Changeset 82702 in vbox for trunk

Timestamp:

Jan 9, 2020 4:18:28 PM (5 years ago)

Author:

vboxsync

Message:

IPRT/FTP: Made authentication workflow more flexible. bugref:9437

Location:

trunk

Files:

• include/iprt/ftp.h (modified) (2 diffs)
• src/VBox/Runtime/generic/ftp-server.cpp (modified) (11 diffs)

trunk/include/iprt/ftp.h

@@ -108 +108 @@
     /** Service ready for new user. */
     RTFTPSERVER_REPLY_READY_FOR_NEW_USER             = 220,
+    /** Service is closing control connection. */
+    RTFTPSERVER_REPLY_CLOSING_CTRL_CONN              = 221,
     /** Closing data connection. */
     RTFTPSERVER_REPLY_CLOSING_DATA_CONN              = 226,
@@ -137 +139 @@
 typedef struct RTFTPSERVERCLIENTSTATE
 {
+    /** User name. */
+    char         *pszUser;
+    /** Number of failed login attempts. */
+    uint8_t       cFailedLoginAttempts;
     /** Timestamp (in ms) of last command issued by the client. */
     uint64_t      tsLastCmdMs;

trunk/src/VBox/Runtime/generic/ftp-server.cpp

@@ -195 +195 @@
 static FNRTFTPSERVERCMD rtFtpServerHandleMODE;
 static FNRTFTPSERVERCMD rtFtpServerHandleNOOP;
+static FNRTFTPSERVERCMD rtFtpServerHandlePASS;
 static FNRTFTPSERVERCMD rtFtpServerHandlePORT;
 static FNRTFTPSERVERCMD rtFtpServerHandlePWD;
@@ -203 +204 @@
 static FNRTFTPSERVERCMD rtFtpServerHandleSYST;
 static FNRTFTPSERVERCMD rtFtpServerHandleTYPE;
+static FNRTFTPSERVERCMD rtFtpServerHandleUSER;
 
 /**
@@ -228 +230 @@
     { RTFTPSERVER_CMD_MODE,     "MODE",         rtFtpServerHandleMODE },
     { RTFTPSERVER_CMD_NOOP,     "NOOP",         rtFtpServerHandleNOOP },
+    { RTFTPSERVER_CMD_PASS,     "PASS",         rtFtpServerHandlePASS },
     { RTFTPSERVER_CMD_PORT,     "PORT",         rtFtpServerHandlePORT },
     { RTFTPSERVER_CMD_PWD,      "PWD",          rtFtpServerHandlePWD  },
@@ -236 +239 @@
     { RTFTPSERVER_CMD_SYST,     "SYST",         rtFtpServerHandleSYST },
     { RTFTPSERVER_CMD_TYPE,     "TYPE",         rtFtpServerHandleTYPE },
+    { RTFTPSERVER_CMD_USER,     "USER",         rtFtpServerHandleUSER },
     { RTFTPSERVER_CMD_LAST,     "",             NULL }
 };
@@ -370 +374 @@
 }
 
+static int rtFtpServerHandlePASS(PRTFTPSERVERCLIENT pClient, uint8_t cArgs, const char * const *apcszArgs)
+{
+    if (cArgs != 1)
+        return rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_ERROR_INVALID_PARAMETERS);
+
+    const char *pcszPassword = apcszArgs[0];
+    AssertPtrReturn(pcszPassword, VERR_INVALID_PARAMETER);
+
+    int rc = rtFtpServerAuthenticate(pClient, pClient->State.pszUser, pcszPassword);
+    if (RT_SUCCESS(rc))
+    {
+        rc = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_LOGGED_IN_PROCEED);
+    }
+    else
+    {
+        pClient->State.cFailedLoginAttempts++;
+
+        int rc2 = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_NOT_LOGGED_IN);
+        if (RT_SUCCESS(rc))
+            rc = rc2;
+    }
+
+    return rc;
+}
+
 static int rtFtpServerHandlePORT(PRTFTPSERVERCLIENT pClient, uint8_t cArgs, const char * const *apcszArgs)
 {
@@ -451 +480 @@
 }
 
+static int rtFtpServerHandleUSER(PRTFTPSERVERCLIENT pClient, uint8_t cArgs, const char * const *apcszArgs)
+{
+    if (cArgs != 1)
+        return rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_ERROR_INVALID_PARAMETERS);
+
+    const char *pcszUser = apcszArgs[0];
+    AssertPtrReturn(pcszUser, VERR_INVALID_PARAMETER);
+
+    if (pClient->State.pszUser)
+    {
+        RTStrFree(pClient->State.pszUser);
+        pClient->State.pszUser = NULL;
+    }
+
+    int rc = rtFtpServerLookupUser(pClient, pcszUser);
+    if (RT_SUCCESS(rc))
+    {
+        pClient->State.pszUser = RTStrDup(pcszUser);
+        AssertPtrReturn(pClient->State.pszUser, VERR_NO_MEMORY);
+
+        rc = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_USERNAME_OKAY_NEED_PASSWORD);
+    }
+    else
+    {
+        pClient->State.cFailedLoginAttempts++;
+
+        int rc2 = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_NOT_LOGGED_IN);
+        if (RT_SUCCESS(rc))
+            rc = rc2;
+    }
+
+    return rc;
+}
+
 
 /*********************************************************************************************************************************
 *   Internal server functions                                                                                                    *
 *********************************************************************************************************************************/
-
-/**
- * Handles the client's login procedure.
- *
- * @returns VBox status code.
- * @param   pClient             Client to handle login procedure for.
- */
-static int rtFtpServerDoLogin(PRTFTPSERVERCLIENT pClient)
-{
-    LogFlowFuncEnter();
-
-    /* Send welcome message. */
-    int rc = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_READY_FOR_NEW_USER);
-    if (RT_SUCCESS(rc))
-    {
-        size_t cbRead;
-
-        char szUser[64];
-        rc = RTTcpRead(pClient->hSocket, szUser, sizeof(szUser), &cbRead);
-        if (RT_SUCCESS(rc))
-        {
-            rc = rtFtpServerLookupUser(pClient, szUser);
-            if (RT_SUCCESS(rc))
-            {
-                rc = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_USERNAME_OKAY_NEED_PASSWORD);
-                if (RT_SUCCESS(rc))
-                {
-                    char szPass[64];
-                    rc = RTTcpRead(pClient->hSocket, szPass, sizeof(szPass), &cbRead);
-                    {
-                        if (RT_SUCCESS(rc))
-                        {
-                            rc = rtFtpServerAuthenticate(pClient, szUser, szPass);
-                            if (RT_SUCCESS(rc))
-                            {
-                                rc = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_LOGGED_IN_PROCEED);
-                            }
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    if (RT_FAILURE(rc))
-    {
-        int rc2 = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_NOT_LOGGED_IN);
-        if (RT_SUCCESS(rc))
-            rc = rc2;
-    }
-
-    return rc;
-}
 
 /**
@@ -582 +592 @@
                 *pszCmdEnd = '\0';
 
-            /* Second, determine if there is any parameters following. */
-            char *pszCmdParms = RTStrIStr(szCmd, " ");
-            if (pszCmdParms)
-                pszCmdParms++;
-
             uint8_t cArgs     = 0;
             char  **papszArgs = NULL;
-            rc = rtFtpServerCmdArgsParse(pszCmdParms, &cArgs, &papszArgs);
-            if (RT_SUCCESS(rc))
+            rc = rtFtpServerCmdArgsParse(szCmd, &cArgs, &papszArgs);
+            if (   RT_SUCCESS(rc)
+                && cArgs) /* At least the actual command (without args) must be present. */
             {
                 unsigned i = 0;
                 for (; i < RT_ELEMENTS(g_aCmdMap); i++)
                 {
-                    if (!RTStrICmp(szCmd, g_aCmdMap[i].szCmd))
+                    if (!RTStrICmp(papszArgs[0], g_aCmdMap[i].szCmd))
                     {
                         /* Save timestamp of last command sent. */
                         pClient->State.tsLastCmdMs = RTTimeMilliTS();
 
-                        rc = g_aCmdMap[i].pfnCmd(pClient, cArgs, papszArgs);
+                        rc = g_aCmdMap[i].pfnCmd(pClient, cArgs - 1, cArgs > 1 ? &papszArgs[1] : NULL);
                         break;
                     }
@@ -614 +620 @@
                 }
 
-                if (g_aCmdMap[i].enmCmd == RTFTPSERVER_CMD_QUIT)
+                const bool fDisconnect =    g_aCmdMap[i].enmCmd == RTFTPSERVER_CMD_QUIT
+                                         || pClient->State.cFailedLoginAttempts >= 3; /** @todo Make this dynamic. */
+                if (fDisconnect)
                 {
+                    int rc2 = rtFtpServerSendReplyRc(pClient, RTFTPSERVER_REPLY_CLOSING_CTRL_CONN);
+                    if (RT_SUCCESS(rc))
+                        rc = rc2;
+
                     RTFTPSERVER_HANDLE_CALLBACK_RET(pfnOnUserDisconnect);
                     break;
@@ -645 +657 @@
 static void rtFtpServerClientStateReset(PRTFTPSERVERCLIENTSTATE pState)
 {
+    RTStrFree(pState->pszUser);
+    pState->pszUser = NULL;
+
     pState->tsLastCmdMs = RTTimeMilliTS();
 }
@@ -668 +683 @@
     rtFtpServerClientStateReset(&Client.State);
 
-    int rc = rtFtpServerDoLogin(&Client);
+    /* Send welcome message. */
+    int rc = rtFtpServerSendReplyRc(&Client, RTFTPSERVER_REPLY_READY_FOR_NEW_USER);
     if (RT_SUCCESS(rc))
     {
@@ -677 +693 @@
         ASMAtomicDecU32(&pThis->cClients);
     }
+
+    rtFtpServerClientStateReset(&Client.State);
 
     return rc;