You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by ng...@apache.org on 2010/09/20 17:53:44 UTC
svn commit: r998964 - in /mina/ftpserver: branches/1.0.x/core/src/main/java/org/apache/ftpserver/command/impl/ branches/1.0.x/core/src/test/java/org/apache/ftpserver/clienttests/ branches/1.0.x/core/src/test/resources/ trunk/core/src/main/java/org/apac...

Author: ngn
Date: Mon Sep 20 15:53:44 2010
New Revision: 998964

URL: http://svn.apache.org/viewvc?rev=998964&view=rev
Log:
Fixing bug where a disabled user was allowed to login (FTPSERVER-387)

Modified:
    mina/ftpserver/branches/1.0.x/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java
    mina/ftpserver/branches/1.0.x/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java
    mina/ftpserver/branches/1.0.x/core/src/test/resources/users.properties
    mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java
    mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java
    mina/ftpserver/trunk/core/src/test/resources/users.properties

Modified: mina/ftpserver/branches/1.0.x/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/branches/1.0.x/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java?rev=998964&r1=998963&r2=998964&view=diff
==============================================================================
--- mina/ftpserver/branches/1.0.x/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java (original)
+++ mina/ftpserver/branches/1.0.x/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java Mon Sep 20 15:53:44 2010
@@ -180,6 +180,19 @@ public class PASS extends AbstractComman
             int oldMaxIdleTime = session.getMaxIdleTime();
 
             if (authenticatedUser != null) {
+                if(!authenticatedUser.getEnabled()) {
+                    session
+                    .write(LocalizedFtpReply
+                            .translate(
+                                    session,
+                                    request,
+                                    context,
+                                    FtpReply.REPLY_530_NOT_LOGGED_IN,
+                                    "PASS", null));
+                    return;
+                }
+
+                
                 session.setUser(authenticatedUser);
                 session.setUserArgument(null);
                 session.setMaxIdleTime(authenticatedUser.getMaxIdleTime());

Modified: mina/ftpserver/branches/1.0.x/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/branches/1.0.x/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java?rev=998964&r1=998963&r2=998964&view=diff
==============================================================================
--- mina/ftpserver/branches/1.0.x/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java (original)
+++ mina/ftpserver/branches/1.0.x/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java Mon Sep 20 15:53:44 2010
@@ -48,6 +48,10 @@ public class LoginTest extends ClientTes
         assertFalse(client.login(null, null));
     }
 
+    public void testLoginDisabledUser() throws Exception {
+        assertFalse(client.login("testuser4", "password"));
+    }
+    
     public void testLoginWithAccount() throws Exception {
         assertTrue(client.login(ADMIN_USERNAME, ADMIN_PASSWORD));
 

Modified: mina/ftpserver/branches/1.0.x/core/src/test/resources/users.properties
URL: http://svn.apache.org/viewvc/mina/ftpserver/branches/1.0.x/core/src/test/resources/users.properties?rev=998964&r1=998963&r2=998964&view=diff
==============================================================================
--- mina/ftpserver/branches/1.0.x/core/src/test/resources/users.properties (original)
+++ mina/ftpserver/branches/1.0.x/core/src/test/resources/users.properties Mon Sep 20 15:53:44 2010
@@ -42,6 +42,10 @@ ftpserver.user.testuser3.userpassword=
 ftpserver.user.testuser3.writepermission=true
 ftpserver.user.testuser3.homedirectory=./test-tmp/ftproot
 
+ftpserver.user.testuser4.userpassword=password
+ftpserver.user.testuser4.enableflag=false
+ftpserver.user.testuser4.homedirectory=./test-tmp/ftproot
+
 ftpserver.user.anonymous.userpassword=
 ftpserver.user.anonymous.maxloginperip=2
 ftpserver.user.anonymous.uploadrate=4800

Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java?rev=998964&r1=998963&r2=998964&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/impl/PASS.java Mon Sep 20 15:53:44 2010
@@ -180,6 +180,19 @@ public class PASS extends AbstractComman
             int oldMaxIdleTime = session.getMaxIdleTime();
 
             if (authenticatedUser != null) {
+                if(!authenticatedUser.getEnabled()) {
+                    session
+                    .write(LocalizedFtpReply
+                            .translate(
+                                    session,
+                                    request,
+                                    context,
+                                    FtpReply.REPLY_530_NOT_LOGGED_IN,
+                                    "PASS", null));
+                    return;
+                }
+
+                
                 session.setUser(authenticatedUser);
                 session.setUserArgument(null);
                 session.setMaxIdleTime(authenticatedUser.getMaxIdleTime());

Modified: mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java?rev=998964&r1=998963&r2=998964&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java (original)
+++ mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/clienttests/LoginTest.java Mon Sep 20 15:53:44 2010
@@ -49,6 +49,10 @@ public class LoginTest extends ClientTes
         assertFalse(client.login(null, null));
     }
 
+    public void testLoginDisabledUser() throws Exception {
+        assertFalse(client.login("testuser4", "password"));
+    }
+    
     public void testLoginWithAccount() throws Exception {
         assertTrue(client.login(ADMIN_USERNAME, ADMIN_PASSWORD));
 

Modified: mina/ftpserver/trunk/core/src/test/resources/users.properties
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/resources/users.properties?rev=998964&r1=998963&r2=998964&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/test/resources/users.properties (original)
+++ mina/ftpserver/trunk/core/src/test/resources/users.properties Mon Sep 20 15:53:44 2010
@@ -42,6 +42,10 @@ ftpserver.user.testuser3.userpassword=
 ftpserver.user.testuser3.writepermission=true
 ftpserver.user.testuser3.homedirectory=./test-tmp/ftproot
 
+ftpserver.user.testuser4.userpassword=password
+ftpserver.user.testuser4.enableflag=false
+ftpserver.user.testuser4.homedirectory=./test-tmp/ftproot
+
 ftpserver.user.anonymous.userpassword=
 ftpserver.user.anonymous.maxloginperip=2
 ftpserver.user.anonymous.uploadrate=4800