From 2e5d3f4fafcfe475cd8c7bccaba4d5eae94ca560 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Mon, 22 Aug 2022 15:12:01 -0700
Subject: [PATCH] GUACAMOLE-990: Disable tracking if max addresses is not a
 positive integer.

---
 .../auth/ban/BanningAuthenticationProvider.java     | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/extensions/guacamole-auth-ban/src/main/java/org/apache/guacamole/auth/ban/BanningAuthenticationProvider.java b/extensions/guacamole-auth-ban/src/main/java/org/apache/guacamole/auth/ban/BanningAuthenticationProvider.java
index a6df43a30..1d115d39d 100644
--- a/extensions/guacamole-auth-ban/src/main/java/org/apache/guacamole/auth/ban/BanningAuthenticationProvider.java
+++ b/extensions/guacamole-auth-ban/src/main/java/org/apache/guacamole/auth/ban/BanningAuthenticationProvider.java
@@ -22,7 +22,6 @@ package org.apache.guacamole.auth.ban;
 import org.apache.guacamole.auth.ban.status.InMemoryAuthenticationFailureTracker;
 import org.apache.guacamole.auth.ban.status.AuthenticationFailureTracker;
 import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.GuacamoleServerException;
 import org.apache.guacamole.auth.ban.status.NullAuthenticationFailureTracker;
 import org.apache.guacamole.environment.Environment;
 import org.apache.guacamole.environment.LocalEnvironment;
@@ -130,12 +129,6 @@ public class BanningAuthenticationProvider extends AbstractAuthenticationProvide
         int banDuration = environment.getProperty(IP_BAN_DURATION, DEFAULT_IP_BAN_DURATION);
         long maxAddresses = environment.getProperty(MAX_ADDRESSES, DEFAULT_MAX_ADDRESSES);
 
-        if (maxAddresses <= 0)
-            throw new GuacamoleServerException("The maximum number of "
-                    + "addresses tracked, as specified by the "
-                    + "\"" +  MAX_ADDRESSES.getName() + "\" property, must be "
-                    + "greater than zero.");
-
         // Configure auth failure tracking behavior and inform administrator of
         // ultimate result
         if (maxAttempts <= 0) {
@@ -151,6 +144,12 @@ public class BanningAuthenticationProvider extends AbstractAuthenticationProvide
                     + "of brute-force authentication attempts will be "
                     + "disabled.", banDuration);
         }
+        else if (maxAddresses <= 0) {
+            this.tracker = new NullAuthenticationFailureTracker();
+            logger.info("Maximum number of tracked addresses has been set to "
+                    + "{}. Automatic banning of brute-force authentication "
+                    + "attempts will be disabled.", maxAddresses);
+        }
         else {
             this.tracker = new InMemoryAuthenticationFailureTracker(maxAttempts, banDuration, maxAddresses);
             logger.info("Addresses will be automatically banned for {} "