LP#1485374: add way for C code to make TZ-aware subrequests This patch adds a helper routine to allow C methods to make subrequests that pass the client time zone along. This helper is in turn used during authentication to ensure that the user object that is returned has timestamps that are in the time zone of the client that makes the original authentication request. Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org> Conflicts: Open-ILS/src/c-apps/oils_auth.c Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
LP#1468422 Auth efficiency improvements 1. Adds an oils_utils function for retrieving the ID of the root org unit. 2. Avoid multiple cstore/db lookups for the root org unit by caching the ID at the process level. 3. Move permission checks from open-ils.storage to open-ils.cstore. Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Call set_audit_info and clear_audit_info DB funcs Set whenever we can (including automatically via pcrud) Clear whenever we disconnect (hopefully) from a location we set from. Signed-off-by: Thomas Berezansky <tsbere@mvlc.org> Signed-off-by: Jason Stephenson <jstephenson@mvlc.org> Signed-off-by: Mike Rylander <mrylander@gmail.com>
User activity tracking: open-ils.auth additions * Creates usr_activity entries for login and authentication verification requests * Adds a new parameter to open-ils.auth.authenticate.[complete|verify] methods called "agent" which maps to the usr_activity column for "ewho" (the UI or 3rd-party that initiated the action). * Adds a new API call "open-ils.auth.authenticate.verify", which behaves almost identically to authenticate.complete, with the exception that it does not "log in" (i.e. create an auth token and cache the user object). Instead, it simply returns a SUCCESS event if the username/barcode and password combination are valid. Signed-off-by: Bill Erickson <berick@esilibrary.com> Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Qstore: support LIMIT and OFFSET clauses. Also: add some links to the IDL, that should have been there in the first place. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/buildSQL.c M Open-ILS/src/sql/Pg/002.schema.config.sql M Open-ILS/src/sql/Pg/008.schema.query.sql A Open-ILS/src/sql/Pg/upgrade/0336.schema.query-limit-offset-fkey.sql M Open-ILS/examples/fm_IDL.xml git-svn-id: svn://svn.open-ils.org/ILS/trunk@16922 dcc99617-32d9-48b4-a31d-7c20da2025e4
1. Degrade gracefully when the database connection dies. 2. Validate the user-specified operator in a series expression. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_qstore.c M Open-ILS/src/c-apps/oils_buildq.c M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/oils_execsql.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16834 dcc99617-32d9-48b4-a31d-7c20da2025e4
Support function calls with subfields, e.g. (func(args))."id". Note that this support treats the subfield as an optional component of the functional call, not as a type of expression in its own right. A subsequent commit will eliminate the "xfld" expression type. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/buildSQL.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16821 dcc99617-32d9-48b4-a31d-7c20da2025e4
1. Degrade (relatively) gracefully when the database connection dies. Problem to be solved: a server drone that loses its database connection immediately becomes unusable. It might manage to reconnect, but that wouldn't help if a transaction was in progress at the time of the failure. If the drone merely reports an error and then makes itself available for more requests, every request that it services thereafter will fail. It will continue to fail repeatedly until it reaches the max_requests limit, or until someone kills it manually. Solution: terminate immediately, without waiting for max_requests or a DISCONNECT request. The listener can replace it with a new drone, which will try to establish its own database connection. 2. Correct an oversigt in doUpdate() and doDelete(). If the database operation fails, report an error to the client. The old code would log an error message but otherwise behave as if the operation had succeeded. It is conceivable that this change will appear to break something, because an operation will fail that would otherwise have appeared to succeed. However if that happens, whatever breaks was already broken; the appearance of success was a snare and a delusion. M Open-ILS/include/openils/oils_sql.h M Open-ILS/src/c-apps/oils_sql.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16808 dcc99617-32d9-48b4-a31d-7c20da2025e4
1. In oils_sql.c: make the functions is_identifier() and is_good_operator() global instead of static. 2. Use them to protect qstore against various forms of sql injection. M Open-ILS/include/openils/oils_sql.h M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/oils_sql.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16771 dcc99617-32d9-48b4-a31d-7c20da2025e4
Support CAST expressions, taking care to avoid SQL injection. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/buildSQL.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16738 dcc99617-32d9-48b4-a31d-7c20da2025e4
1. Support function calls in the FROM clause. 2. Support wildcards in the SELECT clause. WARNING: the presence of a wildcard in the SELECT clause is likely to disrupt a GROUP BY by renumbering the columns. Also: the "columns" method currently cannot return the names of the columns into which a wild card is expanded. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/buildSQL.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16628 dcc99617-32d9-48b4-a31d-7c20da2025e4
Added a new login type "persist", as a peer of "opac", "staff", and "temp". It is intended for sessions that may stay open for days or weeks at a time even in the absence of activity. The default timeout interval is defined as two weeks in opensrf.xml, and may be overridden by the org unit setting "auth.persistent_login_interval". Timeout resets work a little differently for persistent logins. They have no effect unless the session is within ten minutes of expiring. When they do take effect, they reset the timeout to ten minutes, rather than to the full length of the original timeout. That way we can avoid rudely interrupting an active session without extending it excessively. The ten minute reset interval for persistent timeouts is currently hard-coded. With some further work it could be made configurable. The timeout resets for the older login types still work the way they always have. ------------ In order to make it easier to specify long timeout intervals, the auth server now accepts PostgreSQL-style interval strings, such as "15 minutes" or "2 weeks". Such strings work for any of the login types, and they work either in opensrf.xml or in the org unit setting values. If the timeout setting (in either context) is all digits, then it will be interpreted as an integral number of seconds, as it has been in the past. So existing settings will almost certainly continue to work without change. The exception -- an unlikely one -- is if the existing setting carries a leading plus sign. Under the old regime, a leading plus sign was simply superfluous, and had no effect. With the new version, a leading plus sign means that the following number is to be treated as a number of hours, rather than a number of seconds (just because that's what PostgreSQL does with it). Hence in the unlikely event that existing settings use a leading plus sign, this change will make those timeouts 3600 times as long as they should be. If the timeout interval is expressed as anything other than a string of all digits (possibly with leading and/or trailing white space), we make a database call to get PostgreSQL to interpret it for us. So the convenience of using interval strings comes at the price of some additional overhead. -------------- Besides applying the changes to the C code, it will be necessary to update the opensrf.xml file in order to define a default timeout interval for the new login type. M Open-ILS/include/openils/oils_constants.h M Open-ILS/src/c-apps/oils_auth.c M Open-ILS/examples/opensrf.xml.example git-svn-id: svn://svn.open-ils.org/ILS/trunk@16612 dcc99617-32d9-48b4-a31d-7c20da2025e4
New function oilsUtilsIntervalToSeconds() to translate a string into a number representing the number of seconds in an interval of time. Simple integers are converted directly. Anything else is passed to PostgreSQL to be translated as an interval string. M Open-ILS/include/openils/oils_utils.h M Open-ILS/src/c-apps/oils_utils.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16602 dcc99617-32d9-48b4-a31d-7c20da2025e4
1. Add support for function calls. Note that certain functions have peculiar calling syntax. They will require special handling as exceptions, and are not yet supported. 2. Add a bit of sanity checking for numeric and string literal expressions. 3. Eliminate the function_id member of Expression. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/buildSQL.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16537 dcc99617-32d9-48b4-a31d-7c20da2025e4
Support series expressions, i.e. a series of expressions separated by operators or commas. This construct will be especially useful for chains of ANDs or ORs. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_storedq.c M Open-ILS/src/c-apps/buildSQL.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16526 dcc99617-32d9-48b4-a31d-7c20da2025e4
Plug some memory leaks, and eliminate some unnecessary memory allocations. In oils_utils.[ch]: -- Create a new function, oilsFMGetStringConst(), similar to oilsFMGetString() except that it doesn't allocate memory; it returns a const pointer to a string internal to the specified object. -- Add some comments, tidy up white space. In oils_sql.c: -- Replace oilsFMGetString() with oilsFMGetStringConst in a number of places; partly to reduce memory churn, and partly to plug some memory leaks where the function call was nested within a parameter list. -- Change org_tree_root() so as to return a const pointer to a static buffer (which was already in use as a cache) instead of allocating a copy of the string. This change reduces memory churn. In addition the allocated string was leaking anyway, and now that leak is plugged. M Open-ILS/include/openils/oils_utils.h M Open-ILS/src/c-apps/oils_sql.c M Open-ILS/src/c-apps/oils_utils.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16494 dcc99617-32d9-48b4-a31d-7c20da2025e4
Implement new param_list method, which returns a list of bind variables so that the client can populate them. M Open-ILS/include/openils/oils_buildq.h M Open-ILS/src/c-apps/oils_qstore.c M Open-ILS/src/c-apps/buildSQL.c git-svn-id: svn://svn.open-ils.org/ILS/trunk@16455 dcc99617-32d9-48b4-a31d-7c20da2025e4