]> git.ipfire.org Git - thirdparty/sarg.git/blob - denied.c
projects / thirdparty / sarg.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Protection against buffer overflows in getword and friends and report the origin...
[thirdparty/sarg.git] / denied.c
1 /*
2 * AUTHOR: Pedro Lineu Orso pedro.orso@gmail.com
3 * 1998, 2008
4 * SARG Squid Analysis Report Generator http://sarg.sourceforge.net
5 *
6 * SARG donations:
7 * please look at http://sarg.sourceforge.net/donations.php
8 * ---------------------------------------------------------------------
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
23 *
24 */
25
26 #include "include/conf.h"
27
28 void gen_denied_report()
29 {
30
31 FILE *fp_in = NULL, *fp_ou = NULL;
32
33 char url[MAXLEN];
34 char html2[MAXLEN];
35 char denied_in[MAXLEN];
36 char per[MAXLEN];
37 char report[MAXLEN];
38 char period[100];
39 char ip[MAXLEN];
40 char oip[MAXLEN];
41 char user[MAXLEN];
42 char ouser[MAXLEN];
43 char ouser2[MAXLEN];
44 char data[15];
45 char hora[15];
46 char *str;
47 int z=0;
48 int count=0;
49
50 ouser[0]='\0';
51
52 sprintf(denied_in,"%s/sarg/denied.log",TempDir);
53 if(!denied_count) {
54 unlink(denied_in);
55 return;
56 }
57
58 sprintf(per,"%s/sarg-period",dirname);
59 sprintf(report,"%s/denied.html",dirname);
60
61 if ((fp_in = fopen(per, "r")) == 0) {
62 fprintf(stderr, "SARG: (denied) %s: %s\n",text[45],per);
63 exit(1);
64 }
65
66 fgets(period,sizeof(period),fp_in);
67 fclose(fp_in);
68
69 if((fp_in=fopen(denied_in,"r"))==NULL) {
70 fprintf(stderr, "SARG: (denied) %s: %s\n",text[8],denied_in);
71 exit(1);
72 }
73
74 if((fp_ou=fopen(report,"w"))==NULL) {
75 fprintf(stderr, "SARG: (denied) %s: %s\n",text[8],report);
76 exit(1);
77 }
78
79 fprintf(fp_ou, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<html>\n<head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=%s\">\n",CharSet);
80 css(fp_ou);
81 fputs("</head>\n",fp_ou);
82 fprintf(fp_ou,"<body bgcolor=%s text=%s background='%s'>\n",BgColor,TxColor,BgImage);
83 if(strlen(LogoImage) > 0) fprintf(fp_ou, "<center><table cellpadding=\"0\" cellspacing=\"0\">\n<tr><th class=\"logo\"><img src='%s' border=0 align=absmiddle width=%s height=%s>&nbsp;%s</th></tr>\n<tr><td height=\"5\"></td></tr>\n</table>\n",LogoImage,Width,Height,LogoText);
84
85 if(strcmp(IndexTree,"date") == 0)
86 show_sarg(fp_ou, "../../..");
87 else
88 show_sarg(fp_ou, "..");
89
90 fputs("<center><table cellpadding=0 cellspacing=0>\n",fp_ou);
91 sprintf(url,"<tr><th class=\"title\">%s</b></th></tr>\n",Title);
92 fputs(url,fp_ou);
93
94 sprintf(url,"<tr><td class=\"header\">%s: %s</td></tr>\n",text[89],period);
95 fputs(url,fp_ou);
96 sprintf(url,"<tr><th class=\"header3\">%s</th></tr>\n",text[46]);
97 fputs(url,fp_ou);
98 fputs("</table></center>\n",fp_ou);
99
100 fputs("<center><table cellpadding=0 cellspacing=2>\n",fp_ou);
101 fputs("<tr><td></td></tr>\n",fp_ou);
102 sprintf(url,"<tr><th class=\"header\">%s</th><th class=\"header\">%s</th><th class=\"header\">%s</th><th class=\"header\">%s</th></tr>\n",text[98],text[111],text[110],text[91]);
103 fputs(url,fp_ou);
104
105 while(fgets(buf,sizeof(buf),fp_in)!=NULL) {
106 if (getword(data,sizeof(data),buf,' ')<0 || getword(hora,sizeof(hora),buf,' ')<0 ||
107 getword(user,sizeof(user),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 ||
108 getword(url,sizeof(url),buf,' ')<0) {
109 printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",denied_in);
110 exit(1);
111 }
112
113 if((str=(char *) strstr(user, "_")) != (char *) NULL ) {
114 if((str=(char *) strstr(str+1, "_")) != (char *) NULL )
115 fixip(user);
116 }
117
118 if(strcmp(Ip2Name,"yes") == 0)
119 ip2name(ip);
120
121 if(!z) {
122 strcpy(ouser,user);
123 strcpy(oip,ip);
124 z++;
125 } else {
126 if(strcmp(ouser,user) == 0)
127 user[0]='\0';
128 if(user[0] != '\0')
129 strcpy(ouser,user);
130 if(strcmp(oip,ip) == 0)
131 ip[0]='\0';
132 if(ip[0] != '\0')
133 strcpy(oip,ip);
134 }
135
136 if(UserTabFile[0] != '\0') {
137 sprintf(warea,":%s:",user);
138 if((str=(char *) strstr(userfile,warea)) != (char *) NULL ) {
139 z1=0;
140 str2=(char *) strstr(str+1,":");
141 str2++;
142 bzero(name, MAXLEN);
143 while(str2[z1] != ':') {
144 name[z1]=str2[z1];
145 z1++;
146 }
147 } else strcpy(name,user);
148 } else strcpy(name,user);
149
150 if(dotinuser && strstr(name,"_")) {
151 str2=(char *)subs(name,"_",".");
152 strcpy(name,str2);
153 }
154
155 if(DeniedReportLimit) {
156 if(strcmp(ouser2,name) == 0) {
157 count++;
158 } else {
159 count=1;
160 strcpy(ouser2,name);
161 }
162 if(count >= DeniedReportLimit)
163 continue;
164 }
165
166 if(strlen(BlockIt) > 0)
167 sprintf(BlockImage,"<a href=\"%s%s?url=%s\"><img src=\"%s/sarg-squidguard-block.png\" border=\"0\"></a>&nbsp;",wwwDocumentRoot,BlockIt,url,ImageFile);
168 else BlockImage[0]='\0';
169
170 sprintf(html2,"<tr><td class=\"data\">%s</td><td class=\"data\">%s</td><td class=\"data\">%s-%s</td><td class=\"data2\">%s<a href=\"%s\">%s</a></td></th>\n",name,ip,data,hora,BlockImage,url,url);
171 fputs(html2,fp_ou);
172 }
173
174 fputs("</table>\n",fp_ou);
175
176 show_info(fp_ou);
177 fputs("</body></html>\n",fp_ou);
178
179 fclose(fp_in);
180 fclose(fp_ou);
181
182 unlink(denied_in);
183
184 return;
185 }
Unnamed repository; edit this file 'description' to name the repository.