/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ftpserver.command.impl;
import java.io.IOException;
import java.net.InetSocketAddress;
import org.apache.ftpserver.command.AbstractCommand;
import org.apache.ftpserver.ftplet.Authentication;
import org.apache.ftpserver.ftplet.AuthenticationFailedException;
import org.apache.ftpserver.ftplet.FileSystemFactory;
import org.apache.ftpserver.ftplet.FileSystemView;
import org.apache.ftpserver.ftplet.FtpException;
import org.apache.ftpserver.ftplet.FtpReply;
import org.apache.ftpserver.ftplet.FtpRequest;
import org.apache.ftpserver.ftplet.User;
import org.apache.ftpserver.ftplet.UserManager;
import org.apache.ftpserver.impl.FtpIoSession;
import org.apache.ftpserver.impl.FtpServerContext;
import org.apache.ftpserver.impl.LocalizedFtpReply;
import org.apache.ftpserver.impl.ServerFtpStatistics;
import org.apache.ftpserver.usermanager.AnonymousAuthentication;
import org.apache.ftpserver.usermanager.UsernamePasswordAuthentication;
import org.apache.ftpserver.usermanager.impl.UserMetadata;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* <strong>Internal class, do not use directly.</strong>
*
* <code>PASS <SP> <password> <CRLF></code><br>
*
* The argument field is a Telnet string specifying the user's password. This
* command must be immediately preceded by the user name command.
*
* @author <a href="http://mina.apache.org">Apache MINA Project</a>
*/
public class PASS extends AbstractCommand {
private final Logger LOG = LoggerFactory.getLogger(PASS.class);
/**
* Execute command.
*/
public void execute(final FtpIoSession session,
final FtpServerContext context, final FtpRequest request)
throws IOException, FtpException {
boolean success = false;
ServerFtpStatistics stat = (ServerFtpStatistics) context
.getFtpStatistics();
try {
// reset state variables
session.resetState();
// argument check
String password = request.getArgument();
// check user name
String userName = session.getUserArgument();
if (userName == null && session.getUser() == null) {
session.write(LocalizedFtpReply.translate(session, request, context,
FtpReply.REPLY_503_BAD_SEQUENCE_OF_COMMANDS, "PASS",
null));
return;
}
// already logged-in
if (session.isLoggedIn()) {
session.write(LocalizedFtpReply.translate(session, request, context,
FtpReply.REPLY_202_COMMAND_NOT_IMPLEMENTED, "PASS",
null));
return;
}
// anonymous login limit check
boolean anonymous = userName != null
&& userName.equals("anonymous");
if (anonymous) {
int currAnonLogin = stat.getCurrentAnonymousLoginNumber();
int maxAnonLogin = context.getConnectionConfig()
.getMaxAnonymousLogins();
if(maxAnonLogin == 0) {
LOG.debug("Currently {} anonymous users logged in, unlimited allowed", currAnonLogin);
} else {
LOG.debug("Currently {} out of {} anonymous users logged in", currAnonLogin, maxAnonLogin);
}
if (currAnonLogin >= maxAnonLogin) {
LOG.debug("Too many anonymous users logged in, user will be disconnected");
session
.write(LocalizedFtpReply
.translate(
session,
request,
context,
FtpReply.REPLY_421_SERVICE_NOT_AVAILABLE_CLOSING_CONTROL_CONNECTION,
"PASS.anonymous", null));
return;
}
}
// login limit check
int currLogin = stat.getCurrentLoginNumber();
int maxLogin = context.getConnectionConfig().getMaxLogins();
if(maxLogin == 0) {
LOG.debug("Currently {} users logged in, unlimited allowed", currLogin);
} else {
LOG.debug("Currently {} out of {} users logged in", currLogin, maxLogin);
}
if (maxLogin != 0 && currLogin >= maxLogin) {
LOG.debug("Too many users logged in, user will be disconnected");
session
.write(LocalizedFtpReply
.translate(
session,
request,
context,
FtpReply.REPLY_421_SERVICE_NOT_AVAILABLE_CLOSING_CONTROL_CONNECTION,
"PASS.login", null));
return;
}
// authenticate user
UserManager userManager = context.getUserManager();
User authenticatedUser = null;
try {
UserMetadata userMetadata = new UserMetadata();
if (session.getRemoteAddress() instanceof InetSocketAddress) {
userMetadata.setInetAddress(((InetSocketAddress) session
.getRemoteAddress()).getAddress());
}
userMetadata.setCertificateChain(session
.getClientCertificates());
Authentication auth;
if (anonymous) {
auth = new AnonymousAuthentication(userMetadata);
} else {
auth = new UsernamePasswordAuthentication(userName,
password, userMetadata);
}
authenticatedUser = userManager.authenticate(auth);
} catch (AuthenticationFailedException e) {
LOG.warn("User failed to log in");
} catch (Exception e) {
authenticatedUser = null;
LOG.warn("PASS.execute()", e);
}
// first save old values so that we can reset them if Ftplets
// tell us to fail
User oldUser = session.getUser();
String oldUserArgument = session.getUserArgument();
int oldMaxIdleTime = session.getMaxIdleTime();
if (authenticatedUser != null) {
if(!authenticatedUser.getEnabled()) {
session
.write(LocalizedFtpReply
.translate(
session,
request,
context,
FtpReply.REPLY_530_NOT_LOGGED_IN,
"PASS", null));
return;
}
session.setUser(authenticatedUser);
session.setUserArgument(null);
session.setMaxIdleTime(authenticatedUser.getMaxIdleTime());
success = true;
} else {
session.setUser(null);
}
if (!success) {
// reset due to failure
session.setUser(oldUser);
session.setUserArgument(oldUserArgument);
session.setMaxIdleTime(oldMaxIdleTime);
delayAfterLoginFailure(context.getConnectionConfig()
.getLoginFailureDelay());
LOG.warn("Login failure - " + userName);
session.write(LocalizedFtpReply.translate(session, request, context,
FtpReply.REPLY_530_NOT_LOGGED_IN, "PASS", userName));
stat.setLoginFail(session);
session.increaseFailedLogins();
// kick the user if the max number of failed logins is reached
int maxAllowedLoginFailues = context.getConnectionConfig()
.getMaxLoginFailures();
if (maxAllowedLoginFailues != 0
&& session.getFailedLogins() >= maxAllowedLoginFailues) {
LOG.warn("User exceeded the number of allowed failed logins, session will be closed");
session.close(false).awaitUninterruptibly(10000);
}
return;
}
// update different objects
FileSystemFactory fmanager = context.getFileSystemManager();
FileSystemView fsview = fmanager
.createFileSystemView(authenticatedUser);
session.setLogin(fsview);
stat.setLogin(session);
// everything is fine - send login ok message
session.write(LocalizedFtpReply.translate(session, request, context,
FtpReply.REPLY_230_USER_LOGGED_IN, "PASS", userName));
if (anonymous) {
LOG.info("Anonymous login success - " + password);
} else {
LOG.info("Login success - " + userName);
}
} finally {
// if login failed - reset user
if (!success) {
session.reinitialize();
}
}
}
private void delayAfterLoginFailure(final int loginFailureDelay) {
if (loginFailureDelay > 0) {
LOG.debug("Waiting for " + loginFailureDelay
+ " milliseconds due to login failure");
try {
Thread.sleep(loginFailureDelay);
} catch (InterruptedException e) {
// ignore and go on
}
}
}
}