2 * SARG Squid Analysis Report Generator http://sarg.sourceforge.net
6 * please look at http://sarg.sourceforge.net/donations.php
8 * http://sourceforge.net/projects/sarg/forums/forum/363374
9 * ---------------------------------------------------------------------
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
27 #include "include/conf.h"
28 #include "include/defs.h"
29 #include "include/readlog.h"
31 //! Name of the file containing the unsorted authentication failure entries.
32 static char authfail_unsort
[MAXLEN
]="";
33 //! The file handle to write the entries.
34 static FILE *fp_authfail
=NULL
;
35 //! \c True if at least one anthentication failure entry exists.
36 static bool authfail_exists
=false;
39 Open a file to store the authentication failure.
41 \return The file handle or NULL if no file is necessary.
43 void authfail_open(void)
45 if ((ReportType
& REPORT_TYPE_AUTH_FAILURES
) == 0) {
46 if (debugz
>=LogLevel_Process
) debugaz(__FILE__
,__LINE__
,_("Authentication failures report not produced as it is not requested\n"));
50 if (debugz
>=LogLevel_Process
) debugaz(__FILE__
,__LINE__
,_("Authentication failures report not produced because privacy option is active\n"));
54 snprintf(authfail_unsort
,sizeof(authfail_unsort
),"%s/authfail.int_unsort",tmp
);
55 if ((fp_authfail
=MY_FOPEN(authfail_unsort
,"w"))==NULL
) {
56 debuga(__FILE__
,__LINE__
,_("Cannot open file \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
63 Write one entry in the unsorted authentication file file provided that it is required.
65 \param log_entry The entry to write into the log file.
67 void authfail_write(const struct ReadLogStruct
*log_entry
)
71 if (fp_authfail
&& (strstr(log_entry
->HttpCode
,"DENIED/401") != 0 || strstr(log_entry
->HttpCode
,"DENIED/407") != 0)) {
72 strftime(date
,sizeof(date
),"%d/%m/%Y\t%H:%M:%S",&log_entry
->EntryTime
);
73 fprintf(fp_authfail
, "%s\t%s\t%s\t%s\n",date
,log_entry
->User
,log_entry
->Ip
,log_entry
->Url
);
79 Close the file opened by authfail_open().
81 void authfail_close(void)
85 if (fclose(fp_authfail
)==EOF
) {
86 debuga(__FILE__
,__LINE__
,_("Write error in \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
94 Tell the caller if a authentication failure report exists.
96 \return \c True if the report is available or \c false if no report
99 bool is_authfail(void)
101 return(authfail_exists
);
105 static void show_ignored_auth(FILE *fp_ou
,int count
)
109 snprintf(ignored
,sizeof(ignored
),ngettext("%d more authentication failure not shown here…","%d more authentication failures not shown here…",count
),count
);
110 fprintf(fp_ou
,"<tr><td class=\"data\"></td><td class=\"data\"></td><td class=\"data\"></td><td class=\"data2 more\">%s</td></tr>\n",ignored
);
113 void authfail_report(void)
115 FileObject
*fp_in
= NULL
;
120 char authfail_sort
[MAXLEN
];
125 char ouser
[MAXLEN
]="";
126 char ouser2
[MAXLEN
]="";
135 struct getwordstruct gwarea
;
137 struct userinfostruct
*uinfo
;
140 if (!authfail_exists
) {
141 if (!KeepTempLog
&& authfail_unsort
[0]!='\0' && unlink(authfail_unsort
))
142 debuga(__FILE__
,__LINE__
,_("Failed to delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
144 authfail_unsort
[0]='\0';
145 if (debugz
>=LogLevel_Process
) debugaz(__FILE__
,__LINE__
,_("Authentication failures report not produced because it is empty\n"));
148 if (debugz
>=LogLevel_Process
)
149 debuga(__FILE__
,__LINE__
,_("Creating authentication failures report...\n"));
151 snprintf(authfail_sort
,sizeof(authfail_sort
),"%s/authfail.int_log",tmp
);
152 snprintf(report
,sizeof(report
),"%s/authfail.html",outdirname
);
154 snprintf(csort
,sizeof(csort
),"sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp
, authfail_sort
, authfail_unsort
);
155 cstatus
=system(csort
);
156 if (!WIFEXITED(cstatus
) || WEXITSTATUS(cstatus
)) {
157 debuga(__FILE__
,__LINE__
,_("sort command return status %d\n"),WEXITSTATUS(cstatus
));
158 debuga(__FILE__
,__LINE__
,_("sort command: %s\n"),csort
);
161 if((fp_in
=FileObject_Open(authfail_sort
))==NULL
) {
162 debuga(__FILE__
,__LINE__
,_("Cannot open file \"%s\": %s\n"),authfail_sort
,FileObject_GetLastOpenError());
163 debuga(__FILE__
,__LINE__
,_("sort command: %s\n"),csort
);
166 if (!KeepTempLog
&& unlink(authfail_unsort
)) {
167 debuga(__FILE__
,__LINE__
,_("Cannot delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
170 authfail_unsort
[0]='\0';
172 if((fp_ou
=MY_FOPEN(report
,"w"))==NULL
) {
173 debuga(__FILE__
,__LINE__
,_("Cannot open file \"%s\": %s\n"),report
,strerror(errno
));
177 write_html_header(fp_ou
,(IndexTree
== INDEX_TREE_DATE
) ? 3 : 1,_("Authentication Failures"),HTML_JS_NONE
);
178 fputs("<tr><td class=\"header_c\">",fp_ou
);
179 fprintf(fp_ou
,_("Period: %s"),period
.html
);
180 fputs("</td></tr>\n",fp_ou
);
181 fprintf(fp_ou
,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures"));
182 close_html_header(fp_ou
);
184 fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou
);
185 fprintf(fp_ou
,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE"));
187 if ((line
=longline_create())==NULL
) {
188 debuga(__FILE__
,__LINE__
,_("Not enough memory to read file \"%s\"\n"),authfail_sort
);
192 while((buf
=longline_read(fp_in
,line
))!=NULL
) {
193 getword_start(&gwarea
,buf
);
194 if (getword(data
,sizeof(data
),&gwarea
,'\t')<0) {
195 debuga(__FILE__
,__LINE__
,_("Invalid date in file \"%s\"\n"),authfail_sort
);
198 if (getword(hora
,sizeof(hora
),&gwarea
,'\t')<0) {
199 debuga(__FILE__
,__LINE__
,_("Invalid time in file \"%s\"\n"),authfail_sort
);
202 if (getword(user
,sizeof(user
),&gwarea
,'\t')<0) {
203 debuga(__FILE__
,__LINE__
,_("Invalid user ID in file \"%s\"\n"),authfail_sort
);
206 if (getword(ip
,sizeof(ip
),&gwarea
,'\t')<0) {
207 debuga(__FILE__
,__LINE__
,_("Invalid IP address in file \"%s\"\n"),authfail_sort
);
210 if (getword_ptr(buf
,&url
,&gwarea
,'\t')<0) {
211 debuga(__FILE__
,__LINE__
,_("Invalid url in file \"%s\"\n"),authfail_sort
);
214 if (sscanf(data
,"%d/%d/%d",&day
,&month
,&year
)!=3) continue;
215 computedate(year
,month
,day
,&t
);
216 strftime(data
,sizeof(data
),"%x",&t
);
218 uinfo
=userinfo_find_from_id(user
);
220 debuga(__FILE__
,__LINE__
,_("Unknown user ID %s in file \"%s\"\n"),user
,authfail_sort
);
231 if(strcmp(ouser
,user
) != 0) {
235 if(strcmp(oip
,ip
) != 0) {
241 if(AuthfailReportLimit
>0) {
242 if(strcmp(ouser2
,uinfo
->label
) == 0) {
245 if(count
>AuthfailReportLimit
&& AuthfailReportLimit
>0)
246 show_ignored_auth(fp_ou
,count
-AuthfailReportLimit
);
248 strcpy(ouser2
,uinfo
->label
);
250 if(count
> AuthfailReportLimit
)
256 fprintf(fp_ou
,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo
->label
,ip
);
258 fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou
);
259 fprintf(fp_ou
,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data
,hora
);
260 if(BlockIt
[0]!='\0' && url
[0]!=ALIAS_PREFIX
) {
261 fprintf(fp_ou
,"<a href=\"%s%s?url=",wwwDocumentRoot
,BlockIt
);
262 output_html_url(fp_ou
,url
);
263 fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a> ",fp_ou
);
265 output_html_link(fp_ou
,url
,100);
266 fputs("</td></th>\n",fp_ou
);
268 if (FileObject_Close(fp_in
)) {
269 debuga(__FILE__
,__LINE__
,_("Read error in \"%s\": %s\n"),authfail_sort
,FileObject_GetLastCloseError());
272 longline_destroy(&line
);
274 if(count
>AuthfailReportLimit
&& AuthfailReportLimit
>0)
275 show_ignored_auth(fp_ou
,count
-AuthfailReportLimit
);
277 fputs("</table></div>\n",fp_ou
);
278 write_html_trailer(fp_ou
);
279 if (fclose(fp_ou
)==EOF
) {
280 debuga(__FILE__
,__LINE__
,_("Write error in \"%s\": %s\n"),report
,strerror(errno
));
284 if (!KeepTempLog
&& unlink(authfail_sort
)) {
285 debuga(__FILE__
,__LINE__
,_("Cannot delete \"%s\": %s\n"),authfail_sort
,strerror(errno
));
293 Remove any temporary file left by the authfail module.
295 void authfail_cleanup(void)
298 if (fclose(fp_authfail
)==EOF
) {
299 debuga(__FILE__
,__LINE__
,_("Write error in \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
304 if(authfail_unsort
[0]) {
305 if (!KeepTempLog
&& unlink(authfail_unsort
)==-1)
306 debuga(__FILE__
,__LINE__
,_("Failed to delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));