GUACAMOLE-990: Disable tracking if max addresses is not a positive in…

…teger.
apache · Aug 22, 2022 · 2e5d3f4 · 2e5d3f4
1 parent 584db45
commit 2e5d3f4
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/...e-auth-ban/src/main/java/org/apache/guacamole/auth/ban/BanningAuthenticationProvider.java b/...e-auth-ban/src/main/java/org/apache/guacamole/auth/ban/BanningAuthenticationProvider.java
@@ -22,7 +22,6 @@
 import org.apache.guacamole.auth.ban.status.InMemoryAuthenticationFailureTracker;
 import org.apache.guacamole.auth.ban.status.AuthenticationFailureTracker;
 import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.GuacamoleServerException;
 import org.apache.guacamole.auth.ban.status.NullAuthenticationFailureTracker;
 import org.apache.guacamole.environment.Environment;
 import org.apache.guacamole.environment.LocalEnvironment;
@@ -130,12 +129,6 @@ public BanningAuthenticationProvider() throws GuacamoleException {
         int banDuration = environment.getProperty(IP_BAN_DURATION, DEFAULT_IP_BAN_DURATION);
         long maxAddresses = environment.getProperty(MAX_ADDRESSES, DEFAULT_MAX_ADDRESSES);
 
-        if (maxAddresses <= 0)
-            throw new GuacamoleServerException("The maximum number of "
-                    + "addresses tracked, as specified by the "
-                    + "\"" +  MAX_ADDRESSES.getName() + "\" property, must be "
-                    + "greater than zero.");
-
         // Configure auth failure tracking behavior and inform administrator of
         // ultimate result
         if (maxAttempts <= 0) {
@@ -151,6 +144,12 @@ else if (banDuration <= 0) {
                     + "of brute-force authentication attempts will be "
                     + "disabled.", banDuration);
         }
+        else if (maxAddresses <= 0) {
+            this.tracker = new NullAuthenticationFailureTracker();
+            logger.info("Maximum number of tracked addresses has been set to "
+                    + "{}. Automatic banning of brute-force authentication "
+                    + "attempts will be disabled.", maxAddresses);
+        }
         else {
             this.tracker = new InMemoryAuthenticationFailureTracker(maxAttempts, banDuration, maxAddresses);
             logger.info("Addresses will be automatically banned for {} "