| 1 | /* mod_auth_optional |
|---|
| 2 | * version 1.0, released 2007-09-01 |
|---|
| 3 | * Anders Kaseorg <andersk@mit.edu> |
|---|
| 4 | * |
|---|
| 5 | * This module can pretend that authentication succeeded even if no |
|---|
| 6 | * authorization module is authoritative, instead of returning a |
|---|
| 7 | * Forbidden error. |
|---|
| 8 | */ |
|---|
| 9 | |
|---|
| 10 | #include "ap_config.h" |
|---|
| 11 | #include "httpd.h" |
|---|
| 12 | #include "http_config.h" |
|---|
| 13 | #include "http_request.h" |
|---|
| 14 | |
|---|
| 15 | typedef struct { |
|---|
| 16 | int optional; |
|---|
| 17 | char *default_user; |
|---|
| 18 | } auth_optional_config_rec; |
|---|
| 19 | |
|---|
| 20 | static void *create_auth_optional_dir_config(apr_pool_t *p, char *d) |
|---|
| 21 | { |
|---|
| 22 | auth_optional_config_rec *conf = apr_pcalloc(p, sizeof(*conf)); |
|---|
| 23 | conf->optional = 0; |
|---|
| 24 | conf->default_user = NULL; |
|---|
| 25 | return conf; |
|---|
| 26 | } |
|---|
| 27 | |
|---|
| 28 | static const command_rec auth_optional_cmds[] = |
|---|
| 29 | { |
|---|
| 30 | AP_INIT_FLAG("AuthOptional", ap_set_flag_slot, |
|---|
| 31 | (void *)APR_OFFSETOF(auth_optional_config_rec, optional), |
|---|
| 32 | OR_AUTHCFG, |
|---|
| 33 | "Make authentication succeed if no authorization module is authoritative"), |
|---|
| 34 | AP_INIT_TAKE1("AuthOptionalDefaultUser", ap_set_string_slot, |
|---|
| 35 | (void*)APR_OFFSETOF(auth_optional_config_rec, default_user), |
|---|
| 36 | OR_AUTHCFG, |
|---|
| 37 | "Default username to use if no authorization module is authoritative"), |
|---|
| 38 | {NULL} |
|---|
| 39 | }; |
|---|
| 40 | |
|---|
| 41 | module AP_MODULE_DECLARE_DATA auth_optional_module; |
|---|
| 42 | |
|---|
| 43 | static int auth_optional_check_user_id(request_rec *r) |
|---|
| 44 | { |
|---|
| 45 | auth_optional_config_rec *conf = ap_get_module_config(r->per_dir_config, |
|---|
| 46 | &auth_optional_module); |
|---|
| 47 | if (!conf->optional) |
|---|
| 48 | return DECLINED; |
|---|
| 49 | |
|---|
| 50 | r->user = conf->default_user; |
|---|
| 51 | return OK; |
|---|
| 52 | } |
|---|
| 53 | |
|---|
| 54 | static int auth_optional_auth_checker(request_rec *r) |
|---|
| 55 | { |
|---|
| 56 | auth_optional_config_rec *conf = ap_get_module_config(r->per_dir_config, |
|---|
| 57 | &auth_optional_module); |
|---|
| 58 | if (!conf->optional || conf->default_user != NULL) |
|---|
| 59 | return DECLINED; |
|---|
| 60 | |
|---|
| 61 | return OK; |
|---|
| 62 | } |
|---|
| 63 | |
|---|
| 64 | static void register_hooks(apr_pool_t *p) |
|---|
| 65 | { |
|---|
| 66 | /* Right before mod_authz_default. */ |
|---|
| 67 | ap_hook_check_user_id(auth_optional_check_user_id, NULL, NULL, APR_HOOK_LAST - 1); |
|---|
| 68 | ap_hook_auth_checker(auth_optional_auth_checker, NULL, NULL, APR_HOOK_REALLY_FIRST); |
|---|
| 69 | } |
|---|
| 70 | |
|---|
| 71 | module AP_MODULE_DECLARE_DATA auth_optional_module = |
|---|
| 72 | { |
|---|
| 73 | STANDARD20_MODULE_STUFF, |
|---|
| 74 | create_auth_optional_dir_config, /* dir config creater */ |
|---|
| 75 | NULL, /* dir merger --- default is to override */ |
|---|
| 76 | NULL, /* server config */ |
|---|
| 77 | NULL, /* merge server config */ |
|---|
| 78 | auth_optional_cmds, /* command apr_table_t */ |
|---|
| 79 | register_hooks /* register hooks */ |
|---|
| 80 | }; |
|---|
