Back to index

wims  3.65+svn20090927
Defines | Functions
auth.c File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define rafinfono   10
#define ac_class   0x1 /* class access */
#define ac_exo   0x2 /* access to exercises */
#define ac_tool   0x4 /* access to tools */
#define ac_recre   0x8 /* access to recreations */
#define ac_doc   0x10 /* access to documents */
#define ac_local   0x20 /* access to local modules */
#define ac_com   0x40 /* access to commercial modules */
#define ac_hint   0x80 /* hint command */
#define ac_sheet   0x100 /* use within a worksheet */
#define ac_exam   0x200 /* work during an exam */

Functions

void refuse_log (int th)
void set_module_prefix (void)
void check_load (int th)
void auth (void)
void checkrafale (void)
void lessrafale (void)
void access_check (int isclass)

Define Documentation

#define ac_class   0x1 /* class access */

Definition at line 150 of file auth.c.

#define ac_com   0x40 /* access to commercial modules */

Definition at line 156 of file auth.c.

#define ac_doc   0x10 /* access to documents */

Definition at line 154 of file auth.c.

#define ac_exam   0x200 /* work during an exam */

Definition at line 159 of file auth.c.

#define ac_exo   0x2 /* access to exercises */

Definition at line 151 of file auth.c.

#define ac_hint   0x80 /* hint command */

Definition at line 157 of file auth.c.

#define ac_local   0x20 /* access to local modules */

Definition at line 155 of file auth.c.

#define ac_recre   0x8 /* access to recreations */

Definition at line 153 of file auth.c.

#define ac_sheet   0x100 /* use within a worksheet */

Definition at line 158 of file auth.c.

#define ac_tool   0x4 /* access to tools */

Definition at line 152 of file auth.c.

#define rafinfono   10

Definition at line 97 of file auth.c.


Function Documentation

void access_check ( int  isclass)

Definition at line 162 of file auth.c.

{
    char *p, *p1, *p2, *p3, *pp1, *pp2;
    char cbuf[MAX_LINELEN+1];
    long int thisaccess, lineaccess, linepol, thispol;
    int non, refuse;
    
    if(manageable>=2 || robot_access) return;
    thisaccess=0;
    p=getvar(ro_name[ro_module]); if(p==NULL || *p==0) return;
    if(strncmp(p,"adm/doc",7)==0) thisaccess|=ac_doc;
    else if(strncmp(p,"adm/",4)==0 || strcmp(p,home_module)==0) return;
    if(strncmp(p,"local/",6)==0) thisaccess|=ac_local;
    if(strncmp(p,"com/",4)==0) thisaccess|=ac_com;
    p=getvar("wims_user");
    if(p!=NULL && *p!=0) {
       if(!isclass && strcmp(p,"supervisor")!=0) access_check(1); 
       thisaccess|=ac_class;
    }
    if(isclass) {
       if(class_dir[0]==0) return;
       accessfile(cbuf,"r","%s/access.conf",class_dir);
    }
    else accessfile(cbuf,"r",ACCESS_CONF);
    if(cbuf[0]==0) return;
    if(cmd_type==cmd_hint) thisaccess|=ac_hint;
    p1=getvar("wims_accessright"); if(p1!=NULL && *p1!=0) {
       p=getvar(ro_name[ro_module]);
       for(p1=find_word_start(p1);*p1; p1=find_word_start(p2)) {
           p2=find_word_end(p1);
           if(strncmp(p,p1,p2-p1)==0) return;
       }
    }
    p=getvar("module_category"); if(p) {
       if(strstr(p,"exercise")!=NULL) thisaccess|=ac_exo;
       if(strstr(p,"tool")!=NULL) thisaccess|=ac_tool;
       if(strstr(p,"recre")!=NULL) thisaccess|=ac_recre;
       if(strstr(p,"doc")!=NULL) thisaccess|=ac_doc;
    }
    for(p1=find_word_start(cbuf);*p1;p1=find_word_start(p2)) {
       p2=strchr(p1,'\n'); if(p2) *p2++=0; else p2=p1+strlen(p1);
       if(!myisalpha(*p1)) continue;
       p3=strchr(p1,':'); if(p3==NULL) continue;
       *p3++=0; p3=find_word_start(p3); strip_trailing_spaces(p3);
       refuse=0; if(*p3=='!') {
           p3=find_word_start(p3+1); refuse=1;
       }
       if(*p3 && checkhostt(p3)==0) continue;
       for(p=p1; *p; p++) {
           if(myisalpha(*p)) *p=tolower(*p);
           else *p=' ';
       }
       lineaccess=thisaccess; linepol=0;
       for(pp1=find_word_start(p1); *pp1; pp1=find_word_start(pp2)) {
           pp2=find_word_end(pp1); if(*pp2) *pp2++=0;
           if(strncmp(pp1,"non",3)==0) {
              pp1=find_word_start(pp1+3); non=1;
           }
           else non=0;
           thispol=0;
           if(strcmp(pp1,"class")==0) {thispol=ac_class; goto nxt;}
           if(strcmp(pp1,"exo")==0) {thispol=ac_exo; goto nxt;}
           if(strcmp(pp1,"exercise")==0) {thispol=ac_exo; goto nxt;}
           if(strcmp(pp1,"tool")==0) {thispol=ac_tool; goto nxt;}
           if(strcmp(pp1,"recre")==0) {thispol=ac_recre; goto nxt;}
           if(strcmp(pp1,"recreation")==0) {thispol=ac_recre; goto nxt;}
           if(strcmp(pp1,"doc")==0) {thispol=ac_doc; goto nxt;}
           if(strcmp(pp1,"document")==0) {thispol=ac_doc; goto nxt;}
           if(strcmp(pp1,"local")==0) {thispol=ac_local; goto nxt;}
           if(strcmp(pp1,"com")==0) {thispol=ac_com; goto nxt;}
           if(strcmp(pp1,"hint")==0) {thispol=ac_hint; goto nxt;}
           nxt:
           if(thispol==0) continue;
           if(non) lineaccess^=thispol;
           linepol|=thispol;
       }
       if(linepol==0 || (linepol&lineaccess)!=linepol) continue;
       if(refuse) user_error("no_access");
       else return;
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void auth ( void  )

Definition at line 92 of file auth.c.

{
    check_load(1); return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void check_load ( int  th)

Definition at line 26 of file auth.c.

{
    int load, pload;
    char *p1, *p2, buf[64];
    char *pp;
    double dload;
    
    pload=0; pp=strchr(loadavg,'/'); if(pp) {
       for(;pp>loadavg && isdigit(pp[-1]); pp--);
       pload=atoi(pp);
       if(pload*12>threshold2+3) {
           pload_refuse:
           refuse_log(pload+100); user_error("threshold");
       }
    }
    if(ispriority) goto repcheck; /* priority connections will not be refused. */
    if(pload*20>threshold1+2) goto pload_refuse;
    if(th<0 || th>2) goto repcheck;
       /* Operating system load average facility */
    if(robot_access && loadavg[0]==0) goto refuse;
    if(loadavg[0]==0) goto repcheck;
    p1=find_word_start(loadavg); p2=find_word_end(p1);*p2=0;
    dload=atof(p1);
    if(robot_access && 
       (!finite(dload) || dload>1000 || dload<0 || dload*200>threshold1))
      goto refuse;
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
       /* very small 1 min load average */
    if(dload*200<threshold1) goto repcheck;
    if(dload*50>threshold2) goto refuse;
    p1=find_word_start(p2+1);      /* go to second average: 5 min. */
    *find_word_end(p1)=0;
    dload=atof(p1);
    if(!finite(dload) || dload<=0 || dload>1000) goto repcheck; /* unreasonable */
    load=dload*100;
    snprintf(buf,sizeof(buf),"%d",load);
    setvar("wims_server_load",buf);
       /* cut cpu allowance to 3/4 or half if load is high.
        * But alarm time is not changed */
    if(load*3>=threshold1*2) {
       struct rlimit rlim;
       rlimit_cpu=(3*rlimit_cpu+1)/4;
       if(load>=threshold1) rlimit_cpu=(3*rlimit_cpu+1)/4;
       rlim.rlim_cur=rlim.rlim_max=rlimit_cpu;
       setrlimit(RLIMIT_CPU,&rlim);
    }
    if((th==0 && load*2>threshold1) ||
       (th==1 && load>threshold1) || (th==2 && load>threshold2)) {
       refuse:
       if(new_session && *session_prefix!=0) {
           remove_tree(session_prefix); remove_tree(s2_prefix);
       }
       refuse_log(th);      user_error("threshold");
    }
    repcheck:
    if(robot_access) return;
    if(new_session && *session_prefix!=0 && *remote_addr
       && hostcquota && strcmp(remote_addr,"127.0.0.1")!=0
       && !ispriority) {
           /* overload: */
       remove_tree(session_prefix); remove_tree(s2_prefix);
       user_error("overload");
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void checkrafale ( void  )

Definition at line 100 of file auth.c.

{
    char *p, *p1, *p2, *sh, *u;
    char rbuf[MAX_LINELEN+1];
    time_t rr, rafinfo[rafinfono];
    int i, t, mm, rafinfocnt;
    double coef=0.23;

    if(rafalvl<=0) return;
    p=getvar("module_scoring"); if(p==NULL || strcasecmp(p,"yes")!=0) return;
    u=getvar("wims_user"); if(u!=NULL && strcmp(u,"supervisor")==0) return;
    p=getvar("wims_developer"); if(p!=NULL && *p!=0) return;
    p=getenv("REMOTE_ADDR");if(p!=NULL && strcmp(p,"127.0.0.1")==0) return;
    p=getvar("session"); if(p!=NULL && strstr(p,"_exam")!=NULL) return;
    sh=getvar("wims_sheet"); if(sh!=NULL && *sh>'0') coef*=3;
    p=getvar("wims_rafale"); if(p==NULL) p="";
    mm=0;
    for(p1=find_word_start(p),i=0;i<rafinfono && *p1;p1=find_word_start(p2)) {
       p2=find_word_end(p1); if(*p2) *p2++=0;
       rr=atol(p1); if(rr<=0 || rr>nowtime) continue;
       t=coef*rafalvl*pow(i,1+rafalvl*0.05)-(nowtime-rr); if(t>mm) mm=t;
       rafinfo[i++]=rr;
    }
    if(mm>0) {
       if(u!=NULL && *u!=0) user_log("rafale");
       user_error("rafale");
    }
    rafinfocnt=i;
    snprintf(rbuf,sizeof(rbuf),"%lu",nowtime);
    for(i=0;i<rafinfocnt;i++) {
       snprintf(rbuf+strlen(rbuf),sizeof(rbuf)-strlen(rbuf),
               " %lu",rafinfo[i]);
    }
    force_setvar("wims_rafale",rbuf);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void lessrafale ( void  )

Definition at line 137 of file auth.c.

{
    char *p;
    double s;
    int i;
    p=getvar("module_score"); if(p==NULL) return;
    s=atof(p); if(s<3) return;
    p=getvar("wims_rafale"); if(p==NULL || *p==0) return;
    for(i=0;i<2;i++) p=find_word_end(find_word_start(p));
    p=find_word_start(p);
    force_setvar("wims_rafale",p);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void refuse_log ( int  th)

Definition at line 370 of file log.c.

{
    char *load, *h;
    
    load=getvar("wims_server_load"); if(load==NULL) load="??";
    h=remote_addr;
    snprintf(tmplbuf,sizeof(tmplbuf),"%s %s\11%d:%s",
            nowstr, h, th, load);
    write_logfile("refuse.log",tmplbuf);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void set_module_prefix ( void  )

Definition at line 473 of file variables.c.

{
    char tbuf[MAX_FNAME+1], mmbuf[MAX_FNAME+1], *p, *pp, *ps;
    int t,ft;
    struct stat st;

    isclassmodule=0;
    p=getvar(ro_name[ro_module]);
    if(p==NULL || *p==0) user_error("no_module_name");
       /* security measure: we should not allow users to go back to
        * parent directories. */
    if(strstr(p,parent_dir_string)!=NULL) user_error("wrong_module");
    if(strncmp(p,"classes/",strlen("classes/"))==0) isclassmodule=1;
    if(strncmp(p,"devel/",strlen("devel/"))==0) isdevelmodule=1;
    mkfname(module_prefix,"%s/%s",module_dir,p);
       /* Now no symbolic link should appear in the module path. */
    mkfname(tbuf,"modules/%s",p);
    for(t=0,ps=pp=strchr(tbuf+strlen("modules/"),'/'); pp;
       *pp='/', ps=pp, pp=strchr(pp+1,'/'), t++) {
       *pp=0; if(lstat(tbuf,&st)) user_error("wrong_module");
       if(t>0 && S_ISLNK(st.st_mode)) {
           if(strcmp(ps,"/local")!=0 ||
              strncmp(tbuf,"modules/home",strlen("modules/home"))==0)
             user_error("wrong_module");
       }
    }
       /* Check validity of the module. */
    mkfname(tbuf,"%s/%s",module_prefix,html_file);
    ft=stat(tbuf,&st);
    if(ft!=0 && p[strlen(p)-3]!='.') {
       int i,j;
       char *l;
       l=getvar(ro_name[ro_lang]);
       j=available_lang_no;
       for(i=-1;i<j && ft!=0;i++) {
           if(i<0) mkfname(mmbuf,"%s.%s",p,l);
           else mkfname(mmbuf,"%s.%s",p,available_lang[i]);
           mkfname(module_prefix,"%s/%s",module_dir,mmbuf);
           mkfname(tbuf,"%s/%s",module_prefix,html_file);
           ft=stat(tbuf,&st);
       }
       if(ft==0) force_setvar(ro_name[ro_module],mmbuf);
    }
    if(ft!=0 && !isclassmodule) user_error("wrong_module");
    setenv("module_dir",module_prefix,1); setvar("module_dir",module_prefix);
    module_index();
}

Here is the call graph for this function:

Here is the caller graph for this function: