X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=src%2Fseshigh.c;h=2c266261a8026b39d5be0e2735257f4759a05675;hb=a1c7e0185783d67c7d6022ae7d70dd890b7c0309;hp=dea6deab3de26fbfda112d772aa6d9586a6884ec;hpb=db0f3c6c74488592ae1ceb7267d41d9a23b9efc1;p=yaz-moved-to-github.git diff --git a/src/seshigh.c b/src/seshigh.c index dea6dea..2c26626 100644 --- a/src/seshigh.c +++ b/src/seshigh.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: seshigh.c,v 1.67 2006-02-27 21:31:33 adam Exp $ + * $Id: seshigh.c,v 1.76 2006-05-05 20:02:22 quinn Exp $ */ /** * \file seshigh.c @@ -60,6 +60,7 @@ #include #include "eventl.h" #include "session.h" +#include "mime.h" #include #include #include @@ -359,10 +360,10 @@ void ir_session(IOCHAN h, int event) if (!z_GDU(assoc->decode, &req->gdu_request, 0, 0)) { yaz_log(YLOG_WARN, "ODR error on incoming PDU: %s [element %s] " - "[near byte %d] ", + "[near byte %ld] ", odr_errmsg(odr_geterror(assoc->decode)), odr_getelement(assoc->decode), - odr_offset(assoc->decode)); + (long) odr_offset(assoc->decode)); if (assoc->decode->error != OHTTP) { yaz_log(YLOG_WARN, "PDU dump:"); @@ -487,7 +488,7 @@ static void assoc_init_reset(association *assoc) yaz_log(log_requestdetail, "peer %s", assoc->init->peer_name); } -static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num) +static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num, Z_SRW_PDU *sr) { statserv_options_block *cb = statserv_getcontrol(); if (!assoc->init) @@ -501,6 +502,26 @@ static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num) assoc->maximumRecordSize = 3000000; assoc->preferredMessageSize = 3000000; + + if (sr->username) + { + Z_IdAuthentication *auth = odr_malloc(assoc->decode, sizeof(*auth)); + int len; + + len = strlen(sr->username) + 1; + if (sr->password) + len += strlen(sr->password) + 2; + auth->which = Z_IdAuthentication_open; + auth->u.open = odr_malloc(assoc->decode, len); + strcpy(auth->u.open, sr->username); + if (sr->password && *sr->password) + { + strcat(auth->u.open, "/"); + strcat(auth->u.open, sr->password); + } + assoc->init->auth = auth; + } + #if 1 ce = yaz_set_proposal_charneg(assoc->decode, &encoding, 1, 0, 0, 1); assoc->init->charneg_request = ce->u.charNeg3; @@ -514,10 +535,12 @@ static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num) return 0; } assoc->backend = binitres->handle; + assoc->init->auth = 0; if (binitres->errcode) { + int srw_code = yaz_diag_bib1_to_srw(binitres->errcode); assoc->state = ASSOC_DEAD; - yaz_add_srw_diagnostic(assoc->encode, d, num, binitres->errcode, + yaz_add_srw_diagnostic(assoc->encode, d, num, srw_code, binitres->errstring); return 0; } @@ -640,7 +663,7 @@ static int cql2pqf(ODR odr, const char *cql, cql_transform_t ct, int r; int srw_errcode = 0; const char *add = 0; - char rpn_buf[512]; + char rpn_buf[5120]; r = cql_parser_string(cp, cql); if (r) @@ -706,16 +729,17 @@ static int cql2pqf_scan(ODR odr, const char *cql, cql_transform_t ct, } static void srw_bend_search(association *assoc, request *req, - Z_SRW_searchRetrieveRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_searchRetrieveResponse *srw_res, int *http_code) { int srw_error = 0; Z_External *ext; + Z_SRW_searchRetrieveRequest *srw_req = sr->u.request; *http_code = 200; yaz_log(log_requestdetail, "Got SRW SearchRetrieveRequest"); - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (srw_res->num_diagnostics == 0 && assoc->init) { bend_search_rr rr; @@ -773,8 +797,8 @@ static void srw_bend_search(association *assoc, request *req, const char *pqf_msg; size_t off; int code = yaz_pqf_error (pqf_parser, &pqf_msg, &off); - yaz_log(log_requestdetail, "Parse error %d %s near offset %d", - code, pqf_msg, off); + yaz_log(log_requestdetail, "Parse error %d %s near offset %ld", + code, pqf_msg, (long) off); srw_error = YAZ_SRW_QUERY_SYNTAX_ERROR; } @@ -974,13 +998,14 @@ static char *srw_bend_explain_default(void *handle, bend_explain_rr *rr) } static void srw_bend_explain(association *assoc, request *req, - Z_SRW_explainRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_explainResponse *srw_res, int *http_code) { + Z_SRW_explainRequest *srw_req = sr->u.explain_request; yaz_log(log_requestdetail, "Got SRW ExplainRequest"); *http_code = 404; - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (assoc->init) { bend_explain_rr rr; @@ -1018,14 +1043,15 @@ static void srw_bend_explain(association *assoc, request *req, } static void srw_bend_scan(association *assoc, request *req, - Z_SRW_scanRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_scanResponse *srw_res, int *http_code) { + Z_SRW_scanRequest *srw_req = sr->u.scan_request; yaz_log(log_requestdetail, "Got SRW ScanRequest"); *http_code = 200; - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (srw_res->num_diagnostics == 0 && assoc->init) { struct scan_entry *save_entries; @@ -1202,14 +1228,15 @@ static void srw_bend_scan(association *assoc, request *req, } static void srw_bend_update(association *assoc, request *req, - Z_SRW_updateRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_updateResponse *srw_res, int *http_code) { + Z_SRW_updateRequest *srw_req = sr->u.update_request; yaz_log(YLOG_DEBUG, "Got SRW UpdateRequest"); yaz_log(YLOG_DEBUG, "num_diag = %d", srw_res->num_diagnostics ); *http_code = 404; - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (assoc->init) { bend_update_rr rr; @@ -1383,6 +1410,32 @@ static void srw_bend_update(association *assoc, request *req, } } +/* check if path is OK (1); BAD (0) */ +static int check_path(const char *path) +{ + if (*path != '/') + return 0; + if (strstr(path, "..")) + return 0; + return 1; +} + +static char *read_file(const char *fname, ODR o, int *sz) +{ + char *buf; + FILE *inf = fopen(fname, "rb"); + if (!inf) + return 0; + + fseek(inf, 0L, SEEK_END); + *sz = ftell(inf); + rewind(inf); + buf = odr_malloc(o, *sz); + fread(buf, 1, *sz, inf); + fclose(inf); + return buf; +} + static void process_http_request(association *assoc, request *req) { Z_HTTP_Request *hreq = req->gdu_request->u.HTTP_Request; @@ -1394,7 +1447,7 @@ static void process_http_request(association *assoc, request *req) char *charset = 0; Z_HTTP_Response *hres = 0; int keepalive = 1; - char *stylesheet = 0; + const char *stylesheet = 0; /* for now .. set later */ Z_SRW_diagnostic *diagnostic = 0; int num_diagnostic = 0; const char *host = z_HTTP_header_lookup(hreq->headers, "Host"); @@ -1404,14 +1457,64 @@ static void process_http_request(association *assoc, request *req) p = z_get_HTTP_Response(o, 404); r = 1; } - if (r == 2 && !strcmp(hreq->path, "/test")) + if (r == 2 && assoc->docpath && hreq->path[0] == '/' + && + /* check if path is a proper prefix of documentroot */ + strncmp(hreq->path+1, assoc->docpath, strlen(assoc->docpath)) + == 0) { - p = z_get_HTTP_Response(o, 200); - hres = p->u.HTTP_Response; - hres->content_buf = "1234567890\n"; - hres->content_len = strlen(hres->content_buf); + if (!check_path(hreq->path)) + { + yaz_log(YLOG_LOG, "File %s access forbidden", hreq->path+1); + p = z_get_HTTP_Response(o, 404); + } + else + { + int content_size = 0; + char *content_buf = read_file(hreq->path+1, o, &content_size); + if (!content_buf) + { + yaz_log(YLOG_LOG, "File %s not found", hreq->path+1); + p = z_get_HTTP_Response(o, 404); + } + else + { + const char *ctype = 0; + yaz_mime_types types = yaz_mime_types_create(); + + yaz_mime_types_add(types, "xsl", "application/xml"); + yaz_mime_types_add(types, "xml", "application/xml"); + yaz_mime_types_add(types, "css", "text/css"); + yaz_mime_types_add(types, "html", "text/html"); + yaz_mime_types_add(types, "htm", "text/html"); + yaz_mime_types_add(types, "txt", "text/plain"); + yaz_mime_types_add(types, "js", "application/x-javascript"); + + yaz_mime_types_add(types, "gif", "image/gif"); + yaz_mime_types_add(types, "png", "image/png"); + yaz_mime_types_add(types, "jpg", "image/jpeg"); + yaz_mime_types_add(types, "jpeg", "image/jpeg"); + + ctype = yaz_mime_lookup_fname(types, hreq->path); + if (!ctype) + { + yaz_log(YLOG_LOG, "No mime type for %s", hreq->path+1); + p = z_get_HTTP_Response(o, 404); + } + else + { + p = z_get_HTTP_Response(o, 200); + hres = p->u.HTTP_Response; + hres->content_buf = content_buf; + hres->content_len = content_size; + z_HTTP_header_add(o, &hres->headers, "Content-Type", ctype); + } + yaz_mime_types_destroy(types); + } + } r = 1; } + if (r == 2) { r = yaz_srw_decode(hreq, &sr, &soap_package, assoc->decode, &charset); @@ -1439,7 +1542,7 @@ static void process_http_request(association *assoc, request *req) } else { - srw_bend_search(assoc, req, sr->u.request, res->u.response, + srw_bend_search(assoc, req, sr, res->u.response, &http_code); } if (http_code == 200) @@ -1454,7 +1557,7 @@ static void process_http_request(association *assoc, request *req) res->u.explain_response->diagnostics = diagnostic; res->u.explain_response->num_diagnostics = num_diagnostic; } - srw_bend_explain(assoc, req, sr->u.explain_request, + srw_bend_explain(assoc, req, sr, res->u.explain_response, &http_code); if (http_code == 200) soap_package->u.generic->p = res; @@ -1468,7 +1571,7 @@ static void process_http_request(association *assoc, request *req) res->u.scan_response->diagnostics = diagnostic; res->u.scan_response->num_diagnostics = num_diagnostic; } - srw_bend_scan(assoc, req, sr->u.scan_request, + srw_bend_scan(assoc, req, sr, res->u.scan_response, &http_code); if (http_code == 200) soap_package->u.generic->p = res; @@ -1483,7 +1586,7 @@ static void process_http_request(association *assoc, request *req) res->u.update_response->num_diagnostics = num_diagnostic; } yaz_log(YLOG_DEBUG, "num_diag = %d", res->u.update_response->num_diagnostics ); - srw_bend_update(assoc, req, sr->u.update_request, + srw_bend_update(assoc, req, sr, res->u.update_response, &http_code); if (http_code == 200) soap_package->u.generic->p = res; @@ -1513,6 +1616,14 @@ static void process_http_request(association *assoc, request *req) int ret; p = z_get_HTTP_Response(o, 200); hres = p->u.HTTP_Response; + + if (!stylesheet) + stylesheet = assoc->stylesheet; + + /* empty stylesheet means NO stylesheet */ + if (stylesheet && *stylesheet == '\0') + stylesheet = 0; + ret = z_soap_codec_enc_xsl(assoc->encode, &soap_package, &hres->content_buf, &hres->content_len, soap_handlers, charset, stylesheet); @@ -1987,7 +2098,7 @@ static Z_APDU *process_initRequest(association *assoc, request *reqb) assoc->init->implementation_name, odr_prepend(assoc->encode, "GFS", resp->implementationName)); - version = odr_strdup(assoc->encode, "$Revision: 1.67 $"); + version = odr_strdup(assoc->encode, "$Revision: 1.76 $"); if (strlen(version) > 10) /* check for unexpanded CVS strings */ version[strlen(version)-2] = '\0'; resp->implementationVersion = odr_prepend(assoc->encode, @@ -3020,6 +3131,7 @@ static Z_APDU *process_segmentRequest (association *assoc, request *reqb) static Z_APDU *process_ESRequest(association *assoc, request *reqb, int *fd) { bend_esrequest_rr esrequest; + const char *ext_name = "unknown"; Z_ExtendedServicesRequest *req = reqb->apdu_request->u.extendedServicesRequest; @@ -3027,8 +3139,6 @@ static Z_APDU *process_ESRequest(association *assoc, request *reqb, int *fd) Z_ExtendedServicesResponse *resp = apdu->u.extendedServicesResponse; - yaz_log(log_requestdetail,"Got EsRequest"); - esrequest.esr = reqb->apdu_request->u.extendedServicesRequest; esrequest.stream = assoc->encode; esrequest.decode = assoc->decode; @@ -3039,7 +3149,24 @@ static Z_APDU *process_ESRequest(association *assoc, request *reqb, int *fd) esrequest.association = assoc; esrequest.taskPackage = 0; esrequest.referenceId = req->referenceId; + + if (esrequest.esr && esrequest.esr->taskSpecificParameters) + { + switch(esrequest.esr->taskSpecificParameters->which) + { + case Z_External_itemOrder: + ext_name = "ItemOrder"; break; + case Z_External_update: + ext_name = "Update"; break; + case Z_External_update0: + ext_name = "Update0"; break; + case Z_External_ESAdmin: + ext_name = "Admin"; break; + + } + } + (*assoc->init->bend_esrequest)(assoc->backend, &esrequest); /* If the response is being delayed, return NULL */ @@ -3051,13 +3178,13 @@ static Z_APDU *process_ESRequest(association *assoc, request *reqb, int *fd) if (esrequest.errcode == -1) { /* Backend service indicates request will be processed */ - yaz_log(log_request,"EsRequest OK: Accepted !"); + yaz_log(log_request, "Extended Service: %s (accepted)", ext_name); *resp->operationStatus = Z_ExtendedServicesResponse_accepted; } else if (esrequest.errcode == 0) { /* Backend service indicates request will be processed */ - yaz_log(log_request,"EsRequest OK: Done !"); + yaz_log(log_request, "Extended Service: %s (done)", ext_name); *resp->operationStatus = Z_ExtendedServicesResponse_done; } else @@ -3066,7 +3193,7 @@ static Z_APDU *process_ESRequest(association *assoc, request *reqb, int *fd) zget_DiagRecs(assoc->encode, esrequest.errcode, esrequest.errstring); /* Backend indicates error, request will not be processed */ - yaz_log(YLOG_DEBUG,"Request could not be processed...failure !"); + yaz_log(log_request, "Extended Service: %s (failed)", ext_name); *resp->operationStatus = Z_ExtendedServicesResponse_failure; resp->num_diagnostics = diagRecs->num_diagRecs; resp->diagnostics = diagRecs->diagRecs;