From 06a1925288fe7730d75ab9be9fa8b97809fcbf4f Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Mon, 24 Dec 2018 15:32:38 -0700 Subject: [PATCH] Check bad usernames @ login --- core/enig_error.js | 1 + core/servers/login/ssh.js | 4 ++++ core/user_login.js | 9 +++++++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/core/enig_error.js b/core/enig_error.js index 78798a4a..33771564 100644 --- a/core/enig_error.js +++ b/core/enig_error.js @@ -50,4 +50,5 @@ exports.ErrorReasons = { Disabled : 'DISABLED', Inactive : 'INACTIVE', Locked : 'LOCKED', + NotAllowed : 'NOTALLOWED', }; diff --git a/core/servers/login/ssh.js b/core/servers/login/ssh.js index ca1922ca..6c270378 100644 --- a/core/servers/login/ssh.js +++ b/core/servers/login/ssh.js @@ -114,6 +114,10 @@ function SSHClient(clientConn) { return handleSpecialError(err, username); } + if(Errors.BadLogin().code === err.code) { + return terminateConnection(); + } + return safeContextReject(SSHClient.ValidAuthMethods); } diff --git a/core/user_login.js b/core/user_login.js index 2959e3a7..af764208 100644 --- a/core/user_login.js +++ b/core/user_login.js @@ -23,9 +23,14 @@ const _ = require('lodash'); exports.userLogin = userLogin; function userLogin(client, username, password, cb) { - client.user.authenticate(username, password, err => { - const config = Config(); + const config = Config(); + if(config.users.badUserNames.includes(username.toLowerCase())) { + client.log.info( { username : username }, 'Attempt to login with banned username'); + return cb(Errors.BadLogin(ErrorReasons.NotAllowed)); + } + + client.user.authenticate(username, password, err => { if(err) { client.user.sessionFailedLoginAttempts = _.get(client.user, 'sessionFailedLoginAttempts', 0) + 1; const disconnect = config.users.failedLogin.disconnect;