X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=src%2Ffilter_zoom.cpp;h=67eb01e667cd8b34915a95a1b85beeee0cdfe7ad;hb=ada737df8a221496581267f17f011e0c7c26d2fb;hp=8ca763bb8d38b97fcb496f3d3af808f90054612b;hpb=e3b7970c1a533e4c14aa459f80ab002af4fdabf3;p=metaproxy-moved-to-github.git

diff --git a/src/filter_zoom.cpp b/src/filter_zoom.cpp
index 8ca763b..67eb01e 100644
--- a/src/filter_zoom.cpp
+++ b/src/filter_zoom.cpp
@@ -52,6 +52,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 #include <yaz/tokenizer.h>
 #include <yaz/zoom.h>
 #include <yaz/otherinfo.h>
+#include <yaz/match_glob.h>
 
 namespace mp = metaproxy_1;
 namespace yf = mp::filter;
@@ -221,6 +222,7 @@ namespace metaproxy_1 {
             std::string torus_searchable_url;
             std::string torus_content_url;
             std::string torus_auth_url;
+            std::string torus_allow_ip;
             std::string default_realm;
             std::string torus_auth_hostname;
             std::map<std::string,std::string> fieldmap;
@@ -791,6 +793,8 @@ void yf::Zoom::Impl::configure(const xmlNode *ptr, bool test_only,
                     torus_content_url = mp::xml::get_text(attr->children);
                 else if (!strcmp((const char *) attr->name, "auth_url"))
                     torus_auth_url = mp::xml::get_text(attr->children);
+                else if (!strcmp((const char *) attr->name, "allow_ip"))
+                    torus_allow_ip = mp::xml::get_text(attr->children);
                 else if (!strcmp((const char *) attr->name, "realm"))
                     default_realm = mp::xml::get_text(attr->children);
                 else if (!strcmp((const char *) attr->name, "auth_hostname"))
@@ -1136,8 +1140,6 @@ yf::Zoom::BackendPtr yf::Zoom::Frontend::get_backend_from_databases(
     else
         torus_db = database;
 
-    std::string authentication;
-    std::string content_authentication;
     std::string content_proxy;
     std::string realm = session_realm;
     if (realm.length() == 0)
@@ -1252,19 +1254,6 @@ yf::Zoom::BackendPtr yf::Zoom::Frontend::get_backend_from_databases(
         return m_backend;
     }
 
-    if (param_user)
-    {
-        authentication = std::string(param_user);
-        if (param_password)
-            authentication += "/" + std::string(param_password);
-    }
-    if (param_content_user)
-    {
-        content_authentication = std::string(param_content_user);
-        if (param_content_password)
-            content_authentication += "/" + std::string(param_content_password);
-    }
-
     if (torus_db.compare("IR-Explain---1") == 0)
         return explain_search(package, database, error, addinfo, odr, torus_url,
                               torus_db, realm);
@@ -1466,11 +1455,20 @@ yf::Zoom::BackendPtr yf::Zoom::Frontend::get_backend_from_databases(
                                         maximumRecords > 0 */
     b->set_option("piggyback", sptr->piggyback ? "1" : "0");
 
-    if (content_authentication.length() == 0)
-        content_authentication = sptr->contentAuthentication;
-
-    if (authentication.length() == 0)
-        authentication = sptr->authentication;
+    std::string authentication = sptr->authentication;
+    if (param_user)
+    {
+        authentication = std::string(param_user);
+        if (param_password)
+            authentication += "/" + std::string(param_password);
+    }
+    std::string content_authentication = sptr->contentAuthentication;
+    if (param_content_user)
+    {
+        content_authentication = std::string(param_content_user);
+        if (param_content_password)
+            content_authentication += "/" + std::string(param_content_password);
+    }
 
     if (proxy.length() == 0)
         proxy = sptr->cfProxy;
@@ -1480,7 +1478,17 @@ yf::Zoom::BackendPtr yf::Zoom::Frontend::get_backend_from_databases(
     {
         // A CF target
         b->set_option("user", sptr->cfAuth);
-        if (authentication.length())
+        if (param_user)
+        {
+            out_names[no_out_args] = "user";
+            out_values[no_out_args++] = odr_strdup(odr, param_user);
+            if (param_password)
+            {
+                out_names[no_out_args] = "password";
+                out_values[no_out_args++] = odr_strdup(odr, param_password);
+            }
+        }
+        else if (authentication.length())
         {
             size_t found = authentication.find('/');
             if (found != std::string::npos)
@@ -2103,7 +2111,7 @@ static bool wait_conn(COMSTACK cs, int secs)
     struct yaz_poll_fd pfd;
 
     yaz_poll_add(pfd.input_mask, yaz_poll_except);
-    if (cs->io_pending && CS_WANT_WRITE)
+    if (cs->io_pending & CS_WANT_WRITE)
         yaz_poll_add(pfd.input_mask, yaz_poll_write);
     if (cs->io_pending & CS_WANT_READ)
         yaz_poll_add(pfd.input_mask, yaz_poll_read);
@@ -2651,13 +2659,31 @@ void yf::Zoom::Frontend::auth(mp::Package &package, Z_InitRequest *req,
     }
 
     Z_OtherInformation **oi = &req->otherInfo;
-    const char *ip =
+    const char *ip_cstr =
         yaz_oi_get_string_oid(oi, yaz_oid_userinfo_client_ip, 1, 0);
-    if (!ip)
-        ip = package.origin().get_address().c_str();
+    std::string ip;
+    if (ip_cstr)
+        ip = ip_cstr;
+    else
+        ip = package.origin().get_address();
 
-    yaz_log(YLOG_LOG, "IP=%s", ip);
+    yaz_log(YLOG_LOG, "IP=%s", ip.c_str());
 
+    {
+        NMEM nmem = nmem_create();
+        char **darray;
+        int i, num;
+        nmem_strsplit_blank(nmem, m_p->torus_allow_ip.c_str(), &darray, &num);
+        for (i = 0; i < num; i++)
+        {
+            yaz_log(YLOG_LOG, "check against %s+%s", darray[i], ip.c_str());
+            if (yaz_match_glob(darray[i], ip.c_str()))
+                break;
+        }
+        nmem_destroy(nmem);
+        if (i < num)
+            return;  /* allow this IP */
+    }
     std::string torus_query;
     int failure_code;