Univention Bugzilla – Attachment 8851 Details for
Bug 44603
Not possible to use machine account which windows clients send to auth at the radius server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to handle kerberos principle in ucs-school-ntlm-auth.
ucs-school-ntlm-auth.patch (text/plain), 1.76 KB, created by
Michel Smidt
on 2017-05-16 10:59:57 CEST
(
hide
)
Description:
Patch to handle kerberos principle in ucs-school-ntlm-auth.
Filename:
MIME Type:
Creator:
Michel Smidt
Created:
2017-05-16 10:59:57 CEST
Size:
1.76 KB
patch
obsolete
>--- /usr/bin/ucs-school-ntlm-auth.ORIG 2017-05-12 10:36:39.224000000 +0200 >+++ /usr/bin/ucs-school-ntlm-auth 2017-05-12 10:52:11.476000000 +0200 >@@ -42,6 +42,9 @@ > userToGroup = {} # { "user": ["group1", "group2", ], } > groupInfo = {} # { "group1": (23, True, ), } > >+logfd = open('/tmp/FOO', 'a+') >+def debug(msg): >+ print >>logfd, '%s\n' % msg > > def loadInfo(): > configRegistry = univention.config_registry.ConfigRegistry() >@@ -74,22 +77,36 @@ > > def getNTPasswordHash(username, stationId): > 'stationId may be None if it was not supplied to the program' >+ if username.startswith('host/'): >+ username = username.split('/', 1)[1] >+ if '.' in username: >+ username = username.split('.')[0] >+ if not '$' in username: >+ username += '$' > groups = userToGroup.get(username) > if groups is None: >+ debug('1 user = %r' % (username,)) >+ # debug('1 keys = %r' % (userToGroup.keys(),)) >+ debug('1 groups is None') > return None > groups = [groupInfo[group] for group in groups if group in groupInfo] > if not groups: >+ debug('1 not groups') > return None > (maxPriority, _, ) = max(groups) > if True not in [wlanEnabled for (priority, wlanEnabled, ) in groups if priority == maxPriority]: >+ debug('1 True not found') > return None > # user is authorized to use the W-LAN, retrieve NT-password-hash from LDAP and return it > result = ldapConnection.search(filter=str(univention.admin.filter.expression('uid', username)), attr=['sambaNTPassword', 'sambaAcctFlags']) > if not result: >+ debug('1 uid %r not found' % (username,)) > return None > sambaAccountFlags = frozenset(result[0][1]['sambaAcctFlags'][0]) > if sambaAccountFlags & DISALLOWED_SAMBA_ACCOUNT_FLAGS: >+ debug('1 wrong flags') > return None >+ debug('1 got hash') > return result[0][1]['sambaNTPassword'][0].decode('hex') > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8851">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 44603
:
8851
|
8856