Check bad usernames @ login

2018-12-24 15:32:38 -07:00 · 2018-12-24 15:32:38 -07:00 · 06a1925288
parent 73e8b0454e
commit 06a1925288
3 changed files with 12 additions and 2 deletions
--- a/core/enig_error.js
+++ b/core/enig_error.js
@ -50,4 +50,5 @@ exports.ErrorReasons = {
    Disabled            : 'DISABLED',
    Inactive            : 'INACTIVE',
    Locked              : 'LOCKED',
+    NotAllowed          : 'NOTALLOWED',
 };
--- a/core/servers/login/ssh.js
+++ b/core/servers/login/ssh.js
@ -114,6 +114,10 @@ function SSHClient(clientConn) {
                        return handleSpecialError(err, username);
                    }

+                    if(Errors.BadLogin().code === err.code) {
+                        return terminateConnection();
+                    }
+
                    return safeContextReject(SSHClient.ValidAuthMethods);
                }

--- a/core/user_login.js
+++ b/core/user_login.js
@ -23,9 +23,14 @@ const _                 = require('lodash');
 exports.userLogin       = userLogin;

 function userLogin(client, username, password, cb) {
-    client.user.authenticate(username, password, err => {
-        const config = Config();
+    const config = Config();

+    if(config.users.badUserNames.includes(username.toLowerCase())) {
+        client.log.info( { username : username }, 'Attempt to login with banned username');
+        return cb(Errors.BadLogin(ErrorReasons.NotAllowed));
+    }
+
+    client.user.authenticate(username, password, err => {
        if(err) {
            client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1;
            const disconnect = config.users.failedLogin.disconnect;