X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=src%2Ffilter_auth_simple.cpp;h=dcf58054a58664c83a63c7a42b579f8a4aa4d517;hb=690bbc42f9678b5f6b895ac5c4ce427b08ab6dd2;hp=9dbb511624e1169ffcb98eaa75fb7f66c5dc0c63;hpb=e6d572ef110d14fa55115021505b808620457bd3;p=metaproxy-moved-to-github.git

diff --git a/src/filter_auth_simple.cpp b/src/filter_auth_simple.cpp
index 9dbb511..dcf5805 100644
--- a/src/filter_auth_simple.cpp
+++ b/src/filter_auth_simple.cpp
@@ -1,5 +1,5 @@
 /* This file is part of Metaproxy.
-   Copyright (C) 2005-2010 Index Data
+   Copyright (C) Index Data
 
 Metaproxy is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free
@@ -22,7 +22,6 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 #include <metaproxy/package.hpp>
 
 #include <boost/thread/mutex.hpp>
-#include <boost/algorithm/string.hpp>
 
 #include <metaproxy/util.hpp>
 #include "filter_auth_simple.hpp"
@@ -72,8 +71,39 @@ yf::AuthSimple::~AuthSimple()
 static void die(std::string s) { throw mp::filter::FilterException(s); }
 
 
+static std::string get_user(Z_InitRequest *initReq, std::string &password)
+{
+    Z_IdAuthentication *auth = initReq->idAuthentication;
+    std::string user;
+    if (auth)
+    {
+        const char *cp;
+        switch (auth->which)
+        {
+        case Z_IdAuthentication_open:
+            cp = strchr(auth->u.open, '/');
+            if (cp)
+            {
+                user.assign(auth->u.open, cp - auth->u.open);
+                password.assign(cp + 1);
+            }
+            else
+                user = auth->u.open;
+            break;
+        case Z_IdAuthentication_idPass:
+            if (auth->u.idPass->userId)
+                user = auth->u.idPass->userId;
+            if (auth->u.idPass->password)
+                password = auth->u.idPass->password;
+            break;
+        }
+    }
+    return user;
+}
+
 // Read XML config.. Put config info in m_p.
-void mp::filter::AuthSimple::configure(const xmlNode * ptr, bool test_only)
+void mp::filter::AuthSimple::configure(const xmlNode * ptr, bool test_only,
+                                       const char *path)
 {
     std::string userRegisterName;
     std::string targetRegisterName;
@@ -106,6 +136,17 @@ void mp::filter::AuthSimple::configure(const xmlNode * ptr, bool test_only)
         config_targetRegister(targetRegisterName);
 }
 
+static void split_db(std::list<std::string> &dbs,
+                     const char *databasesp)
+{
+    const char *cp;
+    while ((cp = strchr(databasesp, ',')))
+    {
+        dbs.push_back(std::string(databasesp, cp - databasesp));
+        databasesp = cp + 1;
+    }
+    dbs.push_back(std::string(databasesp));
+}
 
 void mp::filter::AuthSimple::config_userRegister(std::string filename)
 {
@@ -131,7 +172,7 @@ void mp::filter::AuthSimple::config_userRegister(std::string filename)
                 "no databases on line: '" + buf + ":" + passwdp + "'");
         *databasesp++ = 0;
         yf::AuthSimple::Rep::PasswordAndDBs tmp(passwdp);
-        boost::split(tmp.dbs, databasesp, boost::is_any_of(","));
+        split_db(tmp.dbs, databasesp);
         m_p->userRegister[buf] = tmp;
 
         if (0)
@@ -167,7 +208,7 @@ void mp::filter::AuthSimple::config_targetRegister(std::string filename)
                 "no targets on line: '" + buf + "'");
         *targetsp++ = 0;
         std::list<std::string> tmp;
-        boost::split(tmp, targetsp, boost::is_any_of(","));
+        split_db(tmp, targetsp);
         m_p->targetsByUser[buf] = tmp;
 
         if (0) {                // debugging
@@ -223,26 +264,23 @@ static void reject_init(mp::Package &package, int err, const char *addinfo);
 
 void yf::AuthSimple::process_init(mp::Package &package) const
 {
-    Z_IdAuthentication *auth =
-        package.request().get()->u.z3950->u.initRequest->idAuthentication;
-        // This is just plain perverted.
+    Z_InitRequest *initReq = package.request().get()->u.z3950->u.initRequest;
 
-    if (!auth)
+    std::string password;
+    std::string user = get_user(initReq, password);
+
+    if (user.length() == 0)
         return reject_init(package, 0, "no credentials supplied");
-    if (auth->which != Z_IdAuthentication_idPass)
-        return reject_init(package, 0,
-                           "only idPass authentication is supported");
-    Z_IdPass *idPass = auth->u.idPass;
 
-    if (m_p->userRegister.count(idPass->userId)) {
+    if (m_p->userRegister.count(user)) {
         // groupId is ignored, in accordance with ancient tradition.
         yf::AuthSimple::Rep::PasswordAndDBs pdbs =
-            m_p->userRegister[idPass->userId];
-        if (pdbs.password == idPass->password) {
+            m_p->userRegister[user];
+        if (pdbs.password == password) {
             // Success!  Remember who the user is for future reference
             {
                 boost::mutex::scoped_lock lock(m_p->mutex);
-                m_p->userBySession[package.session()] = idPass->userId;
+                m_p->userBySession[package.session()] = user;
             }
             return package.move();
         }
@@ -256,10 +294,10 @@ void yf::AuthSimple::process_init(mp::Package &package) const
 static bool contains(std::list<std::string> list, std::string thing) {
     std::list<std::string>::const_iterator i;
     for (i = list.begin(); i != list.end(); i++)
-        if (mp::util::database_name_normalize(*i) == 
+        if (mp::util::database_name_normalize(*i) ==
             mp::util::database_name_normalize(thing))
             return true;
-    
+
     return false;
 }
 
@@ -282,7 +320,7 @@ void yf::AuthSimple::process_search(mp::Package &package) const
             // Make an Search rejection APDU
             mp::odr odr;
             Z_APDU *apdu = odr.create_searchResponse(
-                package.request().get()->u.z3950, 
+                package.request().get()->u.z3950,
                 YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
                 req->databaseNames[i]);
             package.response() = apdu;
@@ -314,7 +352,7 @@ void yf::AuthSimple::process_scan(mp::Package &package) const
             // Make an Scan rejection APDU
             mp::odr odr;
             Z_APDU *apdu = odr.create_scanResponse(
-                package.request().get()->u.z3950, 
+                package.request().get()->u.z3950,
                 YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED,
                 req->databaseNames[i]);
             package.response() = apdu;
@@ -328,7 +366,7 @@ void yf::AuthSimple::process_scan(mp::Package &package) const
 }
 
 
-static void reject_init(mp::Package &package, int err, const char *addinfo) { 
+static void reject_init(mp::Package &package, int err, const char *addinfo) {
     if (err == 0)
         err = YAZ_BIB1_INIT_AC_AUTHENTICATION_SYSTEM_ERROR;
     // Make an Init rejection APDU
@@ -340,18 +378,12 @@ static void reject_init(mp::Package &package, int err, const char *addinfo) {
     package.session().close();
 }
 
-
 void yf::AuthSimple::check_targets(mp::Package & package) const
 {
     Z_InitRequest *initReq = package.request().get()->u.z3950->u.initRequest;
 
-    Z_IdAuthentication *auth = initReq->idAuthentication;
-    // We only get into this method if we are dealing with a session
-    // that has been authenticated using idPass authentication.  So we
-    // know what kind of information is in the Init Request, and we
-    // can trust the username without needing to re-authenticate.
-    assert(auth->which == Z_IdAuthentication_idPass);
-    std::string user = auth->u.idPass->userId;
+    std::string password;
+    std::string user = get_user(initReq, password);
     std::list<std::string> authorisedTargets = m_p->targetsByUser[user];
 
     std::list<std::string> targets;