2 * SARG Squid Analysis Report Generator http://sarg.sourceforge.net
6 * please look at http://sarg.sourceforge.net/donations.php
8 * http://sourceforge.net/projects/sarg/forums/forum/363374
9 * ---------------------------------------------------------------------
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
27 #include "include/conf.h"
28 #include "include/defs.h"
29 #include "include/readlog.h"
31 //! Name of the file containing the unsorted authentication failure entries.
32 static char authfail_unsort
[MAXLEN
]="";
33 //! The file handle to write the entries.
34 static FILE *fp_authfail
=NULL
;
35 //! \c True if at least one anthentication failure entry exists.
36 static bool authfail_exists
=false;
39 Open a file to store the authentication failure.
41 \return The file handle or NULL if no file is necessary.
43 void authfail_open(void)
45 if ((ReportType
& REPORT_TYPE_AUTH_FAILURES
) == 0) {
46 if (debugz
) debugaz(_("Authentication failure report not produced as it is not requested\n"));
50 if (debugz
) debugaz(_("Authentication failure report not produced because privacy option is active\n"));
54 snprintf(authfail_unsort
,sizeof(authfail_unsort
),"%s/authfail.int_unsort",tmp
);
55 if ((fp_authfail
=MY_FOPEN(authfail_unsort
,"w"))==NULL
) {
56 debuga(_("(log) Cannot open file: %s - %s\n"),authfail_unsort
,strerror(errno
));
63 Write one entry in the unsorted authentication file file provided that it is required.
65 \param log_entry The entry to write into the log file.
67 void authfail_write(const struct ReadLogStruct
*log_entry
)
71 if (fp_authfail
&& (strstr(log_entry
->HttpCode
,"DENIED/401") != 0 || strstr(log_entry
->HttpCode
,"DENIED/407") != 0)) {
72 strftime(date
,sizeof(date
),"%d/%m/%Y\t%H:%M:%S",log_entry
->EntryTime
);
73 fprintf(fp_authfail
, "%s\t%s\t%s\t%s\n",date
,log_entry
->User
,log_entry
->Ip
,log_entry
->Url
);
79 Close the file opened by authfail_open().
81 void authfail_close(void)
85 if (fclose(fp_authfail
)==EOF
)
87 debuga(_("Write error in %s: %s\n"),authfail_unsort
,strerror(errno
));
95 Tell the caller if a authentication failure report exists.
97 \return \c True if the report is available or \c false if no report
100 bool is_authfail(void)
102 return(authfail_exists
);
106 static void show_ignored_auth(FILE *fp_ou
,int count
)
110 snprintf(ignored
,sizeof(ignored
),ngettext("%d more authentication failure not shown here…","%d more authentication failures not shown here…",count
),count
);
111 fprintf(fp_ou
,"<tr><td class=\"data\"></td><td class=\"data\"></td><td class=\"data\"></td><td class=\"data2 more\">%s</td></tr>\n",ignored
);
114 void authfail_report(void)
116 FILE *fp_in
= NULL
, *fp_ou
= NULL
;
120 char authfail_sort
[MAXLEN
];
125 char ouser
[MAXLEN
]="";
126 char ouser2
[MAXLEN
]="";
135 struct getwordstruct gwarea
;
137 struct userinfostruct
*uinfo
;
140 if (!authfail_exists
) {
141 if (!KeepTempLog
&& unlink(authfail_unsort
))
142 debuga(_("Failed to delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
144 authfail_unsort
[0]='\0';
145 if (debugz
) debugaz(_("Authentication failures report not produced because it is empty\n"));
149 snprintf(authfail_sort
,sizeof(authfail_sort
),"%s/authfail.int_log",tmp
);
150 snprintf(report
,sizeof(report
),"%s/authfail.html",outdirname
);
152 snprintf(csort
,sizeof(csort
),"sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp
, authfail_sort
, authfail_unsort
);
153 cstatus
=system(csort
);
154 if (!WIFEXITED(cstatus
) || WEXITSTATUS(cstatus
)) {
155 debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus
));
156 debuga(_("sort command: %s\n"),csort
);
159 if((fp_in
=MY_FOPEN(authfail_sort
,"r"))==NULL
) {
160 debuga(_("(authfail) Cannot open file %s\n"),authfail_sort
);
161 debuga(_("sort command: %s\n"),csort
);
164 if (!KeepTempLog
&& unlink(authfail_unsort
)) {
165 debuga(_("Cannot delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
168 authfail_unsort
[0]='\0';
170 if((fp_ou
=MY_FOPEN(report
,"w"))==NULL
) {
171 debuga(_("(authfail) Cannot open file %s\n"),report
);
175 write_html_header(fp_ou
,(IndexTree
== INDEX_TREE_DATE
) ? 3 : 1,_("Authentication Failures"),HTML_JS_NONE
);
176 fputs("<tr><td class=\"header_c\">",fp_ou
);
177 fprintf(fp_ou
,_("Period: %s"),period
.html
);
178 fputs("</td></tr>\n",fp_ou
);
179 fprintf(fp_ou
,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures"));
180 close_html_header(fp_ou
);
182 fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou
);
183 fprintf(fp_ou
,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE"));
185 if ((line
=longline_create())==NULL
) {
186 debuga(_("Not enough memory to read file %s\n"),authfail_sort
);
190 while((buf
=longline_read(fp_in
,line
))!=NULL
) {
191 getword_start(&gwarea
,buf
);
192 if (getword(data
,sizeof(data
),&gwarea
,'\t')<0) {
193 debuga(_("There is a broken date in file %s\n"),authfail_sort
);
196 if (getword(hora
,sizeof(hora
),&gwarea
,'\t')<0) {
197 debuga(_("There is a broken time in file %s\n"),authfail_sort
);
200 if (getword(user
,sizeof(user
),&gwarea
,'\t')<0) {
201 debuga(_("There is a broken user ID in file %s\n"),authfail_sort
);
204 if (getword(ip
,sizeof(ip
),&gwarea
,'\t')<0) {
205 debuga(_("There is a broken IP address in file %s\n"),authfail_sort
);
208 if (getword_ptr(buf
,&url
,&gwarea
,'\t')<0) {
209 debuga(_("There is a broken url in file %s\n"),authfail_sort
);
212 if (sscanf(data
,"%d/%d/%d",&day
,&month
,&year
)!=3) continue;
213 computedate(year
,month
,day
,&t
);
214 strftime(data
,sizeof(data
),"%x",&t
);
216 uinfo
=userinfo_find_from_id(user
);
218 debuga(_("Unknown user ID %s in file %s\n"),user
,authfail_sort
);
229 if(strcmp(ouser
,user
) != 0) {
233 if(strcmp(oip
,ip
) != 0) {
239 if(AuthfailReportLimit
>0) {
240 if(strcmp(ouser2
,uinfo
->label
) == 0) {
243 if(count
>AuthfailReportLimit
&& AuthfailReportLimit
>0)
244 show_ignored_auth(fp_ou
,count
-AuthfailReportLimit
);
246 strcpy(ouser2
,uinfo
->label
);
248 if(count
> AuthfailReportLimit
)
254 fprintf(fp_ou
,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo
->label
,ip
);
256 fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou
);
257 fprintf(fp_ou
,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data
,hora
);
258 if(BlockIt
[0]!='\0' && url
[0]!=ALIAS_PREFIX
) {
259 fprintf(fp_ou
,"<a href=\"%s%s?url=",wwwDocumentRoot
,BlockIt
);
260 output_html_url(fp_ou
,url
);
261 fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a> ",fp_ou
);
263 output_html_link(fp_ou
,url
,100);
264 fputs("</td></th>\n",fp_ou
);
267 longline_destroy(&line
);
269 if(count
>AuthfailReportLimit
&& AuthfailReportLimit
>0)
270 show_ignored_auth(fp_ou
,count
-AuthfailReportLimit
);
272 fputs("</table></div>\n",fp_ou
);
273 if (write_html_trailer(fp_ou
)<0)
274 debuga(_("Write error in file %s\n"),report
);
275 if (fclose(fp_ou
)==EOF
)
276 debuga(_("Failed to close file %s - %s\n"),report
,strerror(errno
));
278 if (!KeepTempLog
&& unlink(authfail_sort
)) {
279 debuga(_("Cannot delete %s - %s\n"),authfail_sort
,strerror(errno
));
287 Remove any temporary file left by the authfail module.
289 void authfail_cleanup(void)
296 if(authfail_unsort
[0]) {
297 if (unlink(authfail_unsort
)==-1)
298 debuga(_("Failed to delete %s: %s\n"),authfail_unsort
,strerror(errno
));