You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by rd...@apache.org on 2008/04/05 23:39:40 UTC
svn commit: r645178 - in /james/server/trunk:
experimental-seda-imap-function/src/test/java/org/apache/james/test/functional/imap/
experimental-seda-imap-function/src/test/resources/org/apache/james/test/functional/imap/scripts/
imap-api/src/main/java/...
Author: rdonkin
Date: Sat Apr 5 14:39:30 2008
New Revision: 645178
URL: http://svn.apache.org/viewvc?rev=645178&view=rev
Log:
Allow three login attempts before termination. The value will be configurable as sooon as the architecture is sorted out.
Added:
james/server/trunk/experimental-seda-imap-function/src/test/java/org/apache/james/test/functional/imap/AbstractTestSecurity.java
james/server/trunk/experimental-seda-imap-function/src/test/resources/org/apache/james/test/functional/imap/scripts/LoginThreeStrikes.test
james/server/trunk/phoenix-deployment/src/test/org/apache/james/experimental/imapserver/ExperimentalSecurityTest.java
Modified:
james/server/trunk/imap-api/src/main/java/org/apache/james/api/imap/display/HumanReadableTextKey.java
james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/base/AbstractImapRequestProcessor.java
james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/imap4rev1/LoginProcessor.java
Added: james/server/trunk/experimental-seda-imap-function/src/test/java/org/apache/james/test/functional/imap/AbstractTestSecurity.java
URL: http://svn.apache.org/viewvc/james/server/trunk/experimental-seda-imap-function/src/test/java/org/apache/james/test/functional/imap/AbstractTestSecurity.java?rev=645178&view=auto
==============================================================================
--- james/server/trunk/experimental-seda-imap-function/src/test/java/org/apache/james/test/functional/imap/AbstractTestSecurity.java (added)
+++ james/server/trunk/experimental-seda-imap-function/src/test/java/org/apache/james/test/functional/imap/AbstractTestSecurity.java Sat Apr 5 14:39:30 2008
@@ -0,0 +1,41 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.test.functional.imap;
+
+import java.util.Locale;
+
+public abstract class AbstractTestSecurity extends SimpleScriptedTestProtocol {
+
+ public AbstractTestSecurity(HostSystem system) {
+ super(system);
+ }
+
+ public void testLoginThreeStrikesUS() throws Exception {
+ scriptTest("LoginThreeStrikes", Locale.US);
+ }
+
+ public void testLoginThreeStrikesKOREA() throws Exception {
+ scriptTest("LoginThreeStrikes", Locale.KOREA);
+ }
+
+ public void testLoginThreeStrikesITALY() throws Exception {
+ scriptTest("LoginThreeStrikes", Locale.ITALY);
+ }
+}
Added: james/server/trunk/experimental-seda-imap-function/src/test/resources/org/apache/james/test/functional/imap/scripts/LoginThreeStrikes.test
URL: http://svn.apache.org/viewvc/james/server/trunk/experimental-seda-imap-function/src/test/resources/org/apache/james/test/functional/imap/scripts/LoginThreeStrikes.test?rev=645178&view=auto
==============================================================================
--- james/server/trunk/experimental-seda-imap-function/src/test/resources/org/apache/james/test/functional/imap/scripts/LoginThreeStrikes.test (added)
+++ james/server/trunk/experimental-seda-imap-function/src/test/resources/org/apache/james/test/functional/imap/scripts/LoginThreeStrikes.test Sat Apr 5 14:39:30 2008
@@ -0,0 +1,30 @@
+################################################################
+# Licensed to the Apache Software Foundation (ASF) under one #
+# or more contributor license agreements. See the NOTICE file #
+# distributed with this work for additional information #
+# regarding copyright ownership. The ASF licenses this file #
+# to you under the Apache License, Version 2.0 (the #
+# "License"); you may not use this file except in compliance #
+# with the License. You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, #
+# software distributed under the License is distributed on an #
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY #
+# KIND, either express or implied. See the License for the #
+# specific language governing permissions and limitations #
+# under the License. #
+################################################################
+#
+# As a security measure only allow three attempts
+#
+S: \* OK IMAP4rev1 Server ready
+C: a003 LOGIN invaliduser password
+S: a003 NO LOGIN failed. Invalid login/password.
+
+C: a004 LOGIN imapuser invalid
+S: a004 NO LOGIN failed. Invalid login/password.
+
+C: a005 LOGIN imapuser bogus
+S: \* BYE Login failed too many times.
\ No newline at end of file
Modified: james/server/trunk/imap-api/src/main/java/org/apache/james/api/imap/display/HumanReadableTextKey.java
URL: http://svn.apache.org/viewvc/james/server/trunk/imap-api/src/main/java/org/apache/james/api/imap/display/HumanReadableTextKey.java?rev=645178&r1=645177&r2=645178&view=diff
==============================================================================
--- james/server/trunk/imap-api/src/main/java/org/apache/james/api/imap/display/HumanReadableTextKey.java (original)
+++ james/server/trunk/imap-api/src/main/java/org/apache/james/api/imap/display/HumanReadableTextKey.java Sat Apr 5 14:39:30 2008
@@ -114,6 +114,10 @@
= new HumanReadableTextKey("org.apache.james.imap.BYE",
ImapConstants.VERSION + " Server logging out");
+ public static final HumanReadableTextKey TOO_MANY_FAILURES
+ = new HumanReadableTextKey("org.apache.james.imap.TOO_MANY_FAILURES",
+ "Login failed too many times.");
+
private final String defaultValue;
private final String key;
public HumanReadableTextKey(final String key, final String defaultValue) {
Modified: james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/base/AbstractImapRequestProcessor.java
URL: http://svn.apache.org/viewvc/james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/base/AbstractImapRequestProcessor.java?rev=645178&r1=645177&r2=645178&view=diff
==============================================================================
--- james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/base/AbstractImapRequestProcessor.java (original)
+++ james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/base/AbstractImapRequestProcessor.java Sat Apr 5 14:39:30 2008
@@ -131,6 +131,11 @@
responder.respond(response);
}
+ protected void bye(final ImapProcessor.Responder responder, final HumanReadableTextKey key) {
+ final StatusResponse response = factory.bye(key);
+ responder.respond(response);
+ }
+
protected abstract void doProcess(final ImapRequest message,
ImapSession session, String tag, ImapCommand command, Responder responder);
Modified: james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/imap4rev1/LoginProcessor.java
URL: http://svn.apache.org/viewvc/james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/imap4rev1/LoginProcessor.java?rev=645178&r1=645177&r2=645178&view=diff
==============================================================================
--- james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/imap4rev1/LoginProcessor.java (original)
+++ james/server/trunk/imap-mailbox-processor-function/src/main/java/org/apache/james/imapserver/processor/imap4rev1/LoginProcessor.java Sat Apr 5 14:39:30 2008
@@ -37,6 +37,11 @@
*/
public class LoginProcessor extends AbstractImapRequestProcessor {
+ private static final String ATTRIBUTE_NUMBER_OF_FAILURES
+ = "org.apache.james.imapserver.processor.imap4rev1.LoginProcessor.NUMBER_OF_FAILURES";
+ // TODO: this should be configurable
+ private static final int MAX_FAILURES = 3;
+
private final UsersRepository users;
public LoginProcessor(final ImapProcessor next, final UsersRepository users,
@@ -60,7 +65,20 @@
ImapSessionUtils.setUser(session, user);
okComplete(command, tag, responder);
} else {
- no(command,tag, responder, HumanReadableTextKey.INVALID_LOGIN);
+ final Integer currentNumberOfFailures = (Integer) session.getAttribute(ATTRIBUTE_NUMBER_OF_FAILURES);
+ final int failures;
+ if (currentNumberOfFailures == null) {
+ failures = 1;
+ } else {
+ failures = currentNumberOfFailures.intValue() + 1;
+ }
+ if (failures < MAX_FAILURES) {
+ session.setAttribute(ATTRIBUTE_NUMBER_OF_FAILURES, new Integer(failures));
+ no(command,tag, responder, HumanReadableTextKey.INVALID_LOGIN);
+ } else {
+ bye(responder, HumanReadableTextKey.TOO_MANY_FAILURES);
+ session.logout();
+ }
}
}
}
Added: james/server/trunk/phoenix-deployment/src/test/org/apache/james/experimental/imapserver/ExperimentalSecurityTest.java
URL: http://svn.apache.org/viewvc/james/server/trunk/phoenix-deployment/src/test/org/apache/james/experimental/imapserver/ExperimentalSecurityTest.java?rev=645178&view=auto
==============================================================================
--- james/server/trunk/phoenix-deployment/src/test/org/apache/james/experimental/imapserver/ExperimentalSecurityTest.java (added)
+++ james/server/trunk/phoenix-deployment/src/test/org/apache/james/experimental/imapserver/ExperimentalSecurityTest.java Sat Apr 5 14:39:30 2008
@@ -0,0 +1,30 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.experimental.imapserver;
+
+import org.apache.james.test.functional.imap.AbstractTestSecurity;
+
+public class ExperimentalSecurityTest extends AbstractTestSecurity {
+
+ public ExperimentalSecurityTest() throws Exception {
+ super(HostSystemFactory.createStandardImap());
+ }
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org