Attachment 8856 Details for Bug 44603 – handle kerberos principal in "username" appropriately

[patch] handle kerberos principal in "username" appropriately

bug44603.patch (text/plain), 1.48 KB, created by Sönke Schwardt-Krummrich on 2017-05-17 16:40:04 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Sönke Schwardt-Krummrich

Created: 2017-05-17 16:40:04 CEST

Size: 1.48 KB

patch

obsolete

>diff --git a/ucs-school-4.1r2/ucs-school-radius-802.1x/usr/bin/ucs-school-ntlm-auth b/ucs-school-4.1r2/ucs-school-radius-802.1x/usr/bin/ucs-school-ntlm-auth
>index f92e9f7ad8..3858912b63 100644
>--- a/ucs-school-4.1r2/ucs-school-radius-802.1x/usr/bin/ucs-school-ntlm-auth
>+++ b/ucs-school-4.1r2/ucs-school-radius-802.1x/usr/bin/ucs-school-ntlm-auth
>@@ -67,19 +67,33 @@ def loadInfo():
> 				groupInfo[group] = (priority, wlanEnabled, )
> 
> 
> SAMBA_ACCOUNT_FLAG_DISABLED = 'D'
> SAMBA_ACCOUNT_FLAG_LOCKED = 'L'
> DISALLOWED_SAMBA_ACCOUNT_FLAGS = frozenset((SAMBA_ACCOUNT_FLAG_DISABLED, SAMBA_ACCOUNT_FLAG_LOCKED, ))
> 
> 
> def getNTPasswordHash(username, stationId):
>-	'stationId may be None if it was not supplied to the program'
>+	'''
>+	stationId may be None if it was not supplied to the program
>+	username may contain the direct username (e.g. 'anton123') or
>+	a hostname (e.g. 'win-02$') or
>+	a kerberos principal without realm (e.g. 'host/win-02.example.com'):
>+	'''
>+
>+	if username.startswith('host/'):
>+		# seems to be a kerberos principal
>+		username = username.split('/', 1)[1]
>+		if '.' in username:
>+			username = username.split('.', 1)[0]
>+		if '$' not in username:
>+			username += '$'
>+
> 	groups = userToGroup.get(username)
> 	if groups is None:
> 		return None
> 	groups = [groupInfo[group] for group in groups if group in groupInfo]
> 	if not groups:
> 		return None
> 	(maxPriority, _, ) = max(groups)
> 	if True not in [wlanEnabled for (priority, wlanEnabled, ) in groups if priority == maxPriority]:
> 		return None

Actions: View | Diff

Attachments on bug 44603: 8851 | 8856