warsessionmanager.cpp

ftpserver very good sample

                    << " is rejected because we have reached the "
                    "limit of "
                    << max_site_logins
                    << " concurrent users at this ("
                    << pSvrProtocol->GetSiteName()
                    << ") site. This limit can be "
                    "altered by changing the svr_MAXSITECONN option."
                    << war_endl;

                loginResult = LF_TOO_MANY_CONNECTIONS_TOTAL;
            }
            
            // Check limit for this user
            int max_user_logins = 0;
            
            if (userDataPtr->IsAnonymous())
                max_user_logins = pSvrProtocol->GetIntOption("svr_MAXANONCONN");
            else
                max_user_logins = userDataPtr->GetIntOption("user_MAXSITECONN");

            if ((0 < max_user_logins)
                && (max_user_logins <= (int)mSessions.count(session_ptr)))
            {
                WarLog auth_log(WARLOG_INOUT, "WarSessionManager::OnPostLogin()");

                auth_log << "The connection from "
                    << *session_ptr
                    << " is rejected because we have reached the "
                    "limit of "
                    << max_user_logins
                    << " concurrent sessions from this user. "
                    "This limit can be "
                    "altered by changing the user_MAXSITECONN option."
                    << war_endl;

                loginResult = LF_TOO_MANY_CONNECTIONS;
            }

            // Check limit for this host
            int max_host_logins 
                = pSvrProtocol->GetIntOption("svr_MAXHOSTCONN");
            int num_host_logins = 0;
            hlP = mHostLogins.find(
                pSvrProtocol->GetRemoteAddress().GetInAddr().s_addr);

            if (hlP != mHostLogins.end())
                num_host_logins = hlP->second;

            if ((0 < max_host_logins) 
                && (num_host_logins >= max_host_logins))
            {
                WarLog auth_log(WARLOG_INOUT, "WarSessionManager::OnPostLogin()");

                auth_log << "The connection from "
                    << *session_ptr
                    << " is rejected because we have reached the "
                    "limit of "
                    << max_host_logins
                    << " concurrent users at this ("
                    << pSvrProtocol->GetSiteName()
                    << ") site. This limit can be "
                    "altered by changing the svr_MAXHOSTCONN option."
                    << war_endl;

                loginResult = LF_TOO_MANY_CONNECTIONS_FROM_IP;
            }

            if (LF_OK == loginResult)
            {
                // Accept the connection.
                mSessions.insert(session_ptr);
                if (slP != mSiteLogins.end())
                    slP->second++;
                else
                    mSiteLogins.insert(
                    site_session_t(native_site_name, 1));

                if (hlP != mHostLogins.end())
                    hlP->second++;
                else
                    mHostLogins.insert(host_session_t(
                    pSvrProtocol->GetRemoteAddress().GetInAddr().s_addr,
                    1));

                mNumClientConnections++;

                pSvrProtocol->mSessionPtr = session_ptr;
            }
        }
        break;
    case LF_NEED_EMAIL_AS_PWD:
    case LF_NEED_PASSWORD:
    case LF_TOO_MANY_CONNECTIONS:
    case LF_TOO_MANY_CONNECTIONS_TOTAL:
    case LF_TOO_MANY_CONNECTIONS_FROM_IP:
    case LF_INTERNAL_ERROR:
        break; // We can live with these

    default:
        // Add to the list of hosts that have failed to log in recently
        WarTime expieres;
        int host_ip = pSvrProtocol->GetRemoteAddress().GetInAddr().s_addr;
        expieres.Reset(pSvrProtocol->GetIntOption(
            "svr_BADLOGINHISTTIME") * 60000);
        mBadPwdHosts.insert(bad_pwd_entry_t(host_ip, expieres));
            
        // Check the number of failed attempts for this connection
        if (++numFailedLoginAttepmts >=
            pSvrProtocol->GetIntOption("svr_MAXLOGINTRIES"))
        {
            WarLog security_log(WARLOG_SECURITY, "WarSessionManager::OnPostLogin()");

            security_log << "Disconnecting host "
                << pSvrProtocol->GetRemoteAddress().Explain()
                << ". Too many unsuccessful login attempts."
                << war_endl;
            
            loginResult = LF_TOO_MANY_FAILED_LOGINS;
        }

        // Check how many times this host have failed recently...
        int max_tries =  pSvrProtocol->GetIntOption(
            "svr_MAXHOSTLOGINTRIES");
        int num_tries = 0;

        if (max_tries > 0)
        {
            {
                AUTO_LOCK;
                num_tries = mBadPwdHosts.count(host_ip);
            }
            
            if (num_tries >= max_tries)
            {
                WarLog security_log(WARLOG_SECURITY, "WarSessionManager::OnPostLogin()");
                
                security_log << "Disconnecting host "
                    << pSvrProtocol->GetRemoteAddress().Explain()
                    << ". Too many unsuccessful login attempts from this "
                    "host. The host will now be shitlisted."
                    << war_endl;
                
                loginResult = LF_TOO_MANY_FAILED_LOGINS;
                
                ShitlistIp(WarIpShitlisted(
                    WarIpShitlisted::REASON_CRACKING,
                    pSvrProtocol->GetRemoteAddress().GetInAddr()));
            }
        }
    }
}

void WarSessionManager::OnClientLogoff(
    war_client_session_ptr_t& clientSession)
{
    // See if we still have this session listed.
    // We can be notified several times about a logoff,
    // so we don't care if we can't find the entry.


    AUTO_LOCK;

    const session_mset_t::iterator firstP 
        = mSessions.lower_bound(clientSession);
    const session_mset_t::iterator lastP 
        = mSessions.upper_bound(clientSession);

    for(session_mset_t::iterator P = firstP
        ; P != lastP
        ; ++P)
    {
        if (P->IsSameObject(clientSession))
        {
            // Delete from sessions list
            mSessions.erase(P);

            // Delete from hosts list
            host_sessions_map_t::iterator hlP 
                = mHostLogins.find(
                clientSession->GetRemoteAddress().GetInAddr().s_addr);
            if (hlP != mHostLogins.end())
            {
                if (hlP->second > 1)
                    hlP->second--;
                else
                    mHostLogins.erase(hlP);
            } 

            // Delete site list
            site_sessions_map_t::iterator slP 
                = mSiteLogins.find(
                clientSession->GetNativeSiteName());
            if (slP != mSiteLogins.end())
            {
                if (slP->second > 1)
                    slP->second--;
                else
                    mSiteLogins.erase(slP);
            }

            // Decrease counter
            mNumClientConnections--;

            break;
        }
    }
}

//============================= ACCESS     ===================================

WarSessionManager& WarSessionManager::GetManager() 
throw (WarException)
{
	if (NULL == mpManager)
		WarThrow(WarError(WAR_ERR_INTERNAL_DATA_NOT_INITIALIZED), NULL);
	
	return *mpManager;
}

//============================= INQUIRY    ===================================

bool WarSessionManager::IsShitlisted(const struct in_addr& hostIp,
                                     WarIpShitlisted *pMakeCopy)
{
    AUTO_LOCK;

    shitlist_t::iterator P = mIpShitlist.find(hostIp.s_addr);
    if (P != mIpShitlist.end())
    {
        if (pMakeCopy)
            *pMakeCopy = P->second;
        
        return true;
    }

    return false;
}

void WarSessionManager::GetClientSessions(session_list_t& result)
{
	AUTO_LOCK;
	for(session_mset_t::iterator P = mSessions.begin()
		; P != mSessions.end()
		; ++P)
	{
		result.push_back(*(*P));
	}
}

void WarSessionManager::GetShitlist(shitlist_list_t& result) 
{
	AUTO_LOCK;
	for(shitlist_t::iterator P = mIpShitlist.begin()
		; P != mIpShitlist.end()
		; ++P)
	{
		result.push_back(P->second);
	}
}

void WarSessionManager::GetSites(name_cnt_list_t& result) 
{
	AUTO_LOCK;
	for(site_sessions_map_t::iterator P = mSiteLogins.begin()
		; P != mSiteLogins.end()
		; ++P)
	{
		result.push_back(name_cnt_t(P->first, P->second));
	}
}

/////////////////////////////// PROTECTED  ///////////////////////////////////

/////////////////////////////// PRIVATE    ///////////////////////////////////

WarSessionManager *WarSessionManager::mpManager = NULL;

void WarSessionManager::OnTimer()
{
    // Remove expiered entries 
    {
        AUTO_LOCK;

        RemoveExpieredEntries(shitlist_t, mIpShitlist);
        RemoveExpieredEntries(bad_pwd_mmap_t, mBadPwdHosts);
        RemoveExpieredEntries(history_mmap_t, mShortTermHistory);
    }
}