-/* $Id: filter_auth_simple.cpp,v 1.13 2006-01-18 13:32:59 mike Exp $
+/* $Id: filter_auth_simple.cpp,v 1.17 2006-01-18 15:07:09 mike Exp $
Copyright (c) 2005, Index Data.
%LICENSE%
std::map<std::string, PasswordAndDBs> userRegister;
std::map<std::string, std::list<std::string> > targetsByUser;
std::map<yp2::Session, std::string> userBySession;
+ bool discardUnauthorisedTargets;
+ Rep() { got_userRegister = false;
+ got_targetRegister = false;
+ discardUnauthorisedTargets = false; }
};
}
}
{
std::string userRegisterName;
std::string targetRegisterName;
- m_p->got_userRegister = false;
- m_p->got_targetRegister = false;
for (ptr = ptr->children; ptr != 0; ptr = ptr->next) {
if (ptr->type != XML_ELEMENT_NODE)
} else if (!strcmp((const char *) ptr->name, "targetRegister")) {
targetRegisterName = yp2::xml::get_text(ptr);
m_p->got_targetRegister = true;
+ } else if (!strcmp((const char *) ptr->name,
+ "discardUnauthorisedTargets")) {
+ m_p->discardUnauthorisedTargets = true;
} else {
die("Bad element in auth_simple: <"
+ std::string((const char *) ptr->name) + ">");
std::string user = m_p->userBySession[package.session()];
yf::AuthSimple::Rep::PasswordAndDBs pdb = m_p->userRegister[user];
for (int i = 0; i < req->num_databaseNames; i++) {
- if (!contains(pdb.dbs, req->databaseNames[i])) {
+ if (!contains(pdb.dbs, req->databaseNames[i]) &&
+ !contains(pdb.dbs, "*")) {
// Make an Scan rejection APDU
yp2::odr odr;
Z_APDU *apdu = odr.create_scanResponse(
std::list<std::string> targets;
Z_OtherInformation *otherInfo = initReq->otherInfo;
- yp2::util::get_vhost_otherinfo(&otherInfo, 0, targets);
+ yp2::util::get_vhost_otherinfo(&otherInfo, 1, targets);
// Check each of the targets specified in the otherInfo package
- std::list<std::string>::const_iterator i;
- for (i = targets.begin(); i != targets.end(); i++) {
- printf("checking target '%s'\n", (*i).c_str());
- if (!contains(authorisedTargets, *i)) {
- // ### check whether to quietly discard this target, or to reject
- return reject_init(package,
- YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
- i->c_str());
+ std::list<std::string>::iterator i;
+
+ i = targets.begin();
+ while (i != targets.end()) {
+ if (contains(authorisedTargets, *i) ||
+ contains(authorisedTargets, "*")) {
+ i++;
+ } else {
+ if (!m_p->discardUnauthorisedTargets)
+ return reject_init(package,
+ YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED, i->c_str());
+ i = targets.erase(i);
}
}
-/*
- // ### This is a no-op if the list has not changed
+ if (targets.size() == 0)
+ return reject_init(package,
+ YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
+ // ### It would be better to use the Z-db name
+ "all databases");
+
yp2::odr odr;
yp2::util::set_vhost_otherinfo(&otherInfo, odr, targets);
-*/
package.move();
}