[thirdparty/sarg.git] / authfail.c

/*
 * SARG Squid Analysis Report Generator      http://sarg.sourceforge.net
 *                                                            1998, 2010
 *
 * SARG donations:
 *      please look at http://sarg.sourceforge.net/donations.php
 * Support:
 *     http://sourceforge.net/projects/sarg/forums/forum/363374
 * ---------------------------------------------------------------------
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "include/conf.h"
#include "include/defs.h"

void authfail_report(void)
{

   FILE *fp_in = NULL, *fp_ou = NULL;

   char url[MAXLEN];
   char authfail_in[MAXLEN];
   char per[MAXLEN];
   char report[MAXLEN];
   char period[100];
   char ip[MAXLEN];
   char oip[MAXLEN];
   char user[MAXLEN];
   char ouser[MAXLEN];
   char ouser2[MAXLEN];
   char data[15];
   char hora[15];
   char *str;
   int  z=0;
   int  count=0;
   int  cstatus;
   struct getwordstruct gwarea;

   if(DataFile[0] != '\0') return;

   ouser[0]='\0';

   sprintf(tmp4,"%s/sarg/authfail.log.unsort",TempDir);

   if(!authfail_count) {
      unlink(tmp4);
      return;
   }

   sprintf(authfail_in,"%s/authfail.log",TempDir);
   sprintf(per,"%s/sarg-period",dirname);
   sprintf(report,"%s/authfail.html",dirname);

   if ((fp_in = fopen(per, "r")) == 0) {
      fprintf(stderr, "SARG: (authfail) %s: %s\n",text[45],per);
      exit(1);
   }
   if (!fgets(period,sizeof(period),fp_in)) {
      fprintf(stderr,"SARG: (authfail) read error in %s\n",per);
      exit(1);
   }
   fclose(fp_in);

   sprintf(csort,"sort -b -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", TempDir, authfail_in, tmp4);
   cstatus=system(csort);
   if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
      fprintf(stderr, "SARG: sort command return status %d\n",WEXITSTATUS(cstatus));
      fprintf(stderr, "SARG: sort command: %s\n",csort);
      exit(1);
   }
   if((fp_in=MY_FOPEN(authfail_in,"r"))==NULL) {
      fprintf(stderr, "SARG: (authfail) %s: %s\n",text[45],authfail_in);
      fprintf(stderr, "SARG: sort command: %s\n",csort);
      exit(1);
   }
   unlink(tmp4);

   if((fp_ou=MY_FOPEN(report,"w"))==NULL) {
     fprintf(stderr, "SARG: (authfail) %s: %s\n",text[45],report);
     exit(1);
   }

   write_html_header(fp_ou,(IndexTree == INDEX_TREE_DATE) ? 3 : 1,_("Authentication Failures"));
   fprintf(fp_ou,"<tr><td class=\"header_l\">%s: %s</td></tr>\n",text[89],period);
   fprintf(fp_ou,"<tr><th class=\"header_c\">%s</th></tr>\n",text[117]);
   close_html_header(fp_ou);

   fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou);
   fputs("<tr><td></td></tr>\n",fp_ou);
   fputs("<tr><td></td></tr>\n",fp_ou);
   fputs("<tr><td></td></tr>\n",fp_ou);
   fprintf(fp_ou,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",text[98],text[111],text[110],text[91]);

   while(fgets(buf,sizeof(buf),fp_in)!=NULL) {
      getword_start(&gwarea,buf);
      if (getword(data,sizeof(data),&gwarea,'\t')<0 || getword(hora,sizeof(hora),&gwarea,'\t')<0 ||
          getword(user,sizeof(user),&gwarea,'\t')<0 || getword(ip,sizeof(ip),&gwarea,'\t')<0 ||
          getword(url,sizeof(url),&gwarea,'\t')<0) {
         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",authfail_in);
         exit(1);
      }

      if((str=(char *) strstr(user, "_")) != (char *) NULL ) {
         if((str=(char *) strstr(str+1, "_")) != (char *) NULL )
            fixip(user);
      }

      if(Ip2Name)
         ip2name(ip,sizeof(ip));

      if(!z) {
         strcpy(ouser,user);
         strcpy(oip,ip);
         z++;
      } else {
         if(strcmp(ouser,user) == 0)
            user[0]='\0';
         if(user[0] != '\0')
            strcpy(ouser,user);
         if(strcmp(oip,ip) == 0)
            ip[0]='\0';
         if(ip[0] != '\0')
            strcpy(oip,ip);
      }

      user_find(name,sizeof(name), user);

      if(dotinuser && strchr(name,'_')) {
         subs(name,sizeof(name),"_",".");
      }

     if(AuthfailReportLimit) {
        if(strcmp(ouser2,name) == 0) {
            count++;
         } else {
            count=1;
            strcpy(ouser2,name);
         }
         if(count >= AuthfailReportLimit)
            continue;
      }

      fprintf(fp_ou,"<tr><td class=\"data2\">%s</td><td class=\"data2\">%s</td><td class=\"data2\">%s-%s</td><td class=\"data2\">%s<a href=\"%s\">%s</a></td></th>\n",name,ip,data,hora,BlockImage,url,url);
   }
   fclose(fp_in);

   fputs("</table></div>\n",fp_ou);
   write_html_trailer(fp_ou);
   fclose(fp_ou);

   unlink(authfail_in);

   return;
}
Commit	Line	Data
25697a35	1	/*
94ff9470	2	* SARG Squid Analysis Report Generator http://sarg.sourceforge.net
1164c474	3	* 1998, 2010
94ff9470 GS	4	*
	5	* SARG donations:
	6	* please look at http://sarg.sourceforge.net/donations.php
1164c474 FM	7	* Support:
1164c474 FM	8	* http://sourceforge.net/projects/sarg/forums/forum/363374
25697a35 GS	9	* ---------------------------------------------------------------------
	10	*
	11	* This program is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License as published by
	13	* the Free Software Foundation; either version 2 of the License, or
	14	* (at your option) any later version.
	15	*
	16	* This program is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	* GNU General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License
	22	* along with this program; if not, write to the Free Software
	23	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	24	*
	25	*/
	26
	27	#include "include/conf.h"
5f3cfd1d	28	#include "include/defs.h"
25697a35	29
32e71fa4	30	void authfail_report(void)
25697a35 GS	31	{
	32
	33	FILE fp_in = NULL, fp_ou = NULL;
120d768c	34
25697a35	35	char url[MAXLEN];
25697a35 GS	36	char authfail_in[MAXLEN];
	37	char per[MAXLEN];
	38	char report[MAXLEN];
d6e703cc	39	char period[100];
25697a35 GS	40	char ip[MAXLEN];
	41	char oip[MAXLEN];
	42	char user[MAXLEN];
	43	char ouser[MAXLEN];
	44	char ouser2[MAXLEN];
	45	char data[15];
	46	char hora[15];
25697a35 GS	47	char *str;
	48	int z=0;
	49	int count=0;
456d78a5	50	int cstatus;
9c7c6346	51	struct getwordstruct gwarea;
25697a35	52
0a4e18e1	53	if(DataFile[0] != '\0') return;
25697a35 GS	54
	55	ouser[0]='\0';
	56
491b862f	57	sprintf(tmp4,"%s/sarg/authfail.log.unsort",TempDir);
120d768c	58
25697a35 GS	59	if(!authfail_count) {
	60	unlink(tmp4);
	61	return;
	62	}
	63
	64	sprintf(authfail_in,"%s/authfail.log",TempDir);
d6e703cc	65	sprintf(per,"%s/sarg-period",dirname);
25697a35 GS	66	sprintf(report,"%s/authfail.html",dirname);
25697a35 GS	67
25697a35 GS	68	if ((fp_in = fopen(per, "r")) == 0) {
	69	fprintf(stderr, "SARG: (authfail) %s: %s\n",text[45],per);
	70	exit(1);
	71	}
05b90947 FM	72	if (!fgets(period,sizeof(period),fp_in)) {
	73	fprintf(stderr,"SARG: (authfail) read error in %s\n",per);
	74	exit(1);
	75	}
25697a35 GS	76	fclose(fp_in);
25697a35 GS	77
9a2efbd0	78	sprintf(csort,"sort -b -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", TempDir, authfail_in, tmp4);
456d78a5 FM	79	cstatus=system(csort);
	80	if (!WIFEXITED(cstatus) \|\| WEXITSTATUS(cstatus)) {
	81	fprintf(stderr, "SARG: sort command return status %d\n",WEXITSTATUS(cstatus));
	82	fprintf(stderr, "SARG: sort command: %s\n",csort);
	83	exit(1);
	84	}
936c9905	85	if((fp_in=MY_FOPEN(authfail_in,"r"))==NULL) {
456d78a5 FM	86	fprintf(stderr, "SARG: (authfail) %s: %s\n",text[45],authfail_in);
	87	fprintf(stderr, "SARG: sort command: %s\n",csort);
	88	exit(1);
25697a35	89	}
456d78a5	90	unlink(tmp4);
25697a35	91
936c9905	92	if((fp_ou=MY_FOPEN(report,"w"))==NULL) {
25697a35 GS	93	fprintf(stderr, "SARG: (authfail) %s: %s\n",text[45],report);
	94	exit(1);
	95	}
	96
c0ec9cc7	97	write_html_header(fp_ou,(IndexTree == INDEX_TREE_DATE) ? 3 : 1,_("Authentication Failures"));
b18ce4a0 FM	98	fprintf(fp_ou,"<tr><td class=\"header_l\">%s: %s</td></tr>\n",text[89],period);
b18ce4a0 FM	99	fprintf(fp_ou,"<tr><th class=\"header_c\">%s</th></tr>\n",text[117]);
c0ec9cc7	100	close_html_header(fp_ou);
25697a35	101
c0ec9cc7	102	fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou);
25697a35 GS	103	fputs("<tr><td></td></tr>\n",fp_ou);
	104	fputs("<tr><td></td></tr>\n",fp_ou);
	105	fputs("<tr><td></td></tr>\n",fp_ou);
b18ce4a0	106	fprintf(fp_ou,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",text[98],text[111],text[110],text[91]);
25697a35 GS	107
25697a35 GS	108	while(fgets(buf,sizeof(buf),fp_in)!=NULL) {
9c7c6346 FM	109	getword_start(&gwarea,buf);
	110	if (getword(data,sizeof(data),&gwarea,'\t')<0 \|\| getword(hora,sizeof(hora),&gwarea,'\t')<0 \|\|
	111	getword(user,sizeof(user),&gwarea,'\t')<0 \|\| getword(ip,sizeof(ip),&gwarea,'\t')<0 \|\|
	112	getword(url,sizeof(url),&gwarea,'\t')<0) {
4bcb77cf FM	113	printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",authfail_in);
	114	exit(1);
	115	}
25697a35 GS	116
	117	if((str=(char ) strstr(user, "_")) != (char ) NULL ) {
	118	if((str=(char ) strstr(str+1, "_")) != (char ) NULL )
	119	fixip(user);
	120	}
	121
246c8489	122	if(Ip2Name)
a1c55d8c	123	ip2name(ip,sizeof(ip));
25697a35 GS	124
	125	if(!z) {
	126	strcpy(ouser,user);
	127	strcpy(oip,ip);
	128	z++;
	129	} else {
	130	if(strcmp(ouser,user) == 0)
	131	user[0]='\0';
	132	if(user[0] != '\0')
	133	strcpy(ouser,user);
120d768c	134	if(strcmp(oip,ip) == 0)
25697a35 GS	135	ip[0]='\0';
	136	if(ip[0] != '\0')
	137	strcpy(oip,ip);
	138	}
	139
965c4a6f	140	user_find(name,sizeof(name), user);
25697a35	141
48864d28 FM	142	if(dotinuser && strchr(name,'_')) {
48864d28 FM	143	subs(name,sizeof(name),"_",".");
94ff9470 GS	144	}
94ff9470 GS	145
25697a35 GS	146	if(AuthfailReportLimit) {
	147	if(strcmp(ouser2,name) == 0) {
	148	count++;
	149	} else {
	150	count=1;
	151	strcpy(ouser2,name);
	152	}
	153	if(count >= AuthfailReportLimit)
	154	continue;
	155	}
	156
354c1a68	157	fprintf(fp_ou,"<tr><td class=\"data2\">%s</td><td class=\"data2\">%s</td><td class=\"data2\">%s-%s</td><td class=\"data2\">%s<a href=\"%s\">%s</a></td></th>\n",name,ip,data,hora,BlockImage,url,url);
25697a35	158	}
25697a35	159	fclose(fp_in);
c0ec9cc7 FM	160
	161	fputs("</table></div>\n",fp_ou);
	162	write_html_trailer(fp_ou);
25697a35 GS	163	fclose(fp_ou);
	164
	165	unlink(authfail_in);
	166
	167	return;
	168	}