%%%---------------------------------------------------------------------- %%% File : ejabberd_auth_anonymous.erl %%% Author : Mickael Remond %%% Purpose : Anonymous feature support in ejabberd %%% Created : 17 Feb 2006 by Mickael Remond %%% %%% %%% ejabberd, Copyright (C) 2002-2012 ProcessOne %%% %%% This program is free software; you can redistribute it and/or %%% modify it under the terms of the GNU General Public License as %%% published by the Free Software Foundation; either version 2 of the %%% License, or (at your option) any later version. %%% %%% This program is distributed in the hope that it will be useful, %%% but WITHOUT ANY WARRANTY; without even the implied warranty of %%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU %%% General Public License for more details. %%% %%% You should have received a copy of the GNU General Public License %%% along with this program; if not, write to the Free Software %%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA %%% 02111-1307 USA %%% %%%---------------------------------------------------------------------- -module(ejabberd_auth_anonymous). -author('mickael.remond@process-one.net'). -behaviour(ejabberd_auth). -export([start/1, allow_anonymous/1, is_sasl_anonymous_enabled/1, is_login_anonymous_enabled/1, anonymous_user_exist/2, allow_multiple_connections/1, register_connection/3, unregister_migrated_connection/3, unregister_connection/3]). %% Function used by ejabberd_auth: -export([login/2, set_password/3, check_password/3, check_password/5, try_register/3, dirty_get_registered_users/0, get_vh_registered_users/1, get_vh_registered_users/2, get_vh_registered_users_number/1, get_vh_registered_users_number/2, get_password_s/2, get_password/2, get_password/3, is_user_exists/2, remove_user/2, remove_user/3, store_type/0, plain_password_required/0]). -include("ejabberd.hrl"). -include("jlib.hrl"). -record(anonymous, {us = {<<"">>, <<"">>} :: {binary(), binary()}, sid = {now(), self()} :: ejabberd_sm:sid()}). start(Host) -> update_tables(), mnesia:create_table(anonymous, [{ram_copies, [node()]}, {type, bag}, {local_content, true}, {attributes, record_info(fields, anonymous)}]), mnesia:add_table_copy(anonymous, node(), ram_copies), ejabberd_hooks:add(sm_register_connection_hook, Host, ?MODULE, register_connection, 100), ejabberd_hooks:add(sm_remove_migrated_connection_hook, Host, ?MODULE, unregister_migrated_connection, 100), ejabberd_hooks:add(sm_remove_connection_hook, Host, ?MODULE, unregister_connection, 100), ok. allow_anonymous(Host) -> lists:member(?MODULE, ejabberd_auth:auth_modules(Host)). is_sasl_anonymous_enabled(Host) -> case allow_anonymous(Host) of false -> false; true -> case anonymous_protocol(Host) of sasl_anon -> true; both -> true; _Other -> false end end. is_login_anonymous_enabled(Host) -> case allow_anonymous(Host) of false -> false; true -> case anonymous_protocol(Host) of login_anon -> true; both -> true; _Other -> false end end. anonymous_protocol(Host) -> ejabberd_config:get_local_option( {anonymous_protocol, Host}, fun(sasl_anon) -> sasl_anon; (login_anon) -> login_anon; (both) -> both end, sasl_anon). allow_multiple_connections(Host) -> ejabberd_config:get_local_option( {allow_multiple_connections, Host}, fun(V) when is_boolean(V) -> V end, false). anonymous_user_exist(User, Server) -> LUser = jlib:nodeprep(User), LServer = jlib:nameprep(Server), US = {LUser, LServer}, Ss = case ejabberd_cluster:get_node(US) of Node when Node == node() -> catch mnesia:dirty_read({anonymous, US}); Node -> catch rpc:call(Node, mnesia, dirty_read, [{anonymous, US}], 5000) end, case Ss of [_H | _T] -> true; _ -> false end. remove_connection(SID, LUser, LServer) -> US = {LUser, LServer}, F = fun () -> mnesia:delete_object({anonymous, US, SID}) end, mnesia:async_dirty(F). register_connection(SID, #jid{luser = LUser, lserver = LServer}, Info) -> AuthModule = list_to_atom(binary_to_list(xml:get_attr_s(<<"auth_module">>, Info))), case AuthModule == (?MODULE) of true -> ejabberd_hooks:run(register_user, LServer, [LUser, LServer]), US = {LUser, LServer}, mnesia:async_dirty(fun () -> mnesia:write(#anonymous{us = US, sid = SID}) end); false -> ok end. unregister_connection(SID, #jid{luser = LUser, lserver = LServer}, _) -> purge_hook(anonymous_user_exist(LUser, LServer), LUser, LServer), remove_connection(SID, LUser, LServer). unregister_migrated_connection(SID, #jid{luser = LUser, lserver = LServer}, _) -> remove_connection(SID, LUser, LServer). purge_hook(false, _LUser, _LServer) -> ok; purge_hook(true, LUser, LServer) -> ejabberd_hooks:run(anonymous_purge_hook, LServer, [LUser, LServer]). %% --------------------------------- %% Specific anonymous auth functions %% --------------------------------- check_password(User, Server, Password) -> check_password(User, Server, Password, undefined, undefined). check_password(User, Server, _Password, _Digest, _DigestGen) -> case ejabberd_auth:is_user_exists_in_other_modules(?MODULE, User, Server) of %% If user exists in other module, reject anonnymous authentication true -> false; %% If we are not sure whether the user exists in other module, reject anon auth maybe -> false; false -> login(User, Server) end. login(User, Server) -> case is_login_anonymous_enabled(Server) of false -> false; true -> case anonymous_user_exist(User, Server) of %% Reject the login if an anonymous user with the same login %% is already logged and if multiple login has not been enable %% in the config file. true -> allow_multiple_connections(Server); %% Accept login and add user to the anonymous table false -> true end end. set_password(User, Server, _Password) -> case anonymous_user_exist(User, Server) of true -> ok; false -> {error, not_allowed} end. try_register(_User, _Server, _Password) -> {error, not_allowed}. dirty_get_registered_users() -> []. get_vh_registered_users(Server) -> [{U, S} || {U, S, _R} <- ejabberd_sm:get_vh_session_list(Server)]. get_vh_registered_users(Server, _) -> get_vh_registered_users(Server). get_vh_registered_users_number(Server) -> length(get_vh_registered_users(Server)). get_vh_registered_users_number(Server, _) -> get_vh_registered_users_number(Server). get_password(User, Server) -> get_password(User, Server, <<"">>). get_password(User, Server, DefaultValue) -> case anonymous_user_exist(User, Server) or login(User, Server) of %% We return the default value if the user is anonymous true -> DefaultValue; %% We return the permanent user password otherwise false -> false end. get_password_s(User, Server) -> case get_password(User, Server) of false -> <<"">>; Password -> Password end. is_user_exists(User, Server) -> anonymous_user_exist(User, Server). remove_user(_User, _Server) -> {error, not_allowed}. remove_user(_User, _Server, _Password) -> not_allowed. plain_password_required() -> false. update_tables() -> case catch mnesia:table_info(anonymous, local_content) of false -> mnesia:delete_table(anonymous); _ -> ok end. store_type() -> plain.