X-Git-Url: http://lists.indexdata.com/cgi-bin?a=blobdiff_plain;f=src%2Ffilter_auth_simple.cpp;h=dc9bba5875e7484a5207c8a9f4f054cc2afa0362;hb=c8c77a99eb358f5dafeeb9d175a3f3a77520f741;hp=c87cd65e61206c29390c91597cd3593902bea0da;hpb=785107bf51671b6451f12e0ab35c9d15a854b866;p=metaproxy-moved-to-github.git

diff --git a/src/filter_auth_simple.cpp b/src/filter_auth_simple.cpp
index c87cd65..dc9bba5 100644
--- a/src/filter_auth_simple.cpp
+++ b/src/filter_auth_simple.cpp
@@ -1,4 +1,4 @@
-/* $Id: filter_auth_simple.cpp,v 1.4 2006-01-17 17:13:31 mike Exp $
+/* $Id: filter_auth_simple.cpp,v 1.10 2006-01-18 11:12:15 mike Exp $
    Copyright (c) 2005, Index Data.
 
 %LICENSE%
@@ -35,6 +35,7 @@ namespace yp2 {
             };
             boost::mutex mutex;
             std::map<std::string, PasswordAndDBs> userRegister;
+            std::map<std::string, std::list<std::string> > targetsByUser;
             std::map<yp2::Session, std::string> userBySession;
         };
     }
@@ -50,34 +51,49 @@ yf::AuthSimple::~AuthSimple()
 }
 
 
+static void die(std::string s) { throw yp2::filter::FilterException(s); }
+
+
 // Read XML config.. Put config info in m_p.
 void yp2::filter::AuthSimple::configure(const xmlNode * ptr)
 {
-    std::string filename;
-    bool got_filename = false;
+    std::string userRegisterName;
+    bool got_userRegisterName = false;
+    std::string targetRegisterName;
+    bool got_targetRegisterName = false;
 
     for (ptr = ptr->children; ptr != 0; ptr = ptr->next) {
         if (ptr->type != XML_ELEMENT_NODE)
             continue;
-        if (!strcmp((const char *) ptr->name, "filename")) {
-            filename = yp2::xml::get_text(ptr);
-            got_filename = true;
+        if (!strcmp((const char *) ptr->name, "userRegister")) {
+            userRegisterName = yp2::xml::get_text(ptr);
+            got_userRegisterName = true;
+        } else if (!strcmp((const char *) ptr->name, "targetRegister")) {
+            targetRegisterName = yp2::xml::get_text(ptr);
+            got_targetRegisterName = true;
         } else {
-            throw yp2::filter::FilterException("Bad element in auth_simple: <"
-                                               + std::string((const char *)
-                                                             ptr->name) + ">");
+            die("Bad element in auth_simple: <"
+                + std::string((const char *) ptr->name) + ">");
         }
     }
 
-    if (!got_filename)
-        throw yp2::filter::FilterException("auth_simple: no user-register "
-                                           "filename specified");
+    if (!got_userRegisterName && !got_targetRegisterName)
+        die("auth_simple: no user-register or target-register "
+            "filename specified");
+
+    if (got_userRegisterName)
+        config_userRegister(userRegisterName);
+    if (got_targetRegisterName)
+        config_targetRegister(targetRegisterName);
+}
+
 
+void yp2::filter::AuthSimple::config_userRegister(std::string filename)
+{
     FILE *fp = fopen(filename.c_str(), "r");
     if (fp == 0)
-        throw yp2::filter::FilterException("can't open auth_simple " 
-                                           "user-register '" + filename +
-                                           "': " + strerror(errno));
+        die("can't open auth_simple user-register '" + filename + "': " +
+            strerror(errno));
 
     char buf[1000];
     while (fgets(buf, sizeof buf, fp)) {
@@ -86,23 +102,19 @@ void yp2::filter::AuthSimple::configure(const xmlNode * ptr)
         buf[strlen(buf)-1] = 0;
         char *passwdp = strchr(buf, ':');
         if (passwdp == 0)
-            throw yp2::filter::FilterException("auth_simple user-register '" +
-                                               filename + "': " +
-                                               "no password on line: '"
-                                               + buf + "'");
+            die("auth_simple user-register '" + filename + "': " +
+                "no password on line: '" + buf + "'");
         *passwdp++ = 0;
         char *databasesp = strchr(passwdp, ':');
         if (databasesp == 0)
-            throw yp2::filter::FilterException("auth_simple user-register '" +
-                                               filename + "': " +
-                                               "no databases on line: '" +
-                                               buf + ":" + passwdp + "'");
+            die("auth_simple user-register '" + filename + "': " +
+                "no databases on line: '" + buf + ":" + passwdp + "'");
         *databasesp++ = 0;
         yf::AuthSimple::Rep::PasswordAndDBs tmp(passwdp);
         boost::split(tmp.dbs, databasesp, boost::is_any_of(","));
         m_p->userRegister[buf] = tmp;
 
-        if (1) {                // debugging
+        if (0) {                // debugging
             printf("Added user '%s' -> password '%s'\n", buf, passwdp);
             std::list<std::string>::const_iterator i;
             for (i = tmp.dbs.begin(); i != tmp.dbs.end(); i++) {
@@ -113,6 +125,12 @@ void yp2::filter::AuthSimple::configure(const xmlNode * ptr)
 }
 
 
+void yp2::filter::AuthSimple::config_targetRegister(std::string filename)
+{
+    // ### empty!
+}
+
+
 void yf::AuthSimple::process(yp2::Package &package) const
 {
     Z_GDU *gdu = package.request().get();
@@ -127,6 +145,16 @@ void yf::AuthSimple::process(yp2::Package &package) const
     switch (gdu->u.z3950->which) {
     case Z_APDU_initRequest: return process_init(package);
     case Z_APDU_searchRequest: return process_search(package);
+    case Z_APDU_scanRequest: return process_scan(package);
+        // In theory, we should check database authorisation for
+        // extended services, too (A) the proxy currently does not
+        // implement XS and turns off its negotiation bit; (B) it
+        // would be insanely complex to do as the top-level XS request
+        // structure does not carry a database name, but it is buried
+        // down in some of the possible EXTERNALs used as
+        // taskSpecificParameters; and (C) since many extended
+        // services modify the database, we'd need to more exotic
+        // authorisation database than we want to support.
     default: break;
     }   
 
@@ -192,7 +220,8 @@ void yf::AuthSimple::process_search(yp2::Package &package) const
     std::string user = m_p->userBySession[package.session()];
     yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user];
     for (int i = 0; i < req->num_databaseNames; i++) {
-        if (!contains(pdb.dbs, req->databaseNames[i])) {
+        if (!contains(pdb.dbs, req->databaseNames[i]) &&
+            !contains(pdb.dbs, "*")) {
             // Make an Search rejection APDU
             yp2::odr odr;
             Z_APDU *apdu = odr.create_searchResponse(
@@ -210,6 +239,37 @@ void yf::AuthSimple::process_search(yp2::Package &package) const
 }
 
 
+void yf::AuthSimple::process_scan(yp2::Package &package) const
+{
+    Z_ScanRequest *req =
+        package.request().get()->u.z3950->u.scanRequest;
+
+    if (m_p->userBySession.count(package.session()) == 0) {
+        // It's a non-authenticated session, so just accept the operation
+        return package.move();
+    }
+
+    std::string user = m_p->userBySession[package.session()];
+    yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user];
+    for (int i = 0; i < req->num_databaseNames; i++) {
+        if (!contains(pdb.dbs, req->databaseNames[i])) {
+            // Make an Scan rejection APDU
+            yp2::odr odr;
+            Z_APDU *apdu = odr.create_scanResponse(
+                package.request().get()->u.z3950, 
+                YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
+                req->databaseNames[i]);
+            package.response() = apdu;
+            package.session().close();
+            return;
+        }
+    }
+
+    // All the requested databases are acceptable
+    return package.move();
+}
+
+
 static void reject_init(yp2::Package &package, const char *addinfo) { 
     // Make an Init rejection APDU
     Z_GDU *gdu = package.request().get();