[interchange-cvs] interchange - racke modified 2 files
interchange-core@icdevgroup.org
interchange-core@icdevgroup.org
Sat May 3 12:42:00 2003
User: racke
Date: 2003-05-03 16:41:02 GMT
Modified: lib/Vend Config.pm SOAP.pm
Log:
added SOAP_Control configuration directive and soap_gate access
check routine to control requests to the SOAP server
Revision Changes Path
2.111 +5 -2 interchange/lib/Vend/Config.pm
rev 2.111, prev_rev 2.110
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.110
retrieving revision 2.111
diff -u -r2.110 -r2.111
--- Config.pm 10 Apr 2003 17:35:51 -0000 2.110
+++ Config.pm 3 May 2003 16:41:02 -0000 2.111
@@ -1,6 +1,6 @@
# Vend::Config - Configure Interchange
#
-# $Id: Config.pm,v 2.110 2003/04/10 17:35:51 mheins Exp $
+# $Id: Config.pm,v 2.111 2003/05/03 16:41:02 racke Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
# Copyright (C) 2003 ICDEVGROUP <interchange@icdevgroup.org>
@@ -48,7 +48,7 @@
use Vend::File;
use Vend::Data;
-$VERSION = substr(q$Revision: 2.110 $, 10);
+$VERSION = substr(q$Revision: 2.111 $, 10);
my %CDname;
my %CPname;
@@ -182,6 +182,7 @@
my %AllowScalarAction = (qw(
FileControl 1
+ SOAP_Control 1
));
my $StdTags;
@@ -304,6 +305,7 @@
['SOAP_MaxRequests', 'integer', 50],
['SOAP_StartServers', 'integer', 1],
['SOAP_Host', undef, 'localhost 127.0.0.1'],
+ ['SOAP_Control', 'action', ''],
['IPCsocket', undef, "$Global::VendRoot/etc/socket.ipc"],
['HouseKeeping', 'integer', 60],
['Mall', 'yesno', 'No'],
@@ -520,6 +522,7 @@
['SOAP', 'yesno', 'No'],
['SOAP_Enable', 'hash', ''],
['SOAP_Action', 'action', ''],
+ ['SOAP_Control', 'action', ''],
['UserDB', 'locale', ''],
['UserDatabase', undef, ''], #undocumented
['RobotLimit', 'integer', 0],
2.9 +67 -2 interchange/lib/Vend/SOAP.pm
rev 2.9, prev_rev 2.8
Index: SOAP.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/SOAP.pm,v
retrieving revision 2.8
retrieving revision 2.9
diff -u -r2.8 -r2.9
--- SOAP.pm 18 Mar 2003 13:37:02 -0000 2.8
+++ SOAP.pm 3 May 2003 16:41:02 -0000 2.9
@@ -1,6 +1,6 @@
# Vend::SOAP - Handle SOAP connections for Interchange
#
-# $Id: SOAP.pm,v 2.8 2003/03/18 13:37:02 racke Exp $
+# $Id: SOAP.pm,v 2.9 2003/05/03 16:41:02 racke Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -34,7 +34,7 @@
use strict;
use vars qw($VERSION @ISA $AUTOLOAD);
-$VERSION = substr(q$Revision: 2.8 $, 10);
+$VERSION = substr(q$Revision: 2.9 $, 10);
@ISA = qw/SOAP::Server/;
my %Allowed_tags;
@@ -168,6 +168,60 @@
return $result;
}
+my %intrinsic = (local => sub {$CGI::remote_addr eq '127.0.0.1'},
+ never => sub {return 0},
+ always => sub {return 1});
+
+sub soap_gate {
+ my (@args, $status, $subref, $spath);
+
+ # check first global control configuration which takes
+ # precedence, then catalog control configuration
+ for $subref ($Global::SOAP_Control,
+ $Vend::Cfg->{SOAP_Control}) {
+ @args = @_;
+
+ while (@args) {
+ $spath = join('/', @args);
+ pop(@args);
+ next unless exists $subref->{$spath};
+
+ if (ref($subref->{$spath}) eq 'CODE') {
+ $status = $subref->{$spath}->($spath);
+ } elsif ($subref->{$spath}) {
+ $status = soap_control_intrinsic($subref->{$spath}, $spath);
+ }
+
+ # check found, done with loop
+ last;
+ }
+
+ last unless $status;
+ }
+
+ die errmsg("Unauthorized access to '%s' method\n", join('/', @_))
+ unless $status;
+
+ return 1;
+}
+
+sub soap_control_intrinsic {
+ my ($checklist, $action) = @_;
+ my @checks = split /\s*;\s*/, $checklist;
+ my $status = 1;
+
+ for(@checks) {
+ my ($check, @args) = split /:/, $_;
+ my $sub = $intrinsic{$check} or return 0;
+
+ unless( $sub->($action, @args) ) {
+ $status = 0;
+ last;
+ }
+ }
+ return $status;
+}
+
# This is used to check the session name. If there is some reason
# the session is retired, the returned ID will be different from the
# passed ID and the client can cope.
@@ -218,6 +272,8 @@
sub Values {
shift;
+
+ soap_gate('Values');
open_soap_session();
my $putref;
my $ref = $::Values ||= {};
@@ -248,6 +304,8 @@
sub Scratch {
shift;
+
+ soap_gate('Scratch');
open_soap_session();
my $putref;
my $ref = $Vend::Session->{scratch};
@@ -263,6 +321,9 @@
sub Database {
shift;
my $name = shift;
+
+ soap_gate('Database', $name);
+
my $ref = $Vend::Cfg->{Database};
return $ref->{$name} if $name;
return $ref;
@@ -300,12 +361,16 @@
#::logDebug("session " . ::full_dump() );
$routine =~ s/.*:://;
+
if ($Vend::Cfg->{SOAP_Action}{$routine}) {
+ soap_gate ('Action', $routine);
$sub = $Vend::Cfg->{SOAP_Action}{$routine};
Vend::Interpolate::init_calc();
new Vend::Tags;
} elsif (! $Allowed_tags{$routine}) {
die ::errmsg("Not allowed routine: %s", $routine);
+ } else {
+ soap_gate ('Tag', $routine);
}
my $result;