+ filename + "': " +
+ "no databases on line: '" +
+ buf + ":" + passwdp + "'");
+ *databasesp++ = 0;
+ yf::AuthSimple::Rep::PasswordAndDBs tmp(passwdp);
+ boost::split(tmp.dbs, databasesp, boost::is_any_of(","));
+ m_p->userRegister[buf] = tmp;
+
+ if (1) { // debugging
+ printf("Added user '%s' -> password '%s'\n", buf, passwdp);
+ std::list<std::string>::const_iterator i;
+ for (i = tmp.dbs.begin(); i != tmp.dbs.end(); i++) {
+ printf("db '%s'\n", (*i).c_str());
+ }
+ }
+ }
+}
+
+
+void yf::AuthSimple::process(yp2::Package &package) const
+{
+ Z_GDU *gdu = package.request().get();
+
+ if (!gdu || gdu->which != Z_GDU_Z3950) {
+ // Pass on the package -- This means that authentication is
+ // waived, which may not be the correct thing for non-Z APDUs
+ // as it means that SRW sessions don't demand authentication
+ return package.move();
+ }
+
+ switch (gdu->u.z3950->which) {
+ case Z_APDU_initRequest: return process_init(package);
+ case Z_APDU_searchRequest: return process_search(package);
+ default: break;
+ }
+
+ // Operations other than those listed above do not require authorisation
+ return package.move();
+}
+
+
+static void reject_init(yp2::Package &package, const char *addinfo);
+
+
+void yf::AuthSimple::process_init(yp2::Package &package) const
+{
+ Z_IdAuthentication *auth =
+ package.request().get()->u.z3950->u.initRequest->idAuthentication;
+ // This is just plain perverted.
+
+ if (!auth)
+ return reject_init(package, "no credentials supplied");
+ if (auth->which != Z_IdAuthentication_idPass)
+ return reject_init(package, "only idPass authentication is supported");
+ Z_IdPass *idPass = auth->u.idPass;
+
+ if (m_p->userRegister.count(idPass->userId)) {
+ // groupId is ignored, in accordance with ancient tradition.
+ yf::AuthSimple::Rep::PasswordAndDBs pdbs =
+ m_p->userRegister[idPass->userId];
+ if (pdbs.password == idPass->password) {
+ // Success! Remember who the user is for future reference
+ {
+ boost::mutex::scoped_lock lock(m_p->mutex);
+ m_p->userBySession[package.session()] = idPass->userId;
+ }
+ return package.move();
+ }
+ }
+
+ return reject_init(package, "username/password combination rejected");
+}
+
+
+// I find it unutterable disappointing that I have to provide this
+static bool contains(std::list<std::string> list, std::string thing) {
+ std::list<std::string>::const_iterator i;
+ for (i = list.begin(); i != list.end(); i++)
+ if (*i == thing)
+ return true;
+
+ return false;
+}
+
+
+void yf::AuthSimple::process_search(yp2::Package &package) const
+{
+ Z_SearchRequest *req =
+ package.request().get()->u.z3950->u.searchRequest;
+
+ if (m_p->userBySession.count(package.session()) == 0) {
+ // It's a non-authenticated session, so just accept the operation
+ return package.move();