#include <filter_auth_simple.hpp>

Inheritance diagram for metaproxy_1::filter::AuthSimple:

Collaboration diagram for metaproxy_1::filter::AuthSimple:

Classes
class	Rep

Public Member Functions
	AuthSimple ()

	~AuthSimple ()

void	configure (const xmlNode ptr, bool test_only, const char path)

void	process (metaproxy_1::Package &package) const

Private Member Functions
void	config_userRegister (std::string filename, const char *path)

void	config_targetRegister (std::string filename, const char *path)

void	process_init (metaproxy_1::Package &package) const

void	process_search (metaproxy_1::Package &package) const

void	process_scan (metaproxy_1::Package &package) const

void	check_targets (metaproxy_1::Package &package) const

Private Attributes
boost::scoped_ptr< Rep >	m_p

Detailed Description

Definition at line 28 of file filter_auth_simple.hpp.

Constructor & Destructor Documentation

◆ AuthSimple()

mp::filter::AuthSimple::AuthSimple ( )

Definition at line 62 of file filter_auth_simple.cpp.

                          : m_p(new Rep)
 {
     // nothing to do
 }

◆ ~AuthSimple()

mp::filter::AuthSimple::~AuthSimple ( )

Definition at line 67 of file filter_auth_simple.cpp.

68 { // must have a destructor because of boost::scoped_ptr

69 }

Member Function Documentation

◆ check_targets()

void mp::filter::AuthSimple::check_targets ( metaproxy_1::Package & package ) const

private

Definition at line 388 of file filter_auth_simple.cpp.

 {
     Z_InitRequest *initReq = package.request().get()->u.z3950->u.initRequest;
  
     std::string password;
     std::string user = get_user(initReq, password);
     std::list<std::string> authorisedTargets = m_p->targetsByUser[user];
  
     std::list<std::string> targets;
     Z_OtherInformation **otherInfo = &initReq->otherInfo;
     mp::util::remove_vhost_otherinfo(otherInfo, targets);
  
     // Check each of the targets specified in the otherInfo package
     std::list<std::string>::iterator i;
  
     i = targets.begin();
     while (i != targets.end()) {
         if (contains(authorisedTargets, *i) ||
             contains(authorisedTargets, "*")) {
             i++;
         } else {
             if (!m_p->discardUnauthorisedTargets)
                 return reject_init(package,
                     YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED, i->c_str());
             i = targets.erase(i);
         }
     }
  
     if (targets.size() == 0)
         return reject_init(package,
                            YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
                            // ### It would be better to use the Z-db name
                            "all databases");
     mp::odr odr;
     mp::util::set_vhost_otherinfo(otherInfo, odr, targets);
     package.move();
 }

References contains(), get_user(), and reject_init().

Here is the call graph for this function:

◆ config_targetRegister()

void mp::filter::AuthSimple::config_targetRegister	(	std::string	filename,
		const char *	path
	)

private

Definition at line 197 of file filter_auth_simple.cpp.

 {
     char fullpath[1024];
     if (!yaz_filepath_resolve(filename.c_str(), path, 0, fullpath))
         die("Could not open " + filename);
     std::ifstream fp(fullpath);
     if (!fp.is_open())
         die("Could not open " + filename);
  
     while (!fp.eof()) {
         char buf[1000];
         fp.getline(buf, sizeof buf);
         if (*buf == '\0' || *buf == '#')
             continue;
         char *targetsp = strchr(buf, ':');
         if (targetsp == 0)
             die("auth_simple target-register '" + filename + "': " +
                 "no targets on line: '" + buf + "'");
         *targetsp++ = 0;
         std::list<std::string> tmp;
         split_db(tmp, targetsp);
         m_p->targetsByUser[buf] = tmp;
  
         if (0) {                // debugging
             printf("Added user '%s' with targets:\n", buf);
             std::list<std::string>::const_iterator i;
             for (i = tmp.begin(); i != tmp.end(); i++) {
                 printf("\t%s\n", (*i).c_str());
             }
         }
     }
 }

References die(), and split_db().

Here is the call graph for this function:

◆ config_userRegister()

void mp::filter::AuthSimple::config_userRegister	(	std::string	filename,
		const char *	path
	)

private

Definition at line 152 of file filter_auth_simple.cpp.

 {
     char fullpath[1024];
     if (!yaz_filepath_resolve(filename.c_str(), path, 0, fullpath))
         die("Could not open " + filename);
  
     std::ifstream fp(fullpath);
     if (!fp.is_open())
         die("Could not open " + filename);
  
     while (!fp.eof())
     {
         char buf[1000];
         fp.getline(buf, sizeof buf);
         if (*buf == '\0' || *buf == '#')
             continue;
         char *passwdp = strchr(buf, ':');
         if (passwdp == 0)
             die("auth_simple user-register '" + filename + "': " +
                 "no password on line: '" + buf + "'");
         *passwdp++ = 0;
         char *databasesp = strchr(passwdp, ':');
         if (databasesp == 0)
             die("auth_simple user-register '" + filename + "': " +
                 "no databases on line: '" + buf + ":" + passwdp + "'");
         *databasesp++ = 0;
         yf::AuthSimple::Rep::PasswordAndDBs tmp(passwdp);
         split_db(tmp.dbs, databasesp);
         m_p->userRegister[buf] = tmp;
  
         if (0)
         {                // debugging
             printf("Added user '%s' -> password '%s'\n", buf, passwdp);
             std::list<std::string>::const_iterator i;
             for (i = tmp.dbs.begin(); i != tmp.dbs.end(); i++)
                 printf("db '%s'\n", (*i).c_str());
         }
     }
 }

References die(), and split_db().

Here is the call graph for this function:

◆ configure()

void mp::filter::AuthSimple::configure	(	const xmlNode *	ptr,
		bool	test_only,
		const char *	path
	)

Definition at line 106 of file filter_auth_simple.cpp.

 {
     std::string userRegisterName;
     std::string targetRegisterName;
  
     for (ptr = ptr->children; ptr != 0; ptr = ptr->next) {
         if (ptr->type != XML_ELEMENT_NODE)
             continue;
         if (!strcmp((const char *) ptr->name, "userRegister")) {
             userRegisterName = mp::xml::get_text(ptr);
             m_p->got_userRegister = true;
         } else if (!strcmp((const char *) ptr->name, "targetRegister")) {
             targetRegisterName = mp::xml::get_text(ptr);
             m_p->got_targetRegister = true;
         } else if (!strcmp((const char *) ptr->name,
                            "discardUnauthorisedTargets")) {
             m_p->discardUnauthorisedTargets = true;
         } else {
             die("Bad element in auth_simple: <"
                 + std::string((const char *) ptr->name) + ">");
         }
     }
  
     if (!m_p->got_userRegister && !m_p->got_targetRegister)
         die("auth_simple: no user-register or target-register "
             "filename specified");
  
     if (m_p->got_userRegister)
         config_userRegister(userRegisterName, path);
     if (m_p->got_targetRegister)
         config_targetRegister(targetRegisterName, path);
 }

References die().

Here is the call graph for this function:

◆ process()

void mp::filter::AuthSimple::process ( metaproxy_1::Package & package ) const

Definition at line 232 of file filter_auth_simple.cpp.

 {
     Z_GDU *gdu = package.request().get();
  
     if (!gdu || gdu->which != Z_GDU_Z3950) {
         // Pass on the package -- This means that authentication is
         // waived, which may not be the correct thing for non-Z APDUs
         // as it means that SRW sessions don't demand authentication
         return package.move();
     }
  
     if (m_p->got_userRegister) {
         switch (gdu->u.z3950->which) {
         case Z_APDU_initRequest: return process_init(package);
         case Z_APDU_searchRequest: return process_search(package);
         case Z_APDU_scanRequest: return process_scan(package);
             // In theory, we should check database authorisation for
             // extended services, too (A) the proxy currently does not
             // implement XS and turns off its negotiation bit; (B) it
             // would be insanely complex to do as the top-level XS request
             // structure does not carry a database name, but it is buried
             // down in some of the possible EXTERNALs used as
             // taskSpecificParameters; and (C) since many extended
             // services modify the database, we'd need to more exotic
             // authorisation database than we want to support.
         default: break;
         }
     }
  
     if (m_p->got_targetRegister && gdu->u.z3950->which == Z_APDU_initRequest)
         return check_targets(package);
  
     // Operations other than those listed above do not require authorisation
     return package.move();
 }

◆ process_init()

void mp::filter::AuthSimple::process_init ( metaproxy_1::Package & package ) const

private

Definition at line 272 of file filter_auth_simple.cpp.

 {
     Z_InitRequest *initReq = package.request().get()->u.z3950->u.initRequest;
  
     std::string password;
     std::string user = get_user(initReq, password);
  
     if (user.length() == 0)
         return reject_init(package, 0, "no credentials supplied");
  
     if (m_p->userRegister.count(user)) {
         // groupId is ignored, in accordance with ancient tradition.
         yf::AuthSimple::Rep::PasswordAndDBs pdbs =
             m_p->userRegister[user];
         if (pdbs.password == password) {
             // Success!  Remember who the user is for future reference
             {
                 boost::mutex::scoped_lock lock(m_p->mutex);
                 m_p->userBySession[package.session()] = user;
             }
             return package.move();
         }
     }
  
     return reject_init(package, 0, "username/password combination rejected");
 }

References get_user(), and reject_init().

Here is the call graph for this function:

◆ process_scan()

void mp::filter::AuthSimple::process_scan ( metaproxy_1::Package & package ) const

private

Definition at line 344 of file filter_auth_simple.cpp.

 {
     Z_ScanRequest *req =
         package.request().get()->u.z3950->u.scanRequest;
  
     if (m_p->userBySession.count(package.session()) == 0) {
         // It's a non-authenticated session, so just accept the operation
         return package.move();
     }
  
     std::string user = m_p->userBySession[package.session()];
     yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user];
     for (int i = 0; i < req->num_databaseNames; i++) {
         if (!contains(pdb.dbs, req->databaseNames[i]) &&
             !contains(pdb.dbs, "*")) {
             // Make an Scan rejection APDU
             mp::odr odr;
             Z_APDU *apdu = odr.create_scanResponse(
                 package.request().get()->u.z3950,
                 YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
                 req->databaseNames[i]);
             package.response() = apdu;
             package.session().close();
             return;
         }
     }
  
     // All the requested databases are acceptable
     return package.move();
 }

References contains().

Here is the call graph for this function:

◆ process_search()

void mp::filter::AuthSimple::process_search ( metaproxy_1::Package & package ) const

private

Definition at line 312 of file filter_auth_simple.cpp.

 {
     Z_SearchRequest *req =
         package.request().get()->u.z3950->u.searchRequest;
  
     if (m_p->userBySession.count(package.session()) == 0) {
         // It's a non-authenticated session, so just accept the operation
         return package.move();
     }
  
     std::string user = m_p->userBySession[package.session()];
     yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user];
     for (int i = 0; i < req->num_databaseNames; i++) {
         if (!contains(pdb.dbs, req->databaseNames[i]) &&
             !contains(pdb.dbs, "*")) {
             // Make an Search rejection APDU
             mp::odr odr;
             Z_APDU *apdu = odr.create_searchResponse(
                 package.request().get()->u.z3950,
                 YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
                 req->databaseNames[i]);
             package.response() = apdu;
             package.session().close();
             return;
         }
     }
  
     // All the requested databases are acceptable
     return package.move();
 }

References contains().

Here is the call graph for this function:

Member Data Documentation

◆ m_p

boost::scoped_ptr<Rep> metaproxy_1::filter::AuthSimple::m_p

private

Definition at line 30 of file filter_auth_simple.hpp.

The documentation for this class was generated from the following files:

Classes

Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ AuthSimple()

◆ ~AuthSimple()

Member Function Documentation

◆ check_targets()

◆ config_targetRegister()

◆ config_userRegister()

◆ configure()

◆ process()

◆ process_init()

◆ process_scan()

◆ process_search()

Member Data Documentation

◆ m_p