Subversion Repositories wimsdev

/*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License as published by

 *  the Free Software Foundation; either version 2 of the License, or

 *  (at your option) any later version.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License

 *  along with this program; if not, write to the Free Software

 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

 */

/* Web exerciser */

#include "wims.h"

struct {

    char *name;

    char *font;

} charname[]={

      {"en","windows-1252"},

      {"fr","windows-1252"},

      {"es","windows-1252"},

      {"cn","gb2312"},

      {"de","windows-1252"},

      {"it","windows-1252"},

      {"nl","windows-1252"},

      {"si","iso-8859-2"},

      {"ar","iso-8859-6"},

      {"tw","big5"},

      {"pt","windows-1252"},

      {"ca","windows-1252"},

      {"pt","windows-1252"},

      {"ru","iso-8859-5"},

      {"ty","iso-8859-13"}

};

#define charname_no (sizeof(charname)/sizeof(charname[0]))

/* left to right or right to left writing */

struct {

    char *name;

    char *dirn;

} dirnname[]={

      {"en","ltr"},

      {"fr","ltr"},

      {"es","ltr"},

      {"cn","ltr"},

      {"de","ltr"},

      {"it","ltr"},

      {"nl","ltr"},

      {"si","ltr"},

      {"ar","rtl"},

      {"tw","ltr"},

      {"pt","ltr"},

      {"ca","ltr"},

      {"pt","ltr"},

      {"ru","ltr"},

      {"ty","ltr"}

};

#define dirnname_no (sizeof(dirnname)/sizeof(dirnname[0]))

#define evalue strevalue

char *robot_session="../tmp/robot";

int robot_access=0,human_access=0;

int user_error_nolog=0;

char *good_agent[]={

      "Mozilla","Netscape","Opera","WIMS",

      "MSIE","Konqueror","Java"

};

#define good_agent_no (sizeof(good_agent)/sizeof(good_agent[0]))

char *bad_agent[]={ /* These are really bad agents: prohibited. */

      "HTTrack","MemoWeb","Teleport","Offline","Wget","eCatch",

      "Powermarks","EmailSiphon", "WebCopier"

};

#define bad_agent_no (sizeof(bad_agent)/sizeof(bad_agent[0]))

/* used for debugging */

int debug=0;

char class_dir[MAX_FNAME+1]; /* directory name of this class */

struct user_variable user_variable[MAX_VAR_NUM];

int user_var_no;

struct VAR_DEF var_def[MAX_VAR_NUM];

int defined_var_total;

/* Destinated to module error messages */

WORKING_FILE m_file,svar_file,mcache[MAX_MCACHE];

int mcachecnt;

/* Limit for any data working files. */

int WORKFILE_LIMIT=2048*1024;

/* whether the user has defined language */

int user_lang=0;

/* for instex grouping */

int instex_cnt=0, getwimstexsize=1;

char instex_src[MAX_LINELEN+1], instex_fname[MAX_LINELEN+1];

char *instex_processor="tex..gif";

/* Cookie management */

char cookiegot[256], cookieset[256], cookieheader[64]="WIMSUSER=";

/* multipart boundary */

char mpboundary[1024];

int  deplen=0; /* length of deposit */

int confset=0; /* set to 1 if setvar for config */

/* Operating mode: default, popup, raw, etc. */

int mode=mode_default;

/* Switch; notice subroutines wherether we are outputing. */

int outputing;

char *home_module="home"; /* name of home module */

extern char **environ;      /* table of environment variables */

int module_defined=0;

        /* directory prefix buffers */

char session_prefix[MAX_FNAME+1], s2_prefix[MAX_FNAME+1], module_prefix[MAX_FNAME+1];

char *stdinbuf;

int sesrandomtab[MAX_SESRANDOM]; /* session random values */

char multiexec_random[64];

int executed_gotos; /* number of goto's executed. to check with GOTO_LIMIT. */

int insert_no; /* number of instex, insplot, insPLOT. */

int output_length; /* length of the output. */

int isexam=0; /* non-zero if request is exam */

int simuxam=0; /* exam is simulation */

int is_multiexec=0; /* for execredirected */

int multiexec_index;

int direct_datafile=0;

int exec_is_module=0;

  /* root directory of modules */

char *module_dir="modules";

int new_session=0; /* =1 if new session created */

int good_httpd=0; /* Whether the http server is intelligent */

/* int internal_sql=0; */ /* for internal sql use */

int direct_exec=0; /* calc routine is exected by exec if 1 */

int print_precision=8; /* precision when printing real numbers */

int session_serial; /* request serial for session control */

int form_access=0; /* identifies form access, for robot identification */

int lastout_file=-1; /* file to hold last output */

char *instex_style=""; /* "": text "$": math "$$": displaymath */

int instex_usedynamic=0; /* always dynamic if 1 */

int wrapexec=0; /* if set to 1, change uid (nobody) to euid (wims).

                 * if set to -1, change euid to uid when exec(). */

int parm_restore=0; /* Restoring saved parameters? */

int exec_wait=1; /* whether to wait for fork return */

int execnt=0; /* count executions */

int readnest; /* nested read count */

int mfilecnt=0; /* count working files */

int forceresume=0; /* force user to resume old request */

int manageable=0; /* whether the connection may be site manager

                   * 0: no; 1: maybe; 2: sure */

int ismhelp=0;  /* 1 if session is in mhelp. */

int getvar_len; /* length of the last-got variable. */

int noout=0; /* if set to 1 then output is skipped */

char tmp_dir[MAX_FNAME+1]; /* temporary directory */

char *bin_dir="bin"; /* directory containing executable scripts and programs. */

char cwdbuf[MAX_FNAME+1]; /* store current working directory */

char var_hacking=0; /* Trying to hack a variable? */

char *tmp_debug="no";

char *tmp_debug_var="";

char ins_alt[MAX_LINELEN+1]; /* dynamic insertion alternative text */

char *devel_modules="close"; /* whether to open devel modules */

int isclassmodule=0; /* 1 if the module is class module */

int isdevelmodule=0; /* development module? */

int setcookie=0; /* 1 if need to set cookie */

int killpid=0; /* pid of process to kill by alarm */

char *mathalign_sup1, *mathalign_sup2; /* see mathalign_base */

int substnest=0; /* nesting level of substit() */

int exodepOK=1;

long int startmtime; /* start time in milliseconds */

long int startmtime2; /* start time in microseconds */

int backslash_insmath=0; /* \(...) substitution? */

char examlogf[MAX_FNAME+1]; /* examlog file name */

char examlogd[MAX_FNAME+1]; /* examlog file name */

char exam_sheetexo[32]; /* sheet data of an exam */

char loadavg[64];

/* user file variable access control. */

char *var_readable, *var_writable, *var_nr, *var_nw, *var_pfx;

int hostcquota;

int var_noexport; /* do not export variable */

char tmplbuf[MAX_LINELEN+1]; /* for temporary uses not thru subroutines. */

struct tm *now, Now; /* time of request */

time_t nowtime, limtime, limtimex;

char nowstr[32];

/* Resource limits. Capital names are reserved by system. */

int rlimit_cpu=20;  /* cpu time in seconds */

int rlimit_fsize=8388608;/* file size */

int rlimit_as=614457600;/* virtual memory size */

int rlimit_data=204857600;/* data segment size; maxima requires a lot (must be lower than rlimit_as)*/

int rlimit_stack=2097152;/* stack size */

int rlimit_core=0; /* core dump size */

int rlimit_rss=16777216; /* resident size */

int rlimit_nproc=1024; /* number of processes */

int rlimit_nofile=512; /* number of open files */

int rlimit_memlock=2097152;/* locked-in-memory address space */

char *var_str; /* malloc'ed buffer to hold translated query_string */

/* buffer to hold module's variable definition file, malloc'ed. */

char *var_def_buf;

/* job_identifier is even a reserved variable name */

char job_identifier[32];

/* site manager definition IPv4 IPv6*/

char *manager_site="127.0.0.1 ::1";

int   manager_https=0;

/* sheet and exercise information */

int wims_sheet=0,wims_exo=0;

/* Form method: get or post */

char *default_form_method="post";

/* Je suis maintenant oblige de passer a l'anglais

 * pour la langue de defaut.

 */

char lang[16]="en";

char available_lang[MAX_LANGUAGES][4]={"en","fr"};

int available_lang_no=2;

char pre_language[4]="";

FILE *trace_file;

int trace_indent=0;

char *protocol="http"; /* http or https */

/* check for coordinate input. This will mean that

 * the request is manual, but not robot.

 */

int coord_input=0;

/* These are readonly environment variable names

 * special parm used for special cmds (getins, etc).

 */

char *ro_name[]={

      "cmd" ,

      "empty",

      "lang" ,

      "module" ,

      "session" ,

      "special_parm",

      "special_parm2",

      "special_parm3",

      "special_parm4",

      "useropts" ,

      "wims_session",

      "wims_subsession",

      "wims_window",

      "worksheet"

};

int RO_NAME_NO=(sizeof(ro_name)/sizeof(ro_name[0]));

int cmd_type;

char *commands[]={

    "intro" , "new" , "renew" , "reply" , "config" , "hint" , "help" ,

      "resume", "next", "getins", "getframe", "getfile", "close", "ref"

};

int CMD_NO=(sizeof(commands)/sizeof(commands[0]));

/* stat=0: saved variables

 * all names starting with wims_priv_ are also internal.

 */

struct internal_name internal_name[]={

      {"accessright", 1}, /* right to access commercial resources */

      {"caller", 1}, /* caller session */

      {"check", 1}, /* for exam check use */

      {"class", 1},

      {"class_examlog", 1},

      {"class_exolog", 1},

      {"class_limit", 1},

      {"class_quota", 1},

      {"class_regpass", 1},

      {"class_user_limit", 1},

      {"classdir", 1},

      {"classname", 1},

      {"devel_modules", 1},

      {"developer", 1},

      {"doc_quota", 1},

      {"doc_regpass", 1},

      {"email", 1},

      {"exo", 0}, /* exercise number */

      {"exoption", 1}, /* exercise option */

      {"firstname", 1},

      {"forum_limit", 1},

      {"home", 1},

      {"institutionname", 1},

      {"isexam", 0}, /* whether the sheet is an exam sheet */

      {"ismanager", 0},

      {"lastname", 1},

      {"mode", 0}, /* operating mode */

      {"module_start_time", 0},

      {"now", 1}, /* date and time, yyyymmdd.hh:mm:ss */

      {"nowseconds", 1}, /* date and time, seconds since EPOCH */

      {"nr", 1}, /* non-readable variables in user file, words */

      {"nw", 1}, /* non-writable variables in user file, words */

      {"otherclass", 1}, /* Remember other logins */

      {"participate", 1}, /* superclass definition */

      {"prefix", 1}, /* user file prefix */

      {"protocol", 0}, /* http protocol */

      {"rafale", 0}, /* rapidfire request information */

      {"readable", 1}, /* readable variables in user file, words */

      {"realuser", 1}, /* real user for supervisor in gateway */

      {"req_time", 0}, /* time of the request */

      {"sclassdir", 1},

      {"scorereg", 0}, /* score registration flag */

      {"seed", 0},

      {"seed_repeat",0},

      {"seed_score", 0},

      {"sequence", 0}, /* sequence number */

      {"sescookie", 1}, /* session cookie */

      {"sesdir", 1},

      {"session_serial", 0}, /* request serial in the session */

      {"session_start_time", 0},

      {"sheet", 0}, /* sheet number */

      {"sup_secure", 1}, /* secure level of supervisor */

      {"superclass", 1}, /* superclass code */

      {"superclass_quota", 1},

      {"supertype", 1}, /* superclass type */

      {"supervise", 1}, /* superclass definition */

      {"supervisor", 1}, /* real name of the supervisor */

      {"supervisormail",1}, /* email of supervisor */

      {"trustfile", 1}, /* trusted files in special adm modules */

      {"useropts", 1}, /* user options */

      {"writable", 1}, /* writable variables in user file, words */

};

int INTERNAL_NAME_NO=(sizeof(internal_name)/sizeof(internal_name[0]));

char *httpd_vars[]={

      "HTTP_ACCEPT",

      "HTTP_ACCEPT_CHARSET",

      "HTTP_ACCEPT_LANGUAGE",

      "HTTP_COOKIE",

      "HTTP_HOST",

      "HTTP_USER_AGENT",

      "HTTP_X_REQUESTED_WITH",

      "HTTPS",

      "QUERY_STRING",

      "REMOTE_HOST",

      "REMOTE_ADDR",

      "REMOTE_PORT",

      "REQUEST_METHOD",

      "SCRIPT_NAME",

      "SERVER_NAME",

      "SERVER_SOFTWARE",

      "SERVER_PROTOCOL"

};

#define HTTPD_VAR_NO (sizeof(httpd_vars)/sizeof(httpd_vars[0]))

/* security: these variables will not be visible to child processes */

char *unsetvars[]={

 "DOCUMENT_ROOT","SERVER_SIGNATURE","SERVER_SOFTWARE",

      "UNIQUE_ID","HTTP_KEEP_ALIVE","SSL_SESSION_ID"

};

#define unsetvarcnt (sizeof(unsetvars)/sizeof(unsetvars[0]))

int httpd_type=httpd_apache;

char *remote_addr=""; /* storing for performance */

char *remote_host="";

char ref_name[2048], ref_base[2048];

void put_special_page(char *pname);

void useropts(void);

/* Make certain httpd variables readable by modules */

void take_httpd_vars(void)

{

    int i;

    char *p, buf[MAX_NAMELEN+1];

    var_noexport=1;

    for(i=0;i<HTTPD_VAR_NO;i++) {

     snprintf(buf,sizeof(buf),"httpd_%s",httpd_vars[i]);

     if((p=getenv(httpd_vars[i]))!=NULL) setvar(buf,p);

    }

    var_noexport=0;

    for(i=0;i<unsetvarcnt;i++) unsetenv(unsetvars[i]);

     /* IPv4 IPv6*/

    p=getenv("REMOTE_ADDR");if(p!=NULL && (strcmp(p,"127.0.0.1")==0 || strcmp(p,"::1")==0)) human_access=1;

    p=getenv("HTTP_REFERER"); if(p!=NULL && *p!=0) setvar("wims_referer",p);

}

/* cookie2session */

void cookie2session(void)

{

    char cksession[64], psession[32], *ckey, *p;

    char nbuf[MAX_FNAME+1];

    if(mode==mode_popup) return;

    if(cookiegot[0]==0) {

     ckset: cookiegot[0]=0; setcookie=1; return;

    }

    p=getvar("special_parm");

    if(p!=NULL && strcmp(p,"ignorecookie")==0) return;

    mystrncpy(cksession,cookiegot,sizeof(cksession));

    ckey=strchr(cksession,'-');

    if(ckey==NULL) goto ckset; else *ckey++=0;

    p=getvar("wims_session"); if(p==NULL) p="";

    if(strstr(p,"new")!=NULL) goto ckset;

    mystrncpy(psession,p,sizeof(psession));

    p=strchr(psession,'_'); if(p!=NULL) *p=0;

    if(psession[0]!=0) {

      if(strcmp(psession,cksession)==0) return;

      if(session_exists(psession)) goto ckset;

      if(session_exists(cksession)) goto change;

    }

    else {

      if(!session_exists(cksession)) return;

      change:

      p=getenv("HTTPS");

      if(p!=NULL && strcasecmp(p,"on")==0) goto ckset;

      mkfname(nbuf,"%s/%s/var",session_dir,cksession);

      getdef(nbuf,"w_wims_ismanager",tmplbuf);

      if(tmplbuf[0]!=0 && tmplbuf[0]!='0') goto ckset;

      getdef(nbuf,"w_wims_protocol",tmplbuf);

      if(strcasecmp(tmplbuf,"https")==0) goto ckset;

      mkfname(nbuf,"%s/%s/var.stat",session_dir,cksession);

      getdef(nbuf,"wims_user",tmplbuf);

      if(tmplbuf[0]!=0) goto ckset;

      force_setvar(ro_name[ro_session],cksession);

      setsesdir(cksession);

      force_setvar("wims_subsession","");

      session_serial=0;

    }

}

void determine_font(char *l)

{

    int i;

    if(l==NULL || *l==0) return;

    for(i=0;i<charname_no && memcmp(charname[i].name,l,2);i++);

    if(i<charname_no) setvar("wims_main_font",charname[i].font);

}

void determine_dirn(char *l)

{

    int i;

    if(l==NULL || *l==0) return;

    for(i=0;i<dirnname_no && memcmp(dirnname[i].name,l,2);i++);

    if(i<dirnname_no) setvar("wims_main_dirn",dirnname[i].dirn);

}

void predetermine_language(void)

{

    char *p;

    int i,n;

    if(pre_language[0]!=0) p=pre_language;

    else p=getenv("HTTP_ACCEPT_LANGUAGE");

    if(p!=NULL && strlen(p)>=2) {

      for(i=0;i<available_lang_no && memcmp(p,available_lang[i],2)!=0;i++);

      if(i<available_lang_no) goto lend;

    }

    p=getenv("HTTP_USER_AGENT");

    if(p!=NULL && strlen(p)>=5) {

      char *q;

      if((q=strchr(p,'['))!=NULL && islower(*(q+1)) && islower(*(q+2)) && *(q+3)==']') {

          char bb[4];

          bb[0]=*(q+1);bb[1]=*(q+2);bb[2]=0;

          for(i=0;i<available_lang_no && memcmp(bb,available_lang[i],2)!=0;i++);

          if(i<available_lang_no) {

            memmove(lang,bb,2); lang[2]=0;

            goto lend2;

          }

      }

    }

    p=getenv("HTTP_HOST"); if(p==NULL) goto lend2;

    n=strlen(p); if(n<=3 || *(p+n-3)!='.') goto lend2;

    p=p+n-2;

    for(i=0;i<available_lang_no && memcmp(p,available_lang[i],2)!=0;i++);

    if(i<available_lang_no) {

      lend: memmove(lang,p,2); lang[2]=0;

      lend2: determine_font(lang);determine_dirn(lang);

    }

}

/* print a special page */

void put_special_page(char *pname)

{

    determine_font(lang);

    determine_dirn(lang);

    phtml_put_base(mkfname(NULL,"%s.phtml.%s",pname,lang),0);

    write_logs();free(var_str);

}

/* check whether the connection is a site manager. */

void manager_check(void)

{

    char *p, *pp, buf[16];

    struct stat confstat;

    int i;

    manageable=0;

    if(robot_access || *manager_site==0 || checkhost(manager_site)<1)

      goto mend;

    if(manager_https) {

      p=getenv("HTTPS");

      if(p==NULL || strcmp(p,"on")!=0) goto mend;

    }

/* IPv4 IPv6*/

    if(strcmp(remote_addr,"127.0.0.1")==0 || strcmp(remote_addr,"::1")==0) {

      int port, port2;

      char tester[128];

      p=getenv("REMOTE_PORT"); if(p==NULL) goto mend;

      port=atoi(p); if(port<1024 || port>65535) goto mend;

      p=getenv("SERVER_PORT"); if(p==NULL) goto mend;

      port2=atoi(p); if(port2>=10000 || port2<=0) goto mend;

/* this is very non-portable */

      manageable=1;

      accessfile(tmplbuf,"r","/proc/net/tcp");

      snprintf(tester,sizeof(tester)," 0100007F:%04X 0100007F:%04X ",

             port,port2);

      p=strstr(tmplbuf,tester);

      if(p!=NULL) {

          pp=strchr(p,'\n'); if(pp!=NULL) *pp=0;

          if(strlen(p)>=75) {

            p=find_word_start(p+70); *find_word_end(p)=0;

            if(atoi(p)==geteuid()) manageable=2;

          }

      }

    }

    else manageable=1;

    i=stat(config_file,&confstat);

    if(i==0 && manageable>0 && (confstat.st_mode&(S_IRWXO|S_IRWXG))!=0) manageable=-1;

    if(manageable>0 && !trusted_module()) manageable=0;

    if(manageable==1) {

      accessfile(tmplbuf,"r","%s/.manager",session_prefix);

      if(strstr(tmplbuf,"yes")!=NULL) manageable=2;

    }

    if(manageable==1) {

      p=getvar(ro_name[ro_module]);

      if(p!=NULL && strncmp(p,"adm/manage",strlen("adm/manage"))==0) {

          struct stat pstat;

          if(stat("../log/.wimspass",&pstat)==0) {

            if((S_IFMT&pstat.st_mode)!=S_IFREG ||

               ((S_IRWXO|S_IRWXG)&pstat.st_mode)!=0)

              manageable=-2;

          }

      }

    }

    mend:

    mystrncpy(buf,int2str(manageable),sizeof(buf));

    force_setvar("wims_ismanager",buf);

    if(manageable>=2) {

      struct rlimit rlim;

      rlimit_cpu*=10;

      rlim.rlim_cur=rlim.rlim_max=rlimit_cpu;

      setrlimit(RLIMIT_CPU,&rlim);

      mystrncpy(buf,int2str(rlimit_cpu),sizeof(buf));

      setvar("wims_cpu_limit",buf);

      initalarm();

    }

}

/* check for robot access */

void robot_check(void)

{

    char *ua, *p, *ses, *c, *mod;

    int i;

    if(human_access) return;

    mod=getvar(ro_name[ro_module]);

    if(mod!=NULL && strcmp(mod,"adm/raw")==0) return;

    ses=getvar(ro_name[ro_session]);

/* user has valid session; OK */

    if(ses!=NULL && strncmp(ses,robot_session,strlen(robot_session))!=0

       && strchr(ses,'/')==NULL

       && ftest(mkfname(NULL,"%s/%s",s2_dir,ses))==is_dir)

      return;

    ua=getenv("HTTP_USER_AGENT"); if(ua==NULL) ua="";

    ua=find_word_start(ua);

    if(strncasecmp(ua,"Mozilla",strlen("Mozilla"))==0 &&

       (p=strstr(ua,"compatible"))!=NULL)

      ua=find_word_start(find_word_end(p));

    if(*ua) {

      for(i=0;i<good_agent_no

          && strncasecmp(ua,good_agent[i],strlen(good_agent[i]));i++);

      if(i<good_agent_no) return;

      for(i=0;i<bad_agent_no

          && strstr(ua,bad_agent[i])==NULL;i++);

      if(i<bad_agent_no) user_error("trapped");

    }

    force_setvar(ro_name[ro_session],robot_session);

    setsesdir(robot_session);

    c=getvar(ro_name[ro_cmd]);

    robot_access=1;

    if(c!=NULL && strcmp(c,"new") && strcmp(c,"intro")) {

      force_setvar(ro_name[ro_cmd],"robot_error");

      nph_header(450); put_special_page("robot");

      flushoutput(); flushlog(); exit(0);

    }

}

/* type=0: ordinary; type=1: multipart/form-data */

void parse_query_string(int len, int type)

{

    int i,j,l,v,cmd_defined;

    int parenth=-1, ll, lb, dlen;

    char *start, *p, *p1, *pt, *b1="";

    cmd_defined=0;

    setvar("wims_subsession","");

    ll=lb=0;

    if(type) {

      ll=strlen(mpboundary);

      start=strstr(var_str,mpboundary);

      if(start==NULL) start=var_str+strlen(var_str);

      if(strstr(var_str,"\r\n\r\n")!=NULL) b1="\r\n\r\n";

      else b1="\n\n";

      lb=strlen(b1);

    }

    else start=var_str;

    for(v=0, p1=start;p1<var_str+len;p1+=l) {

      if(type) {

          char *p2, *p3, *p4, *p5;

          p2=p1+ll; p3=memstr(p2,mpboundary,var_str+len-p2); l=p3-p1;