[jira] Created: (FTPSERVER-387) Disabling a user appears to have no effect

Wed, 15 Sep 2010 20:16:39 -0700 

Disabling a user appears to have no effect
------------------------------------------

                 Key: FTPSERVER-387
                 URL: https://issues.apache.org/jira/browse/FTPSERVER-387
             Project: FtpServer
          Issue Type: Bug
          Components: Server
    Affects Versions: 1.0.4
         Environment: WinXP
            Reporter: Chris Birchall


Using PropertiesUserManager, setting a user's "enableflag" to false does not 
prevent the user from logging in, downloading files, etc.

Here is the users.properties file:

=======

# Password is "admin"
ftpserver.user.admin.userpassword=21232F297A57A5A743894A0E4A801FC3
ftpserver.user.admin.homedirectory=./res/home
ftpserver.user.admin.enableflag=true
ftpserver.user.admin.writepermission=true
ftpserver.user.admin.maxloginnumber=0
ftpserver.user.admin.maxloginperip=0
ftpserver.user.admin.idletime=0
ftpserver.user.admin.uploadrate=0
ftpserver.user.admin.downloadrate=0

ftpserver.user.anonymous.userpassword=
ftpserver.user.anonymous.homedirectory=./res/home
ftpserver.user.anonymous.enableflag=true
ftpserver.user.anonymous.writepermission=false
ftpserver.user.anonymous.maxloginnumber=20
ftpserver.user.anonymous.maxloginperip=2
ftpserver.user.anonymous.idletime=300
ftpserver.user.anonymous.uploadrate=4800
ftpserver.user.anonymous.downloadrate=4800

# Password is "admin"
ftpserver.user.chris.userpassword=21232F297A57A5A743894A0E4A801FC3
ftpserver.user.chris.homedirectory=./res/home
ftpserver.user.chris.enableflag=false
ftpserver.user.chris.writepermission=false
ftpserver.user.chris.maxloginnumber=20
ftpserver.user.chris.maxloginperip=2
ftpserver.user.chris.idletime=300
ftpserver.user.chris.uploadrate=4800
ftpserver.user.chris.downloadrate=4800

=========

User 'chris' can successfully login and download a file, even though he is 
disabled.

The DESCUSER command shows the user as disabled:

=======

コマンド:   SITE DESCUSER chris
応答:     200-
応答:     userid          : chris
応答:     userpassword    : ********
応答:     homedirectory   : ./res/home
応答:     writepermission : false
応答:     enableflag      : false
応答:     idletime        : 300
応答:     uploadrate      : 0
応答:     200 downloadrate    : 0

=======

I did a quick check of the source, and the only place I could find a check of  
org.apache.ftpserver.ftplet.User#getEnabled() was in the SITE_DESCUSER class. 
So it appears that at login time a user's enabled/disabled status is never 
checked. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to