From 9a931f88892b2d8be796bfafa07e430307b7c5f6 Mon Sep 17 00:00:00 2001 From: Sebastian Hammer Date: Fri, 5 May 2006 20:02:22 +0000 Subject: [PATCH 1/1] Supporting Username/password in SRU server mode, either through x-username/x-password SRU parameters, or through Basic HTTP authentication. --- include/yaz/srw.h | 4 ++- src/seshigh.c | 55 ++++++++++++++++++++++-------- src/srwutil.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++- ztest/ztest.c | 4 ++- 4 files changed, 143 insertions(+), 18 deletions(-) diff --git a/include/yaz/srw.h b/include/yaz/srw.h index dc721a1..b8dd77d 100644 --- a/include/yaz/srw.h +++ b/include/yaz/srw.h @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: srw.h,v 1.25 2006-03-01 23:24:24 adam Exp $ + * $Id: srw.h,v 1.26 2006-05-05 20:02:22 quinn Exp $ */ /** * \file srw.h @@ -178,6 +178,8 @@ typedef struct { Z_SRW_updateResponse *update_response; } u; char *srw_version; + char *username; /* From HTTP header or request */ + char *password; /* From HTTP header or request */ } Z_SRW_PDU; YAZ_EXPORT int yaz_srw_codec(ODR o, void * pptr, diff --git a/src/seshigh.c b/src/seshigh.c index 5ad7ef3..2c26626 100644 --- a/src/seshigh.c +++ b/src/seshigh.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: seshigh.c,v 1.75 2006-04-21 10:28:07 adam Exp $ + * $Id: seshigh.c,v 1.76 2006-05-05 20:02:22 quinn Exp $ */ /** * \file seshigh.c @@ -488,7 +488,7 @@ static void assoc_init_reset(association *assoc) yaz_log(log_requestdetail, "peer %s", assoc->init->peer_name); } -static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num) +static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num, Z_SRW_PDU *sr) { statserv_options_block *cb = statserv_getcontrol(); if (!assoc->init) @@ -502,6 +502,26 @@ static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num) assoc->maximumRecordSize = 3000000; assoc->preferredMessageSize = 3000000; + + if (sr->username) + { + Z_IdAuthentication *auth = odr_malloc(assoc->decode, sizeof(*auth)); + int len; + + len = strlen(sr->username) + 1; + if (sr->password) + len += strlen(sr->password) + 2; + auth->which = Z_IdAuthentication_open; + auth->u.open = odr_malloc(assoc->decode, len); + strcpy(auth->u.open, sr->username); + if (sr->password && *sr->password) + { + strcat(auth->u.open, "/"); + strcat(auth->u.open, sr->password); + } + assoc->init->auth = auth; + } + #if 1 ce = yaz_set_proposal_charneg(assoc->decode, &encoding, 1, 0, 0, 1); assoc->init->charneg_request = ce->u.charNeg3; @@ -515,6 +535,7 @@ static int srw_bend_init(association *assoc, Z_SRW_diagnostic **d, int *num) return 0; } assoc->backend = binitres->handle; + assoc->init->auth = 0; if (binitres->errcode) { int srw_code = yaz_diag_bib1_to_srw(binitres->errcode); @@ -708,16 +729,17 @@ static int cql2pqf_scan(ODR odr, const char *cql, cql_transform_t ct, } static void srw_bend_search(association *assoc, request *req, - Z_SRW_searchRetrieveRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_searchRetrieveResponse *srw_res, int *http_code) { int srw_error = 0; Z_External *ext; + Z_SRW_searchRetrieveRequest *srw_req = sr->u.request; *http_code = 200; yaz_log(log_requestdetail, "Got SRW SearchRetrieveRequest"); - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (srw_res->num_diagnostics == 0 && assoc->init) { bend_search_rr rr; @@ -976,13 +998,14 @@ static char *srw_bend_explain_default(void *handle, bend_explain_rr *rr) } static void srw_bend_explain(association *assoc, request *req, - Z_SRW_explainRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_explainResponse *srw_res, int *http_code) { + Z_SRW_explainRequest *srw_req = sr->u.explain_request; yaz_log(log_requestdetail, "Got SRW ExplainRequest"); *http_code = 404; - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (assoc->init) { bend_explain_rr rr; @@ -1020,14 +1043,15 @@ static void srw_bend_explain(association *assoc, request *req, } static void srw_bend_scan(association *assoc, request *req, - Z_SRW_scanRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_scanResponse *srw_res, int *http_code) { + Z_SRW_scanRequest *srw_req = sr->u.scan_request; yaz_log(log_requestdetail, "Got SRW ScanRequest"); *http_code = 200; - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (srw_res->num_diagnostics == 0 && assoc->init) { struct scan_entry *save_entries; @@ -1204,14 +1228,15 @@ static void srw_bend_scan(association *assoc, request *req, } static void srw_bend_update(association *assoc, request *req, - Z_SRW_updateRequest *srw_req, + Z_SRW_PDU *sr, Z_SRW_updateResponse *srw_res, int *http_code) { + Z_SRW_updateRequest *srw_req = sr->u.update_request; yaz_log(YLOG_DEBUG, "Got SRW UpdateRequest"); yaz_log(YLOG_DEBUG, "num_diag = %d", srw_res->num_diagnostics ); *http_code = 404; - srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics); + srw_bend_init(assoc, &srw_res->diagnostics, &srw_res->num_diagnostics, sr); if (assoc->init) { bend_update_rr rr; @@ -1517,7 +1542,7 @@ static void process_http_request(association *assoc, request *req) } else { - srw_bend_search(assoc, req, sr->u.request, res->u.response, + srw_bend_search(assoc, req, sr, res->u.response, &http_code); } if (http_code == 200) @@ -1532,7 +1557,7 @@ static void process_http_request(association *assoc, request *req) res->u.explain_response->diagnostics = diagnostic; res->u.explain_response->num_diagnostics = num_diagnostic; } - srw_bend_explain(assoc, req, sr->u.explain_request, + srw_bend_explain(assoc, req, sr, res->u.explain_response, &http_code); if (http_code == 200) soap_package->u.generic->p = res; @@ -1546,7 +1571,7 @@ static void process_http_request(association *assoc, request *req) res->u.scan_response->diagnostics = diagnostic; res->u.scan_response->num_diagnostics = num_diagnostic; } - srw_bend_scan(assoc, req, sr->u.scan_request, + srw_bend_scan(assoc, req, sr, res->u.scan_response, &http_code); if (http_code == 200) soap_package->u.generic->p = res; @@ -1561,7 +1586,7 @@ static void process_http_request(association *assoc, request *req) res->u.update_response->num_diagnostics = num_diagnostic; } yaz_log(YLOG_DEBUG, "num_diag = %d", res->u.update_response->num_diagnostics ); - srw_bend_update(assoc, req, sr->u.update_request, + srw_bend_update(assoc, req, sr, res->u.update_response, &http_code); if (http_code == 200) soap_package->u.generic->p = res; @@ -2073,7 +2098,7 @@ static Z_APDU *process_initRequest(association *assoc, request *reqb) assoc->init->implementation_name, odr_prepend(assoc->encode, "GFS", resp->implementationName)); - version = odr_strdup(assoc->encode, "$Revision: 1.75 $"); + version = odr_strdup(assoc->encode, "$Revision: 1.76 $"); if (strlen(version) > 10) /* check for unexpanded CVS strings */ version[strlen(version)-2] = '\0'; resp->implementationVersion = odr_prepend(assoc->encode, diff --git a/src/srwutil.c b/src/srwutil.c index b38a73a..1f39728 100644 --- a/src/srwutil.c +++ b/src/srwutil.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: srwutil.c,v 1.38 2006-04-20 00:01:01 adam Exp $ + * $Id: srwutil.c,v 1.39 2006-05-05 20:02:22 quinn Exp $ */ /** * \file srwutil.c @@ -176,6 +176,91 @@ char *yaz_uri_val(const char *path, const char *name, ODR o) return 0; } +static int yaz_base64decode(const char *in, char *out) +{ + const char *map = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789+/"; + int olen = 0; + int len = strlen(in); + + while (len >= 4) + { + char i0, i1, i2, i3; + char *p; + + if (!(p = index(map, in[0]))) + return 0; + i0 = p - map; + len--; + if (!(p = index(map, in[1]))) + return 0; + i1 = p - map; + len--; + *(out++) = i0 << 2 | i1 >> 4; + olen++; + if (in[2] == '=') + break; + if (!(p = index(map, in[2]))) + return 0; + i2 = p - map; + len--; + *(out++) = i1 << 4 | i2 >> 2; + olen++; + if (in[3] == '=') + break; + if (!(p = index(map, in[3]))) + return 0; + i3 = p - map; + len--; + *(out++) = i2 << 6 | i3; + olen++; + + in += 4; + } + + *out = '\0'; + return olen; +} + +/** + * Look for authentication tokens in HTTP Basic parameters or in x-username/x-password + * parameters. Added by SH. + */ +static void yaz_srw_decodeauth(Z_SRW_PDU *sr, Z_HTTP_Request *hreq, char *username, + char *password, ODR decode) +{ + const char *basic = z_HTTP_header_lookup(hreq->headers, "Authorization"); + + if (username) + sr->username = username; + if (password) + sr->password = password; + + if (basic) { + int len, olen; + char out[256]; + char ubuf[256] = "", pbuf[256] = "", *p; + if (strncmp(basic, "Basic ", 6)) + return; + basic += 6; + len = strlen(basic); + if (!len || len > 256) + return; + olen = yaz_base64decode(basic, out); + /* Format of out should be username:password at this point */ + strcpy(ubuf, out); + if ((p = index(ubuf, ':'))) { + *(p++) = '\0'; + if (*p) + strcpy(pbuf, p); + } + if (*ubuf) + sr->username = odr_strdup(decode, ubuf); + if (*pbuf) + sr->password = odr_strdup(decode, pbuf); + } +} + void yaz_uri_val_int(const char *path, const char *name, ODR o, int **intp) { const char *v = yaz_uri_val(path, name, o); @@ -350,6 +435,8 @@ int yaz_sru_decode(Z_HTTP_Request *hreq, Z_SRW_PDU **srw_pdu, char *version = 0; char *query = 0; char *pQuery = 0; + char *username = 0; + char *password = 0; char *sortKeys = 0; char *stylesheet = 0; char *scanClause = 0; @@ -394,6 +481,10 @@ int yaz_sru_decode(Z_HTTP_Request *hreq, Z_SRW_PDU **srw_pdu, query = v; else if (!strcmp(n, "x-pquery")) pQuery = v; + else if (!strcmp(n, "x-username")) + username = v; + else if (!strcmp(n, "x-password")) + password = v; else if (!strcmp(n, "operation")) operation = v; else if (!strcmp(n, "stylesheet")) @@ -446,6 +537,7 @@ int yaz_sru_decode(Z_HTTP_Request *hreq, Z_SRW_PDU **srw_pdu, sr->srw_version = version; *srw_pdu = sr; + yaz_srw_decodeauth(sr, hreq, username, password, decode); if (query) { sr->u.request->query_type = Z_SRW_query_type_cql; @@ -499,6 +591,7 @@ int yaz_sru_decode(Z_HTTP_Request *hreq, Z_SRW_PDU **srw_pdu, Z_SRW_PDU *sr = yaz_srw_get(decode, Z_SRW_explain_request); sr->srw_version = version; + yaz_srw_decodeauth(sr, hreq, username, password, decode); *srw_pdu = sr; sr->u.explain_request->recordPacking = recordPacking; sr->u.explain_request->database = db; @@ -527,6 +620,7 @@ int yaz_sru_decode(Z_HTTP_Request *hreq, Z_SRW_PDU **srw_pdu, sr->srw_version = version; *srw_pdu = sr; + yaz_srw_decodeauth(sr, hreq, username, password, decode); if (scanClause) { @@ -619,6 +713,8 @@ Z_SRW_PDU *yaz_srw_get(ODR o, int which) { Z_SRW_PDU *sr = (Z_SRW_PDU *) odr_malloc(o, sizeof(*o)); + sr->username = 0; + sr->password = 0; sr->srw_version = odr_strdup(o, "1.1"); sr->which = which; switch(which) diff --git a/ztest/ztest.c b/ztest/ztest.c index e659570..29026a1 100644 --- a/ztest/ztest.c +++ b/ztest/ztest.c @@ -2,7 +2,7 @@ * Copyright (C) 1995-2005, Index Data ApS * See the file LICENSE for details. * - * $Id: ztest.c,v 1.79 2006-04-21 10:28:09 adam Exp $ + * $Id: ztest.c,v 1.80 2006-05-05 20:02:22 quinn Exp $ */ /* @@ -669,6 +669,8 @@ bend_initresult *bend_init(bend_initrequest *q) odr_malloc (q->stream, sizeof(*r)); int *counter = (int *) xmalloc (sizeof(int)); + fprintf(stderr, "FUK\n"); + if (!log_level_set) { log_level=yaz_log_module_level("ztest"); -- 1.7.10.4