]>
Commit | Line | Data |
---|---|---|
25697a35 | 1 | /* |
94ff9470 | 2 | * SARG Squid Analysis Report Generator http://sarg.sourceforge.net |
110ce984 | 3 | * 1998, 2015 |
94ff9470 GS |
4 | * |
5 | * SARG donations: | |
6 | * please look at http://sarg.sourceforge.net/donations.php | |
1164c474 FM |
7 | * Support: |
8 | * http://sourceforge.net/projects/sarg/forums/forum/363374 | |
25697a35 GS |
9 | * --------------------------------------------------------------------- |
10 | * | |
11 | * This program is free software; you can redistribute it and/or modify | |
12 | * it under the terms of the GNU General Public License as published by | |
13 | * the Free Software Foundation; either version 2 of the License, or | |
14 | * (at your option) any later version. | |
15 | * | |
16 | * This program is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | * GNU General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU General Public License | |
22 | * along with this program; if not, write to the Free Software | |
23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
24 | * | |
25 | */ | |
26 | ||
27 | #include "include/conf.h" | |
5f3cfd1d | 28 | #include "include/defs.h" |
16b013cc FM |
29 | #include "include/readlog.h" |
30 | ||
31 | //! Name of the file containing the unsorted authentication failure entries. | |
32 | static char authfail_unsort[MAXLEN]=""; | |
33 | //! The file handle to write the entries. | |
34 | static FILE *fp_authfail=NULL; | |
35 | //! \c True if at least one anthentication failure entry exists. | |
36 | static bool authfail_exists=false; | |
37 | ||
38 | /*! | |
39 | Open a file to store the authentication failure. | |
40 | ||
41 | \return The file handle or NULL if no file is necessary. | |
42 | */ | |
43 | void authfail_open(void) | |
44 | { | |
45 | if ((ReportType & REPORT_TYPE_AUTH_FAILURES) == 0) { | |
af961877 | 46 | if (debugz>=LogLevel_Process) debugaz(__FILE__,__LINE__,_("Authentication failures report not produced as it is not requested\n")); |
16b013cc FM |
47 | return; |
48 | } | |
49 | if (Privacy) { | |
af961877 | 50 | if (debugz>=LogLevel_Process) debugaz(__FILE__,__LINE__,_("Authentication failures report not produced because privacy option is active\n")); |
16b013cc FM |
51 | return; |
52 | } | |
bd43d81f | 53 | |
16b013cc FM |
54 | snprintf(authfail_unsort,sizeof(authfail_unsort),"%s/authfail.int_unsort",tmp); |
55 | if ((fp_authfail=MY_FOPEN(authfail_unsort,"w"))==NULL) { | |
af961877 | 56 | debuga(__FILE__,__LINE__,_("Cannot open file \"%s\": %s\n"),authfail_unsort,strerror(errno)); |
16b013cc FM |
57 | exit(EXIT_FAILURE); |
58 | } | |
59 | return; | |
60 | } | |
61 | ||
62 | /*! | |
63 | Write one entry in the unsorted authentication file file provided that it is required. | |
64 | ||
65 | \param log_entry The entry to write into the log file. | |
66 | */ | |
67 | void authfail_write(const struct ReadLogStruct *log_entry) | |
68 | { | |
69 | char date[80]; | |
bd43d81f | 70 | |
16b013cc | 71 | if (fp_authfail && (strstr(log_entry->HttpCode,"DENIED/401") != 0 || strstr(log_entry->HttpCode,"DENIED/407") != 0)) { |
cb53374b | 72 | strftime(date,sizeof(date),"%d/%m/%Y\t%H:%M:%S",&log_entry->EntryTime); |
16b013cc FM |
73 | fprintf(fp_authfail, "%s\t%s\t%s\t%s\n",date,log_entry->User,log_entry->Ip,log_entry->Url); |
74 | authfail_exists=true; | |
75 | } | |
76 | } | |
77 | ||
78 | /*! | |
79 | Close the file opened by authfail_open(). | |
80 | */ | |
81 | void authfail_close(void) | |
82 | { | |
83 | if (fp_authfail) | |
84 | { | |
507460ae | 85 | if (fclose(fp_authfail)==EOF) { |
af961877 | 86 | debuga(__FILE__,__LINE__,_("Write error in \"%s\": %s\n"),authfail_unsort,strerror(errno)); |
16b013cc FM |
87 | exit(EXIT_FAILURE); |
88 | } | |
89 | fp_authfail=NULL; | |
90 | } | |
91 | } | |
92 | ||
93 | /*! | |
94 | Tell the caller if a authentication failure report exists. | |
95 | ||
96 | \return \c True if the report is available or \c false if no report | |
97 | was generated. | |
98 | */ | |
99 | bool is_authfail(void) | |
100 | { | |
101 | return(authfail_exists); | |
102 | } | |
103 | ||
25697a35 | 104 | |
7ae50eee FM |
105 | static void show_ignored_auth(FILE *fp_ou,int count) |
106 | { | |
107 | char ignored[80]; | |
108 | ||
109 | snprintf(ignored,sizeof(ignored),ngettext("%d more authentication failure not shown here…","%d more authentication failures not shown here…",count),count); | |
110 | fprintf(fp_ou,"<tr><td class=\"data\"></td><td class=\"data\"></td><td class=\"data\"></td><td class=\"data2 more\">%s</td></tr>\n",ignored); | |
111 | } | |
112 | ||
32e71fa4 | 113 | void authfail_report(void) |
25697a35 | 114 | { |
800eafb8 FM |
115 | FileObject *fp_in = NULL; |
116 | FILE *fp_ou = NULL; | |
9bd92830 FM |
117 | |
118 | char *buf; | |
119 | char *url; | |
16b013cc | 120 | char authfail_sort[MAXLEN]; |
9bd92830 FM |
121 | char report[MAXLEN]; |
122 | char ip[MAXLEN]; | |
16b013cc | 123 | char oip[MAXLEN]=""; |
9bd92830 | 124 | char user[MAXLEN]; |
16b013cc FM |
125 | char ouser[MAXLEN]=""; |
126 | char ouser2[MAXLEN]=""; | |
9bd92830 FM |
127 | char data[15]; |
128 | char hora[15]; | |
9bd92830 | 129 | char csort[MAXLEN]; |
16b013cc FM |
130 | int z=0; |
131 | int count=0; | |
132 | int cstatus; | |
9bd92830 FM |
133 | int day,month,year; |
134 | bool new_user; | |
135 | struct getwordstruct gwarea; | |
136 | longline line; | |
137 | struct userinfostruct *uinfo; | |
138 | struct tm t; | |
139 | ||
16b013cc | 140 | if (!authfail_exists) { |
ab7f8e50 | 141 | if (!KeepTempLog && authfail_unsort[0]!='\0' && unlink(authfail_unsort)) |
af961877 | 142 | debuga(__FILE__,__LINE__,_("Failed to delete \"%s\": %s\n"),authfail_unsort,strerror(errno)); |
9bd92830 | 143 | |
16b013cc | 144 | authfail_unsort[0]='\0'; |
af961877 | 145 | if (debugz>=LogLevel_Process) debugaz(__FILE__,__LINE__,_("Authentication failures report not produced because it is empty\n")); |
9bd92830 FM |
146 | return; |
147 | } | |
b7413c4c | 148 | if (debugz>=LogLevel_Process) |
af961877 | 149 | debuga(__FILE__,__LINE__,_("Creating authentication failures report...\n")); |
9bd92830 | 150 | |
16b013cc | 151 | snprintf(authfail_sort,sizeof(authfail_sort),"%s/authfail.int_log",tmp); |
9bd92830 FM |
152 | snprintf(report,sizeof(report),"%s/authfail.html",outdirname); |
153 | ||
16b013cc | 154 | snprintf(csort,sizeof(csort),"sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp, authfail_sort, authfail_unsort); |
9bd92830 FM |
155 | cstatus=system(csort); |
156 | if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) { | |
af961877 FM |
157 | debuga(__FILE__,__LINE__,_("sort command return status %d\n"),WEXITSTATUS(cstatus)); |
158 | debuga(__FILE__,__LINE__,_("sort command: %s\n"),csort); | |
9bd92830 FM |
159 | exit(EXIT_FAILURE); |
160 | } | |
800eafb8 FM |
161 | if((fp_in=FileObject_Open(authfail_sort))==NULL) { |
162 | debuga(__FILE__,__LINE__,_("Cannot open file \"%s\": %s\n"),authfail_sort,FileObject_GetLastOpenError()); | |
af961877 | 163 | debuga(__FILE__,__LINE__,_("sort command: %s\n"),csort); |
9bd92830 FM |
164 | exit(EXIT_FAILURE); |
165 | } | |
b378aaf1 | 166 | if (!KeepTempLog && unlink(authfail_unsort)) { |
af961877 | 167 | debuga(__FILE__,__LINE__,_("Cannot delete \"%s\": %s\n"),authfail_unsort,strerror(errno)); |
08f9b029 FM |
168 | exit(EXIT_FAILURE); |
169 | } | |
16b013cc | 170 | authfail_unsort[0]='\0'; |
9bd92830 FM |
171 | |
172 | if((fp_ou=MY_FOPEN(report,"w"))==NULL) { | |
af961877 | 173 | debuga(__FILE__,__LINE__,_("Cannot open file \"%s\": %s\n"),report,strerror(errno)); |
007905af | 174 | exit(EXIT_FAILURE); |
9bd92830 FM |
175 | } |
176 | ||
177 | write_html_header(fp_ou,(IndexTree == INDEX_TREE_DATE) ? 3 : 1,_("Authentication Failures"),HTML_JS_NONE); | |
178 | fputs("<tr><td class=\"header_c\">",fp_ou); | |
179 | fprintf(fp_ou,_("Period: %s"),period.html); | |
180 | fputs("</td></tr>\n",fp_ou); | |
181 | fprintf(fp_ou,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures")); | |
182 | close_html_header(fp_ou); | |
183 | ||
184 | fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou); | |
185 | fprintf(fp_ou,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE")); | |
186 | ||
187 | if ((line=longline_create())==NULL) { | |
af961877 | 188 | debuga(__FILE__,__LINE__,_("Not enough memory to read file \"%s\"\n"),authfail_sort); |
9bd92830 FM |
189 | exit(EXIT_FAILURE); |
190 | } | |
191 | ||
192 | while((buf=longline_read(fp_in,line))!=NULL) { | |
193 | getword_start(&gwarea,buf); | |
194 | if (getword(data,sizeof(data),&gwarea,'\t')<0) { | |
af961877 | 195 | debuga(__FILE__,__LINE__,_("Invalid date in file \"%s\"\n"),authfail_sort); |
9bd92830 FM |
196 | exit(EXIT_FAILURE); |
197 | } | |
198 | if (getword(hora,sizeof(hora),&gwarea,'\t')<0) { | |
af961877 | 199 | debuga(__FILE__,__LINE__,_("Invalid time in file \"%s\"\n"),authfail_sort); |
9bd92830 FM |
200 | exit(EXIT_FAILURE); |
201 | } | |
202 | if (getword(user,sizeof(user),&gwarea,'\t')<0) { | |
af961877 | 203 | debuga(__FILE__,__LINE__,_("Invalid user ID in file \"%s\"\n"),authfail_sort); |
9bd92830 FM |
204 | exit(EXIT_FAILURE); |
205 | } | |
206 | if (getword(ip,sizeof(ip),&gwarea,'\t')<0) { | |
af961877 | 207 | debuga(__FILE__,__LINE__,_("Invalid IP address in file \"%s\"\n"),authfail_sort); |
9bd92830 FM |
208 | exit(EXIT_FAILURE); |
209 | } | |
210 | if (getword_ptr(buf,&url,&gwarea,'\t')<0) { | |
af961877 | 211 | debuga(__FILE__,__LINE__,_("Invalid url in file \"%s\"\n"),authfail_sort); |
9bd92830 FM |
212 | exit(EXIT_FAILURE); |
213 | } | |
214 | if (sscanf(data,"%d/%d/%d",&day,&month,&year)!=3) continue; | |
215 | computedate(year,month,day,&t); | |
216 | strftime(data,sizeof(data),"%x",&t); | |
217 | ||
218 | uinfo=userinfo_find_from_id(user); | |
219 | if (!uinfo) { | |
af961877 | 220 | debuga(__FILE__,__LINE__,_("Unknown user ID %s in file \"%s\"\n"),user,authfail_sort); |
9bd92830 FM |
221 | exit(EXIT_FAILURE); |
222 | } | |
223 | ||
224 | new_user=false; | |
225 | if(z == 0) { | |
226 | strcpy(ouser,user); | |
227 | strcpy(oip,ip); | |
228 | z++; | |
229 | new_user=true; | |
230 | } else { | |
231 | if(strcmp(ouser,user) != 0) { | |
232 | strcpy(ouser,user); | |
233 | new_user=true; | |
234 | } | |
235 | if(strcmp(oip,ip) != 0) { | |
236 | strcpy(oip,ip); | |
237 | new_user=true; | |
238 | } | |
239 | } | |
240 | ||
007905af FM |
241 | if(AuthfailReportLimit>0) { |
242 | if(strcmp(ouser2,uinfo->label) == 0) { | |
9bd92830 FM |
243 | count++; |
244 | } else { | |
7ae50eee FM |
245 | if(count>AuthfailReportLimit && AuthfailReportLimit>0) |
246 | show_ignored_auth(fp_ou,count-AuthfailReportLimit); | |
9bd92830 FM |
247 | count=1; |
248 | strcpy(ouser2,uinfo->label); | |
249 | } | |
7ae50eee | 250 | if(count > AuthfailReportLimit) |
9bd92830 FM |
251 | continue; |
252 | } | |
253 | ||
254 | fputs("<tr>",fp_ou); | |
255 | if (new_user) | |
256 | fprintf(fp_ou,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo->label,ip); | |
257 | else | |
258 | fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou); | |
259 | fprintf(fp_ou,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data,hora); | |
67a93701 | 260 | if(BlockIt[0]!='\0' && url[0]!=ALIAS_PREFIX) { |
9bd92830 FM |
261 | fprintf(fp_ou,"<a href=\"%s%s?url=",wwwDocumentRoot,BlockIt); |
262 | output_html_url(fp_ou,url); | |
263 | fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a> ",fp_ou); | |
264 | } | |
6fa33a32 | 265 | output_html_link(fp_ou,url,100); |
67a93701 | 266 | fputs("</td></th>\n",fp_ou); |
9bd92830 | 267 | } |
800eafb8 FM |
268 | if (FileObject_Close(fp_in)) { |
269 | debuga(__FILE__,__LINE__,_("Read error in \"%s\": %s\n"),authfail_sort,FileObject_GetLastCloseError()); | |
204781f4 FM |
270 | exit(EXIT_FAILURE); |
271 | } | |
9bd92830 FM |
272 | longline_destroy(&line); |
273 | ||
7ae50eee FM |
274 | if(count>AuthfailReportLimit && AuthfailReportLimit>0) |
275 | show_ignored_auth(fp_ou,count-AuthfailReportLimit); | |
276 | ||
9bd92830 | 277 | fputs("</table></div>\n",fp_ou); |
342bd723 | 278 | write_html_trailer(fp_ou); |
507460ae | 279 | if (fclose(fp_ou)==EOF) { |
af961877 | 280 | debuga(__FILE__,__LINE__,_("Write error in \"%s\": %s\n"),report,strerror(errno)); |
507460ae FM |
281 | exit(EXIT_FAILURE); |
282 | } | |
9bd92830 | 283 | |
b378aaf1 | 284 | if (!KeepTempLog && unlink(authfail_sort)) { |
af961877 | 285 | debuga(__FILE__,__LINE__,_("Cannot delete \"%s\": %s\n"),authfail_sort,strerror(errno)); |
08f9b029 FM |
286 | exit(EXIT_FAILURE); |
287 | } | |
9bd92830 FM |
288 | |
289 | return; | |
25697a35 | 290 | } |
16b013cc FM |
291 | |
292 | /*! | |
293 | Remove any temporary file left by the authfail module. | |
294 | */ | |
295 | void authfail_cleanup(void) | |
296 | { | |
507460ae FM |
297 | if (fp_authfail) { |
298 | if (fclose(fp_authfail)==EOF) { | |
af961877 | 299 | debuga(__FILE__,__LINE__,_("Write error in \"%s\": %s\n"),authfail_unsort,strerror(errno)); |
507460ae FM |
300 | exit(EXIT_FAILURE); |
301 | } | |
16b013cc FM |
302 | fp_authfail=NULL; |
303 | } | |
304 | if(authfail_unsort[0]) { | |
d89ead3c | 305 | if (!KeepTempLog && unlink(authfail_unsort)==-1) |
af961877 | 306 | debuga(__FILE__,__LINE__,_("Failed to delete \"%s\": %s\n"),authfail_unsort,strerror(errno)); |
16b013cc FM |
307 | } |
308 | } |