virtual EModRet OnLoginAttempt(CSmartPtr<CAuthBase> Auth) { CString const user(Auth->GetUsername()); CString const pass(Auth->GetPassword()); CUser* pUser(CZNC::Get().FindUser(user)); sasl_conn_t *sasl_conn(0); if (!pUser) { // @todo Will want to do some sort of && !m_bAllowCreate in the future Auth->RefuseLogin("Invalid User - Halting SASL Authentication"); return HALT; } CString const key(CString(user + ":" + pass).MD5()); if (m_Cache.HasItem(key)) { Auth->AcceptLogin(*pUser); DEBUG("+++ Found in cache"); } else if (sasl_server_new("znc", NULL, NULL, NULL, NULL, cbs, 0, &sasl_conn) == SASL_OK && sasl_checkpass(sasl_conn, user.c_str(), user.size(), pass.c_str(), pass.size()) == SASL_OK) { Auth->AcceptLogin(*pUser); m_Cache.AddItem(key); DEBUG("+++ Successful SASL password check"); } else { Auth->RefuseLogin("SASL Authentication failed"); DEBUG("--- FAILED SASL password check"); } sasl_dispose(&sasl_conn); return HALT; }
void CIMAPSock::ReadLine(const CString& sLine) { if (!m_bSentLogin) { CString sUsername = m_spAuth->GetUsername(); m_bSentLogin = true; const CString& sFormat = m_pIMAPMod->GetUserFormat(); if (!sFormat.empty()) { if (sFormat.find('%') != CString::npos) { sUsername = sFormat.Replace_n("%", sUsername); } else { sUsername += sFormat; } } Write("AUTH LOGIN " + sUsername + " " + m_spAuth->GetPassword() + "\r\n"); } else if (sLine.Left(5) == "AUTH ") { CUser* pUser = CZNC::Get().FindUser(m_spAuth->GetUsername()); if (pUser && sLine.Equals("AUTH OK", false, 7)) { m_spAuth->AcceptLogin(*pUser); m_pIMAPMod->CacheLogin(CString(m_spAuth->GetUsername() + ":" + m_spAuth->GetPassword()).MD5()); // Use MD5 so passes don't sit in memory in plain text DEBUG("+++ Successful IMAP lookup"); } else { m_spAuth->RefuseLogin("Invalid Password"); DEBUG("--- FAILED IMAP lookup"); } m_bSentReply = true; Close(); } }
virtual EModRet OnLoginAttempt(CSmartPtr<CAuthBase> Auth) { if (IsBlocked(Auth->GetUsername())) { Auth->RefuseLogin(MESSAGE); return HALT; } return CONTINUE; }
virtual EModRet OnLoginAttempt(CSmartPtr<CAuthBase> Auth) { // e.g. webadmin ends up here const CString& sRemoteIP = Auth->GetRemoteIP(); if (sRemoteIP.empty()) return CONTINUE; unsigned int *pCount = m_Cache.GetItem(sRemoteIP); if (pCount && *pCount >= m_uiAllowedFailed) { // OnFailedLogin() will refresh their ban Auth->RefuseLogin("Please try again later - reconnecting too fast"); return HALT; } return CONTINUE; }
virtual EModRet OnLoginAttempt(CSmartPtr<CAuthBase> Auth) { CUser* pUser = CZNC::Get().FindUser(Auth->GetUsername()); if (!pUser) { // @todo Will want to do some sort of && !m_bAllowCreate in the future Auth->RefuseLogin("Invalid User - Halting IMAP Lookup"); return HALT; } if (pUser && m_Cache.HasItem(CString(Auth->GetUsername() + ":" + Auth->GetPassword()).MD5())) { DEBUG("+++ Found in cache"); Auth->AcceptLogin(*pUser); return HALT; } CIMAPSock* pSock = new CIMAPSock(this, Auth); pSock->Connect(m_sServer, m_uPort, m_bSSL, 20); return HALT; }
virtual EModRet OnLoginAttempt(CSmartPtr<CAuthBase> Auth) { CString const sPassword = Auth->GetPassword(); CUser *pUser = CZNC::Get().FindUser(Auth->GetUsername()); if (pUser && CheckToken(pUser, sPassword.Left(DEFAULT_TOKEN_ID_LEN))) { DEBUG("yubikey: Lookup for " << sPassword.Left(DEFAULT_TOKEN_ID_LEN)); // The following call is blocking. //int result = ykclient_verify_otp(sPassword.c_str(), CLIENT_ID, NULL); int result = ykclient_verify_otp_v2(NULL, sPassword.c_str(), CLIENT_ID, NULL, 0, NULL, NULL); DEBUG("yubikey: " << ykclient_strerror(result)); if (result == YKCLIENT_OK) { Auth->AcceptLogin(*pUser); } else { Auth->RefuseLogin(ykclient_strerror(result)); } return HALT; } return CONTINUE; }