X-Git-Url: http://lists.indexdata.com/cgi-bin?a=blobdiff_plain;f=src%2Ffilter_auth_simple.cpp;h=10f1f42fcbc8974e0034d95a0d4c9ab077788f0a;hb=9925a274787e1d5ddcc3dc81054dd69ce1728049;hp=c87cd65e61206c29390c91597cd3593902bea0da;hpb=785107bf51671b6451f12e0ab35c9d15a854b866;p=metaproxy-moved-to-github.git diff --git a/src/filter_auth_simple.cpp b/src/filter_auth_simple.cpp index c87cd65..10f1f42 100644 --- a/src/filter_auth_simple.cpp +++ b/src/filter_auth_simple.cpp @@ -1,4 +1,4 @@ -/* $Id: filter_auth_simple.cpp,v 1.4 2006-01-17 17:13:31 mike Exp $ +/* $Id: filter_auth_simple.cpp,v 1.9 2006-01-18 10:50:13 mike Exp $ Copyright (c) 2005, Index Data. %LICENSE% @@ -53,15 +53,15 @@ yf::AuthSimple::~AuthSimple() // Read XML config.. Put config info in m_p. void yp2::filter::AuthSimple::configure(const xmlNode * ptr) { - std::string filename; - bool got_filename = false; + std::string userRegisterName; + bool got_userRegisterName = false; for (ptr = ptr->children; ptr != 0; ptr = ptr->next) { if (ptr->type != XML_ELEMENT_NODE) continue; - if (!strcmp((const char *) ptr->name, "filename")) { - filename = yp2::xml::get_text(ptr); - got_filename = true; + if (!strcmp((const char *) ptr->name, "userRegister")) { + userRegisterName = yp2::xml::get_text(ptr); + got_userRegisterName = true; } else { throw yp2::filter::FilterException("Bad element in auth_simple: <" + std::string((const char *) @@ -69,15 +69,15 @@ void yp2::filter::AuthSimple::configure(const xmlNode * ptr) } } - if (!got_filename) + if (!got_userRegisterName) throw yp2::filter::FilterException("auth_simple: no user-register " "filename specified"); - FILE *fp = fopen(filename.c_str(), "r"); + FILE *fp = fopen(userRegisterName.c_str(), "r"); if (fp == 0) throw yp2::filter::FilterException("can't open auth_simple " - "user-register '" + filename + - "': " + strerror(errno)); + "user-register '" + userRegisterName + + "': " + strerror(errno)); char buf[1000]; while (fgets(buf, sizeof buf, fp)) { @@ -87,14 +87,14 @@ void yp2::filter::AuthSimple::configure(const xmlNode * ptr) char *passwdp = strchr(buf, ':'); if (passwdp == 0) throw yp2::filter::FilterException("auth_simple user-register '" + - filename + "': " + + userRegisterName + "': " + "no password on line: '" + buf + "'"); *passwdp++ = 0; char *databasesp = strchr(passwdp, ':'); if (databasesp == 0) throw yp2::filter::FilterException("auth_simple user-register '" + - filename + "': " + + userRegisterName + "': " + "no databases on line: '" + buf + ":" + passwdp + "'"); *databasesp++ = 0; @@ -102,7 +102,7 @@ void yp2::filter::AuthSimple::configure(const xmlNode * ptr) boost::split(tmp.dbs, databasesp, boost::is_any_of(",")); m_p->userRegister[buf] = tmp; - if (1) { // debugging + if (0) { // debugging printf("Added user '%s' -> password '%s'\n", buf, passwdp); std::list::const_iterator i; for (i = tmp.dbs.begin(); i != tmp.dbs.end(); i++) { @@ -127,6 +127,16 @@ void yf::AuthSimple::process(yp2::Package &package) const switch (gdu->u.z3950->which) { case Z_APDU_initRequest: return process_init(package); case Z_APDU_searchRequest: return process_search(package); + case Z_APDU_scanRequest: return process_scan(package); + // In theory, we should check database authorisation for + // extended services, too (A) the proxy currently does not + // implement XS and turns off its negotiation bit; (B) it + // would be insanely complex to do as the top-level XS request + // structure does not carry a database name, but it is buried + // down in some of the possible EXTERNALs used as + // taskSpecificParameters; and (C) since many extended + // services modify the database, we'd need to more exotic + // authorisation database than we want to support. default: break; } @@ -192,7 +202,8 @@ void yf::AuthSimple::process_search(yp2::Package &package) const std::string user = m_p->userBySession[package.session()]; yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user]; for (int i = 0; i < req->num_databaseNames; i++) { - if (!contains(pdb.dbs, req->databaseNames[i])) { + if (!contains(pdb.dbs, req->databaseNames[i]) && + !contains(pdb.dbs, "*")) { // Make an Search rejection APDU yp2::odr odr; Z_APDU *apdu = odr.create_searchResponse( @@ -210,6 +221,37 @@ void yf::AuthSimple::process_search(yp2::Package &package) const } +void yf::AuthSimple::process_scan(yp2::Package &package) const +{ + Z_ScanRequest *req = + package.request().get()->u.z3950->u.scanRequest; + + if (m_p->userBySession.count(package.session()) == 0) { + // It's a non-authenticated session, so just accept the operation + return package.move(); + } + + std::string user = m_p->userBySession[package.session()]; + yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user]; + for (int i = 0; i < req->num_databaseNames; i++) { + if (!contains(pdb.dbs, req->databaseNames[i])) { + // Make an Scan rejection APDU + yp2::odr odr; + Z_APDU *apdu = odr.create_scanResponse( + package.request().get()->u.z3950, + YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED, + req->databaseNames[i]); + package.response() = apdu; + package.session().close(); + return; + } + } + + // All the requested databases are acceptable + return package.move(); +} + + static void reject_init(yp2::Package &package, const char *addinfo) { // Make an Init rejection APDU Z_GDU *gdu = package.request().get();