incubator-ftpserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r550034 - in /incubator/ftpserver/trunk: core/src/java/org/apache/ftpserver/ core/src/java/org/apache/ftpserver/command/ core/src/java/org/apache/ftpserver/ftplet/ core/src/java/org/apache/ftpserver/listener/ distribution/res/conf/ ftplet-a...
Date Sat, 23 Jun 2007 12:22:40 GMT
Author: ngn
Date: Sat Jun 23 05:22:40 2007
New Revision: 550034

URL: http://svn.apache.org/viewvc?view=rev&rev=550034
Log:
Adding a setting to disconnect a user after a certain amount of failure login attempts (FTPSERVER-94).
Also added a configurable delay after a failed login to make brute force attacks harder (FTPSERVER-99).

Modified:
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/FtpSessionImpl.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/PASS.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ftplet/IsolatingFtpSession.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManager.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManagerImpl.java
    incubator/ftpserver/trunk/distribution/res/conf/ftpd.properties
    incubator/ftpserver/trunk/distribution/res/conf/ftpd.xml
    incubator/ftpserver/trunk/ftplet-api/src/java/org/apache/ftpserver/ftplet/FtpSession.java

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/FtpSessionImpl.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/FtpSessionImpl.java?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/FtpSessionImpl.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/FtpSessionImpl.java Sat Jun
23 05:22:40 2007
@@ -69,6 +69,7 @@
     private Structure structure  = Structure.FILE;
     private FtpServerContext serverContext;
     private Listener listener;
+    private int failedLogins;
     
     public Listener getListener() {
         return listener;
@@ -395,5 +396,13 @@
 
     public void setServerPort(int serverPort) {
         this.serverPort = serverPort;
+    }
+
+    public int getFailedLogins() {
+        return failedLogins;
+    }
+
+    public void increaseFailedLogins() {
+        this.failedLogins++;
     }
 }

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/PASS.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/PASS.java?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/PASS.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/command/PASS.java Sat Jun
23 05:22:40 2007
@@ -181,10 +181,22 @@
                 session.setUser(oldUser);
                 session.setUserArgument(oldUserArgument);
                 session.setMaxIdleTime(oldMaxIdleTime);
+
+                delayAfterLoginFailure(conManager);
                 
                 LOG.warn("Login failure - " + userName);
                 out.write(FtpReplyUtil.translate(session, FtpReply.REPLY_530_NOT_LOGGED_IN,
"PASS", userName));
                 stat.setLoginFail(connection);
+
+                session.increaseFailedLogins();
+
+                // kick the user if the max number of failed logins is reached
+                int maxAllowedLoginFailues = conManager.getMaxLoginFailures(); 
+                if(maxAllowedLoginFailues != 0 && 
+                        session.getFailedLogins() >= maxAllowedLoginFailues) {
+                    connection.close();
+                }
+                
                 return;
             }
             
@@ -209,6 +221,20 @@
             // if login failed - reset user
             if(!success) {
                 session.reinitialize();
+            }
+        }
+    }
+
+    private void delayAfterLoginFailure(ConnectionManager conManager) {
+        int loginFailureDelay = conManager.getLoginFailureDelay();
+        
+        if(loginFailureDelay > 0) {
+            LOG.debug("Waiting for " + loginFailureDelay + " milliseconds due to login failure");
+            
+            try {
+                Thread.sleep(loginFailureDelay);
+            } catch (InterruptedException e) {
+                // ignore and go on
             }
         }
     }

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ftplet/IsolatingFtpSession.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ftplet/IsolatingFtpSession.java?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ftplet/IsolatingFtpSession.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ftplet/IsolatingFtpSession.java
Sat Jun 23 05:22:40 2007
@@ -130,5 +130,9 @@
     public DataConnectionFactory getDataConnection() {
         return session.getDataConnection();
     }
+
+    public int getFailedLogins() {
+        return session.getFailedLogins();
+    }
     
 }

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManager.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManager.java?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManager.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManager.java
Sat Jun 23 05:22:40 2007
@@ -36,6 +36,16 @@
      * Get maximum number of logins.
      */
     int getMaxLogins();
+
+    /**
+     * Get login failure before getting disconnected
+     */
+    int getMaxLoginFailures();
+
+    /**
+     * The number of milliseconds the server will delay after a failed login.
+     */
+    int getLoginFailureDelay();
      
     
     /**

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManagerImpl.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManagerImpl.java?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManagerImpl.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/ConnectionManagerImpl.java
Sat Jun 23 05:22:40 2007
@@ -54,6 +54,10 @@
     
     private int defaultIdleSec;
     private int pollIntervalSec;
+
+    private int maxLoginFailures;
+
+    private int loginFailureDelay;
     
     
     /**
@@ -62,12 +66,14 @@
     public void configure(Configuration config) throws FtpException {
         
         // get configuration parameters
-        maxConnections  = config.getInt     ("max-connection",          20);
-        maxLogins       = config.getInt     ("max-login",               10);
-        anonEnabled     = config.getBoolean ("anonymous-login-enabled", true);
-        maxAnonLogins   = config.getInt     ("max-anonymous-login",     10);
-        defaultIdleSec  = config.getInt     ("default-idle-time",       60);
-        pollIntervalSec = config.getInt     ("timeout-poll-interval",   60);
+        maxConnections    = config.getInt     ("max-connection",          20);
+        maxLogins         = config.getInt     ("max-login",               10);
+        anonEnabled       = config.getBoolean ("anonymous-login-enabled", true);
+        maxAnonLogins     = config.getInt     ("max-anonymous-login",     10);
+        defaultIdleSec    = config.getInt     ("default-idle-time",       60);
+        pollIntervalSec   = config.getInt     ("timeout-poll-interval",   60);
+        maxLoginFailures  = config.getInt     ("max-login-failures",   3);
+        loginFailureDelay = config.getInt     ("login-failure-delay",   500);
         
         // set timer to remove inactive users and load data
         timer = new Timer(true);
@@ -302,5 +308,13 @@
             closeAllConnections();
             conList = null;
         }
+    }
+
+    public int getMaxLoginFailures() {
+        return maxLoginFailures;
+    }
+
+    public int getLoginFailureDelay() {
+        return loginFailureDelay;
     } 
 }

Modified: incubator/ftpserver/trunk/distribution/res/conf/ftpd.properties
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/distribution/res/conf/ftpd.properties?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/distribution/res/conf/ftpd.properties (original)
+++ incubator/ftpserver/trunk/distribution/res/conf/ftpd.properties Sat Jun 23 05:22:40 2007
@@ -80,6 +80,8 @@
 #config.connection-manager.max-anonymous-login=10
 #config.connection-manager.default-idle-time=60
 #config.connection-manager.timeout-poll-inverval=60
+#config.connection-manager.max-login-failures=3
+#config.connection-manager.login-failure-delay=500
 
 
 ##-----------------------------------------------------------------------------

Modified: incubator/ftpserver/trunk/distribution/res/conf/ftpd.xml
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/distribution/res/conf/ftpd.xml?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/distribution/res/conf/ftpd.xml (original)
+++ incubator/ftpserver/trunk/distribution/res/conf/ftpd.xml Sat Jun 23 05:22:40 2007
@@ -95,6 +95,8 @@
         <max-anonymous-login>10</max-anonymous-login>
         <default-idle-time>60</default-idle-time>
         <timeout-poll-inverval>60</timeout-poll-inverval>
+        <max-login-failures>3</max-login-failures>
+        <login-failure-delay>500</login-failure-delay>
     </connection-manager>
     -->
 

Modified: incubator/ftpserver/trunk/ftplet-api/src/java/org/apache/ftpserver/ftplet/FtpSession.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/ftplet-api/src/java/org/apache/ftpserver/ftplet/FtpSession.java?view=diff&rev=550034&r1=550033&r2=550034
==============================================================================
--- incubator/ftpserver/trunk/ftplet-api/src/java/org/apache/ftpserver/ftplet/FtpSession.java
(original)
+++ incubator/ftpserver/trunk/ftplet-api/src/java/org/apache/ftpserver/ftplet/FtpSession.java
Sat Jun 23 05:22:40 2007
@@ -66,6 +66,11 @@
      * Get the login time.
      */
     Date getLoginTime();
+
+    /**
+     * Get the number of failed logins. When login succeeds, this will return 0.
+     */
+    int getFailedLogins();
     
     /**
      * Get last access time.



Mime
View raw message