X-Git-Url: http://lists.indexdata.com/cgi-bin?a=blobdiff_plain;f=src%2Ffilter_auth_simple.cpp;h=4a2a1052f444e0660ef5afcaa801fd66d915211a;hb=69c50fae6d6f6eea04890d1433cb3503544763a0;hp=7d94e1970fc62d2ac737f02d3c4c6405ff5a00b1;hpb=b4f8ee7ba153d89ddb0b01a6a6e355442e19f09d;p=metaproxy-moved-to-github.git diff --git a/src/filter_auth_simple.cpp b/src/filter_auth_simple.cpp index 7d94e19..4a2a105 100644 --- a/src/filter_auth_simple.cpp +++ b/src/filter_auth_simple.cpp @@ -1,4 +1,4 @@ -/* $Id: filter_auth_simple.cpp,v 1.13 2006-01-18 13:32:59 mike Exp $ +/* $Id: filter_auth_simple.cpp,v 1.15 2006-01-18 14:38:48 mike Exp $ Copyright (c) 2005, Index Data. %LICENSE% @@ -38,6 +38,10 @@ namespace yp2 { std::map userRegister; std::map > targetsByUser; std::map userBySession; + bool discardUnauthorisedDBs; + Rep() { got_userRegister = false; + got_targetRegister = false; + discardUnauthorisedDBs = false; } }; } } @@ -60,8 +64,6 @@ void yp2::filter::AuthSimple::configure(const xmlNode * ptr) { std::string userRegisterName; std::string targetRegisterName; - m_p->got_userRegister = false; - m_p->got_targetRegister = false; for (ptr = ptr->children; ptr != 0; ptr = ptr->next) { if (ptr->type != XML_ELEMENT_NODE) @@ -72,6 +74,9 @@ void yp2::filter::AuthSimple::configure(const xmlNode * ptr) } else if (!strcmp((const char *) ptr->name, "targetRegister")) { targetRegisterName = yp2::xml::get_text(ptr); m_p->got_targetRegister = true; + } else if (!strcmp((const char *) ptr->name, + "discardUnauthorisedDBs")) { + m_p->discardUnauthorisedDBs = true; } else { die("Bad element in auth_simple: <" + std::string((const char *) ptr->name) + ">"); @@ -288,7 +293,8 @@ void yf::AuthSimple::process_scan(yp2::Package &package) const std::string user = m_p->userBySession[package.session()]; yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user]; for (int i = 0; i < req->num_databaseNames; i++) { - if (!contains(pdb.dbs, req->databaseNames[i])) { + if (!contains(pdb.dbs, req->databaseNames[i]) && + !contains(pdb.dbs, "*")) { // Make an Scan rejection APDU yp2::odr odr; Z_APDU *apdu = odr.create_scanResponse( @@ -338,22 +344,46 @@ void yf::AuthSimple::check_targets(yp2::Package & package) const yp2::util::get_vhost_otherinfo(&otherInfo, 0, targets); // Check each of the targets specified in the otherInfo package - std::list::const_iterator i; - for (i = targets.begin(); i != targets.end(); i++) { + std::list::iterator i; + + printf("pre: got %d targets\n", targets.size()); + i = targets.begin(); + while (i != targets.end()) { + printf("pre: considering target '%s'\n", (*i).c_str()); + i++; + } + + i = targets.begin(); + while (i != targets.end()) { printf("checking target '%s'\n", (*i).c_str()); - if (!contains(authorisedTargets, *i)) { - // ### check whether to quietly discard this target, or to reject - return reject_init(package, - YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED, - i->c_str()); + if (contains(authorisedTargets, *i) || + contains(authorisedTargets, "*")) { + printf("target '%s' is ok\n", (*i).c_str()); + i++; + } else { + printf("target '%s' sucks\n", (*i).c_str()); + if (!m_p->discardUnauthorisedDBs) + return reject_init(package, + YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED, i->c_str()); + i = targets.erase(i); } } -/* + printf("post: got %d targets\n", targets.size()); + i = targets.begin(); + while (i != targets.end()) { + printf("post: considering target '%s'\n", (*i).c_str()); + i++; + } + + if (targets.size() == 0) + return reject_init(package, + YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED, + "all databases"); + // ### This is a no-op if the list has not changed yp2::odr odr; yp2::util::set_vhost_otherinfo(&otherInfo, odr, targets); -*/ package.move(); }