Subversion Repositories wimsdev

Rev

Rev 10 | Rev 8155 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 10 Rev 7673
Line 13... Line 13...
13
 *  You should have received a copy of the GNU General Public License
13
 *  You should have received a copy of the GNU General Public License
14
 *  along with this program; if not, write to the Free Software
14
 *  along with this program; if not, write to the Free Software
15
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
15
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
16
 */
16
 */
17
 
17
 
18
        /* This file contains user authentification routines */
18
/* This file contains user authentification routines */
19
 
19
 
20
void refuse_log(int th);
20
void refuse_log(int th);
21
void set_module_prefix(void);
21
void set_module_prefix(void);
22
 
22
 
23
        /* check machine load. 2-threshold system.
23
/* check machine load. 2-threshold system.
24
         * Threshold 1: anonymous new session refused.
24
 * Threshold 1: anonymous new session refused.
25
         * Threshold 2: New session and anonymous request refused. */
25
 * Threshold 2: New session and anonymous request refused. */
26
void check_load(int th)
26
void check_load(int th)
27
{
27
{
28
    int load, pload;
28
    int load, pload;
29
    char *p1, *p2, buf[64];
29
    char *p1, *p2, buf[64];
30
    char *pp;
30
    char *pp;
31
    double dload;
31
    double dload;
32
   
32
 
33
    pload=0; pp=strchr(loadavg,'/'); if(pp) {
33
    pload=0; pp=strchr(loadavg,'/'); if(pp) {
34
        for(;pp>loadavg && isdigit(pp[-1]); pp--);
34
     for(;pp>loadavg && isdigit(pp[-1]); pp--);
35
        pload=atoi(pp);
35
     pload=atoi(pp);
36
        if(pload*12>threshold2+3) {
36
     if(pload*12>threshold2+3) {
37
            pload_refuse:
37
         pload_refuse:
38
            refuse_log(pload+100); user_error("threshold");
38
         refuse_log(pload+100); user_error("threshold");
39
        }
39
     }
40
    }
40
    }
41
    if(ispriority) goto repcheck; /* priority connections will not be refused. */
41
    if(ispriority) goto repcheck; /* priority connections will not be refused. */
42
    if(pload*20>threshold1+2) goto pload_refuse;
42
    if(pload*20>threshold1+2) goto pload_refuse;
43
    if(th<0 || th>2) goto repcheck;
43
    if(th<0 || th>2) goto repcheck;
44
        /* Operating system load average facility */
44
/* Operating system load average facility */
45
    if(robot_access && loadavg[0]==0) goto refuse;
45
    if(robot_access && loadavg[0]==0) goto refuse;
46
    if(loadavg[0]==0) goto repcheck;
46
    if(loadavg[0]==0) goto repcheck;
47
    p1=find_word_start(loadavg); p2=find_word_end(p1);*p2=0;
47
    p1=find_word_start(loadavg); p2=find_word_end(p1);*p2=0;
48
    dload=atof(p1);
48
    dload=atof(p1);
49
    if(robot_access &&
49
    if(robot_access &&
50
       (!finite(dload) || dload>1000 || dload<0 || dload*200>threshold1))
50
       (!finite(dload) || dload>1000 || dload<0 || dload*200>threshold1))
51
      goto refuse;
51
      goto refuse;
52
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
52
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
53
        /* very small 1 min load average */
53
/* very small 1 min load average */
54
    if(dload*200<threshold1) goto repcheck;
54
    if(dload*200<threshold1) goto repcheck;
55
    if(dload*50>threshold2) goto refuse;
55
    if(dload*50>threshold2) goto refuse;
56
    p1=find_word_start(p2+1);   /* go to second average: 5 min. */
56
    p1=find_word_start(p2+1); /* go to second average: 5 min. */
57
    *find_word_end(p1)=0;
57
    *find_word_end(p1)=0;
58
    dload=atof(p1);
58
    dload=atof(p1);
59
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
59
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
60
    load=dload*100;
60
    load=dload*100;
61
    snprintf(buf,sizeof(buf),"%d",load);
61
    snprintf(buf,sizeof(buf),"%d",load);
62
    setvar("wims_server_load",buf);
62
    setvar("wims_server_load",buf);
63
        /* cut cpu allowance to 3/4 or half if load is high.
63
/* cut cpu allowance to 3/4 or half if load is high.
64
         * But alarm time is not changed */
64
 * But alarm time is not changed */
65
    if(load*3>=threshold1*2) {
65
    if(load*3>=threshold1*2) {
66
        struct rlimit rlim;
66
     struct rlimit rlim;
67
        rlimit_cpu=(3*rlimit_cpu+1)/4;
67
     rlimit_cpu=(3*rlimit_cpu+1)/4;
68
        if(load>=threshold1) rlimit_cpu=(3*rlimit_cpu+1)/4;
68
     if(load>=threshold1) rlimit_cpu=(3*rlimit_cpu+1)/4;
69
        rlim.rlim_cur=rlim.rlim_max=rlimit_cpu;
69
     rlim.rlim_cur=rlim.rlim_max=rlimit_cpu;
70
        setrlimit(RLIMIT_CPU,&rlim);
70
     setrlimit(RLIMIT_CPU,&rlim);
71
    }
71
    }
72
    if((th==0 && load*2>threshold1) ||
72
    if((th==0 && load*2>threshold1) ||
73
       (th==1 && load>threshold1) || (th==2 && load>threshold2)) {
73
       (th==1 && load>threshold1) || (th==2 && load>threshold2)) {
74
        refuse:
74
     refuse:
75
        if(new_session && *session_prefix!=0) {
75
     if(new_session && *session_prefix!=0) {
76
            remove_tree(session_prefix); remove_tree(s2_prefix);
76
         remove_tree(session_prefix); remove_tree(s2_prefix);
77
        }
77
     }
78
        refuse_log(th); user_error("threshold");
78
     refuse_log(th); user_error("threshold");
79
    }
79
    }
80
    repcheck:
80
    repcheck:
81
    if(robot_access) return;
81
    if(robot_access) return;
82
    if(new_session && *session_prefix!=0 && *remote_addr
82
    if(new_session && *session_prefix!=0 && *remote_addr
83
       && hostcquota && strcmp(remote_addr,"127.0.0.1")!=0
83
       && hostcquota && strcmp(remote_addr,"127.0.0.1")!=0
84
       && !ispriority) {
84
       && !ispriority) {
85
            /* overload: */
85
/* overload: */
86
        remove_tree(session_prefix); remove_tree(s2_prefix);
86
     remove_tree(session_prefix); remove_tree(s2_prefix);
87
        user_error("overload");
87
     user_error("overload");
88
    }
88
    }
89
}
89
}
90
 
90
 
91
        /* User authentification routine, obsolete */
91
/* User authentification routine, obsolete */
92
void auth(void)
92
void auth(void)
93
{
93
{
94
    check_load(1); return;
94
    check_load(1); return;
95
}
95
}
96
 
96
 
97
#define rafinfono 10
97
#define rafinfono 10
98
 
98
 
99
        /* check rapidfire information */
99
/* check rapidfire information */
100
void checkrafale(void)
100
void checkrafale(void)
101
{
101
{
102
    char *p, *p1, *p2, *sh, *u;
102
    char *p, *p1, *p2, *sh, *u;
103
    char rbuf[MAX_LINELEN+1];
103
    char rbuf[MAX_LINELEN+1];
104
    time_t rr, rafinfo[rafinfono];
104
    time_t rr, rafinfo[rafinfono];
Line 113... Line 113...
113
    p=getvar("session"); if(p!=NULL && strstr(p,"_exam")!=NULL) return;
113
    p=getvar("session"); if(p!=NULL && strstr(p,"_exam")!=NULL) return;
114
    sh=getvar("wims_sheet"); if(sh!=NULL && *sh>'0') coef*=3;
114
    sh=getvar("wims_sheet"); if(sh!=NULL && *sh>'0') coef*=3;
115
    p=getvar("wims_rafale"); if(p==NULL) p="";
115
    p=getvar("wims_rafale"); if(p==NULL) p="";
116
    mm=0;
116
    mm=0;
117
    for(p1=find_word_start(p),i=0;i<rafinfono && *p1;p1=find_word_start(p2)) {
117
    for(p1=find_word_start(p),i=0;i<rafinfono && *p1;p1=find_word_start(p2)) {
118
        p2=find_word_end(p1); if(*p2) *p2++=0;
118
     p2=find_word_end(p1); if(*p2) *p2++=0;
119
        rr=atol(p1); if(rr<=0 || rr>nowtime) continue;
119
     rr=atol(p1); if(rr<=0 || rr>nowtime) continue;
120
        t=coef*rafalvl*pow(i,1+rafalvl*0.05)-(nowtime-rr); if(t>mm) mm=t;
120
     t=coef*rafalvl*pow(i,1+rafalvl*0.05)-(nowtime-rr); if(t>mm) mm=t;
121
        rafinfo[i++]=rr;
121
     rafinfo[i++]=rr;
122
    }
122
    }
123
    if(mm>0) {
123
    if(mm>0) {
124
        if(u!=NULL && *u!=0) user_log("rafale");
124
     if(u!=NULL && *u!=0) user_log("rafale");
125
        user_error("rafale");
125
     user_error("rafale");
126
    }
126
    }
127
    rafinfocnt=i;
127
    rafinfocnt=i;
128
    snprintf(rbuf,sizeof(rbuf),"%lu",nowtime);
128
    snprintf(rbuf,sizeof(rbuf),"%lu",nowtime);
129
    for(i=0;i<rafinfocnt;i++) {
129
    for(i=0;i<rafinfocnt;i++) {
130
        snprintf(rbuf+strlen(rbuf),sizeof(rbuf)-strlen(rbuf),
130
     snprintf(rbuf+strlen(rbuf),sizeof(rbuf)-strlen(rbuf),
131
                 " %lu",rafinfo[i]);
131
           " %lu",rafinfo[i]);
132
    }
132
    }
133
    force_setvar("wims_rafale",rbuf);
133
    force_setvar("wims_rafale",rbuf);
134
}
134
}
135
 
135
 
136
        /* when score is got: erase 2 rafale information. */
136
/* when score is got: erase 2 rafale information. */
137
void lessrafale(void)
137
void lessrafale(void)
138
{
138
{
139
    char *p;
139
    char *p;
140
    double s;
140
    double s;
141
    int i;
141
    int i;
Line 145... Line 145...
145
    for(i=0;i<2;i++) p=find_word_end(find_word_start(p));
145
    for(i=0;i<2;i++) p=find_word_end(find_word_start(p));
146
    p=find_word_start(p);
146
    p=find_word_start(p);
147
    force_setvar("wims_rafale",p);
147
    force_setvar("wims_rafale",p);
148
}
148
}
149
 
149
 
150
#define ac_class 0x1    /* class access */
150
#define ac_class 0x1 /* class access */
151
#define ac_exo   0x2    /* access to exercises */
151
#define ac_exo   0x2 /* access to exercises */
152
#define ac_tool  0x4    /* access to tools */
152
#define ac_tool  0x4 /* access to tools */
153
#define ac_recre 0x8    /* access to recreations */
153
#define ac_recre 0x8 /* access to recreations */
154
#define ac_doc   0x10   /* access to documents */
154
#define ac_doc  0x10 /* access to documents */
155
#define ac_local 0x20   /* access to local modules */
155
#define ac_local 0x20 /* access to local modules */
156
#define ac_com   0x40   /* access to commercial modules */
156
#define ac_com   0x40 /* access to commercial modules */
157
#define ac_hint  0x80   /* hint command */
157
#define ac_hint  0x80   /* hint command */
158
#define ac_sheet 0x100  /* use within a worksheet */
158
#define ac_sheet 0x100  /* use within a worksheet */
159
#define ac_exam  0x200  /* work during an exam */
159
#define ac_exam  0x200  /* work during an exam */
160
 
160
 
161
        /* Check site's access policy. */
161
/* Check site's access policy. */
162
void access_check(int isclass)
162
void access_check(int isclass)
163
{
163
{
164
    char *p, *p1, *p2, *p3, *pp1, *pp2;
164
    char *p, *p1, *p2, *p3, *pp1, *pp2;
165
    char cbuf[MAX_LINELEN+1];
165
    char cbuf[MAX_LINELEN+1];
166
    long int thisaccess, lineaccess, linepol, thispol;
166
    long int thisaccess, lineaccess, linepol, thispol;
167
    int non, refuse;
167
    int non, refuse;
168
   
168
 
169
    if(manageable>=2 || robot_access) return;
169
    if(manageable>=2 || robot_access) return;
170
    thisaccess=0;
170
    thisaccess=0;
171
    p=getvar(ro_name[ro_module]); if(p==NULL || *p==0) return;
171
    p=getvar(ro_name[ro_module]); if(p==NULL || *p==0) return;
172
    if(strncmp(p,"adm/doc",7)==0) thisaccess|=ac_doc;
172
    if(strncmp(p,"adm/doc",7)==0) thisaccess|=ac_doc;
173
    else if(strncmp(p,"adm/",4)==0 || strcmp(p,home_module)==0) return;
173
    else if(strncmp(p,"adm/",4)==0 || strcmp(p,home_module)==0) return;
174
    if(strncmp(p,"local/",6)==0) thisaccess|=ac_local;
174
    if(strncmp(p,"local/",6)==0) thisaccess|=ac_local;
175
    if(strncmp(p,"com/",4)==0) thisaccess|=ac_com;
175
    if(strncmp(p,"com/",4)==0) thisaccess|=ac_com;
176
    p=getvar("wims_user");
176
    p=getvar("wims_user");
177
    if(p!=NULL && *p!=0) {
177
    if(p!=NULL && *p!=0) {
178
        if(!isclass && strcmp(p,"supervisor")!=0) access_check(1);
178
     if(!isclass && strcmp(p,"supervisor")!=0) access_check(1);
179
        thisaccess|=ac_class;
179
     thisaccess|=ac_class;
180
    }
180
    }
181
    if(isclass) {
181
    if(isclass) {
182
        if(class_dir[0]==0) return;
182
     if(class_dir[0]==0) return;
183
        accessfile(cbuf,"r","%s/access.conf",class_dir);
183
     accessfile(cbuf,"r","%s/access.conf",class_dir);
184
    }
184
    }
185
    else accessfile(cbuf,"r",ACCESS_CONF);
185
    else accessfile(cbuf,"r",ACCESS_CONF);
186
    if(cbuf[0]==0) return;
186
    if(cbuf[0]==0) return;
187
    if(cmd_type==cmd_hint) thisaccess|=ac_hint;
187
    if(cmd_type==cmd_hint) thisaccess|=ac_hint;
188
    p1=getvar("wims_accessright"); if(p1!=NULL && *p1!=0) {
188
    p1=getvar("wims_accessright"); if(p1!=NULL && *p1!=0) {
189
        p=getvar(ro_name[ro_module]);
189
     p=getvar(ro_name[ro_module]);
190
        for(p1=find_word_start(p1);*p1; p1=find_word_start(p2)) {
190
     for(p1=find_word_start(p1);*p1; p1=find_word_start(p2)) {
191
            p2=find_word_end(p1);
191
         p2=find_word_end(p1);
192
            if(strncmp(p,p1,p2-p1)==0) return;
192
         if(strncmp(p,p1,p2-p1)==0) return;
193
        }
193
     }
194
    }
194
    }
195
    p=getvar("module_category"); if(p) {
195
    p=getvar("module_category"); if(p) {
196
        if(strstr(p,"exercise")!=NULL) thisaccess|=ac_exo;
196
     if(strstr(p,"exercise")!=NULL) thisaccess|=ac_exo;
197
        if(strstr(p,"tool")!=NULL) thisaccess|=ac_tool;
197
     if(strstr(p,"tool")!=NULL) thisaccess|=ac_tool;
198
        if(strstr(p,"recre")!=NULL) thisaccess|=ac_recre;
198
     if(strstr(p,"recre")!=NULL) thisaccess|=ac_recre;
199
        if(strstr(p,"doc")!=NULL) thisaccess|=ac_doc;
199
     if(strstr(p,"doc")!=NULL) thisaccess|=ac_doc;
200
    }
200
    }
201
    for(p1=find_word_start(cbuf);*p1;p1=find_word_start(p2)) {
201
    for(p1=find_word_start(cbuf);*p1;p1=find_word_start(p2)) {
202
        p2=strchr(p1,'\n'); if(p2) *p2++=0; else p2=p1+strlen(p1);
202
     p2=strchr(p1,'\n'); if(p2) *p2++=0; else p2=p1+strlen(p1);
203
        if(!myisalpha(*p1)) continue;
203
     if(!myisalpha(*p1)) continue;
204
        p3=strchr(p1,':'); if(p3==NULL) continue;
204
     p3=strchr(p1,':'); if(p3==NULL) continue;
205
        *p3++=0; p3=find_word_start(p3); strip_trailing_spaces(p3);
205
     *p3++=0; p3=find_word_start(p3); strip_trailing_spaces(p3);
206
        refuse=0; if(*p3=='!') {
206
     refuse=0; if(*p3=='!') {
207
            p3=find_word_start(p3+1); refuse=1;
207
         p3=find_word_start(p3+1); refuse=1;
208
        }
208
     }
209
        if(*p3 && checkhostt(p3)==0) continue;
209
     if(*p3 && checkhostt(p3)==0) continue;
210
        for(p=p1; *p; p++) {
210
     for(p=p1; *p; p++) {
211
            if(myisalpha(*p)) *p=tolower(*p);
211
         if(myisalpha(*p)) *p=tolower(*p);
212
            else *p=' ';
212
         else *p=' ';
213
        }
213
     }
214
        lineaccess=thisaccess; linepol=0;
214
     lineaccess=thisaccess; linepol=0;
215
        for(pp1=find_word_start(p1); *pp1; pp1=find_word_start(pp2)) {
215
     for(pp1=find_word_start(p1); *pp1; pp1=find_word_start(pp2)) {
216
            pp2=find_word_end(pp1); if(*pp2) *pp2++=0;
216
         pp2=find_word_end(pp1); if(*pp2) *pp2++=0;
217
            if(strncmp(pp1,"non",3)==0) {
217
         if(strncmp(pp1,"non",3)==0) {
218
                pp1=find_word_start(pp1+3); non=1;
218
          pp1=find_word_start(pp1+3); non=1;
219
            }
219
         }
220
            else non=0;
220
         else non=0;
221
            thispol=0;
221
         thispol=0;
222
            if(strcmp(pp1,"class")==0) {thispol=ac_class; goto nxt;}
222
         if(strcmp(pp1,"class")==0) {thispol=ac_class; goto nxt;}
223
            if(strcmp(pp1,"exo")==0) {thispol=ac_exo; goto nxt;}
223
         if(strcmp(pp1,"exo")==0) {thispol=ac_exo; goto nxt;}
224
            if(strcmp(pp1,"exercise")==0) {thispol=ac_exo; goto nxt;}
224
         if(strcmp(pp1,"exercise")==0) {thispol=ac_exo; goto nxt;}
225
            if(strcmp(pp1,"tool")==0) {thispol=ac_tool; goto nxt;}
225
         if(strcmp(pp1,"tool")==0) {thispol=ac_tool; goto nxt;}
226
            if(strcmp(pp1,"recre")==0) {thispol=ac_recre; goto nxt;}
226
         if(strcmp(pp1,"recre")==0) {thispol=ac_recre; goto nxt;}
227
            if(strcmp(pp1,"recreation")==0) {thispol=ac_recre; goto nxt;}
227
         if(strcmp(pp1,"recreation")==0) {thispol=ac_recre; goto nxt;}
228
            if(strcmp(pp1,"doc")==0) {thispol=ac_doc; goto nxt;}
228
         if(strcmp(pp1,"doc")==0) {thispol=ac_doc; goto nxt;}
229
            if(strcmp(pp1,"document")==0) {thispol=ac_doc; goto nxt;}
229
         if(strcmp(pp1,"document")==0) {thispol=ac_doc; goto nxt;}
230
            if(strcmp(pp1,"local")==0) {thispol=ac_local; goto nxt;}
230
         if(strcmp(pp1,"local")==0) {thispol=ac_local; goto nxt;}
231
            if(strcmp(pp1,"com")==0) {thispol=ac_com; goto nxt;}
231
         if(strcmp(pp1,"com")==0) {thispol=ac_com; goto nxt;}
232
            if(strcmp(pp1,"hint")==0) {thispol=ac_hint; goto nxt;}
232
         if(strcmp(pp1,"hint")==0) {thispol=ac_hint; goto nxt;}
233
            nxt:
233
         nxt:
234
            if(thispol==0) continue;
234
         if(thispol==0) continue;
235
            if(non) lineaccess^=thispol;
235
         if(non) lineaccess^=thispol;
236
            linepol|=thispol;
236
         linepol|=thispol;
237
        }
237
     }
238
        if(linepol==0 || (linepol&lineaccess)!=linepol) continue;
238
     if(linepol==0 || (linepol&lineaccess)!=linepol) continue;
239
        if(refuse) user_error("no_access");
239
     if(refuse) user_error("no_access");
240
        else return;
240
     else return;
241
    }
241
    }
242
}
242
}
243
 
243