forked from cyberdotgent/route3270
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.go
102 lines (90 loc) · 2.26 KB
/
login.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package main
import (
"github.com/pquerna/otp/totp"
"github.com/racingmars/go3270"
"github.com/rs/zerolog/log"
"net"
"strings"
)
func validate_mfa(username string, secret string, conn net.Conn) bool {
fieldValues := make(map[string]string)
for {
response, err := go3270.HandleScreen(
MFAScreen,
MFAScreenRules,
fieldValues,
[]go3270.AID{go3270.AIDEnter},
[]go3270.AID{go3270.AIDPF3},
"errormsg",
8,46,
conn,
)
if err != nil {
log.Error().Err(err).Msg("Could not deliver MFA screen to client")
return false
}
if response.AID == go3270.AIDPF3 {
return false
}
fieldValues = response.Values
mfaStr := fieldValues["mfatoken"]
if totp.Validate(mfaStr, secret) {
fieldValues["errormsg"] = ""
log.Info().Msgf("Login for user %s successfully validated using MFA.", username)
return true
} else {
log.Info().Msgf("Invalid MFA token entered for user %s", username)
fieldValues["errormsg"] = "Invalid OTP entered. Please try again."
}
}
}
func login(conn net.Conn) {
config := parseConfig(configFile)
fieldValues := make(map[string]string)
for {
// ask for the user to log in
response, err := go3270.HandleScreen(
loginScreen,
loginScreenRules,
fieldValues,
[]go3270.AID{go3270.AIDEnter},
[]go3270.AID{go3270.AIDPF3},
"errormsg",
6,16,
conn,
)
if err != nil {
log.Error().Err(err).Msg("Could not deliver login screen to client")
return
}
if response.AID == go3270.AIDPF3 {
// Exit
break
}
fieldValues = response.Values
username := strings.TrimSpace(fieldValues["username"])
password := strings.TrimSpace(fieldValues["password"])
fieldValues["errormsg"] = "Invalid username or password"
if val, ok := config.Users[username]; ok {
if password == val.Password {
fieldValues["errormsg"] = ""
if val.TOTPKey != "" {
if ! validate_mfa(username, val.TOTPKey, conn) {
continue
}
}
log.Info().Msgf("Successful login for user %s from host %s", username , conn.RemoteAddr())
if chooser(conn, username) {
continue
} else {
log.Info().Msgf("Session ended for user %s", username)
break
}
}
}
if username != "" {
log.Warn().Msgf("Invalid login for user %s from host %s", username, conn.RemoteAddr())
}
continue
}
}