2 * SARG Squid Analysis Report Generator http://sarg.sourceforge.net
6 * please look at http://sarg.sourceforge.net/donations.php
8 * http://sourceforge.net/projects/sarg/forums/forum/363374
9 * ---------------------------------------------------------------------
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
27 #include "include/conf.h"
28 #include "include/defs.h"
29 #include "include/readlog.h"
31 //! Name of the file containing the unsorted authentication failure entries.
32 static char authfail_unsort
[MAXLEN
]="";
33 //! The file handle to write the entries.
34 static FILE *fp_authfail
=NULL
;
35 //! \c True if at least one anthentication failure entry exists.
36 static bool authfail_exists
=false;
39 Open a file to store the authentication failure.
41 \return The file handle or NULL if no file is necessary.
43 void authfail_open(void)
45 if ((ReportType
& REPORT_TYPE_AUTH_FAILURES
) == 0) {
46 if (debugz
>=LogLevel_Process
) debugaz(_("Authentication failures report not produced as it is not requested\n"));
50 if (debugz
>=LogLevel_Process
) debugaz(_("Authentication failures report not produced because privacy option is active\n"));
54 snprintf(authfail_unsort
,sizeof(authfail_unsort
),"%s/authfail.int_unsort",tmp
);
55 if ((fp_authfail
=MY_FOPEN(authfail_unsort
,"w"))==NULL
) {
56 debuga(_("Cannot open file \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
63 Write one entry in the unsorted authentication file file provided that it is required.
65 \param log_entry The entry to write into the log file.
67 void authfail_write(const struct ReadLogStruct
*log_entry
)
71 if (fp_authfail
&& (strstr(log_entry
->HttpCode
,"DENIED/401") != 0 || strstr(log_entry
->HttpCode
,"DENIED/407") != 0)) {
72 strftime(date
,sizeof(date
),"%d/%m/%Y\t%H:%M:%S",&log_entry
->EntryTime
);
73 fprintf(fp_authfail
, "%s\t%s\t%s\t%s\n",date
,log_entry
->User
,log_entry
->Ip
,log_entry
->Url
);
79 Close the file opened by authfail_open().
81 void authfail_close(void)
85 if (fclose(fp_authfail
)==EOF
) {
86 debuga(_("Write error in \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
94 Tell the caller if a authentication failure report exists.
96 \return \c True if the report is available or \c false if no report
99 bool is_authfail(void)
101 return(authfail_exists
);
105 static void show_ignored_auth(FILE *fp_ou
,int count
)
109 snprintf(ignored
,sizeof(ignored
),ngettext("%d more authentication failure not shown here…","%d more authentication failures not shown here…",count
),count
);
110 fprintf(fp_ou
,"<tr><td class=\"data\"></td><td class=\"data\"></td><td class=\"data\"></td><td class=\"data2 more\">%s</td></tr>\n",ignored
);
113 void authfail_report(void)
115 FILE *fp_in
= NULL
, *fp_ou
= NULL
;
119 char authfail_sort
[MAXLEN
];
124 char ouser
[MAXLEN
]="";
125 char ouser2
[MAXLEN
]="";
134 struct getwordstruct gwarea
;
136 struct userinfostruct
*uinfo
;
139 if (!authfail_exists
) {
140 if (!KeepTempLog
&& authfail_unsort
[0]!='\0' && unlink(authfail_unsort
))
141 debuga(_("Failed to delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
143 authfail_unsort
[0]='\0';
144 if (debugz
>=LogLevel_Process
) debugaz(_("Authentication failures report not produced because it is empty\n"));
147 if (debugz
>=LogLevel_Process
)
148 debuga(_("Creating authentication failures report...\n"));
150 snprintf(authfail_sort
,sizeof(authfail_sort
),"%s/authfail.int_log",tmp
);
151 snprintf(report
,sizeof(report
),"%s/authfail.html",outdirname
);
153 snprintf(csort
,sizeof(csort
),"sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp
, authfail_sort
, authfail_unsort
);
154 cstatus
=system(csort
);
155 if (!WIFEXITED(cstatus
) || WEXITSTATUS(cstatus
)) {
156 debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus
));
157 debuga(_("sort command: %s\n"),csort
);
160 if((fp_in
=MY_FOPEN(authfail_sort
,"r"))==NULL
) {
161 debuga(_("Cannot open file \"%s\": %s\n"),authfail_sort
,strerror(errno
));
162 debuga(_("sort command: %s\n"),csort
);
165 if (!KeepTempLog
&& unlink(authfail_unsort
)) {
166 debuga(_("Cannot delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
169 authfail_unsort
[0]='\0';
171 if((fp_ou
=MY_FOPEN(report
,"w"))==NULL
) {
172 debuga(_("Cannot open file \"%s\": %s\n"),report
,strerror(errno
));
176 write_html_header(fp_ou
,(IndexTree
== INDEX_TREE_DATE
) ? 3 : 1,_("Authentication Failures"),HTML_JS_NONE
);
177 fputs("<tr><td class=\"header_c\">",fp_ou
);
178 fprintf(fp_ou
,_("Period: %s"),period
.html
);
179 fputs("</td></tr>\n",fp_ou
);
180 fprintf(fp_ou
,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures"));
181 close_html_header(fp_ou
);
183 fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou
);
184 fprintf(fp_ou
,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE"));
186 if ((line
=longline_create())==NULL
) {
187 debuga(_("Not enough memory to read file %s\n"),authfail_sort
);
191 while((buf
=longline_read(fp_in
,line
))!=NULL
) {
192 getword_start(&gwarea
,buf
);
193 if (getword(data
,sizeof(data
),&gwarea
,'\t')<0) {
194 debuga(_("Invalid date in file \"%s\"\n"),authfail_sort
);
197 if (getword(hora
,sizeof(hora
),&gwarea
,'\t')<0) {
198 debuga(_("Invalid time in file \"%s\"\n"),authfail_sort
);
201 if (getword(user
,sizeof(user
),&gwarea
,'\t')<0) {
202 debuga(_("Invalid user ID in file \"%s\"\n"),authfail_sort
);
205 if (getword(ip
,sizeof(ip
),&gwarea
,'\t')<0) {
206 debuga(_("Invalid IP address in file \"%s\"\n"),authfail_sort
);
209 if (getword_ptr(buf
,&url
,&gwarea
,'\t')<0) {
210 debuga(_("Invalid url in file \"%s\"\n"),authfail_sort
);
213 if (sscanf(data
,"%d/%d/%d",&day
,&month
,&year
)!=3) continue;
214 computedate(year
,month
,day
,&t
);
215 strftime(data
,sizeof(data
),"%x",&t
);
217 uinfo
=userinfo_find_from_id(user
);
219 debuga(_("Unknown user ID %s in file \"%s\"\n"),user
,authfail_sort
);
230 if(strcmp(ouser
,user
) != 0) {
234 if(strcmp(oip
,ip
) != 0) {
240 if(AuthfailReportLimit
>0) {
241 if(strcmp(ouser2
,uinfo
->label
) == 0) {
244 if(count
>AuthfailReportLimit
&& AuthfailReportLimit
>0)
245 show_ignored_auth(fp_ou
,count
-AuthfailReportLimit
);
247 strcpy(ouser2
,uinfo
->label
);
249 if(count
> AuthfailReportLimit
)
255 fprintf(fp_ou
,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo
->label
,ip
);
257 fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou
);
258 fprintf(fp_ou
,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data
,hora
);
259 if(BlockIt
[0]!='\0' && url
[0]!=ALIAS_PREFIX
) {
260 fprintf(fp_ou
,"<a href=\"%s%s?url=",wwwDocumentRoot
,BlockIt
);
261 output_html_url(fp_ou
,url
);
262 fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a> ",fp_ou
);
264 output_html_link(fp_ou
,url
,100);
265 fputs("</td></th>\n",fp_ou
);
267 if (fclose(fp_in
)==EOF
) {
268 debuga(_("Read error in \"%s\": %s\n"),authfail_sort
,strerror(errno
));
271 longline_destroy(&line
);
273 if(count
>AuthfailReportLimit
&& AuthfailReportLimit
>0)
274 show_ignored_auth(fp_ou
,count
-AuthfailReportLimit
);
276 fputs("</table></div>\n",fp_ou
);
277 write_html_trailer(fp_ou
);
278 if (fclose(fp_ou
)==EOF
) {
279 debuga(_("Write error in \"%s\": %s\n"),report
,strerror(errno
));
283 if (!KeepTempLog
&& unlink(authfail_sort
)) {
284 debuga(_("Cannot delete \"%s\": %s\n"),authfail_sort
,strerror(errno
));
292 Remove any temporary file left by the authfail module.
294 void authfail_cleanup(void)
297 if (fclose(fp_authfail
)==EOF
) {
298 debuga(_("Write error in \"%s\": %s\n"),authfail_unsort
,strerror(errno
));
303 if(authfail_unsort
[0]) {
304 if (!KeepTempLog
&& unlink(authfail_unsort
)==-1)
305 debuga(_("Failed to delete \"%s\": %s\n"),authfail_unsort
,strerror(errno
));