Rev 10 | Rev 8155 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 10 | Rev 7673 | ||
---|---|---|---|
Line 13... | Line 13... | ||
13 | * You should have received a copy of the GNU General Public License |
13 | * You should have received a copy of the GNU General Public License |
14 | * along with this program; if not, write to the Free Software |
14 | * along with this program; if not, write to the Free Software |
15 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
15 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
16 | */ |
16 | */ |
17 | 17 | ||
18 |
|
18 | /* This file contains user authentification routines */ |
19 | 19 | ||
20 | void refuse_log(int th); |
20 | void refuse_log(int th); |
21 | void set_module_prefix(void); |
21 | void set_module_prefix(void); |
22 | 22 | ||
23 |
|
23 | /* check machine load. 2-threshold system. |
24 |
|
24 | * Threshold 1: anonymous new session refused. |
25 |
|
25 | * Threshold 2: New session and anonymous request refused. */ |
26 | void check_load(int th) |
26 | void check_load(int th) |
27 | { |
27 | { |
28 | int load, pload; |
28 | int load, pload; |
29 | char *p1, *p2, buf[64]; |
29 | char *p1, *p2, buf[64]; |
30 | char *pp; |
30 | char *pp; |
31 | double dload; |
31 | double dload; |
32 | 32 | ||
33 | pload=0; pp=strchr(loadavg,'/'); if(pp) { |
33 | pload=0; pp=strchr(loadavg,'/'); if(pp) { |
34 |
|
34 | for(;pp>loadavg && isdigit(pp[-1]); pp--); |
35 |
|
35 | pload=atoi(pp); |
36 |
|
36 | if(pload*12>threshold2+3) { |
37 |
|
37 | pload_refuse: |
38 |
|
38 | refuse_log(pload+100); user_error("threshold"); |
39 |
|
39 | } |
40 | } |
40 | } |
41 | if(ispriority) goto repcheck; /* priority connections will not be refused. */ |
41 | if(ispriority) goto repcheck; /* priority connections will not be refused. */ |
42 | if(pload*20>threshold1+2) goto pload_refuse; |
42 | if(pload*20>threshold1+2) goto pload_refuse; |
43 | if(th<0 || th>2) goto repcheck; |
43 | if(th<0 || th>2) goto repcheck; |
44 |
|
44 | /* Operating system load average facility */ |
45 | if(robot_access && loadavg[0]==0) goto refuse; |
45 | if(robot_access && loadavg[0]==0) goto refuse; |
46 | if(loadavg[0]==0) goto repcheck; |
46 | if(loadavg[0]==0) goto repcheck; |
47 | p1=find_word_start(loadavg); p2=find_word_end(p1);*p2=0; |
47 | p1=find_word_start(loadavg); p2=find_word_end(p1);*p2=0; |
48 | dload=atof(p1); |
48 | dload=atof(p1); |
49 | if(robot_access && |
49 | if(robot_access && |
50 | (!finite(dload) || dload>1000 || dload<0 || dload*200>threshold1)) |
50 | (!finite(dload) || dload>1000 || dload<0 || dload*200>threshold1)) |
51 | goto refuse; |
51 | goto refuse; |
52 | if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */ |
52 | if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */ |
53 |
|
53 | /* very small 1 min load average */ |
54 | if(dload*200<threshold1) goto repcheck; |
54 | if(dload*200<threshold1) goto repcheck; |
55 | if(dload*50>threshold2) goto refuse; |
55 | if(dload*50>threshold2) goto refuse; |
56 | p1=find_word_start(p2+1); |
56 | p1=find_word_start(p2+1); /* go to second average: 5 min. */ |
57 | *find_word_end(p1)=0; |
57 | *find_word_end(p1)=0; |
58 | dload=atof(p1); |
58 | dload=atof(p1); |
59 | if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */ |
59 | if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */ |
60 | load=dload*100; |
60 | load=dload*100; |
61 | snprintf(buf,sizeof(buf),"%d",load); |
61 | snprintf(buf,sizeof(buf),"%d",load); |
62 | setvar("wims_server_load",buf); |
62 | setvar("wims_server_load",buf); |
63 |
|
63 | /* cut cpu allowance to 3/4 or half if load is high. |
64 |
|
64 | * But alarm time is not changed */ |
65 | if(load*3>=threshold1*2) { |
65 | if(load*3>=threshold1*2) { |
66 |
|
66 | struct rlimit rlim; |
67 |
|
67 | rlimit_cpu=(3*rlimit_cpu+1)/4; |
68 |
|
68 | if(load>=threshold1) rlimit_cpu=(3*rlimit_cpu+1)/4; |
69 |
|
69 | rlim.rlim_cur=rlim.rlim_max=rlimit_cpu; |
70 |
|
70 | setrlimit(RLIMIT_CPU,&rlim); |
71 | } |
71 | } |
72 | if((th==0 && load*2>threshold1) || |
72 | if((th==0 && load*2>threshold1) || |
73 | (th==1 && load>threshold1) || (th==2 && load>threshold2)) { |
73 | (th==1 && load>threshold1) || (th==2 && load>threshold2)) { |
74 |
|
74 | refuse: |
75 |
|
75 | if(new_session && *session_prefix!=0) { |
76 |
|
76 | remove_tree(session_prefix); remove_tree(s2_prefix); |
77 |
|
77 | } |
78 |
|
78 | refuse_log(th); user_error("threshold"); |
79 | } |
79 | } |
80 | repcheck: |
80 | repcheck: |
81 | if(robot_access) return; |
81 | if(robot_access) return; |
82 | if(new_session && *session_prefix!=0 && *remote_addr |
82 | if(new_session && *session_prefix!=0 && *remote_addr |
83 | && hostcquota && strcmp(remote_addr,"127.0.0.1")!=0 |
83 | && hostcquota && strcmp(remote_addr,"127.0.0.1")!=0 |
84 | && !ispriority) { |
84 | && !ispriority) { |
85 |
|
85 | /* overload: */ |
86 |
|
86 | remove_tree(session_prefix); remove_tree(s2_prefix); |
87 |
|
87 | user_error("overload"); |
88 | } |
88 | } |
89 | } |
89 | } |
90 | 90 | ||
91 |
|
91 | /* User authentification routine, obsolete */ |
92 | void auth(void) |
92 | void auth(void) |
93 | { |
93 | { |
94 | check_load(1); return; |
94 | check_load(1); return; |
95 | } |
95 | } |
96 | 96 | ||
97 | #define rafinfono 10 |
97 | #define rafinfono 10 |
98 | 98 | ||
99 |
|
99 | /* check rapidfire information */ |
100 | void checkrafale(void) |
100 | void checkrafale(void) |
101 | { |
101 | { |
102 | char *p, *p1, *p2, *sh, *u; |
102 | char *p, *p1, *p2, *sh, *u; |
103 | char rbuf[MAX_LINELEN+1]; |
103 | char rbuf[MAX_LINELEN+1]; |
104 | time_t rr, rafinfo[rafinfono]; |
104 | time_t rr, rafinfo[rafinfono]; |
Line 113... | Line 113... | ||
113 | p=getvar("session"); if(p!=NULL && strstr(p,"_exam")!=NULL) return; |
113 | p=getvar("session"); if(p!=NULL && strstr(p,"_exam")!=NULL) return; |
114 | sh=getvar("wims_sheet"); if(sh!=NULL && *sh>'0') coef*=3; |
114 | sh=getvar("wims_sheet"); if(sh!=NULL && *sh>'0') coef*=3; |
115 | p=getvar("wims_rafale"); if(p==NULL) p=""; |
115 | p=getvar("wims_rafale"); if(p==NULL) p=""; |
116 | mm=0; |
116 | mm=0; |
117 | for(p1=find_word_start(p),i=0;i<rafinfono && *p1;p1=find_word_start(p2)) { |
117 | for(p1=find_word_start(p),i=0;i<rafinfono && *p1;p1=find_word_start(p2)) { |
118 |
|
118 | p2=find_word_end(p1); if(*p2) *p2++=0; |
119 |
|
119 | rr=atol(p1); if(rr<=0 || rr>nowtime) continue; |
120 |
|
120 | t=coef*rafalvl*pow(i,1+rafalvl*0.05)-(nowtime-rr); if(t>mm) mm=t; |
121 |
|
121 | rafinfo[i++]=rr; |
122 | } |
122 | } |
123 | if(mm>0) { |
123 | if(mm>0) { |
124 |
|
124 | if(u!=NULL && *u!=0) user_log("rafale"); |
125 |
|
125 | user_error("rafale"); |
126 | } |
126 | } |
127 | rafinfocnt=i; |
127 | rafinfocnt=i; |
128 | snprintf(rbuf,sizeof(rbuf),"%lu",nowtime); |
128 | snprintf(rbuf,sizeof(rbuf),"%lu",nowtime); |
129 | for(i=0;i<rafinfocnt;i++) { |
129 | for(i=0;i<rafinfocnt;i++) { |
130 |
|
130 | snprintf(rbuf+strlen(rbuf),sizeof(rbuf)-strlen(rbuf), |
131 |
|
131 | " %lu",rafinfo[i]); |
132 | } |
132 | } |
133 | force_setvar("wims_rafale",rbuf); |
133 | force_setvar("wims_rafale",rbuf); |
134 | } |
134 | } |
135 | 135 | ||
136 |
|
136 | /* when score is got: erase 2 rafale information. */ |
137 | void lessrafale(void) |
137 | void lessrafale(void) |
138 | { |
138 | { |
139 | char *p; |
139 | char *p; |
140 | double s; |
140 | double s; |
141 | int i; |
141 | int i; |
Line 145... | Line 145... | ||
145 | for(i=0;i<2;i++) p=find_word_end(find_word_start(p)); |
145 | for(i=0;i<2;i++) p=find_word_end(find_word_start(p)); |
146 | p=find_word_start(p); |
146 | p=find_word_start(p); |
147 | force_setvar("wims_rafale",p); |
147 | force_setvar("wims_rafale",p); |
148 | } |
148 | } |
149 | 149 | ||
150 | #define ac_class 0x1 |
150 | #define ac_class 0x1 /* class access */ |
151 | #define ac_exo 0x2 |
151 | #define ac_exo 0x2 /* access to exercises */ |
152 | #define ac_tool 0x4 |
152 | #define ac_tool 0x4 /* access to tools */ |
153 | #define ac_recre 0x8 |
153 | #define ac_recre 0x8 /* access to recreations */ |
154 | #define ac_doc |
154 | #define ac_doc 0x10 /* access to documents */ |
155 | #define ac_local 0x20 |
155 | #define ac_local 0x20 /* access to local modules */ |
156 | #define ac_com 0x40 |
156 | #define ac_com 0x40 /* access to commercial modules */ |
157 | #define ac_hint 0x80 /* hint command */ |
157 | #define ac_hint 0x80 /* hint command */ |
158 | #define ac_sheet 0x100 /* use within a worksheet */ |
158 | #define ac_sheet 0x100 /* use within a worksheet */ |
159 | #define ac_exam 0x200 /* work during an exam */ |
159 | #define ac_exam 0x200 /* work during an exam */ |
160 | 160 | ||
161 |
|
161 | /* Check site's access policy. */ |
162 | void access_check(int isclass) |
162 | void access_check(int isclass) |
163 | { |
163 | { |
164 | char *p, *p1, *p2, *p3, *pp1, *pp2; |
164 | char *p, *p1, *p2, *p3, *pp1, *pp2; |
165 | char cbuf[MAX_LINELEN+1]; |
165 | char cbuf[MAX_LINELEN+1]; |
166 | long int thisaccess, lineaccess, linepol, thispol; |
166 | long int thisaccess, lineaccess, linepol, thispol; |
167 | int non, refuse; |
167 | int non, refuse; |
168 | 168 | ||
169 | if(manageable>=2 || robot_access) return; |
169 | if(manageable>=2 || robot_access) return; |
170 | thisaccess=0; |
170 | thisaccess=0; |
171 | p=getvar(ro_name[ro_module]); if(p==NULL || *p==0) return; |
171 | p=getvar(ro_name[ro_module]); if(p==NULL || *p==0) return; |
172 | if(strncmp(p,"adm/doc",7)==0) thisaccess|=ac_doc; |
172 | if(strncmp(p,"adm/doc",7)==0) thisaccess|=ac_doc; |
173 | else if(strncmp(p,"adm/",4)==0 || strcmp(p,home_module)==0) return; |
173 | else if(strncmp(p,"adm/",4)==0 || strcmp(p,home_module)==0) return; |
174 | if(strncmp(p,"local/",6)==0) thisaccess|=ac_local; |
174 | if(strncmp(p,"local/",6)==0) thisaccess|=ac_local; |
175 | if(strncmp(p,"com/",4)==0) thisaccess|=ac_com; |
175 | if(strncmp(p,"com/",4)==0) thisaccess|=ac_com; |
176 | p=getvar("wims_user"); |
176 | p=getvar("wims_user"); |
177 | if(p!=NULL && *p!=0) { |
177 | if(p!=NULL && *p!=0) { |
178 |
|
178 | if(!isclass && strcmp(p,"supervisor")!=0) access_check(1); |
179 |
|
179 | thisaccess|=ac_class; |
180 | } |
180 | } |
181 | if(isclass) { |
181 | if(isclass) { |
182 |
|
182 | if(class_dir[0]==0) return; |
183 |
|
183 | accessfile(cbuf,"r","%s/access.conf",class_dir); |
184 | } |
184 | } |
185 | else accessfile(cbuf,"r",ACCESS_CONF); |
185 | else accessfile(cbuf,"r",ACCESS_CONF); |
186 | if(cbuf[0]==0) return; |
186 | if(cbuf[0]==0) return; |
187 | if(cmd_type==cmd_hint) thisaccess|=ac_hint; |
187 | if(cmd_type==cmd_hint) thisaccess|=ac_hint; |
188 | p1=getvar("wims_accessright"); if(p1!=NULL && *p1!=0) { |
188 | p1=getvar("wims_accessright"); if(p1!=NULL && *p1!=0) { |
189 |
|
189 | p=getvar(ro_name[ro_module]); |
190 |
|
190 | for(p1=find_word_start(p1);*p1; p1=find_word_start(p2)) { |
191 |
|
191 | p2=find_word_end(p1); |
192 |
|
192 | if(strncmp(p,p1,p2-p1)==0) return; |
193 |
|
193 | } |
194 | } |
194 | } |
195 | p=getvar("module_category"); if(p) { |
195 | p=getvar("module_category"); if(p) { |
196 |
|
196 | if(strstr(p,"exercise")!=NULL) thisaccess|=ac_exo; |
197 |
|
197 | if(strstr(p,"tool")!=NULL) thisaccess|=ac_tool; |
198 |
|
198 | if(strstr(p,"recre")!=NULL) thisaccess|=ac_recre; |
199 |
|
199 | if(strstr(p,"doc")!=NULL) thisaccess|=ac_doc; |
200 | } |
200 | } |
201 | for(p1=find_word_start(cbuf);*p1;p1=find_word_start(p2)) { |
201 | for(p1=find_word_start(cbuf);*p1;p1=find_word_start(p2)) { |
202 |
|
202 | p2=strchr(p1,'\n'); if(p2) *p2++=0; else p2=p1+strlen(p1); |
203 |
|
203 | if(!myisalpha(*p1)) continue; |
204 |
|
204 | p3=strchr(p1,':'); if(p3==NULL) continue; |
205 |
|
205 | *p3++=0; p3=find_word_start(p3); strip_trailing_spaces(p3); |
206 |
|
206 | refuse=0; if(*p3=='!') { |
207 |
|
207 | p3=find_word_start(p3+1); refuse=1; |
208 |
|
208 | } |
209 |
|
209 | if(*p3 && checkhostt(p3)==0) continue; |
210 |
|
210 | for(p=p1; *p; p++) { |
211 |
|
211 | if(myisalpha(*p)) *p=tolower(*p); |
212 |
|
212 | else *p=' '; |
213 |
|
213 | } |
214 |
|
214 | lineaccess=thisaccess; linepol=0; |
215 |
|
215 | for(pp1=find_word_start(p1); *pp1; pp1=find_word_start(pp2)) { |
216 |
|
216 | pp2=find_word_end(pp1); if(*pp2) *pp2++=0; |
217 |
|
217 | if(strncmp(pp1,"non",3)==0) { |
218 |
|
218 | pp1=find_word_start(pp1+3); non=1; |
219 |
|
219 | } |
220 |
|
220 | else non=0; |
221 |
|
221 | thispol=0; |
222 |
|
222 | if(strcmp(pp1,"class")==0) {thispol=ac_class; goto nxt;} |
223 |
|
223 | if(strcmp(pp1,"exo")==0) {thispol=ac_exo; goto nxt;} |
224 |
|
224 | if(strcmp(pp1,"exercise")==0) {thispol=ac_exo; goto nxt;} |
225 |
|
225 | if(strcmp(pp1,"tool")==0) {thispol=ac_tool; goto nxt;} |
226 |
|
226 | if(strcmp(pp1,"recre")==0) {thispol=ac_recre; goto nxt;} |
227 |
|
227 | if(strcmp(pp1,"recreation")==0) {thispol=ac_recre; goto nxt;} |
228 |
|
228 | if(strcmp(pp1,"doc")==0) {thispol=ac_doc; goto nxt;} |
229 |
|
229 | if(strcmp(pp1,"document")==0) {thispol=ac_doc; goto nxt;} |
230 |
|
230 | if(strcmp(pp1,"local")==0) {thispol=ac_local; goto nxt;} |
231 |
|
231 | if(strcmp(pp1,"com")==0) {thispol=ac_com; goto nxt;} |
232 |
|
232 | if(strcmp(pp1,"hint")==0) {thispol=ac_hint; goto nxt;} |
233 |
|
233 | nxt: |
234 |
|
234 | if(thispol==0) continue; |
235 |
|
235 | if(non) lineaccess^=thispol; |
236 |
|
236 | linepol|=thispol; |
237 |
|
237 | } |
238 |
|
238 | if(linepol==0 || (linepol&lineaccess)!=linepol) continue; |
239 |
|
239 | if(refuse) user_error("no_access"); |
240 |
|
240 | else return; |
241 | } |
241 | } |
242 | } |
242 | } |
243 | 243 |