @param string $password
* @return bool
*/
public function checkPassword($uid, $password) {
$uidEscaped=escapeshellarg($uid);
$password=escapeshellarg($password);
$result=array();
$command=self::SMBCLIENT.' //'.$this->host.'/dummy -U'.$uidEscaped.'%'.$password;
private function tryAuthentication($uid, $password) {
$uidEscaped = escapeshellarg($uid);
$password = escapeshellarg($password);
$command = self::SMBCLIENT.' '.escapeshellarg('//' . $this->host . '/dummy').' -U'.$uidEscaped.'%'.$password;
$lastline = exec($command, $output, $retval);
if ($retval === 127) {
OCP\Util::writeLog(
@@ -66,8 +62,33 @@ public function checkPassword($uid, $password) {
return false;
} else {
login:
return $uid;
}
}
/**
* Check if the password is correct without logging in the user
*
* @param string $uid The username
* @param string $password The password
*
* @return true/false
*/
public function checkPassword($uid, $password) {
// Check with an invalid password, if the user authenticates then fail
$attemptWithInvalidPassword = $this->tryAuthentication($uid, base64_encode($password));
if(is_string($attemptWithInvalidPassword)) {
return false;
}
// Check with valid password
$attemptWithValidPassword = $this->tryAuthentication($uid, $password);
if(is_string($attemptWithValidPassword)) {
$this->storeUser($uid);
return $uid;
}
return false;
}
}

0 comments on commit 16cbccf

Please sign in to comment.
You can’t perform that action at this time.