|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Adapted to allow anonymous logins, just like with Anon-FTP, when
|
|
Packit |
90a5c9 |
* one gives the magic user name 'anonymous' and ones email address
|
|
Packit |
90a5c9 |
* as the password.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Just add the following tokes to your <directory> setup:
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Anonymous magic-userid [magic-userid]...
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Anonymous_MustGiveEmail [ on | off ] default = on
|
|
Packit |
90a5c9 |
* Anonymous_LogEmail [ on | off ] default = on
|
|
Packit |
90a5c9 |
* Anonymous_VerifyEmail [ on | off ] default = off
|
|
Packit |
90a5c9 |
* Anonymous_NoUserId [ on | off ] default = off
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* The magic user id is something like 'anonymous', it is NOT case sensitive.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* The MustGiveEmail flag can be used to force users to enter something
|
|
Packit |
90a5c9 |
* in the password field (like an email address). Default is on.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Furthermore the 'NoUserID' flag can be set to allow completely empty
|
|
Packit |
90a5c9 |
* usernames in as well; this can be is convenient as a single return
|
|
Packit |
90a5c9 |
* in broken GUIs like W95 is often given by the user. The Default is off.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Dirk.vanGulik@jrc.it; http://ewse.ceo.org; http://me-www.jrc.it/~dirkx
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "apr_strings.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#define APR_WANT_STRFUNC
|
|
Packit |
90a5c9 |
#include "apr_want.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "ap_provider.h"
|
|
Packit |
90a5c9 |
#include "httpd.h"
|
|
Packit |
90a5c9 |
#include "http_config.h"
|
|
Packit |
90a5c9 |
#include "http_core.h"
|
|
Packit |
90a5c9 |
#include "http_log.h"
|
|
Packit |
90a5c9 |
#include "http_request.h"
|
|
Packit |
90a5c9 |
#include "http_protocol.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "mod_auth.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
typedef struct anon_auth_user {
|
|
Packit |
90a5c9 |
const char *user;
|
|
Packit |
90a5c9 |
struct anon_auth_user *next;
|
|
Packit |
90a5c9 |
} anon_auth_user;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
typedef struct {
|
|
Packit |
90a5c9 |
anon_auth_user *users;
|
|
Packit |
90a5c9 |
int nouserid;
|
|
Packit |
90a5c9 |
int logemail;
|
|
Packit |
90a5c9 |
int verifyemail;
|
|
Packit |
90a5c9 |
int mustemail;
|
|
Packit |
90a5c9 |
int anyuserid;
|
|
Packit |
90a5c9 |
} authn_anon_config_rec;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void *create_authn_anon_dir_config(apr_pool_t *p, char *d)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authn_anon_config_rec *conf = apr_palloc(p, sizeof(*conf));
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* just to illustrate the defaults really. */
|
|
Packit |
90a5c9 |
conf->users = NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
conf->nouserid = 0;
|
|
Packit |
90a5c9 |
conf->anyuserid = 0;
|
|
Packit |
90a5c9 |
conf->logemail = 1;
|
|
Packit |
90a5c9 |
conf->verifyemail = 0;
|
|
Packit |
90a5c9 |
conf->mustemail = 1;
|
|
Packit |
90a5c9 |
return conf;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *anon_set_string_slots(cmd_parms *cmd,
|
|
Packit |
90a5c9 |
void *my_config, const char *arg)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authn_anon_config_rec *conf = my_config;
|
|
Packit |
90a5c9 |
anon_auth_user *first;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!*arg) {
|
|
Packit |
90a5c9 |
return "Anonymous string cannot be empty, use Anonymous_NoUserId";
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* squeeze in a record */
|
|
Packit |
90a5c9 |
if (!conf->anyuserid) {
|
|
Packit |
90a5c9 |
if (!strcmp(arg, "*")) {
|
|
Packit |
90a5c9 |
conf->anyuserid = 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
first = conf->users;
|
|
Packit |
90a5c9 |
conf->users = apr_palloc(cmd->pool, sizeof(*conf->users));
|
|
Packit |
90a5c9 |
conf->users->user = arg;
|
|
Packit |
90a5c9 |
conf->users->next = first;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const command_rec authn_anon_cmds[] =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG,
|
|
Packit |
90a5c9 |
"a space-separated list of user IDs"),
|
|
Packit |
90a5c9 |
AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot,
|
|
Packit |
90a5c9 |
(void *)APR_OFFSETOF(authn_anon_config_rec, mustemail),
|
|
Packit |
90a5c9 |
OR_AUTHCFG, "Limited to 'on' or 'off'"),
|
|
Packit |
90a5c9 |
AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot,
|
|
Packit |
90a5c9 |
(void *)APR_OFFSETOF(authn_anon_config_rec, nouserid),
|
|
Packit |
90a5c9 |
OR_AUTHCFG, "Limited to 'on' or 'off'"),
|
|
Packit |
90a5c9 |
AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot,
|
|
Packit |
90a5c9 |
(void *)APR_OFFSETOF(authn_anon_config_rec, verifyemail),
|
|
Packit |
90a5c9 |
OR_AUTHCFG, "Limited to 'on' or 'off'"),
|
|
Packit |
90a5c9 |
AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot,
|
|
Packit |
90a5c9 |
(void *)APR_OFFSETOF(authn_anon_config_rec, logemail),
|
|
Packit |
90a5c9 |
OR_AUTHCFG, "Limited to 'on' or 'off'"),
|
|
Packit |
90a5c9 |
{NULL}
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
module AP_MODULE_DECLARE_DATA authn_anon_module;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authn_status check_anonymous(request_rec *r, const char *user,
|
|
Packit |
90a5c9 |
const char *sent_pw)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authn_anon_config_rec *conf = ap_get_module_config(r->per_dir_config,
|
|
Packit |
90a5c9 |
&authn_anon_module);
|
|
Packit |
90a5c9 |
authn_status res = AUTH_USER_NOT_FOUND;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Ignore if we are not configured */
|
|
Packit |
90a5c9 |
if (!conf->users && !conf->anyuserid) {
|
|
Packit |
90a5c9 |
return AUTH_USER_NOT_FOUND;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Do we allow an empty userID and/or is it the magic one
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!*user) {
|
|
Packit |
90a5c9 |
if (conf->nouserid) {
|
|
Packit |
90a5c9 |
res = AUTH_USER_FOUND;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (conf->anyuserid) {
|
|
Packit |
90a5c9 |
res = AUTH_USER_FOUND;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
anon_auth_user *p = conf->users;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
while (p) {
|
|
Packit |
90a5c9 |
if (!strcasecmp(user, p->user)) {
|
|
Packit |
90a5c9 |
res = AUTH_USER_FOUND;
|
|
Packit |
90a5c9 |
break;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
p = p->next;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Now if the supplied user-ID was ok, grant access if:
|
|
Packit |
90a5c9 |
* (a) no passwd was sent and no password and no verification
|
|
Packit |
90a5c9 |
* were configured.
|
|
Packit |
90a5c9 |
* (b) password was sent and no verification was configured
|
|
Packit |
90a5c9 |
* (c) verification was configured and the password (sent or not)
|
|
Packit |
90a5c9 |
* looks like an email address
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ( (res == AUTH_USER_FOUND)
|
|
Packit |
90a5c9 |
&& (!conf->mustemail || *sent_pw)
|
|
Packit |
90a5c9 |
&& ( !conf->verifyemail
|
|
Packit |
90a5c9 |
|| (ap_strchr_c(sent_pw, '@') && ap_strchr_c(sent_pw, '.'))))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if (conf->logemail && ap_is_initial_req(r)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r, APLOGNO(01672)
|
|
Packit |
90a5c9 |
"Anonymous: Passwd <%s> Accepted",
|
|
Packit |
90a5c9 |
sent_pw ? sent_pw : "\'none\'");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return AUTH_GRANTED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return (res == AUTH_USER_NOT_FOUND ? res : AUTH_DENIED);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const authn_provider authn_anon_provider =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
&check_anonymous,
|
|
Packit |
90a5c9 |
NULL
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void register_hooks(apr_pool_t *p)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "anon",
|
|
Packit |
90a5c9 |
AUTHN_PROVIDER_VERSION,
|
|
Packit |
90a5c9 |
&authn_anon_provider, AP_AUTH_INTERNAL_PER_CONF);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AP_DECLARE_MODULE(authn_anon) =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
STANDARD20_MODULE_STUFF,
|
|
Packit |
90a5c9 |
create_authn_anon_dir_config, /* dir config creater */
|
|
Packit |
90a5c9 |
NULL, /* dir merger ensure strictness */
|
|
Packit |
90a5c9 |
NULL, /* server config */
|
|
Packit |
90a5c9 |
NULL, /* merge server config */
|
|
Packit |
90a5c9 |
authn_anon_cmds, /* command apr_table_t */
|
|
Packit |
90a5c9 |
register_hooks /* register hooks */
|
|
Packit |
90a5c9 |
};
|