Subversion Repositories wimsdev

/*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License as published by

 *  the Free Software Foundation; either version 2 of the License, or

 *  (at your option) any later version.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License

 *  along with this program; if not, write to the Free Software

 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

 */

/* Web exerciser */

#include "wims.h"

struct {

  char *name;

  char *font;

} charname[]={

  {"en","windows-1252"},

  {"fr","windows-1252"},

  {"es","windows-1252"},

  {"cn","gb2312"},

  {"de","windows-1252"},

  {"it","windows-1252"},

  {"nl","windows-1252"},

  {"si","iso-8859-2"},

  {"ar","iso-8859-6"},

  {"tw","big5"},

  {"pt","windows-1252"},

  {"ca","windows-1252"},

  {"pt","windows-1252"},

  {"ru","iso-8859-5"},

  {"ty","iso-8859-13"}

};

#define charname_no (sizeof(charname)/sizeof(charname[0]))

/* left to right or right to left writing */

struct {

  char *name;

  char *dirn;

} dirnname[]={

  {"en","ltr"},

  {"fr","ltr"},

  {"es","ltr"},

  {"cn","ltr"},

  {"de","ltr"},

  {"it","ltr"},

  {"nl","ltr"},

  {"si","ltr"},

  {"ar","rtl"},

  {"tw","ltr"},

  {"pt","ltr"},

  {"ca","ltr"},

  {"pt","ltr"},

  {"ru","ltr"},

  {"ty","ltr"}

};

#define dirnname_no (sizeof(dirnname)/sizeof(dirnname[0]))

#define evalue strevalue

char *robot_session="../tmp/robot";

int robot_access=0,human_access=0;

int user_error_nolog=0;

char *good_agent[]={

  "Mozilla","Netscape","Opera","WIMS",

  "MSIE","Konqueror","Java"

};

#define good_agent_no (sizeof(good_agent)/sizeof(good_agent[0]))

char *bad_agent[]={ /* These are really bad agents: prohibited. */

  "HTTrack","MemoWeb","Teleport","Offline","Wget","eCatch",

  "Powermarks","EmailSiphon", "WebCopier"

};

#define bad_agent_no (sizeof(bad_agent)/sizeof(bad_agent[0]))

/* used for debugging */

int debug=0;

char class_dir[MAX_FNAME+1]; /* directory name of this class */

struct user_variable user_variable[MAX_VAR_NUM];

int user_var_no;

struct VAR_DEF var_def[MAX_VAR_NUM];

int defined_var_total;

/* Destinated to module error messages */

WORKING_FILE m_file,svar_file,mcache[MAX_MCACHE];

int mcachecnt;

/* Limit for any data working files. */

int WORKFILE_LIMIT=2048*1024;

/* whether the user has defined language */

int user_lang=0;

/* for instex grouping */

int instex_cnt=0, getwimstexsize=1;

char instex_src[MAX_LINELEN+1], instex_fname[MAX_LINELEN+1];

char *instex_processor="tex..gif";

/* Cookie management */

char cookiegot[256], cookieset[256], cookieheader[64]="WIMSUSER=";

/* multipart boundary */

char mpboundary[1024];

int  deplen=0; /* length of deposit */

int confset=0; /* set to 1 if setvar for config */

/* Operating mode: default, popup, raw, etc. */

int mode=mode_default;

/* Switch; notice subroutines wherether we are outputing. */

int outputing;

char *home_module="home"; /* name of home module */

extern char **environ;      /* table of environment variables */

int module_defined=0;

        /* directory prefix buffers */

char session_prefix[MAX_FNAME+1], s2_prefix[MAX_FNAME+1], module_prefix[MAX_FNAME+1];

char *stdinbuf;

int sesrandomtab[MAX_SESRANDOM]; /* session random values */

char multiexec_random[64];

int executed_gotos; /* number of goto's executed. to check with GOTO_LIMIT. */

int insert_no; /* number of instex, insplot, insPLOT. */

int output_length; /* length of the output. */

int isexam=0; /* non-zero if request is exam */

int simuxam=0; /* exam is simulation */

int is_multiexec=0; /* for execredirected */

int multiexec_index;

int direct_datafile=0;

int exec_is_module=0;

  /* root directory of modules */

char *module_dir="modules";

int new_session=0; /* =1 if new session created */

int good_httpd=0; /* Whether the http server is intelligent */

/* int internal_sql=0; */ /* for internal sql use */

int direct_exec=0; /* calc routine is exected by exec if 1 */

int print_precision=8; /* precision when printing real numbers */

int session_serial; /* request serial for session control */

int form_access=0; /* identifies form access, for robot identification */

int lastout_file=-1; /* file to hold last output */

char *instex_style=""; /* "": text "$": math "$$": displaymath */

int instex_usedynamic=0; /* always dynamic if 1 */

int wrapexec=0; /* if set to 1, change uid (nobody) to euid (wims).

                 * if set to -1, change euid to uid when exec(). */

int parm_restore=0; /* Restoring saved parameters? */

int exec_wait=1; /* whether to wait for fork return */

int execnt=0; /* count executions */

int readnest; /* nested read count */

int mfilecnt=0; /* count working files */

int forceresume=0; /* force user to resume old request */

int manageable=0; /* whether the connection may be site manager

                   * 0: no; 1: maybe; 2: sure */

int ismhelp=0;  /* 1 if session is in mhelp. */

int getvar_len; /* length of the last-got variable. */

int noout=0; /* if set to 1 then output is skipped */

char tmp_dir[MAX_FNAME+1]; /* temporary directory */

char *bin_dir="bin"; /* directory containing executable scripts and programs. */

char cwdbuf[MAX_FNAME+1]; /* store current working directory */

char var_hacking=0; /* Trying to hack a variable? */

char *tmp_debug="no";

char *tmp_debug_var="";

char ins_alt[MAX_LINELEN+1]; /* dynamic insertion alternative text */

char *devel_modules="close"; /* whether to open devel modules */

int isclassmodule=0; /* 1 if the module is class module */

int isdevelmodule=0; /* development module? */

int setcookie=0; /* 1 if need to set cookie */

int killpid=0; /* pid of process to kill by alarm */

char *mathalign_sup1, *mathalign_sup2; /* see mathalign_base */

int substnest=0; /* nesting level of substit() */

int exodepOK=1;

long int startmtime; /* start time in milliseconds */

long int startmtime2; /* start time in microseconds */

int backslash_insmath=0; /* \(...) substitution? */

char examlogf[MAX_FNAME+1]; /* examlog file name */

char examlogd[MAX_FNAME+1]; /* examlog file name */

char exam_sheetexo[32]; /* sheet data of an exam */

char loadavg[64];

/* user file variable access control. */

char *var_readable, *var_writable, *var_nr, *var_nw, *var_pfx;

int hostcquota;

int var_noexport; /* do not export variable */

char tmplbuf[MAX_LINELEN+1]; /* for temporary uses not thru subroutines. */

struct tm *now, Now; /* time of request */

time_t nowtime, limtime, limtimex;

char nowstr[32];

/* Resource limits. Capital names are reserved by system. */

int rlimit_cpu=20;  /* cpu time in seconds */

int rlimit_fsize=8388608;/* file size */

int rlimit_as=614457600;/* virtual memory size */

int rlimit_data=204857600;/* data segment size; maxima requires a lot (must be lower than rlimit_as)*/

int rlimit_stack=2097152;/* stack size */

int rlimit_core=0; /* core dump size */

int rlimit_rss=16777216; /* resident size */

int rlimit_nproc=1024; /* number of processes */

int rlimit_nofile=512; /* number of open files */

int rlimit_memlock=2097152;/* locked-in-memory address space */

char *var_str; /* malloc'ed buffer to hold translated query_string */

/* buffer to hold module's variable definition file, malloc'ed. */

char *var_def_buf;

/* job_identifier is even a reserved variable name */

char job_identifier[32];

/* site manager definition IPv4 IPv6*/

char *manager_site="127.0.0.1 ::1";

int   manager_https=0;

/* sheet and exercise information */

int wims_sheet=0,wims_exo=0;

/* Form method: get or post */

char *default_form_method="post";

/* Je suis maintenant oblige de passer a l'anglais

 * pour la langue de defaut.

 */

char lang[16]="en";

char available_lang[MAX_LANGUAGES][4]={"en","fr"};

int available_lang_no=2;

char pre_language[4]="";

FILE *trace_file;

int trace_indent=0;

char *protocol="http"; /* http or https */

/* check for coordinate input. This will mean that

 * the request is manual, but not robot.

 */

int coord_input=0;

/* These are readonly environment variable names

 * special parm used for special cmds (getins, etc).

 */

char *ro_name[]={

  "cmd",

  "empty",

  "lang",

  "module",

  "session",

  "special_parm",

  "special_parm2",

  "special_parm3",

  "special_parm4",

  "useropts" ,

  "wims_session",

  "wims_subsession",

  "wims_window",

  "worksheet"

};

int RO_NAME_NO=(sizeof(ro_name)/sizeof(ro_name[0]));

int cmd_type;

char *commands[]={

    "intro" , "new" , "renew" , "reply" , "config" , "hint" , "help" ,

      "resume", "next", "getins", "getframe", "getfile", "close", "ref"

};

int CMD_NO=(sizeof(commands)/sizeof(commands[0]));

/* stat=0: saved variables

 * all names starting with wims_priv_ are also internal.

 */

struct internal_name internal_name[]={

  {"accessright", 1}, /* right to access commercial resources */

  {"caller", 1}, /* caller session */

  {"check", 1}, /* for exam check use */

  {"class", 1},

  {"class_examlog", 1},

  {"class_exolog", 1},

  {"class_limit", 1},

  {"class_quota", 1},

  {"class_regpass", 1},

  {"class_user_limit", 1},

  {"classdir", 1},

  {"classname", 1},

  {"devel_modules", 1},

  {"developer", 1},

  {"doc_quota", 1},

  {"doc_regpass", 1},

  {"email", 1},

  {"exo", 0}, /* exercise number */

  {"exoption", 1}, /* exercise option */

  {"firstname", 1},

  {"forum_limit", 1},

  {"home", 1},

  {"institutionname", 1},

  {"isexam", 0}, /* whether the sheet is an exam sheet */

  {"ismanager", 0},

  {"lastname", 1},

  {"mode", 0}, /* operating mode */

  {"module_start_time", 0},

  {"now", 1}, /* date and time, yyyymmdd.hh:mm:ss */

  {"nowseconds", 1}, /* date and time, seconds since EPOCH */

  {"nr", 1}, /* non-readable variables in user file, words */

  {"nw", 1}, /* non-writable variables in user file, words */

  {"otherclass", 1}, /* Remember other logins */

  {"participate", 1}, /* superclass definition */

  {"prefix", 1}, /* user file prefix */

  {"protocol", 0}, /* http protocol */

  {"rafale", 0}, /* rapidfire request information */

  {"readable", 1}, /* readable variables in user file, words */

  {"realuser", 1}, /* real user for supervisor in gateway */

  {"req_time", 0}, /* time of the request */

  {"sclassdir", 1},

  {"scorereg", 0}, /* score registration flag */

  {"seed", 0},

  {"seed_repeat",0},

  {"seed_score", 0},

  {"seedcnt",0},

  {"seedlastcnt",0},

  {"sequence", 0}, /* sequence number */

  {"sescookie", 1}, /* session cookie */

  {"sesdir", 1},

  {"session_serial", 0}, /* request serial in the session */

  {"session_start_time", 0},

  {"sheet", 0}, /* sheet number */

  {"sup_secure", 1}, /* secure level of supervisor */

  {"superclass", 1}, /* superclass code */

  {"superclass_quota", 1},

  {"supertype", 1}, /* superclass type */

  {"supervise", 1}, /* superclass definition */

  {"supervisor", 1}, /* real name of the supervisor */

  {"supervisormail",1}, /* email of supervisor */

  {"trustfile", 1}, /* trusted files in special adm modules */

  {"useropts", 1}, /* user options */

  {"writable", 1}, /* writable variables in user file, words */

};

int INTERNAL_NAME_NO=(sizeof(internal_name)/sizeof(internal_name[0]));

char *httpd_vars[]={

  "HTTP_ACCEPT",

  "HTTP_ACCEPT_CHARSET",

  "HTTP_ACCEPT_LANGUAGE",

  "HTTP_COOKIE",

  "HTTP_HOST",

  "HTTP_USER_AGENT",

  "HTTP_X_REQUESTED_WITH",

  "HTTPS",

  "QUERY_STRING",

  "REMOTE_HOST",

  "REMOTE_ADDR",

  "REMOTE_PORT",

  "REQUEST_METHOD",

  "SCRIPT_NAME",

  "SERVER_NAME",

  "SERVER_SOFTWARE",

  "SERVER_PROTOCOL"

};

#define HTTPD_VAR_NO (sizeof(httpd_vars)/sizeof(httpd_vars[0]))

/* security: these variables will not be visible to child processes */

char *unsetvars[]={

  "DOCUMENT_ROOT","SERVER_SIGNATURE","SERVER_SOFTWARE",

      "UNIQUE_ID","HTTP_KEEP_ALIVE","SSL_SESSION_ID"

};

#define unsetvarcnt (sizeof(unsetvars)/sizeof(unsetvars[0]))

int httpd_type=httpd_apache;

char *remote_addr=""; /* storing for performance */

char *remote_host="";

char ref_name[2048], ref_base[2048];

void put_special_page(char *pname);

void useropts(void);

/* Make certain httpd variables readable by modules */

void take_httpd_vars(void)

{

  int i;

  char *p, buf[MAX_NAMELEN+1];

  var_noexport=1;

  for(i=0;i<HTTPD_VAR_NO;i++) {

   snprintf(buf,sizeof(buf),"httpd_%s",httpd_vars[i]);

   if((p=getenv(httpd_vars[i]))!=NULL) setvar(buf,p);

  }

  var_noexport=0;

  for(i=0;i<unsetvarcnt;i++) unsetenv(unsetvars[i]);

   /* IPv4 IPv6*/

  p=getenv("REMOTE_ADDR");if(p!=NULL && (strcmp(p,"127.0.0.1")==0 || strcmp(p,"::1")==0)) human_access=1;

  p=getenv("HTTP_REFERER"); if(p!=NULL && *p!=0) setvar("wims_referer",p);

}

/* cookie2session */

void cookie2session(void)

{

  char cksession[64], psession[32], *ckey, *p;

  char nbuf[MAX_FNAME+1];

  if(mode==mode_popup) return;

  if(cookiegot[0]==0) {

   ckset: cookiegot[0]=0; setcookie=1; return;

  }

  p=getvar("special_parm");

  if(p!=NULL && strcmp(p,"ignorecookie")==0) return;

  mystrncpy(cksession,cookiegot,sizeof(cksession));

  ckey=strchr(cksession,'-');

  if(ckey==NULL) goto ckset; else *ckey++=0;

  p=getvar("wims_session"); if(p==NULL) p="";

  if(strstr(p,"new")!=NULL) goto ckset;

  mystrncpy(psession,p,sizeof(psession));

  p=strchr(psession,'_'); if(p!=NULL) *p=0;

  if(psession[0]!=0) {

    if(strcmp(psession,cksession)==0) return;

    if(session_exists(psession)) goto ckset;

    if(session_exists(cksession)) goto change;

  }

  else {

    if(!session_exists(cksession)) return;

    change:

    p=getenv("HTTPS");

    if(p!=NULL && strcasecmp(p,"on")==0) goto ckset;

    mkfname(nbuf,"%s/%s/var",session_dir,cksession);

    getdef(nbuf,"w_wims_ismanager",tmplbuf);

    if(tmplbuf[0]!=0 && tmplbuf[0]!='0') goto ckset;

    getdef(nbuf,"w_wims_protocol",tmplbuf);

    if(strcasecmp(tmplbuf,"https")==0) goto ckset;

    mkfname(nbuf,"%s/%s/var.stat",session_dir,cksession);

    getdef(nbuf,"wims_user",tmplbuf);

    if(tmplbuf[0]!=0) goto ckset;

    force_setvar(ro_name[ro_session],cksession);

    setsesdir(cksession);

    force_setvar("wims_subsession","");

    session_serial=0;

  }

}

void determine_font(char *l)

{

  int i;

  if(l==NULL || *l==0) return;

  for(i=0;i<charname_no && memcmp(charname[i].name,l,2);i++);

  if(i<charname_no) setvar("wims_main_font",charname[i].font);

}

void determine_dirn(char *l)

{

  int i;

  if(l==NULL || *l==0) return;

  for(i=0;i<dirnname_no && memcmp(dirnname[i].name,l,2);i++);

  if(i<dirnname_no) setvar("wims_main_dirn",dirnname[i].dirn);

}

void predetermine_language(void)

{

  char *p;

  int i,n;

  if(pre_language[0]!=0) p=pre_language;

  else p=getenv("HTTP_ACCEPT_LANGUAGE");

  if(p!=NULL && strlen(p)>=2) {

    for(i=0;i<available_lang_no && memcmp(p,available_lang[i],2)!=0;i++);

    if(i<available_lang_no) goto lend;

  }

  p=getenv("HTTP_USER_AGENT");

  if(p!=NULL && strlen(p)>=5) {

    char *q;

    if((q=strchr(p,'['))!=NULL && islower(*(q+1)) && islower(*(q+2)) && *(q+3)==']') {

        char bb[4];

        bb[0]=*(q+1);bb[1]=*(q+2);bb[2]=0;

        for(i=0;i<available_lang_no && memcmp(bb,available_lang[i],2)!=0;i++);

        if(i<available_lang_no) {

          memmove(lang,bb,2); lang[2]=0;

          goto lend2;

        }

    }

  }

  p=getenv("HTTP_HOST"); if(p==NULL) goto lend2;

  n=strlen(p); if(n<=3 || *(p+n-3)!='.') goto lend2;

  p=p+n-2;

  for(i=0;i<available_lang_no && memcmp(p,available_lang[i],2)!=0;i++);

  if(i<available_lang_no) {

    lend: memmove(lang,p,2); lang[2]=0;

    lend2: determine_font(lang);determine_dirn(lang);

  }

}

/* print a special page */

void put_special_page(char *pname)

{

  determine_font(lang);

  determine_dirn(lang);

  phtml_put_base(mkfname(NULL,"%s.phtml.%s",pname,lang),0);

  write_logs();free(var_str);

}

/* check whether the connection is a site manager. */

void manager_check(void)

{

  char *p, *pp, buf[16];

  struct stat confstat;

  int i;

  manageable=0;

  if(robot_access || *manager_site==0 || checkhost(manager_site)<1)

    goto mend;

  if(manager_https) {

    p=getenv("HTTPS");

    if(p==NULL || strcmp(p,"on")!=0) goto mend;

  }

/* IPv4 IPv6*/

  if(strcmp(remote_addr,"127.0.0.1")==0 || strcmp(remote_addr,"::1")==0) {

    int port, port2;

    char tester[128];

    p=getenv("REMOTE_PORT"); if(p==NULL) goto mend;

    port=atoi(p); if(port<1024 || port>65535) goto mend;

    p=getenv("SERVER_PORT"); if(p==NULL) goto mend;

    port2=atoi(p); if(port2>=10000 || port2<=0) goto mend;

/* this is very non-portable */

    manageable=1;

    accessfile(tmplbuf,"r","/proc/net/tcp");

    snprintf(tester,sizeof(tester)," 0100007F:%04X 0100007F:%04X ",

           port,port2);

    p=strstr(tmplbuf,tester);

    if(p!=NULL) {

      pp=strchr(p,'\n'); if(pp!=NULL) *pp=0;

      if(strlen(p)>=75) {

        p=find_word_start(p+70); *find_word_end(p)=0;

        if(atoi(p)==geteuid()) manageable=2;

      }

    }

  }

  else manageable=1;

  i=stat(config_file,&confstat);

  if(i==0 && manageable>0 && (confstat.st_mode&(S_IRWXO|S_IRWXG))!=0) manageable=-1;

  if(manageable>0 && !trusted_module()) manageable=0;

  if(manageable==1) {

    accessfile(tmplbuf,"r","%s/.manager",session_prefix);

    if(strstr(tmplbuf,"yes")!=NULL) manageable=2;

  }

  if(manageable==1) {

    p=getvar(ro_name[ro_module]);

    if(p!=NULL && strncmp(p,"adm/manage",strlen("adm/manage"))==0) {

      struct stat pstat;

      if(stat("../log/.wimspass",&pstat)==0) {

        if((S_IFMT&pstat.st_mode)!=S_IFREG ||

           ((S_IRWXO|S_IRWXG)&pstat.st_mode)!=0)

          manageable=-2;

      }

    }

  }

  mend:

  mystrncpy(buf,int2str(manageable),sizeof(buf));

  force_setvar("wims_ismanager",buf);

  if(manageable>=2) {

    struct rlimit rlim;

    rlimit_cpu*=10;

    rlim.rlim_cur=rlim.rlim_max=rlimit_cpu;

    setrlimit(RLIMIT_CPU,&rlim);

    mystrncpy(buf,int2str(rlimit_cpu),sizeof(buf));

    setvar("wims_cpu_limit",buf);

    initalarm();

  }

}

/* check for robot access */

void robot_check(void)

{

  char *ua, *p, *ses, *c, *mod;

  int i;

  if(human_access) return;

  mod=getvar(ro_name[ro_module]);

  if(mod!=NULL && strcmp(mod,"adm/raw")==0) return;

  ses=getvar(ro_name[ro_session]);

/* user has valid session; OK */

  if(ses!=NULL && strncmp(ses,robot_session,strlen(robot_session))!=0

     && strchr(ses,'/')==NULL

     && ftest(mkfname(NULL,"%s/%s",s2_dir,ses))==is_dir)

    return;

  ua=getenv("HTTP_USER_AGENT"); if(ua==NULL) ua="";

  ua=find_word_start(ua);

  if(strncasecmp(ua,"Mozilla",strlen("Mozilla"))==0 &&

     (p=strstr(ua,"compatible"))!=NULL)

    ua=find_word_start(find_word_end(p));

  if(*ua) {

    for(i=0;i<good_agent_no

        && strncasecmp(ua,good_agent[i],strlen(good_agent[i]));i++);

    if(i<good_agent_no) return;

    for(i=0;i<bad_agent_no

        && strstr(ua,bad_agent[i])==NULL;i++);

    if(i<bad_agent_no) user_error("trapped");

  }

  force_setvar(ro_name[ro_session],robot_session);

  setsesdir(robot_session);

  c=getvar(ro_name[ro_cmd]);

  robot_access=1;

  if(c!=NULL && strcmp(c,"new") && strcmp(c,"intro")) {

    force_setvar(ro_name[ro_cmd],"robot_error");

    nph_header(450); put_special_page("robot");

    flushoutput(); flushlog(); exit(0);

  }

}

/* type=0: ordinary; type=1: multipart/form-data */

void parse_query_string(int len, int type)

{

  int i,j,l,v,cmd_defined;

  int parenth=-1, ll, lb, dlen;

  char *start, *p, *p1, *pt, *b1="";

  cmd_defined=0;

  setvar("wims_subsession","");

  ll=lb=0;

  if(type) {

    ll=strlen(mpboundary);

    start=strstr(var_str,mpboundary);

    if(start==NULL) start=var_str+strlen(var_str);

    if(strstr(var_str,"\r\n\r\n")!=NULL) b1="\r\n\r\n";

    else b1="\n\n";

    lb=strlen(b1);

  }

  else start=var_str;

  for(v=0, p1=start;p1<var_str+len;p1+=l) {

    if(type) {

      char *p2, *p3, *p4, *p5;