6.0.0-git
2019-03-23

[#12081] badlogin not working whith IMP authentication
Summary badlogin not working whith IMP authentication
Queue Horde Groupware Webmail Edition
Queue Version 5.0.4
Type Bug
State Not A Bug
Priority 2. Medium
Owners
Requester patrick.vangilst (at) labri (dot) fr
Created 2013-03-01 (2213 days ago)
Due
Updated 2013-03-06 (2208 days ago)
Assigned
Resolved 2013-03-01 (2213 days ago)
Milestone
Patch No

History
2013-03-06 13:02:35 patrick (dot) vangilst (at) labri (dot) fr Comment #7 Reply to this comment
OK, I can't have badlogincount to work...

Don't know why but $this->hasCapability('badlogincount') returns false 
even if I have:

$conf['auth']['params']['app'] = 'imp';
$conf['auth']['driver'] = 'application';
$conf['auth']['params']['count_bad_logins'] = true;
$conf['auth']['params']['login_block'] = true;
$conf['auth']['params']['login_block_count'] = 3;
$conf['auth']['params']['login_block_time'] = 5;

I'm not good enough at debugging php so as a workaround, I will use fail2ban.
Thanks for your time...


2013-03-05 15:52:53 Michael Slusarz Comment #6 Reply to this comment
How can I enable $params['history_api'] ???
Please ask support questions on the mailing lists.
2013-03-05 10:39:12 patrick (dot) vangilst (at) labri (dot) fr Comment #5 Reply to this comment
Ok, the BADLOGIN Exception is actually thrown (in /imp/lib/Imap/Exception.php)

I think I found my problem:
In /usr/share/pear/Horde/Auth/Base.php, there is a test before calling 
$this->_badLogin($userId);
Here is the test:

  if (($code == Horde_Auth::REASON_BADLOGIN) &&
                     $this->hasCapability('badlogincount')) {
                     $this->_badLogin($userId);
                 }

If I comment the line  $this->hasCapability('badlogincount')), bad 
logins are stored in the database (horde_histories) which seems ok...

Now, I can see in the same file, the constructor with another test:

if (isset($params['history_api'])) {
             $this->_history_api = $params['history_api'];
             $this->_capabilities['badlogincount'] = true;
             unset($params['history_api']);
         }

Maybe, the problem is here, so the question is:
How can I enable $params['history_api'] ???
Tell me if I am wrong or, if I'm right, how do I enable this param???
Thanks in advance.

2013-03-04 20:30:07 Michael Slusarz Comment #4 Reply to this comment
Where can I find the code that does real imp authentication and 
throws REASON_BADLOGIN exception in case of wrong authentication ?
cd imp
fgrep -r REASON_BADLOGIN *
2013-03-04 09:39:42 patrick (dot) vangilst (at) labri (dot) fr Comment #3 Reply to this comment
What I can see is that IMP_Auth fails with  REASON_BADLOGIN only in 
case of empty login/password:

if (!isset($credentials['userId']) ||
                 !isset($credentials['password'])) {
                 throw new Horde_Auth_Exception('', 
Horde_Auth::REASON_BADLOGIN);
             }

I have bad login counting enabled, this is the relevant part of 
/var/www/horde/config/conf.local.php:

$conf['auth']['params']['app'] = 'imp';
$conf['auth']['driver'] = 'application';
$conf['auth']['params']['count_bad_logins'] = true;
$conf['auth']['params']['login_block'] = true;
$conf['auth']['params']['login_block_count'] = 2;
$conf['auth']['params']['login_block_time'] = 5;

But bad login count isn't working for me....
Where can I find the code that does real imp authentication and throws 
REASON_BADLOGIN exception in case of wrong authentication ?
thanks in advance.


2013-03-01 23:25:21 Michael Slusarz Comment #2
State ⇒ Not A Bug
Reply to this comment
IMP *does* fail authentication with REASON_BADLOGIN (see, e.g., IMP_Auth).

_badLogin() is only called if you activate bad login counting.
2013-03-01 13:30:52 patrick (dot) vangilst (at) labri (dot) fr Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ badlogin not working whith IMP authentication
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
Reply to this comment
It seems that the function _badLogin($userId) (in Auth/Base.php) is 
never used with IMP authentication.
What I understand is that this function is called when en exception 
Horde_Auth::REASON_BADLOGIN is thrown. This is the code in 
Auth/Base.php:

    } catch (Horde_Auth_Exception $e) {
             if (($code = $e->getCode()) &&
                 $code != Horde_Auth::REASON_MESSAGE) {
                 if (($code == Horde_Auth::REASON_BADLOGIN) &&
                     $this->hasCapability('badlogincount')) {
                     $this->_badLogin($userId);
                 }
                 $this->setError($code, $e->getMessage());
             } else {
                 $this->setError(Horde_Auth::REASON_MESSAGE, $e->getMessage());
             }
             return false;
         }

Unfortunately, this never occurs with IMP authentication. I think some 
code is missing, in case of wrong login/password, something like:

throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);

But I don't know where.....

Saved Queries