modules/aaa/mod_authn_anon.c

   1 /* Licensed to the Apache Software Foundation (ASF) under one or more
   2  * contributor license agreements.  See the NOTICE file distributed with
   3  * this work for additional information regarding copyright ownership.
   4  * The ASF licenses this file to You under the Apache License, Version 2.0
   5  * (the "License"); you may not use this file except in compliance with
   6  * the License.  You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /*
  18  * Adapted to allow anonymous logins, just like with Anon-FTP, when
  19  * one gives the magic user name 'anonymous' and ones email address
  20  * as the password.
  21  *
  22  * Just add the following tokes to your <directory> setup:
  23  *
  24  * Anonymous                    magic-userid [magic-userid]...
  25  *
  26  * Anonymous_MustGiveEmail      [ on | off ] default = on
  27  * Anonymous_LogEmail           [ on | off ] default = on
  28  * Anonymous_VerifyEmail        [ on | off ] default = off
  29  * Anonymous_NoUserId           [ on | off ] default = off
  30  *
  31  * The magic user id is something like 'anonymous', it is NOT case sensitive.
  32  *
  33  * The MustGiveEmail flag can be used to force users to enter something
  34  * in the password field (like an email address). Default is on.
  35  *
  36  * Furthermore the 'NoUserID' flag can be set to allow completely empty
  37  * usernames in as well; this can be is convenient as a single return
  38  * in broken GUIs like W95 is often given by the user. The Default is off.
  39  *
  40  * Dirk.vanGulik@jrc.it; http://ewse.ceo.org; http://me-www.jrc.it/~dirkx
  41  *
  42  */
  43
  44 #include "apr_strings.h"
  45
  46 #define APR_WANT_STRFUNC
  47 #include "apr_want.h"
  48
  49 #include "ap_provider.h"
  50 #include "httpd.h"
  51 #include "http_config.h"
  52 #include "http_core.h"
  53 #include "http_log.h"
  54 #include "http_request.h"
  55 #include "http_protocol.h"
  56
  57 #include "mod_auth.h"
  58
  59 typedef struct anon_auth_user {
  60     char *user;
  61     struct anon_auth_user *next;
  62 } anon_auth_user;
  63
  64 typedef struct {
  65     anon_auth_user *users;
  66     int nouserid;
  67     int logemail;
  68     int verifyemail;
  69     int mustemail;
  70     int anyuserid;
  71 } authn_anon_config_rec;
  72
  73 static void *create_authn_anon_dir_config(apr_pool_t *p, char *d)
  74 {
  75     authn_anon_config_rec *conf = apr_palloc(p, sizeof(*conf));
  76
  77     /* just to illustrate the defaults really. */
  78     conf->users = NULL;
  79
  80     conf->nouserid = 0;
  81     conf->anyuserid = 0;
  82     conf->logemail = 1;
  83     conf->verifyemail = 0;
  84     conf->mustemail = 1;
  85     return conf;
  86 }
  87
  88 static const char *anon_set_string_slots(cmd_parms *cmd,
  89                                          void *my_config, const char *arg)
  90 {
  91     authn_anon_config_rec *conf = my_config;
  92     anon_auth_user *first;
  93
  94     if (!*arg) {
  95         return "Anonymous string cannot be empty, use Anonymous_NoUserId";
  96     }
  97
  98     /* squeeze in a record */
  99     if (!conf->anyuserid) {
 100         if (!strcmp(arg, "*")) {
 101             conf->anyuserid = 1;
 102         }
 103         else {
 104             first = conf->users;
 105             conf->users = apr_palloc(cmd->pool, sizeof(*conf->users));
 106             conf->users->user = apr_pstrdup(cmd->pool, arg);
 107             conf->users->next = first;
 108         }
 109     }
 110
 111     return NULL;
 112 }
 113
 114 static const command_rec authn_anon_cmds[] =
 115 {
 116     AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG,
 117      "a space-separated list of user IDs"),
 118     AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot,
 119      (void *)APR_OFFSETOF(authn_anon_config_rec, mustemail),
 120      OR_AUTHCFG, "Limited to 'on' or 'off'"),
 121     AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot,
 122      (void *)APR_OFFSETOF(authn_anon_config_rec, nouserid),
 123      OR_AUTHCFG, "Limited to 'on' or 'off'"),
 124     AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot,
 125      (void *)APR_OFFSETOF(authn_anon_config_rec, verifyemail),
 126      OR_AUTHCFG, "Limited to 'on' or 'off'"),
 127     AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot,
 128      (void *)APR_OFFSETOF(authn_anon_config_rec, logemail),
 129      OR_AUTHCFG, "Limited to 'on' or 'off'"),
 130     {NULL}
 131 };
 132
 133 module AP_MODULE_DECLARE_DATA authn_anon_module;
 134
 135 static authn_status check_anonymous(request_rec *r, const char *user,
 136                                     const char *sent_pw)
 137 {
 138     authn_anon_config_rec *conf = ap_get_module_config(r->per_dir_config,
 139                                                       &authn_anon_module);
 140     authn_status res = AUTH_USER_NOT_FOUND;
 141
 142     /* Ignore if we are not configured */
 143     if (!conf->users && !conf->anyuserid) {
 144         return AUTH_USER_NOT_FOUND;
 145     }
 146
 147     /* Do we allow an empty userID and/or is it the magic one
 148      */
 149     if (!*user) {
 150         if (conf->nouserid) {
 151             res = AUTH_USER_FOUND;
 152         }
 153     }
 154     else if (conf->anyuserid) {
 155         res = AUTH_USER_FOUND;
 156     }
 157     else {
 158         anon_auth_user *p = conf->users;
 159
 160         while (p) {
 161             if (!strcasecmp(user, p->user)) {
 162                 res = AUTH_USER_FOUND;
 163                 break;
 164             }
 165             p = p->next;
 166         }
 167     }
 168
 169     /* Now if the supplied user-ID was ok, grant access if:
 170      * (a) no passwd was sent and no password and no verification
 171      *     were configured.
 172      * (b) password was sent and no verification was configured
 173      * (c) verification was configured and the password (sent or not)
 174      *     looks like an email address
 175      */
 176     if (   (res == AUTH_USER_FOUND)
 177         && (!conf->mustemail || *sent_pw)
 178         && (   !conf->verifyemail
 179             || (ap_strchr_c(sent_pw, '@') && ap_strchr_c(sent_pw, '.'))))
 180     {
 181         if (conf->logemail && ap_is_initial_req(r)) {
 182             ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r,
 183                           "Anonymous: Passwd <%s> Accepted",
 184                           sent_pw ? sent_pw : "\'none\'");
 185         }
 186
 187         return AUTH_GRANTED;
 188     }
 189
 190     return (res == AUTH_USER_NOT_FOUND ? res : AUTH_DENIED);
 191 }
 192
 193 static const authn_provider authn_anon_provider =
 194 {
 195     &check_anonymous,
 196     NULL
 197 };
 198
 199 static void register_hooks(apr_pool_t *p)
 200 {
 201     ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "anon",
 202                               AUTHN_PROVIDER_VERSION,
 203                               &authn_anon_provider, AP_AUTH_INTERNAL_PER_CONF);
 204 }
 205
 206 module AP_MODULE_DECLARE_DATA authn_anon_module =
 207 {
 208     STANDARD20_MODULE_STUFF,
 209     create_authn_anon_dir_config, /* dir config creater */
 210     NULL,                         /* dir merger ensure strictness */
 211     NULL,                         /* server config */
 212     NULL,                         /* merge server config */
 213     authn_anon_cmds,              /* command apr_table_t */
 214     register_hooks                /* register hooks */
 215 };