<chapter id="administration">
- <!-- $Id: administration.xml,v 1.18 2005-05-30 13:22:11 adam Exp $ -->
+ <!-- $Id: administration.xml,v 1.19 2005-10-20 18:28:10 quinn Exp $ -->
<title>Administrating Zebra</title>
<!-- ### It's a bit daft that this chapter (which describes half of
the configuration-file formats) is separated from
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>dbaccess <replaceable>accessfile</replaceable></term>
+ <listitem>
+ <para>
+ Names a file which lists database subscriptions for individual users.
+ The access file should consists of lines of the form <literal>username:
+ dbnames</literal>, where dbnames is a list of database names, seprated by
+ '+'. No whitespace is allowed in the database list.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</para>
-/* $Id: zebraapi.c,v 1.189 2005-09-19 08:20:15 adam Exp $
+/* $Id: zebraapi.c,v 1.190 2005-10-20 18:28:10 quinn Exp $
Copyright (C) 1995-2005
Index Data ApS
{
const char *passwd_plain = 0;
const char *passwd_encrypt = 0;
+ const char *dbaccess = 0;
ZebraService zh = xmalloc(sizeof(*zh));
if (configName)
zebra_mutex_cond_init (&zh->session_lock);
passwd_plain = res_get (zh->global_res, "passwd");
passwd_encrypt = res_get (zh->global_res, "passwd.c");
+ dbaccess = res_get (zh->global_res, "dbaccess");
if (!passwd_plain && !passwd_encrypt)
zh->passwd_db = NULL;
passwd_db_file_crypt(zh->passwd_db, passwd_encrypt);
}
}
+
+ if (!dbaccess)
+ zh->dbaccess = NULL;
+ else {
+ zh->dbaccess = res_open(NULL, NULL);
+ if (res_read_file(zh->dbaccess, dbaccess) != ZEBRA_OK) {
+ yaz_log(YLOG_FATAL, "Failed to read %s", dbaccess);
+ return NULL;
+ }
+ }
+
zh->path_root = res_get (zh->global_res, "root");
zh->nmem = nmem_create();
zh->record_classes = recTypeClass_create (zh->global_res, zh->nmem);
xfree(zh->record_encoding);
+ if (zh->dbaccesslist)
+ xfree(zh->dbaccesslist);
+
for (i = 0; i < zh->num_basenames; i++)
xfree(zh->basenames[i]);
xfree(zh->basenames);
zh->errCode = YAZ_BIB1_COMBI_OF_SPECIFIED_DATABASES_UNSUPP;
return ZEBRA_FAIL;
}
+
+ /* Check if the user has access to all databases (Seb) */
+ /* You could argue that this should happen later, after we have
+ * determined that the database(s) exist. */
+ if (zh->dbaccesslist) {
+ for (i = 0; i < num_bases; i++) {
+ const char *db = basenames[i];
+ char *p, *pp;
+ for (p = zh->dbaccesslist; p && *p; p = pp) {
+ int len;
+ if ((pp = strchr(p, '+'))) {
+ len = pp - p;
+ pp++;
+ }
+ else
+ len = strlen(p);
+ if (len == strlen(db) && !strncmp(db, p, len))
+ break;
+ }
+ if (!p) {
+ zh->errCode = YAZ_BIB1_ACCESS_TO_SPECIFIED_DATABASE_DENIED;
+ return ZEBRA_FAIL;
+ }
+ }
+ }
+
for (i = 0; i < zh->num_basenames; i++)
xfree(zh->basenames[i]);
xfree(zh->basenames);
ZEBRA_RES zebra_auth (ZebraHandle zh, const char *user, const char *pass)
{
const char *p;
+ const char *astring;
char u[40];
ZebraService zs;
xfree(zh->user_perm);
zh->user_perm = xstrdup(p ? p : "r");
+ /* Determine database access list */
+ astring = res_get(zs->dbaccess, user ? user : "anonymous");
+ if (astring)
+ zh->dbaccesslist = xstrdup(astring);
+ else
+ zh->dbaccesslist = NULL;
+
/* users that don't require a password .. */
if (zh->user_perm && strchr(zh->user_perm, 'a'))
return ZEBRA_OK;
projects / idzebra-moved-to-github.git / commitdiff