FtpServer
  1. FtpServer
  2. FTPSERVER-387

Disabling a user appears to have no effect

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.4
    • Fix Version/s: 1.0.5, 1.1.0
    • Component/s: Server
    • Labels:
      None
    • Environment:
      WinXP

      Description

      Using PropertiesUserManager, setting a user's "enableflag" to false does not prevent the user from logging in, downloading files, etc.

      Here is the users.properties file:

      =======

      1. Password is "admin"
        ftpserver.user.admin.userpassword=21232F297A57A5A743894A0E4A801FC3
        ftpserver.user.admin.homedirectory=./res/home
        ftpserver.user.admin.enableflag=true
        ftpserver.user.admin.writepermission=true
        ftpserver.user.admin.maxloginnumber=0
        ftpserver.user.admin.maxloginperip=0
        ftpserver.user.admin.idletime=0
        ftpserver.user.admin.uploadrate=0
        ftpserver.user.admin.downloadrate=0

      ftpserver.user.anonymous.userpassword=
      ftpserver.user.anonymous.homedirectory=./res/home
      ftpserver.user.anonymous.enableflag=true
      ftpserver.user.anonymous.writepermission=false
      ftpserver.user.anonymous.maxloginnumber=20
      ftpserver.user.anonymous.maxloginperip=2
      ftpserver.user.anonymous.idletime=300
      ftpserver.user.anonymous.uploadrate=4800
      ftpserver.user.anonymous.downloadrate=4800

      1. Password is "admin"
        ftpserver.user.chris.userpassword=21232F297A57A5A743894A0E4A801FC3
        ftpserver.user.chris.homedirectory=./res/home
        ftpserver.user.chris.enableflag=false
        ftpserver.user.chris.writepermission=false
        ftpserver.user.chris.maxloginnumber=20
        ftpserver.user.chris.maxloginperip=2
        ftpserver.user.chris.idletime=300
        ftpserver.user.chris.uploadrate=4800
        ftpserver.user.chris.downloadrate=4800

      =========

      User 'chris' can successfully login and download a file, even though he is disabled.

      The DESCUSER command shows the user as disabled:

      =======

      コマンド: SITE DESCUSER chris
      応答: 200-
      応答: userid : chris
      応答: userpassword : ********
      応答: homedirectory : ./res/home
      応答: writepermission : false
      応答: enableflag : false
      応答: idletime : 300
      応答: uploadrate : 0
      応答: 200 downloadrate : 0

      =======

      I did a quick check of the source, and the only place I could find a check of org.apache.ftpserver.ftplet.User#getEnabled() was in the SITE_DESCUSER class. So it appears that at login time a user's enabled/disabled status is never checked.

        Activity

        Hide
        Niklas Gustavsson added a comment -

        Fixed in rev 998964, thanks for reporting!

        Show
        Niklas Gustavsson added a comment - Fixed in rev 998964, thanks for reporting!

          People

          • Assignee:
            Niklas Gustavsson
            Reporter:
            Chris Birchall
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development