Subversion Repositories wimsdev

Rev

Rev 10 | Rev 8155 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 10 Rev 7673
Line 13... Line 13...
13 
 *  You should have received a copy of the GNU General Public License
 13 
 *  You should have received a copy of the GNU General Public License
14 
 *  along with this program; if not, write to the Free Software
 14 
 *  along with this program; if not, write to the Free Software
15 
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 15 
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
16 
 */
 16 
 */
17 
 
 17 
 
18 
        /* This file contains user authentification routines */
 18 
/* This file contains user authentification routines */
19 
 
 19 
 
20 
void refuse_log(int th);
 20 
void refuse_log(int th);
21 
void set_module_prefix(void);
 21 
void set_module_prefix(void);
22 
 
 22 
 
23 
        /* check machine load. 2-threshold system.
 23 
/* check machine load. 2-threshold system.
24 
         * Threshold 1: anonymous new session refused.
 24 
 * Threshold 1: anonymous new session refused.
25 
         * Threshold 2: New session and anonymous request refused. */
 25 
 * Threshold 2: New session and anonymous request refused. */
26 
void check_load(int th)
 26 
void check_load(int th)
27 
{
 27 
{
28 
    int load, pload;
 28 
    int load, pload;
29 
    char *p1, *p2, buf[64];
 29 
    char *p1, *p2, buf[64];
30 
    char *pp;
 30 
    char *pp;
31 
    double dload;
 31 
    double dload;
32 
   
 32 
 
33 
    pload=0; pp=strchr(loadavg,'/'); if(pp) {
 33 
    pload=0; pp=strchr(loadavg,'/'); if(pp) {
34 
        for(;pp>loadavg && isdigit(pp[-1]); pp--);
 34 
     for(;pp>loadavg && isdigit(pp[-1]); pp--);
35 
        pload=atoi(pp);
 35 
     pload=atoi(pp);
36 
        if(pload*12>threshold2+3) {
 36 
     if(pload*12>threshold2+3) {
37 
            pload_refuse:
 37 
         pload_refuse:
38 
            refuse_log(pload+100); user_error("threshold");
 38 
         refuse_log(pload+100); user_error("threshold");
39 
        }
 39 
     }
40 
    }
 40 
    }
41 
    if(ispriority) goto repcheck; /* priority connections will not be refused. */
 41 
    if(ispriority) goto repcheck; /* priority connections will not be refused. */
42 
    if(pload*20>threshold1+2) goto pload_refuse;
 42 
    if(pload*20>threshold1+2) goto pload_refuse;
43 
    if(th<0 || th>2) goto repcheck;
 43 
    if(th<0 || th>2) goto repcheck;
44 
        /* Operating system load average facility */
 44 
/* Operating system load average facility */
45 
    if(robot_access && loadavg[0]==0) goto refuse;
 45 
    if(robot_access && loadavg[0]==0) goto refuse;
46 
    if(loadavg[0]==0) goto repcheck;
 46 
    if(loadavg[0]==0) goto repcheck;
47 
    p1=find_word_start(loadavg); p2=find_word_end(p1);*p2=0;
 47 
    p1=find_word_start(loadavg); p2=find_word_end(p1);*p2=0;
48 
    dload=atof(p1);
 48 
    dload=atof(p1);
49 
    if(robot_access &&
 49 
    if(robot_access &&
50 
       (!finite(dload) || dload>1000 || dload<0 || dload*200>threshold1))
 50 
       (!finite(dload) || dload>1000 || dload<0 || dload*200>threshold1))
51 
      goto refuse;
 51 
      goto refuse;
52 
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
 52 
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
53 
        /* very small 1 min load average */
 53 
/* very small 1 min load average */
54 
    if(dload*200<threshold1) goto repcheck;
 54 
    if(dload*200<threshold1) goto repcheck;
55 
    if(dload*50>threshold2) goto refuse;
 55 
    if(dload*50>threshold2) goto refuse;
56 
    p1=find_word_start(p2+1);   /* go to second average: 5 min. */
 56 
    p1=find_word_start(p2+1); /* go to second average: 5 min. */
57 
    *find_word_end(p1)=0;
 57 
    *find_word_end(p1)=0;
58 
    dload=atof(p1);
 58 
    dload=atof(p1);
59 
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
 59 
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
60 
    load=dload*100;
 60 
    load=dload*100;
61 
    snprintf(buf,sizeof(buf),"%d",load);
 61 
    snprintf(buf,sizeof(buf),"%d",load);
62 
    setvar("wims_server_load",buf);
 62 
    setvar("wims_server_load",buf);
63 
        /* cut cpu allowance to 3/4 or half if load is high.
 63 
/* cut cpu allowance to 3/4 or half if load is high.
64 
         * But alarm time is not changed */
 64 
 * But alarm time is not changed */
65 
    if(load*3>=threshold1*2) {
 65 
    if(load*3>=threshold1*2) {
66 
        struct rlimit rlim;
 66 
     struct rlimit rlim;
67 
        rlimit_cpu=(3*rlimit_cpu+1)/4;
 67 
     rlimit_cpu=(3*rlimit_cpu+1)/4;
68 
        if(load>=threshold1) rlimit_cpu=(3*rlimit_cpu+1)/4;
 68 
     if(load>=threshold1) rlimit_cpu=(3*rlimit_cpu+1)/4;
69 
        rlim.rlim_cur=rlim.rlim_max=rlimit_cpu;
 69 
     rlim.rlim_cur=rlim.rlim_max=rlimit_cpu;
70 
        setrlimit(RLIMIT_CPU,&rlim);
 70 
     setrlimit(RLIMIT_CPU,&rlim);
71 
    }
 71 
    }
72 
    if((th==0 && load*2>threshold1) ||
 72 
    if((th==0 && load*2>threshold1) ||
73 
       (th==1 && load>threshold1) || (th==2 && load>threshold2)) {
 73 
       (th==1 && load>threshold1) || (th==2 && load>threshold2)) {
74 
        refuse:
 74 
     refuse:
75 
        if(new_session && *session_prefix!=0) {
 75 
     if(new_session && *session_prefix!=0) {
76 
            remove_tree(session_prefix); remove_tree(s2_prefix);
 76 
         remove_tree(session_prefix); remove_tree(s2_prefix);
77 
        }
 77 
     }
78 
        refuse_log(th); user_error("threshold");
 78 
     refuse_log(th); user_error("threshold");
79 
    }
 79 
    }
80 
    repcheck:
 80 
    repcheck:
81 
    if(robot_access) return;
 81 
    if(robot_access) return;
82 
    if(new_session && *session_prefix!=0 && *remote_addr
 82 
    if(new_session && *session_prefix!=0 && *remote_addr
83 
       && hostcquota && strcmp(remote_addr,"127.0.0.1")!=0
 83 
       && hostcquota && strcmp(remote_addr,"127.0.0.1")!=0
84 
       && !ispriority) {
 84 
       && !ispriority) {
85 
            /* overload: */
 85 
/* overload: */
86 
        remove_tree(session_prefix); remove_tree(s2_prefix);
 86 
     remove_tree(session_prefix); remove_tree(s2_prefix);
87 
        user_error("overload");
 87 
     user_error("overload");
88 
    }
 88 
    }
89 
}
 89 
}
90 
 
 90 
 
91 
        /* User authentification routine, obsolete */
 91 
/* User authentification routine, obsolete */
92 
void auth(void)
 92 
void auth(void)
93 
{
 93 
{
94 
    check_load(1); return;
 94 
    check_load(1); return;
95 
}
 95 
}
96 
 
 96 
 
97 
#define rafinfono 10
 97 
#define rafinfono 10
98 
 
 98 
 
99 
        /* check rapidfire information */
 99 
/* check rapidfire information */
100 
void checkrafale(void)
 100 
void checkrafale(void)
101 
{
 101 
{
102 
    char *p, *p1, *p2, *sh, *u;
 102 
    char *p, *p1, *p2, *sh, *u;
103 
    char rbuf[MAX_LINELEN+1];
 103 
    char rbuf[MAX_LINELEN+1];
104 
    time_t rr, rafinfo[rafinfono];
 104 
    time_t rr, rafinfo[rafinfono];
Line 113... Line 113...
113 
    p=getvar("session"); if(p!=NULL && strstr(p,"_exam")!=NULL) return;
 113 
    p=getvar("session"); if(p!=NULL && strstr(p,"_exam")!=NULL) return;
114 
    sh=getvar("wims_sheet"); if(sh!=NULL && *sh>'0') coef*=3;
 114 
    sh=getvar("wims_sheet"); if(sh!=NULL && *sh>'0') coef*=3;
115 
    p=getvar("wims_rafale"); if(p==NULL) p="";
 115 
    p=getvar("wims_rafale"); if(p==NULL) p="";
116 
    mm=0;
 116 
    mm=0;
117 
    for(p1=find_word_start(p),i=0;i<rafinfono && *p1;p1=find_word_start(p2)) {
 117 
    for(p1=find_word_start(p),i=0;i<rafinfono && *p1;p1=find_word_start(p2)) {
118 
        p2=find_word_end(p1); if(*p2) *p2++=0;
 118 
     p2=find_word_end(p1); if(*p2) *p2++=0;
119 
        rr=atol(p1); if(rr<=0 || rr>nowtime) continue;
 119 
     rr=atol(p1); if(rr<=0 || rr>nowtime) continue;
120 
        t=coef*rafalvl*pow(i,1+rafalvl*0.05)-(nowtime-rr); if(t>mm) mm=t;
 120 
     t=coef*rafalvl*pow(i,1+rafalvl*0.05)-(nowtime-rr); if(t>mm) mm=t;
121 
        rafinfo[i++]=rr;
 121 
     rafinfo[i++]=rr;
122 
    }
 122 
    }
123 
    if(mm>0) {
 123 
    if(mm>0) {
124 
        if(u!=NULL && *u!=0) user_log("rafale");
 124 
     if(u!=NULL && *u!=0) user_log("rafale");
125 
        user_error("rafale");
 125 
     user_error("rafale");
126 
    }
 126 
    }
127 
    rafinfocnt=i;
 127 
    rafinfocnt=i;
128 
    snprintf(rbuf,sizeof(rbuf),"%lu",nowtime);
 128 
    snprintf(rbuf,sizeof(rbuf),"%lu",nowtime);
129 
    for(i=0;i<rafinfocnt;i++) {
 129 
    for(i=0;i<rafinfocnt;i++) {
130 
        snprintf(rbuf+strlen(rbuf),sizeof(rbuf)-strlen(rbuf),
 130 
     snprintf(rbuf+strlen(rbuf),sizeof(rbuf)-strlen(rbuf),
131 
                 " %lu",rafinfo[i]);
 131 
           " %lu",rafinfo[i]);
132 
    }
 132 
    }
133 
    force_setvar("wims_rafale",rbuf);
 133 
    force_setvar("wims_rafale",rbuf);
134 
}
 134 
}
135 
 
 135 
 
136 
        /* when score is got: erase 2 rafale information. */
 136 
/* when score is got: erase 2 rafale information. */
137 
void lessrafale(void)
 137 
void lessrafale(void)
138 
{
 138 
{
139 
    char *p;
 139 
    char *p;
140 
    double s;
 140 
    double s;
141 
    int i;
 141 
    int i;
Line 145... Line 145...
145 
    for(i=0;i<2;i++) p=find_word_end(find_word_start(p));
 145 
    for(i=0;i<2;i++) p=find_word_end(find_word_start(p));
146 
    p=find_word_start(p);
 146 
    p=find_word_start(p);
147 
    force_setvar("wims_rafale",p);
 147 
    force_setvar("wims_rafale",p);
148 
}
 148 
}
149 
 
 149 
 
150 
#define ac_class 0x1    /* class access */
 150 
#define ac_class 0x1 /* class access */
151 
#define ac_exo   0x2    /* access to exercises */
 151 
#define ac_exo   0x2 /* access to exercises */
152 
#define ac_tool  0x4    /* access to tools */
 152 
#define ac_tool  0x4 /* access to tools */
153 
#define ac_recre 0x8    /* access to recreations */
 153 
#define ac_recre 0x8 /* access to recreations */
154 
#define ac_doc   0x10   /* access to documents */
 154 
#define ac_doc  0x10 /* access to documents */
155 
#define ac_local 0x20   /* access to local modules */
 155 
#define ac_local 0x20 /* access to local modules */
156 
#define ac_com   0x40   /* access to commercial modules */
 156 
#define ac_com   0x40 /* access to commercial modules */
157 
#define ac_hint  0x80   /* hint command */
 157 
#define ac_hint  0x80   /* hint command */
158 
#define ac_sheet 0x100  /* use within a worksheet */
 158 
#define ac_sheet 0x100  /* use within a worksheet */
159 
#define ac_exam  0x200  /* work during an exam */
 159 
#define ac_exam  0x200  /* work during an exam */
160 
 
 160 
 
161 
        /* Check site's access policy. */
 161 
/* Check site's access policy. */
162 
void access_check(int isclass)
 162 
void access_check(int isclass)
163 
{
 163 
{
164 
    char *p, *p1, *p2, *p3, *pp1, *pp2;
 164 
    char *p, *p1, *p2, *p3, *pp1, *pp2;
165 
    char cbuf[MAX_LINELEN+1];
 165 
    char cbuf[MAX_LINELEN+1];
166 
    long int thisaccess, lineaccess, linepol, thispol;
 166 
    long int thisaccess, lineaccess, linepol, thispol;
167 
    int non, refuse;
 167 
    int non, refuse;
168 
   
 168 
 
169 
    if(manageable>=2 || robot_access) return;
 169 
    if(manageable>=2 || robot_access) return;
170 
    thisaccess=0;
 170 
    thisaccess=0;
171 
    p=getvar(ro_name[ro_module]); if(p==NULL || *p==0) return;
 171 
    p=getvar(ro_name[ro_module]); if(p==NULL || *p==0) return;
172 
    if(strncmp(p,"adm/doc",7)==0) thisaccess|=ac_doc;
 172 
    if(strncmp(p,"adm/doc",7)==0) thisaccess|=ac_doc;
173 
    else if(strncmp(p,"adm/",4)==0 || strcmp(p,home_module)==0) return;
 173 
    else if(strncmp(p,"adm/",4)==0 || strcmp(p,home_module)==0) return;
174 
    if(strncmp(p,"local/",6)==0) thisaccess|=ac_local;
 174 
    if(strncmp(p,"local/",6)==0) thisaccess|=ac_local;
175 
    if(strncmp(p,"com/",4)==0) thisaccess|=ac_com;
 175 
    if(strncmp(p,"com/",4)==0) thisaccess|=ac_com;
176 
    p=getvar("wims_user");
 176 
    p=getvar("wims_user");
177 
    if(p!=NULL && *p!=0) {
 177 
    if(p!=NULL && *p!=0) {
178 
        if(!isclass && strcmp(p,"supervisor")!=0) access_check(1);
 178 
     if(!isclass && strcmp(p,"supervisor")!=0) access_check(1);
179 
        thisaccess|=ac_class;
 179 
     thisaccess|=ac_class;
180 
    }
 180 
    }
181 
    if(isclass) {
 181 
    if(isclass) {
182 
        if(class_dir[0]==0) return;
 182 
     if(class_dir[0]==0) return;
183 
        accessfile(cbuf,"r","%s/access.conf",class_dir);
 183 
     accessfile(cbuf,"r","%s/access.conf",class_dir);
184 
    }
 184 
    }
185 
    else accessfile(cbuf,"r",ACCESS_CONF);
 185 
    else accessfile(cbuf,"r",ACCESS_CONF);
186 
    if(cbuf[0]==0) return;
 186 
    if(cbuf[0]==0) return;
187 
    if(cmd_type==cmd_hint) thisaccess|=ac_hint;
 187 
    if(cmd_type==cmd_hint) thisaccess|=ac_hint;
188 
    p1=getvar("wims_accessright"); if(p1!=NULL && *p1!=0) {
 188 
    p1=getvar("wims_accessright"); if(p1!=NULL && *p1!=0) {
189 
        p=getvar(ro_name[ro_module]);
 189 
     p=getvar(ro_name[ro_module]);
190 
        for(p1=find_word_start(p1);*p1; p1=find_word_start(p2)) {
 190 
     for(p1=find_word_start(p1);*p1; p1=find_word_start(p2)) {
191 
            p2=find_word_end(p1);
 191 
         p2=find_word_end(p1);
192 
            if(strncmp(p,p1,p2-p1)==0) return;
 192 
         if(strncmp(p,p1,p2-p1)==0) return;
193 
        }
 193 
     }
194 
    }
 194 
    }
195 
    p=getvar("module_category"); if(p) {
 195 
    p=getvar("module_category"); if(p) {
196 
        if(strstr(p,"exercise")!=NULL) thisaccess|=ac_exo;
 196 
     if(strstr(p,"exercise")!=NULL) thisaccess|=ac_exo;
197 
        if(strstr(p,"tool")!=NULL) thisaccess|=ac_tool;
 197 
     if(strstr(p,"tool")!=NULL) thisaccess|=ac_tool;
198 
        if(strstr(p,"recre")!=NULL) thisaccess|=ac_recre;
 198 
     if(strstr(p,"recre")!=NULL) thisaccess|=ac_recre;
199 
        if(strstr(p,"doc")!=NULL) thisaccess|=ac_doc;
 199 
     if(strstr(p,"doc")!=NULL) thisaccess|=ac_doc;
200 
    }
 200 
    }
201 
    for(p1=find_word_start(cbuf);*p1;p1=find_word_start(p2)) {
 201 
    for(p1=find_word_start(cbuf);*p1;p1=find_word_start(p2)) {
202 
        p2=strchr(p1,'\n'); if(p2) *p2++=0; else p2=p1+strlen(p1);
 202 
     p2=strchr(p1,'\n'); if(p2) *p2++=0; else p2=p1+strlen(p1);
203 
        if(!myisalpha(*p1)) continue;
 203 
     if(!myisalpha(*p1)) continue;
204 
        p3=strchr(p1,':'); if(p3==NULL) continue;
 204 
     p3=strchr(p1,':'); if(p3==NULL) continue;
205 
        *p3++=0; p3=find_word_start(p3); strip_trailing_spaces(p3);
 205 
     *p3++=0; p3=find_word_start(p3); strip_trailing_spaces(p3);
206 
        refuse=0; if(*p3=='!') {
 206 
     refuse=0; if(*p3=='!') {
207 
            p3=find_word_start(p3+1); refuse=1;
 207 
         p3=find_word_start(p3+1); refuse=1;
208 
        }
 208 
     }
209 
        if(*p3 && checkhostt(p3)==0) continue;
 209 
     if(*p3 && checkhostt(p3)==0) continue;
210 
        for(p=p1; *p; p++) {
 210 
     for(p=p1; *p; p++) {
211 
            if(myisalpha(*p)) *p=tolower(*p);
 211 
         if(myisalpha(*p)) *p=tolower(*p);
212 
            else *p=' ';
 212 
         else *p=' ';
213 
        }
 213 
     }
214 
        lineaccess=thisaccess; linepol=0;
 214 
     lineaccess=thisaccess; linepol=0;
215 
        for(pp1=find_word_start(p1); *pp1; pp1=find_word_start(pp2)) {
 215 
     for(pp1=find_word_start(p1); *pp1; pp1=find_word_start(pp2)) {
216 
            pp2=find_word_end(pp1); if(*pp2) *pp2++=0;
 216 
         pp2=find_word_end(pp1); if(*pp2) *pp2++=0;
217 
            if(strncmp(pp1,"non",3)==0) {
 217 
         if(strncmp(pp1,"non",3)==0) {
218 
                pp1=find_word_start(pp1+3); non=1;
 218 
          pp1=find_word_start(pp1+3); non=1;
219 
            }
 219 
         }
220 
            else non=0;
 220 
         else non=0;
221 
            thispol=0;
 221 
         thispol=0;
222 
            if(strcmp(pp1,"class")==0) {thispol=ac_class; goto nxt;}
 222 
         if(strcmp(pp1,"class")==0) {thispol=ac_class; goto nxt;}
223 
            if(strcmp(pp1,"exo")==0) {thispol=ac_exo; goto nxt;}
 223 
         if(strcmp(pp1,"exo")==0) {thispol=ac_exo; goto nxt;}
224 
            if(strcmp(pp1,"exercise")==0) {thispol=ac_exo; goto nxt;}
 224 
         if(strcmp(pp1,"exercise")==0) {thispol=ac_exo; goto nxt;}
225 
            if(strcmp(pp1,"tool")==0) {thispol=ac_tool; goto nxt;}
 225 
         if(strcmp(pp1,"tool")==0) {thispol=ac_tool; goto nxt;}
226 
            if(strcmp(pp1,"recre")==0) {thispol=ac_recre; goto nxt;}
 226 
         if(strcmp(pp1,"recre")==0) {thispol=ac_recre; goto nxt;}
227 
            if(strcmp(pp1,"recreation")==0) {thispol=ac_recre; goto nxt;}
 227 
         if(strcmp(pp1,"recreation")==0) {thispol=ac_recre; goto nxt;}
228 
            if(strcmp(pp1,"doc")==0) {thispol=ac_doc; goto nxt;}
 228 
         if(strcmp(pp1,"doc")==0) {thispol=ac_doc; goto nxt;}
229 
            if(strcmp(pp1,"document")==0) {thispol=ac_doc; goto nxt;}
 229 
         if(strcmp(pp1,"document")==0) {thispol=ac_doc; goto nxt;}
230 
            if(strcmp(pp1,"local")==0) {thispol=ac_local; goto nxt;}
 230 
         if(strcmp(pp1,"local")==0) {thispol=ac_local; goto nxt;}
231 
            if(strcmp(pp1,"com")==0) {thispol=ac_com; goto nxt;}
 231 
         if(strcmp(pp1,"com")==0) {thispol=ac_com; goto nxt;}
232 
            if(strcmp(pp1,"hint")==0) {thispol=ac_hint; goto nxt;}
 232 
         if(strcmp(pp1,"hint")==0) {thispol=ac_hint; goto nxt;}
233 
            nxt:
 233 
         nxt:
234 
            if(thispol==0) continue;
 234 
         if(thispol==0) continue;
235 
            if(non) lineaccess^=thispol;
 235 
         if(non) lineaccess^=thispol;
236 
            linepol|=thispol;
 236 
         linepol|=thispol;
237 
        }
 237 
     }
238 
        if(linepol==0 || (linepol&lineaccess)!=linepol) continue;
 238 
     if(linepol==0 || (linepol&lineaccess)!=linepol) continue;
239 
        if(refuse) user_error("no_access");
 239 
     if(refuse) user_error("no_access");
240 
        else return;
 240 
     else return;
241 
    }
 241 
    }
242 
}
 242 
}
243 
 
 243