-/* $Id: yaz-proxy.cpp,v 1.47 2006-03-30 14:16:34 adam Exp $
+/* $Id: yaz-proxy.cpp,v 1.69 2006-06-28 23:38:23 adam Exp $
Copyright (c) 1998-2006, Index Data.
This file is part of the yazproxy.
#define strncasecmp _strnicmp
#endif
-#undef USE_AUTH_MSG
-#define USE_AUTH_MSG 0
-
-#if USE_AUTH_MSG
-#error x
class YAZ_EXPORT Auth_Msg : public IMsg_Thread {
public:
int m_ret;
void Auth_Msg::result()
{
- if (m_proxy->dec_ref(false))
+ if (m_proxy->dec_ref())
{
yaz_log(YLOG_LOG, "Auth_Msg::proxy deleted meanwhile");
}
delete this;
}
-#endif
-
void Yaz_Proxy::result_authentication(Z_APDU *apdu, int ret)
{
if (apdu == 0 || ret == 0)
Z_APDU *apdu_reject = zget_APDU(odr_encode(), Z_APDU_initResponse);
*apdu_reject->u.initResponse->result = 0;
send_to_client(apdu_reject);
- dec_ref(false);
+ dec_ref();
}
else
{
ISocketObservable *the_socket_observable,
Yaz_Proxy *parent)
:
- Z_Assoc(the_PDU_Observable), m_bw_stat(60), m_pdu_stat(60)
+ Z_Assoc(the_PDU_Observable),
+ m_bw_stat(60), m_pdu_stat(60), m_search_stat(60)
{
m_PDU_Observable = the_PDU_Observable;
m_socket_observable = the_socket_observable;
m_bw_max = 0;
m_pdu_max = 0;
m_search_max = 0;
- m_connect_max = 0;
+ m_max_connect = 0;
+ m_max_connect_period = 0;
+ m_limit_connect = 0;
+ m_limit_connect_period = 0;
m_timeout_mode = timeout_normal;
m_timeout_gdu = 0;
m_max_record_retrieve = 0;
m_ref_count = 1;
m_main_ptr_dec = false;
m_peername = 0;
+ m_num_msg_threads = 0;
}
void Yaz_Proxy::inc_ref()
m_config_fname = xstrdup(config);
int r = m_config->read_xml(config);
if (!r)
+ {
+ int period = 60;
m_config->get_generic_info(&m_log_mask, &m_max_clients,
- &m_connect_max);
+ &m_max_connect, &m_limit_connect, &period,
+ &m_num_msg_threads);
+ m_connect.set_period(period);
+ }
return r;
}
void Yaz_Proxy::set_proxy_negotiation (const char *charset, const char *lang,
const char *default_charset)
{
- yaz_log(YLOG_LOG, "%sSet the proxy negotiation: charset to '%s', "
+ yaz_log(YLOG_DEBUG, "%sSet the proxy negotiation: charset to '%s', "
"default charset to '%s', language to '%s'", m_session_str,
charset?charset:"none",
default_charset?default_charset:"none",
else
{
m_log_mask = 0;
+ int period = 60;
cfg->get_generic_info(&m_log_mask, &m_max_clients,
- &m_connect_max);
+ &m_max_connect, &m_limit_connect,
+ &period, &m_num_msg_threads);
+ m_connect.set_period(period);
}
}
else
check_reconfigure();
char session_str[200];
- sprintf(session_str, "%ld:%d ", (long) time(0), m_session_no);
+ const char *peername = the_PDU_Observable->getpeername();
+ if (!peername)
+ peername = "nullpeer";
+
+ if (m_log_mask & PROXY_LOG_IP_CLIENT)
+ sprintf(session_str, "%ld:%d %.80s %d ",
+ (long) time(0), m_session_no, peername, 0);
+ else
+ sprintf(session_str, "%ld:%d %d ",
+ (long) time(0), m_session_no, 0);
m_session_no++;
- const char *peername = the_PDU_Observable->getpeername();
yaz_log (YLOG_LOG, "%sNew session %s", session_str, peername);
- m_connect.cleanup(false);
- m_connect.add_connect(peername);
-
- int connect_total = m_connect.get_total(peername);
- int connect_max = m_connect_max;
- if (connect_max && connect_total > connect_max)
- {
- yaz_log(YLOG_LOG, "%sconnect not accepted total=%d max=%d",
- session_str, connect_total, connect_max);
- return 0;
- }
- yaz_log(YLOG_LOG, "%sconnect accepted total=%d", session_str,
- connect_total);
-
Yaz_Proxy *new_proxy = new Yaz_Proxy(the_PDU_Observable,
m_socket_observable, this);
+
new_proxy->m_config = 0;
new_proxy->m_config_fname = 0;
new_proxy->timeout(m_client_idletime);
new_proxy->set_default_target(m_default_target);
new_proxy->m_max_clients = m_max_clients;
new_proxy->m_log_mask = m_log_mask;
+ new_proxy->m_session_no = m_session_no;
+ new_proxy->m_num_msg_threads = m_num_msg_threads;
+
+#if 0
+ // in case we want to watch a particular client..
+ if (!strcmp(peername, "tcp:163.121.19.82")) // NIS GROUP
+ new_proxy->m_log_mask = 255;
+#endif
+
new_proxy->set_APDU_log(get_APDU_log());
- if (m_log_mask & PROXY_LOG_APDU_CLIENT)
+ if (new_proxy->m_log_mask & PROXY_LOG_APDU_CLIENT)
new_proxy->set_APDU_yazlog(1);
else
new_proxy->set_APDU_yazlog(0);
new_proxy->set_proxy_negotiation(m_proxy_negotiation_charset,
m_proxy_negotiation_lang, m_proxy_negotiation_default_charset);
// create thread object the first time we get an incoming connection
- if (!m_my_thread)
- m_my_thread = new Msg_Thread(m_socket_observable, 1);
+ if (!m_my_thread && m_num_msg_threads > 0)
+ {
+ yaz_log (YLOG_LOG, "%sStarting message thread management. number=%d",
+ session_str, m_num_msg_threads);
+ m_my_thread = new Msg_Thread(m_socket_observable, m_num_msg_threads);
+ }
new_proxy->m_my_thread = m_my_thread;
return new_proxy;
}
m_client_idletime = client_idletime;
timeout(m_client_idletime);
}
+
+ // get those FILE descriptors available
+ m_parent->low_socket_close();
if (cql2rpn_fname)
m_cql2rpn.set_pqf_file(cql2rpn_fname);
+ // reserve them again
+ m_parent->low_socket_open();
+
if (negotiation_charset || negotiation_lang || default_client_query_charset)
{
set_proxy_negotiation(negotiation_charset,
yaz_log (YLOG_LOG, "%sMAXCLIENTS %d Destroy %d",
m_session_str, parent->m_max_clients, c->m_seqno);
if (c->m_server && c->m_server != this)
- delete c->m_server; // PROBLEM: m_ref_count!
- c->m_server = 0;
+ c->m_server->dec_ref();
}
else
{
if (c->m_server && c->m_server != this)
{
c->m_server->m_client = 0;
- delete c->m_server; // PROBLEM: m_ref_count!
+ c->m_server->dec_ref();
}
(parent->m_seqno)++;
c->m_target_idletime = m_target_idletime;
void Yaz_Proxy::convert_records_charset(Z_NamePlusRecordList *p,
const char *backend_charset)
{
- yaz_log(YLOG_LOG, "%sconvert_to_marc", m_session_str);
int sel = m_charset_converter->get_client_charset_selected();
const char *client_record_charset =
m_charset_converter->get_client_query_charset();
yaz_iconv_close(cd);
yaz_marc_destroy(mt);
}
- else
- {
- yaz_log(YLOG_LOG, "%sSkipping marc convert", m_session_str);
- }
}
void Yaz_Proxy::convert_to_marcxml(Z_NamePlusRecordList *p,
z_HTTP_header_add(o, &hres->headers, "Connection", "Keep-Alive");
else
timeout(0);
+ if (code == 401)
+ z_HTTP_header_add(o, &hres->headers, "WWW-Authenticate",
+ "Basic realm=\"YAZ Proxy\"");
+
if (m_log_mask & PROXY_LOG_REQ_CLIENT)
{
{
Z_APDU *new_apdu = create_Z_PDU(Z_APDU_presentResponse);
new_apdu->u.presentResponse->records =
- create_nonSurrogateDiagnostics(odr_encode(), 30,
- pr->resultSetId);
+ create_nonSurrogateDiagnostics(
+ odr_encode(),
+ YAZ_BIB1_SPECIFIED_RESULT_SET_DOES_NOT_EXIST,
+ pr->resultSetId);
+ send_to_client(new_apdu);
+ return 0;
+ }
+ if (start < 1 || toget < 0)
+ {
+ Z_APDU *new_apdu = create_Z_PDU(Z_APDU_presentResponse);
+ new_apdu->u.presentResponse->records =
+ create_nonSurrogateDiagnostics(
+ odr_encode(),
+ YAZ_BIB1_PRESENT_REQUEST_OUT_OF_RANGE,
+ 0);
send_to_client(new_apdu);
return 0;
}
{
Z_APDU *new_apdu = create_Z_PDU(Z_APDU_presentResponse);
new_apdu->u.presentResponse->records =
- create_nonSurrogateDiagnostics(odr_encode(), 13, 0);
+ create_nonSurrogateDiagnostics(
+ odr_encode(),
+ YAZ_BIB1_PRESENT_REQUEST_OUT_OF_RANGE,
+ 0);
send_to_client(new_apdu);
return 0;
}
this_query->set_Z_Query(sr->query);
+ // Check for non-negative piggyback params.
+ if (*sr->smallSetUpperBound < 0
+ || *sr->largeSetLowerBound < 0
+ || *sr->mediumSetPresentNumber < 0)
+ {
+ Z_APDU *new_apdu = create_Z_PDU(Z_APDU_searchResponse);
+ // Not a present request.. But can't find better diagnostic
+ new_apdu->u.searchResponse->records =
+ create_nonSurrogateDiagnostics(
+ odr_encode(),
+ YAZ_BIB1_PRESENT_REQUEST_OUT_OF_RANGE, 0);
+ send_to_client(new_apdu);
+ return 0;
+ }
+
char query_str[120];
this_query->print(query_str, sizeof(query_str)-1);
yaz_log(YLOG_LOG, "%sSearch %s", m_session_str, query_str);
if (toget > m_client->m_last_resultCount)
toget = m_client->m_last_resultCount;
-
+
if (sr->mediumSetElementSetNames)
{
comp = (Z_RecordComposition *)
void Yaz_Proxy::inc_request_no()
{
- char *cp = strchr(m_session_str, ' ');
m_request_no++;
- if (cp)
+ char *cp = m_session_str + strlen(m_session_str)-1;
+ if (*cp == ' ')
+ cp--;
+ while (*cp && *cp != ' ')
+ cp--;
+ if (*cp)
sprintf(cp+1, "%d ", m_request_no);
}
yaz_log (YLOG_LOG, "%sReceiving %s from client %d bytes",
m_session_str, gdu_name(apdu), len);
+#if 0
+ // try to make a _bad_ attribute set ID .. Don't enable this in prod.
+ if (apdu->which == Z_GDU_Z3950
+ && apdu->u.z3950->which == Z_APDU_searchRequest)
+ {
+ Z_SearchRequest *req = apdu->u.z3950->u.searchRequest;
+ if (req->query && req->query->which == Z_Query_type_1)
+ {
+ Z_RPNQuery *rpnquery = req->query->u.type_1;
+ if (rpnquery->attributeSetId)
+ {
+ rpnquery->attributeSetId[0] = -2;
+ rpnquery->attributeSetId[1] = -1;
+ yaz_log(YLOG_WARN, "%sBAD FIXUP TEST", m_session_str);
+ }
+ }
+ }
+#endif
+
#if HAVE_GETTIMEOFDAY
gettimeofday((struct timeval *) m_time_tv, 0);
#endif
m_pdu_stat.add_bytes(1);
GDU *gdu = new GDU(apdu);
- m_in_queue.enqueue(gdu);
+ if (gdu->get() == 0)
+ {
+ delete gdu;
+ yaz_log(YLOG_LOG, "%sUnable to encode package", m_session_str);
+ m_in_queue.clear();
+ dec_ref();
+ return;
+ }
+ m_in_queue.enqueue(gdu);
recv_GDU_more(false);
}
+void Yaz_Proxy::HTTP_Forwarded(Z_GDU *z_gdu)
+{
+ if (z_gdu->which == Z_GDU_HTTP_Request)
+ {
+ Z_HTTP_Request *hreq = z_gdu->u.HTTP_Request;
+ const char *x_forwarded_for =
+ z_HTTP_header_lookup(hreq->headers, "X-Forwarded-For");
+ if (x_forwarded_for)
+ {
+ xfree(m_peername);
+ m_peername = (char*) xmalloc(strlen(x_forwarded_for)+5);
+ sprintf(m_peername, "tcp:%s", x_forwarded_for);
+
+ yaz_log(YLOG_LOG, "%sHTTP Forwarded from %s", m_session_str,
+ m_peername);
+ if (m_log_mask & PROXY_LOG_IP_CLIENT)
+ sprintf(m_session_str, "%ld:%d %.80s %d ",
+ (long) time(0), m_session_no, m_peername, m_request_no);
+ else
+ sprintf(m_session_str, "%ld:%d %d ",
+ (long) time(0), m_session_no, m_request_no);
+ }
+ }
+}
+
+void Yaz_Proxy::connect_stat(bool &block, int &reduce)
+{
+
+ m_parent->m_connect.cleanup(false);
+ m_parent->m_connect.add_connect(m_peername);
+
+ int connect_total = m_parent->m_connect.get_total(m_peername);
+ int max_connect = m_parent->m_max_connect;
+
+ if (max_connect && connect_total > max_connect)
+ {
+ yaz_log(YLOG_LOG, "%sconnect not accepted total=%d max=%d",
+ m_session_str, connect_total, max_connect);
+ block = true;
+ }
+ else
+ block = false;
+ yaz_log(YLOG_LOG, "%sconnect accepted total=%d", m_session_str,
+ connect_total);
+
+ int limit_connect = m_parent->m_limit_connect;
+ if (limit_connect)
+ reduce = connect_total / limit_connect;
+ else
+ reduce = 0;
+}
+
void Yaz_Proxy::recv_GDU_reduce(GDU *gdu)
{
+ HTTP_Forwarded(gdu->get());
+
int reduce = 0;
+
+ if (m_request_no == 1)
+ {
+ bool block = false;
+
+ connect_stat(block, reduce);
+
+ if (block)
+ {
+ m_timeout_mode = timeout_busy;
+ timeout(0);
+ return;
+ }
+ }
int bw_total = m_bw_stat.get_total();
int pdu_total = m_pdu_stat.get_total();
+ int search_total = m_search_stat.get_total();
assert(m_timeout_mode == timeout_busy);
assert(m_timeout_gdu == 0);
+ if (m_search_max)
+ reduce += search_total / m_search_max;
if (m_bw_max)
- {
- if (bw_total > m_bw_max)
- {
- reduce = (bw_total/m_bw_max);
- }
- }
+ reduce += (bw_total/m_bw_max);
if (m_pdu_max)
{
if (pdu_total > m_pdu_max)
#endif
if (reduce)
{
- yaz_log(YLOG_LOG, "%sdelay=%d bw=%d pdu=%d limit-bw=%d limit-pdu=%d",
- m_session_str, reduce, bw_total, pdu_total,
- m_bw_max, m_pdu_max);
+ yaz_log(YLOG_LOG, "%sdelay=%d bw=%d pdu=%d search=%d limit-bw=%d limit-pdu=%d limit-search=%d",
+ m_session_str, reduce, bw_total, pdu_total, search_total,
+ m_bw_max, m_pdu_max, m_search_max);
m_timeout_mode = timeout_reduce;
m_timeout_gdu = gdu;
while (m_timeout_mode == timeout_normal && (g = m_in_queue.dequeue()))
{
m_timeout_mode = timeout_busy;
+ inc_ref();
recv_GDU_reduce(g);
+ if (dec_ref())
+ break;
}
}
return ret;
}
+int Yaz_Proxy::handle_global_authentication(Z_APDU *apdu)
+{
+ if (apdu->which != Z_APDU_initRequest)
+ return 1; // pass if no init request
+ Z_InitRequest *req = apdu->u.initRequest;
+
+ Yaz_ProxyConfig *cfg = check_reconfigure();
+ if (!cfg)
+ return 1; // pass if no config
+
+ int ret;
+ if (req->idAuthentication == 0)
+ {
+ ret = cfg->global_client_authentication(0, 0, 0,
+ m_peername);
+ }
+ else if (req->idAuthentication->which == Z_IdAuthentication_idPass)
+ {
+ ret = cfg->global_client_authentication(
+ req->idAuthentication->u.idPass->userId,
+ req->idAuthentication->u.idPass->groupId,
+ req->idAuthentication->u.idPass->password,
+ m_peername);
+ }
+ else if (req->idAuthentication->which == Z_IdAuthentication_open)
+ {
+ char user[64], pass[64];
+ *user = '\0';
+ *pass = '\0';
+ sscanf(req->idAuthentication->u.open, "%63[^/]/%63s", user, pass);
+ ret = cfg->global_client_authentication(user, 0, pass,
+ m_peername);
+ }
+ else
+ ret = cfg->global_client_authentication(0, 0, 0, m_peername);
+ return ret;
+}
+
Z_APDU *Yaz_Proxy::handle_syntax_validation(Z_APDU *apdu)
{
m_marcxml_mode = none;
if (strcmp(hreq->method, "GET"))
return 0;
if (hreq->path[0] != '/')
- {
- yaz_log(YLOG_WARN, "Bad path: %s", hreq->path);
return 0;
- }
const char *cp = hreq->path;
while (*cp)
{
if (*cp == '/' && strchr("/.", cp[1]))
- {
- yaz_log(YLOG_WARN, "Bad path: %s", hreq->path);
return 0;
- }
cp++;
}
+
+ Yaz_ProxyConfig *cfg = check_reconfigure();
+
+ if (!cfg->get_file_access_info(hreq->path+1))
+ return 0;
+
const char *fname = hreq->path+1;
if (stat(fname, &sbuf))
{
- yaz_log(YLOG_WARN|YLOG_ERRNO, "%s: stat failed", fname);
+ yaz_log(YLOG_LOG|YLOG_ERRNO, "%sstat failed for %s", m_session_str,
+ fname);
return 0;
}
if ((sbuf.st_mode & S_IFMT) != S_IFREG)
{
- yaz_log(YLOG_WARN, "%s: not a regular file", fname);
+ yaz_log(YLOG_LOG, "%sNot a regular file %s", m_session_str, fname);
return 0;
}
if (sbuf.st_size > (off_t) 1000000)
{
- yaz_log(YLOG_WARN, "%s: too large for transfer", fname);
+ yaz_log(YLOG_WARN, "%sFile %s too large for transfer", m_session_str,
+ fname);
return 0;
}
ODR o = odr_encode();
- Yaz_ProxyConfig *cfg = check_reconfigure();
+
const char *ctype = cfg->check_mime_type(fname);
Z_GDU *gdu = z_get_HTTP_Response(o, 200);
Z_HTTP_Response *hres = gdu->u.HTTP_Response;
Z_SRW_diagnostic *diagnostic = 0;
int num_diagnostic = 0;
+ yaz_log(YLOG_LOG, "%s%s %s", m_session_str, hreq->method, hreq->path);
+
if (file_access(hreq))
{
return;
if (srw_pdu->which == Z_SRW_searchRetrieve_request)
{
+
Z_SRW_searchRetrieveRequest *srw_req = srw_pdu->u.request;
const char *backend_db = srw_req->database;
handle_charset_lang_negotiation(apdu2);
+ if (m_timeout_mode == timeout_busy)
+ m_timeout_mode = timeout_normal;
send_to_client(apdu2);
- m_timeout_mode = timeout_normal;
return;
}
}
m_client->m_init_flag = 1;
-#if USE_AUTH_MSG
- Auth_Msg *m = new Auth_Msg;
- m->m_proxy = this;
- z_APDU(odr_encode(), &apdu, 0, "encode");
- char *apdu_buf = odr_getbuf(odr_encode(), &m->m_apdu_len, 0);
- m->m_apdu_buf = (char*) nmem_malloc(m->m_nmem, m->m_apdu_len);
- memcpy(m->m_apdu_buf, apdu_buf, m->m_apdu_len);
- odr_reset(odr_encode());
-
- inc_ref();
- m_my_thread->put(m);
-#else
- int ret = handle_authentication(apdu);
- result_authentication(apdu, ret);
-#endif
+ if (m_num_msg_threads && m_my_thread)
+ {
+ Auth_Msg *m = new Auth_Msg;
+ m->m_proxy = this;
+ z_APDU(odr_encode(), &apdu, 0, "encode");
+ char *apdu_buf = odr_getbuf(odr_encode(), &m->m_apdu_len, 0);
+ m->m_apdu_buf = (char*) nmem_malloc(m->m_nmem, m->m_apdu_len);
+ memcpy(m->m_apdu_buf, apdu_buf, m->m_apdu_len);
+ odr_reset(odr_encode());
+
+ inc_ref();
+ m_my_thread->put(m);
+ }
+ else
+ {
+ int ret = handle_authentication(apdu);
+ result_authentication(apdu, ret);
+ }
}
void Yaz_Proxy::handle_incoming_Z_PDU(Z_APDU *apdu)
apdu = m_initRequest_apdu; // but throw an init to the target
}
+ if (apdu->which == Z_APDU_searchRequest)
+ m_search_stat.add_bytes(1);
+
+ // Handle global authentication
+ if (!handle_global_authentication(apdu))
+ {
+ if (m_http_version)
+ { // HTTP. Send unauthorized
+ send_http_response(401);
+ return;
+ }
+ else
+ {
+ // Z39.50 just shutdown
+ timeout(0);
+ return;
+ }
+ return;
+ }
+
// Determine our client.
Z_OtherInformation **oi;
get_otherInfoAPDU(apdu, &oi);
else
{
// Z39.50 just shutdown
- delete this;
+ timeout(0);
return;
}
}
m_parent->pre_init();
}
-bool Yaz_Proxy::dec_ref(bool main_ptr)
+bool Yaz_Proxy::dec_ref()
{
- assert(m_ref_count > 0);
- if (main_ptr)
- {
- if (m_main_ptr_dec)
- return false;
- m_main_ptr_dec = true;
- }
-
m_http_keepalive = 0;
--m_ref_count;
if (m_server)
{
- m_waiting = 1; // ensure it's released from Proxy in releaseClient
- m_server->dec_ref(true);
+ m_waiting = 1; // ensure it's released from Yaz_Proxy::releaseClient
+ m_server->dec_ref();
}
else
delete this;
void Yaz_Proxy::failNotify()
{
inc_request_no();
- yaz_log (YLOG_LOG, "%sConnection closed by client",
- get_session_str());
- dec_ref(true);
+ yaz_log (YLOG_LOG, "%sConnection closed by client", get_session_str());
+ dec_ref();
}
void Yaz_Proxy::send_response_fail_client(const char *addr)
inc_request_no();
m_in_queue.clear();
yaz_log (YLOG_LOG, "%sTimeout (client to proxy)", m_session_str);
- dec_ref(true);
+ dec_ref();
break;
case timeout_reduce:
timeout(m_client_idletime);
if (m_server)
m_server->send_response_fail_client(get_hostname());
+
+ Yaz_Proxy *proxy_root = m_root;
+
shutdown();
- m_root->pre_init();
+ proxy_root->pre_init();
}
Yaz_ProxyClient::Yaz_ProxyClient(IPDU_Observable *the_PDU_Observable,
*apdu->u.initResponse->maximumRecordSize;
Z_InitResponse *ir = apdu->u.initResponse;
+
+ // apply YAZ Proxy version
+ char *imv0 = ir->implementationVersion;
+ char *imv1 = (char*)
+ odr_malloc(m_init_odr, 20 + (imv0 ? strlen(imv0) : 0));
+ *imv1 = '\0';
+ if (imv0)
+ strcat(imv1, imv0);
+#ifdef VERSION
+ strcat(imv1, "/" VERSION);
+#endif
+ ir->implementationVersion = imv1;
+
+ // apply YAZ Proxy implementation name
char *im0 = ir->implementationName;
-
char *im1 = (char*)
odr_malloc(m_init_odr, 20 + (im0 ? strlen(im0) : 0));
*im1 = '\0';