]> git.ipfire.org Git - thirdparty/sarg.git/blob - download.c
projects / thirdparty / sarg.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Protection against buffer overflows in getword and friends and report the origin...
[thirdparty/sarg.git] / download.c
1 /*
2 * AUTHOR: Pedro Lineu Orso pedro.orso@gmail.com
3 * 1998, 2008
4 * SARG Squid Analysis Report Generator http://sarg.sourceforge.net
5 *
6 * SARG donations:
7 * please look at http://sarg.sourceforge.net/donations.php
8 * ---------------------------------------------------------------------
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
23 *
24 */
25
26 #include "include/conf.h"
27
28 void download_report()
29 {
30
31 FILE *fp_in = NULL, *fp_ou = NULL;
32
33 char url[MAXLEN];
34 char html[MAXLEN];
35 char html2[MAXLEN];
36 char report_in[MAXLEN];
37 char wdirname[MAXLEN];
38 char report[MAXLEN];
39 char period[100];
40 char ip[MAXLEN];
41 char oip[MAXLEN];
42 char user[MAXLEN];
43 char ouser[MAXLEN];
44 char ouser2[MAXLEN];
45 char data[15];
46 char hora[15];
47 char *str;
48 int z=0;
49 int count=0;
50
51 ouser[0]='\0';
52
53 sprintf(report_in,"%s/sarg/download.log",TempDir);
54 if(access(report_in, R_OK) != 0)
55 return;
56
57 strcpy(wdirname,dirname);
58 sprintf(report,"%s/download.html",wdirname);
59 strcat(wdirname,"/");
60 strcat(wdirname,"sarg-period");
61
62 if ((fp_in = fopen(wdirname, "r")) == 0) {
63 fprintf(stderr, "SARG: (download) %s: %s\n",text[45],wdirname);
64 exit(1);
65 }
66
67 fgets(period,sizeof(period),fp_in);
68 fclose(fp_in);
69
70 if((fp_in=fopen(report_in,"r"))==NULL) {
71 fprintf(stderr, "SARG: (download) %s: %s\n",text[8],report_in);
72 exit(1);
73 }
74
75 if((fp_ou=fopen(report,"w"))==NULL) {
76 fprintf(stderr, "SARG: (download) %s: %s\n",text[8],report);
77 exit(1);
78 }
79
80 fputs("<html>\n",fp_ou);
81 fputs("<head>\n",fp_ou);
82 sprintf(html," <meta http-equiv=\"Content-Type\" content=\"text/html; charset=%s\">\n",CharSet);
83 fputs(html,fp_ou);
84 css(fp_ou);
85 fputs("</head>\n",fp_ou);
86
87 sprintf(url,"<body bgcolor=%s text=%s background='%s'>\n",BgColor,TxColor,BgImage);
88 fputs(url,fp_ou);
89
90 if(strlen(LogoImage) > 0) fprintf(fp_ou, "<center><table cellpadding=\"0\" cellspacing=\"0\">\n<tr><th class=\"logo\"><img src='%s' border=0 align=absmiddle width=%s height=%s>&nbsp;%s</th></tr>\n<tr><td height=\"5\"></td></tr>\n</table>\n",LogoImage,Width,Height,LogoText);
91
92 if(strcmp(IndexTree,"date") == 0)
93 show_sarg(fp_ou, "../../..");
94 else
95 show_sarg(fp_ou, "..");
96
97 fputs("<center><table cellpadding=0 cellspacing=0>\n",fp_ou);
98 sprintf(url,"<tr><th class=\"title\">%s</b></th></tr>\n",Title);
99 fputs(url,fp_ou);
100
101 sprintf(url,"<tr><td class=\"header\">%s: %s</td></tr>\n",text[89],period);
102 fputs(url,fp_ou);
103 sprintf(url,"<tr><th class=\"header3\">%s</th></tr>\n",text[125]);
104 fputs(url,fp_ou);
105 fputs("</table></center>\n",fp_ou);
106
107 fputs("<center><table cellpadding=0 cellspacing=2>\n",fp_ou);
108 fputs("<tr><td></td></tr>\n",fp_ou);
109 sprintf(url,"<tr><th class=\"header\">%s</th><th class=\"header\">%s</th><th class=\"header\">%s</th><th class=\"header\">%s</th></tr>\n",text[98],text[111],text[110],text[91]);
110 fputs(url,fp_ou);
111
112 while(fgets(buf,sizeof(buf),fp_in)!=NULL) {
113 if (getword(data,sizeof(data),buf,' ')<0 || getword(hora,sizeof(hora),buf,' ')<0 ||
114 getword(user,sizeof(user),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 ||
115 getword(url,sizeof(url),buf,' ')<0) {
116 printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",report_in);
117 exit(1);
118 }
119
120 if((str=(char *) strstr(user, "_")) != (char *) NULL ) {
121 if((str=(char *) strstr(str+1, "_")) != (char *) NULL )
122 fixip(user);
123 }
124
125 if(strcmp(Ip2Name,"yes") == 0)
126 ip2name(ip);
127
128 if(!z) {
129 strcpy(ouser,user);
130 strcpy(oip,ip);
131 z++;
132 } else {
133 if(strcmp(ouser,user) == 0)
134 user[0]='\0';
135 if(user[0] != '\0')
136 strcpy(ouser,user);
137 if(strcmp(oip,ip) == 0)
138 ip[0]='\0';
139 if(ip[0] != '\0')
140 strcpy(oip,ip);
141 }
142
143 if(UserTabFile[0] != '\0') {
144 sprintf(warea,":%s:",user);
145 if((str=(char *) strstr(userfile,warea)) != (char *) NULL ) {
146 z1=0;
147 str2=(char *) strstr(str+1,":");
148 str2++;
149 bzero(name, MAXLEN);
150 while(str2[z1] != ':') {
151 name[z1]=str2[z1];
152 z1++;
153 }
154 } else strcpy(name,user);
155 } else strcpy(name,user);
156
157 if(dotinuser && strstr(name,"_")) {
158 str2=(char *)subs(name,"_",".");
159 strcpy(name,str2);
160 }
161
162 if(DownloadReportLimit) {
163 if(strcmp(ouser2,name) == 0) {
164 count++;
165 } else {
166 count=1;
167 strcpy(ouser2,name);
168 }
169 if(count >= DownloadReportLimit)
170 continue;
171 }
172
173 if(strlen(BlockIt) > 0)
174 sprintf(BlockImage,"<a href=\"%s%s?url=%s\"><img src=\"%s/sarg-squidguard-block.png\" border=\"0\"></a>&nbsp;",wwwDocumentRoot,BlockIt,url,ImageFile);
175 else BlockImage[0]='\0';
176
177 sprintf(html2,"<tr><td class=\"data\">%s</td><td class=\"data\">%s</td><td class=\"data\">%s-%s</td><td class=\"data2\">%s<a href=\"%s\">%s</a></td></th>\n",name,ip,data,hora,BlockImage,url,url);
178 fputs(html2,fp_ou);
179 }
180
181 fputs("</table>\n",fp_ou);
182
183 show_info(fp_ou);
184 fputs("</html>\n",fp_ou);
185
186 fclose(fp_in);
187 fclose(fp_ou);
188
189 unlink(report_in);
190
191 return;
192 }
Unnamed repository; edit this file 'description' to name the repository.