[jira] Closed: (FTPSERVER-154) Do not allow AUTH on an already secured session

[Niklas Gustavsson (JIRA)]

     [ 
https://issues.apache.org/jira/browse/FTPSERVER-154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Niklas Gustavsson closed FTPSERVER-154.
---------------------------------------

    Resolution: Fixed

Fixed, we now return 534 on a reissued AUTH

svn commit "/media/big/home/svn/apache/ftpserver-trunk/core" -m "Crappy 
implementation of isSecure on the control socket as it only checked for the 
session base SSL filter  (FTPSERVER-149). Same (but opposite) problem for 
getClientCertificates() (FTPSERVER-151). Also, we should not allow AUTH to be 
issued on an already secure session or trouble will occur (multiple SSL 
filters) (FTPSERVER-154) All three fixed and tests added." --username "ngn"
        M 
/media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
        M 
/media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
        M 
/media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
        M 
/media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
        M 
/media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
          Transmitting file data: 
/media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
          Transmitting file data: 
/media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
          Transmitting file data: 
/media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
          Transmitting file data: 
/media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
          Transmitting file data: 
/media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
Committed revision 685647

> Do not allow AUTH on an already secured session
> -----------------------------------------------
>
>                 Key: FTPSERVER-154
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-154
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0-M2
>            Reporter: Niklas Gustavsson
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M3
>
>
> If a client send an AUTH on an already secured session (either due to an 
> earlier AUTH or an implicit secured socket) we should ignore the AUTH. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.