tomasz.sowa/winix
1
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

fixed: permissions to symlinks and directories with redirect flag were incorrectly checked

Browse Source 
(there was no session set and the request was treated the same as from a not logged user)
fixed: in BaseThread there was used 'log' in the main thread (this logger is only for the other thread)
added: in BaseThread we have a main_log now - logger which puts to the main log buffer from the main thread




git-svn-id: svn://ttmath.org/publicrep/winix/trunk@1182 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa
2019-03-19 18:08:09 +00:00
parent ae03922491
commit 4c2efc08fd
8 changed files with 106 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
winixd/core/sessionmanager.cpp
View File

@@ -5,7 +5,7 @@
*/
/*
* Copyright (c) 2008-2018, Tomasz Sowa
* Copyright (c) 2008-2019, Tomasz Sowa
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -77,13 +77,6 @@ void SessionManager::SetCur(Cur * pcur)
}
void SessionManager::SetConfig(Config * pconfig)
{
config = pconfig;
session_tab.SetConfig(pconfig);
}
void SessionManager::SetSystem(System * psystem)
{
system = psystem;
@@ -195,7 +188,7 @@ SessionContainer::Iterator i = session_tab.End();
}
else
{
log << log2 << "SM: sessions limit exceeded (" << config->session_max << ")" << logend;
main_log << log2 << "SM: sessions limit exceeded (" << config->session_max << ")" << logend;
}
if( i != session_tab.End() )
@@ -206,12 +199,12 @@ SessionContainer::Iterator i = session_tab.End();
session->id_index = (unsigned int)session->id;
session->id_index += std::rand();
log << log2 << "SM: created a new session: " << session->id << logend;
main_log << log2 << "SM: created a new session: " << session->id << logend;
}
else
{
// there is a problem with generating a new session id
log << log1 << "SM: cannot create a session id" << logend;
main_log << log1 << "SM: cannot create a session id" << logend;
}
}
@@ -223,7 +216,7 @@ void SessionManager::SetTemporarySession()
session->SetTimesTo(cur->request->start_time);
session->new_session = false; // temporary session was initialized at the beginning
log << log2 << "SM: using temporary session" << logend;
main_log << log2 << "SM: using temporary session" << logend;
}
@@ -242,15 +235,15 @@ return difference;
void SessionManager::SetSessionPutLogInfo(Session & ses, bool has_index, unsigned int difference)
{
log << log2 << "SM: session: " << ses.id;
main_log << log2 << "SM: session: " << ses.id;
if( has_index )
log << ", index difference: " << (size_t)difference;
main_log << ", index difference: " << (size_t)difference;
if( ses.puser )
log << log2 << ", user: " << ses.puser->name << ", id: " << ses.puser->id;
main_log << log2 << ", user: " << ses.puser->name << ", id: " << ses.puser->id;
log << log2 << logend;
main_log << log2 << logend;
}
@@ -264,7 +257,7 @@ void SessionManager::IncrementBanLevel(IPBan * ip_ban)
cur->request->start_time + (time_t)config->ban_level_3_delay);
PT::Date date(ip_ban->expires);
log << log2 << "SM: this IP address has been banned to: " << date << " UTC" << logend;
main_log << log2 << "SM: this IP address has been banned to: " << date << " UTC" << logend;
}
@@ -290,7 +283,7 @@ void SessionManager::BrokenCookieCheckBan()
}
else
{
log << log2 << "SM: too many incorrect encoded cookies were sent from this IP" << logend;
main_log << log2 << "SM: too many incorrect encoded cookies were sent from this IP" << logend;
IncrementBanLevel(current_ip_ban);
}
}
@@ -308,14 +301,14 @@ void SessionManager::IncorrectSessionCheckBan()
}
else
{
log << log2 << "SM: too many incorrect sessions identifiers were sent from this IP" << logend;
main_log << log2 << "SM: too many incorrect sessions identifiers were sent from this IP" << logend;
IncrementBanLevel(current_ip_ban);
}
}
bool SessionManager::ShouldNoSessionCookieGenerateTmpSession()
void SessionManager::NoSessionCookieWasSent()
{
if( !current_ip_ban )
current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);
@@ -324,16 +317,13 @@ bool SessionManager::ShouldNoSessionCookieGenerateTmpSession()
{
current_ip_ban->no_session_cookie_events += 1;
SetFirstExpirationTime(current_ip_ban);
return false;
}
else
{
log << log2 << "SM: too many times you have not sent a session cookie" << logend;
main_log << log2 << "SM: too many times you have not sent a session cookie" << logend;
if( config->no_session_cookie_ban_mode == 1 )
IncrementBanLevel(current_ip_ban);
return true;
}
}
@@ -346,21 +336,21 @@ bool SessionManager::IsSessionCorrect(long id, bool has_index, unsigned int inde
if( id == 0 )
{
log << log3 << "SM: id 0 is reserved for the temporary session" << logend;
main_log << log3 << "SM: id 0 is reserved for the temporary session" << logend;
IncorrectSessionCheckBan();
return false;
}
if( s == session_tab.End() )
{
log << log3 << "SM: there is no a session with id: " << id << logend;
main_log << log3 << "SM: there is no a session with id: " << id << logend;
IncorrectSessionCheckBan();
return false;
}
if( s->remove_me )
{
log << log3 << "SM: session: " << id << " is marked for removing" << logend;
main_log << log3 << "SM: session: " << id << " is marked for removing" << logend;
return false;
}
@@ -370,7 +360,7 @@ bool SessionManager::IsSessionCorrect(long id, bool has_index, unsigned int inde
if( (size_t)difference > config->session_allow_index_difference )
{
log << log2 << "SM: an incorrect session index for session: " << id
main_log << log2 << "SM: an incorrect session index for session: " << id
<< ", index difference: " << (size_t)difference << logend;
IncorrectSessionCheckBan();
@@ -423,7 +413,7 @@ bool SessionManager::SetSessionFromCookie(const std::wstring & cookie)
if( !session_id_manager.DecodeToken(cookie, id, index) )
{
log << log2 << "SM: an incorrect cookie string was sent" << logend;
main_log << log2 << "SM: an incorrect cookie string was sent" << logend;
BrokenCookieCheckBan();
return false;
}
@@ -448,14 +438,14 @@ bool SessionManager::IsIPBanned()
if( current_ip_ban->expires != 0 && cur->request->start_time >= current_ip_ban->expires )
{
log << log2 << "SM: resetting events counters for this IP" << logend;
main_log << log2 << "SM: resetting events counters for this IP" << logend;
current_ip_ban->ResetEventsCounters();
}
else
if( current_ip_ban->IsIPBanned() )
{
PT::Date date = current_ip_ban->expires;
log << log2 << "SM: this ip is bannned to: " << date << " UTC" << logend;
main_log << log2 << "SM: this ip is bannned to: " << date << " UTC" << logend;
return true;
}
}
@@ -480,11 +470,11 @@ return false;
* so we always have a session
*
*/
void SessionManager::PrepareSession()
Session * SessionManager::PrepareSession()
{
session = nullptr;
if( !IsIPBanned() && cur->request->function )
if( !IsIPBanned() )
{
CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name);
@@ -493,39 +483,54 @@ void SessionManager::PrepareSession()
if( !SetSessionFromCookie(i->second) )
{
cur->request->cookie_tab.erase(i);
if( cur->request->function->need_session )
{
// IP could be banned in SetSessionFromCookie() when the cookie string was incorrect
if( !current_ip_ban || !current_ip_ban->IsIPBanned() )
{
CreateSession();
}
}
}
}
else
{
if( cur->request->function->need_session )
if( cur->request->function && cur->request->function->need_session )
{
if( !ShouldNoSessionCookieGenerateTmpSession() )
{
CreateSession();
}
NoSessionCookieWasSent();
}
}
}
if( !session && cur->request->function && cur->request->function->need_session )
{
if( !current_ip_ban || !current_ip_ban->IsIPBanned() )
{
CreateSession();
}
}
if( !session )
{
SetTemporarySession();
}
session->ip_ban = current_ip_ban;
return session;
}
Session * SessionManager::CheckIfFunctionRequireSession()
{
if( cur->request->function && cur->request->function->need_session )
{
if( session == &temporary_session )
{
if( !current_ip_ban || !current_ip_ban->IsIPBanned() )
{
CreateSession();
session->ip_ban = current_ip_ban;
}
}
}
return session;
}
Session * SessionManager::FindSession(long id)
{
SessionContainer::Iterator i = session_tab.FindById(id);
@@ -596,11 +601,11 @@ SessionContainer::Iterator i = session_tab.FindById(old_id);
if( changed )
plugin->Call(&(*i), WINIX_SESSION_CHANGED_ID, old_id, new_id);
else
log << log1 << "SM: I cannot create a new session id (still uses old one)" << logend;
main_log << log1 << "SM: I cannot create a new session id (still uses old one)" << logend;
}
else
{
log << log2 << "SM: there is no a session with id: " << old_id << logend;
main_log << log2 << "SM: there is no a session with id: " << old_id << logend;
}
return changed;
@@ -611,7 +616,7 @@ void SessionManager::InitTmpSession()
{
Session * old_session = cur->session;
log << log4 << "SM: initializing temporary session" << logend;
main_log << log4 << "SM: initializing temporary session" << logend;
cur->session = &temporary_session;
plugin->Call(WINIX_SESSION_CREATED);
@@ -624,7 +629,7 @@ void SessionManager::UninitTmpSession()
{
Session * old_session = cur->session;
log << log4 << "SM: uninitializing temporary session" << logend;
main_log << log4 << "SM: uninitializing temporary session" << logend;
cur->session = &temporary_session;
@@ -690,11 +695,11 @@ char file_path[WINIX_OS_PATH_SIZE];
if( !file )
{
log << log1 << "SM: cannot open the session file for writing - sessions lost" << logend;
main_log << log1 << "SM: cannot open the session file for writing - sessions lost" << logend;
return;
}
log << log2 << "SM: saving sessions" << logend;
main_log << log2 << "SM: saving sessions" << logend;
long len = 0;
SessionContainer::Iterator i = session_tab.Begin();
@@ -714,7 +719,7 @@ char file_path[WINIX_OS_PATH_SIZE];
file.close();
chmod(file_path, 0600);
log << log2 << "SM: saved " << len << " session(s)" << logend;
main_log << log2 << "SM: saved " << len << " session(s)" << logend;
}