[interchange-cvs] interchange - racke modified 2 files

interchange-core@icdevgroup.org interchange-core@icdevgroup.org
Sat May 3 12:42:00 2003 

User:      racke
Date:      2003-05-03 16:41:02 GMT
Modified:  lib/Vend Config.pm SOAP.pm
Log:
added SOAP_Control configuration directive and soap_gate access
check routine to control requests to the SOAP server

Revision  Changes    Path
2.111     +5 -2      interchange/lib/Vend/Config.pm


rev 2.111, prev_rev 2.110
Index: Config.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Config.pm,v
retrieving revision 2.110
retrieving revision 2.111
diff -u -r2.110 -r2.111
--- Config.pm	10 Apr 2003 17:35:51 -0000	2.110
+++ Config.pm	3 May 2003 16:41:02 -0000	2.111
@@ -1,6 +1,6 @@
 # Vend::Config - Configure Interchange
 #
-# $Id: Config.pm,v 2.110 2003/04/10 17:35:51 mheins Exp $
+# $Id: Config.pm,v 2.111 2003/05/03 16:41:02 racke Exp $
 #
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 # Copyright (C) 2003 ICDEVGROUP <interchange@icdevgroup.org>
@@ -48,7 +48,7 @@
 use Vend::File;
 use Vend::Data;
 
-$VERSION = substr(q$Revision: 2.110 $, 10);
+$VERSION = substr(q$Revision: 2.111 $, 10);
 
 my %CDname;
 my %CPname;
@@ -182,6 +182,7 @@
 
 my %AllowScalarAction = (qw(
 					FileControl			1
+					SOAP_Control		1
 				));
 
 my $StdTags;
@@ -304,6 +305,7 @@
 	['SOAP_MaxRequests', 'integer',           50],
 	['SOAP_StartServers', 'integer',          1],
 	['SOAP_Host',         undef,              'localhost 127.0.0.1'],
+	['SOAP_Control',     'action',           ''],
 	['IPCsocket',		 undef,	     	 	 "$Global::VendRoot/etc/socket.ipc"],
 	['HouseKeeping',     'integer',          60],
 	['Mall',	          'yesno',           'No'],
@@ -520,6 +522,7 @@
 	['SOAP',			 'yesno',			 'No'],
 	['SOAP_Enable',		 'hash',			 ''],
 	['SOAP_Action',		 'action',			 ''],				   
+	['SOAP_Control',     'action',             ''],		  
 	['UserDB',			 'locale',	     	 ''], 
 	['UserDatabase',	 undef,		     	 ''],  #undocumented
 	['RobotLimit',		 'integer',		      0],



2.9       +67 -2     interchange/lib/Vend/SOAP.pm


rev 2.9, prev_rev 2.8
Index: SOAP.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/SOAP.pm,v
retrieving revision 2.8
retrieving revision 2.9
diff -u -r2.8 -r2.9
--- SOAP.pm	18 Mar 2003 13:37:02 -0000	2.8
+++ SOAP.pm	3 May 2003 16:41:02 -0000	2.9
@@ -1,6 +1,6 @@
 # Vend::SOAP - Handle SOAP connections for Interchange
 #
-# $Id: SOAP.pm,v 2.8 2003/03/18 13:37:02 racke Exp $
+# $Id: SOAP.pm,v 2.9 2003/05/03 16:41:02 racke Exp $
 #
 # Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
 #
@@ -34,7 +34,7 @@
 use strict;
 
 use vars qw($VERSION @ISA $AUTOLOAD);
-$VERSION = substr(q$Revision: 2.8 $, 10);
+$VERSION = substr(q$Revision: 2.9 $, 10);
 @ISA = qw/SOAP::Server/;
 
 my %Allowed_tags;
@@ -168,6 +168,60 @@
 	return $result;
 }
 
+my %intrinsic = (local => sub {$CGI::remote_addr eq '127.0.0.1'},
+				never => sub {return 0},
+				always => sub {return 1});
+
+sub soap_gate {
+	my (@args, $status, $subref, $spath);
+
+	# check first global control configuration which takes
+	# precedence, then catalog control configuration
+	for $subref ($Global::SOAP_Control,
+				 $Vend::Cfg->{SOAP_Control}) {
+		@args = @_;
+				
+		while (@args) {
+			$spath = join('/', @args);
+			pop(@args);
+			next unless exists $subref->{$spath};
+
+			if (ref($subref->{$spath}) eq 'CODE') {
+				$status = $subref->{$spath}->($spath);
+			} elsif ($subref->{$spath}) {
+				$status = soap_control_intrinsic($subref->{$spath}, $spath);
+			}
+
+			# check found, done with loop
+			last;
+		}
+
+		last unless $status;
+	}
+	
+	die errmsg("Unauthorized access to '%s' method\n", join('/', @_))
+		unless $status;
+
+	return 1;
+}
+
+sub soap_control_intrinsic {
+	my ($checklist, $action) = @_;
+	my @checks = split /\s*;\s*/, $checklist;
+	my $status = 1;
+
+	for(@checks) {
+		my ($check, @args) = split /:/, $_;
+		my $sub = $intrinsic{$check} or return 0;
+		
+		unless( $sub->($action, @args) ) {
+			$status = 0;
+			last;
+		}
+	}
+	return $status;
+}
+
 # This is used to check the session name. If there is some reason
 # the session is retired, the returned ID will be different from the
 # passed ID and the client can cope.
@@ -218,6 +272,8 @@
 
 sub Values {
 	shift;
+
+	soap_gate('Values');
 	open_soap_session();
 	my $putref;
 	my $ref = $::Values ||= {};
@@ -248,6 +304,8 @@
 
 sub Scratch {
 	shift;
+
+	soap_gate('Scratch');
 	open_soap_session();
 	my $putref;
 	my $ref = $Vend::Session->{scratch};
@@ -263,6 +321,9 @@
 sub Database {
 	shift;
 	my $name = shift;
+	
+	soap_gate('Database', $name);
+
 	my $ref = $Vend::Cfg->{Database};
 	return $ref->{$name} if $name;
 	return $ref;
@@ -300,12 +361,16 @@
 #::logDebug("session " . ::full_dump() );
 
     $routine =~ s/.*:://;
+	
 	if ($Vend::Cfg->{SOAP_Action}{$routine}) {
+		soap_gate ('Action', $routine);
 		$sub = $Vend::Cfg->{SOAP_Action}{$routine};
 		Vend::Interpolate::init_calc();
 		new Vend::Tags;
 	} elsif (! $Allowed_tags{$routine}) {
 		die ::errmsg("Not allowed routine: %s", $routine);
+	} else {
+		soap_gate ('Tag', $routine);
 	}
 
 	my $result;