Browse Source

BUGFIX: Set Web UI ban period to 1 hour

adaptive-webui-19844
Christophe Dumez 15 years ago
parent
commit
057cf3648e
  1. 1
      Changelog
  2. 13
      src/httpconnection.cpp
  3. 42
      src/httpserver.cpp
  4. 42
      src/httpserver.h

1
Changelog

@ -17,6 +17,7 @@
- BUGFIX: Optimized RSS module memory usage - BUGFIX: Optimized RSS module memory usage
- BUGFIX: Consider HTTP downloads >1MB as invalid .torrent files and abort - BUGFIX: Consider HTTP downloads >1MB as invalid .torrent files and abort
- BUGFIX: Fix Web UI authentication with some browsers - BUGFIX: Fix Web UI authentication with some browsers
- BUGFIX: Set Web UI ban period to 1 hour
- COSMETIC: Improved style management - COSMETIC: Improved style management
* Mon Jan 18 2010 - Christophe Dumez <chris@qbittorrent.org> - v2.1.0 * Mon Jan 18 2010 - Christophe Dumez <chris@qbittorrent.org> - v2.1.0

13
src/httpconnection.cpp

@ -47,7 +47,7 @@
#include <QTemporaryFile> #include <QTemporaryFile>
HttpConnection::HttpConnection(QTcpSocket *socket, Bittorrent *BTSession, HttpServer *parent) HttpConnection::HttpConnection(QTcpSocket *socket, Bittorrent *BTSession, HttpServer *parent)
: QObject(parent), socket(socket), parent(parent), BTSession(BTSession) : QObject(parent), socket(socket), parent(parent), BTSession(BTSession)
{ {
socket->setParent(this); socket->setParent(this);
connect(socket, SIGNAL(readyRead()), this, SLOT(read())); connect(socket, SIGNAL(readyRead()), this, SLOT(read()));
@ -131,8 +131,9 @@ QString HttpConnection::translateDocument(QString data) {
void HttpConnection::respond() { void HttpConnection::respond() {
//qDebug("Respond called"); //qDebug("Respond called");
int nb_fail = parent->client_failed_attempts.value(socket->peerAddress().toString(), 0); const QString &peer_ip = socket->peerAddress().toString();
if(nb_fail > 4) { const int nb_fail = parent->NbFailedAttemptsForIp(peer_ip);
if(nb_fail >= MAX_AUTH_FAILED_ATTEMPTS) {
generator.setStatusLine(403, "Forbidden"); generator.setStatusLine(403, "Forbidden");
generator.setMessage(tr("Your IP address has been banned after too many failed authentication attempts.")); generator.setMessage(tr("Your IP address has been banned after too many failed authentication attempts."));
write(); write();
@ -142,8 +143,8 @@ void HttpConnection::respond() {
qDebug("Auth: %s", qPrintable(auth.split(" ").first())); qDebug("Auth: %s", qPrintable(auth.split(" ").first()));
if (QString::compare(auth.split(" ").first(), "Digest", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth.toLocal8Bit(), parser.method())) { if (QString::compare(auth.split(" ").first(), "Digest", Qt::CaseInsensitive) != 0 || !parent->isAuthorized(auth.toLocal8Bit(), parser.method())) {
// Update failed attempt counter // Update failed attempt counter
parent->client_failed_attempts.insert(socket->peerAddress().toString(), nb_fail+1); parent->increaseNbFailedAttemptsForIp(peer_ip);
qDebug("client IP: %s (%d failed attempts)", qPrintable(socket->peerAddress().toString()), nb_fail); qDebug("client IP: %s (%d failed attempts)", qPrintable(peer_ip), nb_fail+1);
// Return unauthorized header // Return unauthorized header
generator.setStatusLine(401, "Unauthorized"); generator.setStatusLine(401, "Unauthorized");
generator.setValue("WWW-Authenticate", "Digest realm=\""+QString(QBT_REALM)+"\", nonce=\""+parent->generateNonce()+"\", algorithm=\"MD5\", qop=\"auth\""); generator.setValue("WWW-Authenticate", "Digest realm=\""+QString(QBT_REALM)+"\", nonce=\""+parent->generateNonce()+"\", algorithm=\"MD5\", qop=\"auth\"");
@ -151,7 +152,7 @@ void HttpConnection::respond() {
return; return;
} }
// Client sucessfuly authenticated, reset number of failed attempts // Client sucessfuly authenticated, reset number of failed attempts
parent->client_failed_attempts.remove(socket->peerAddress().toString()); parent->resetNbFailedAttemptsForIp(peer_ip);
QString url = parser.url(); QString url = parser.url();
// Favicon // Favicon
if(url.endsWith("favicon.ico")) { if(url.endsWith("favicon.ico")) {

42
src/httpserver.cpp

@ -37,6 +37,48 @@
#include <QCryptographicHash> #include <QCryptographicHash>
#include <QTime> #include <QTime>
#include <QRegExp> #include <QRegExp>
#include <QTimer>
const int BAN_TIME = 3600000; // 1 hour
class UnbanTimer: public QTimer {
public:
UnbanTimer(QObject *parent, QString peer_ip): QTimer(parent), peer_ip(peer_ip){
setSingleShot(true);
setInterval(BAN_TIME);
}
~UnbanTimer() {
qDebug("||||||||||||Deleting ban timer|||||||||||||||");
}
QString peer_ip;
};
void HttpServer::UnbanTimerEvent() {
UnbanTimer* ubantimer = static_cast<UnbanTimer*>(sender());
qDebug("Ban period has expired for %s", qPrintable(ubantimer->peer_ip));
client_failed_attempts.remove(ubantimer->peer_ip);
ubantimer->deleteLater();
}
int HttpServer::NbFailedAttemptsForIp(QString ip) const {
return client_failed_attempts.value(ip, 0);
}
void HttpServer::increaseNbFailedAttemptsForIp(QString ip) {
const int nb_fail = client_failed_attempts.value(ip, 0);
client_failed_attempts.insert(ip, nb_fail+1);
if(nb_fail == MAX_AUTH_FAILED_ATTEMPTS-1) {
// Max number of failed attempts reached
// Start ban period
UnbanTimer* ubantimer = new UnbanTimer(this, ip);
connect(ubantimer, SIGNAL(timeout()), this, SLOT(UnbanTimerEvent()));
ubantimer->start();
}
}
void HttpServer::resetNbFailedAttemptsForIp(QString ip) {
client_failed_attempts.remove(ip);
}
HttpServer::HttpServer(Bittorrent *_BTSession, int msec, QObject* parent) : QTcpServer(parent) { HttpServer::HttpServer(Bittorrent *_BTSession, int msec, QObject* parent) : QTcpServer(parent) {
username = Preferences::getWebUiUsername().toLocal8Bit(); username = Preferences::getWebUiUsername().toLocal8Bit();

42
src/httpserver.h

@ -42,28 +42,34 @@ class Bittorrent;
class QTimer; class QTimer;
class EventManager; class EventManager;
const int MAX_AUTH_FAILED_ATTEMPTS = 5;
class HttpServer : public QTcpServer { class HttpServer : public QTcpServer {
Q_OBJECT Q_OBJECT
private: public:
QByteArray username; HttpServer(Bittorrent *BTSession, int msec, QObject* parent = 0);
QByteArray password_ha1; ~HttpServer();
Bittorrent *BTSession; void setAuthorization(QString username, QString password_ha1);
EventManager *manager; bool isAuthorized(QByteArray auth, QString method) const;
QTimer *timer; EventManager *eventManager() const;
QString generateNonce() const;
int NbFailedAttemptsForIp(QString ip) const;
void increaseNbFailedAttemptsForIp(QString ip);
void resetNbFailedAttemptsForIp(QString ip);
public: private slots:
HttpServer(Bittorrent *BTSession, int msec, QObject* parent = 0); void newHttpConnection();
~HttpServer(); void onTimer();
void setAuthorization(QString username, QString password_ha1); void UnbanTimerEvent();
bool isAuthorized(QByteArray auth, QString method) const;
EventManager *eventManager() const;
QString generateNonce() const;
QHash<QString, int> client_failed_attempts;
private slots: private:
void newHttpConnection(); QByteArray username;
void onTimer(); QByteArray password_ha1;
Bittorrent *BTSession;
EventManager *manager;
QTimer *timer;
QHash<QString, int> client_failed_attempts;
}; };
#endif #endif

Loading…
Cancel
Save