[thirdparty/sarg.git] / authfail.c

/*
 * SARG Squid Analysis Report Generator      http://sarg.sourceforge.net
 *                                                            1998, 2012
 *
 * SARG donations:
 *      please look at http://sarg.sourceforge.net/donations.php
 * Support:
 *     http://sourceforge.net/projects/sarg/forums/forum/363374
 * ---------------------------------------------------------------------
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "include/conf.h"
#include "include/defs.h"

static void show_ignored_auth(FILE *fp_ou,int count)
{
	char ignored[80];

	snprintf(ignored,sizeof(ignored),ngettext("%d more authentication failure not shown here&hellip;","%d more authentication failures not shown here&hellip;",count),count);
	fprintf(fp_ou,"<tr><td class=\"data\"></td><td class=\"data\"></td><td class=\"data\"></td><td class=\"data2 more\">%s</td></tr>\n",ignored);
}

void authfail_report(void)
{
	FILE *fp_in = NULL, *fp_ou = NULL;

	char *buf;
	char *url;
	char authfail_in[MAXLEN];
	char report[MAXLEN];
	char ip[MAXLEN];
	char oip[MAXLEN];
	char user[MAXLEN];
	char ouser[MAXLEN];
	char ouser2[MAXLEN];
	char data[15];
	char hora[15];
	char tmp4[MAXLEN];
	char csort[MAXLEN];
	int  z=0;
	int  count=0;
	int  cstatus;
	int day,month,year;
	bool new_user;
	struct getwordstruct gwarea;
	longline line;
	struct userinfostruct *uinfo;
	struct tm t;

	if(DataFile[0] != '\0') return;

	ouser[0]='\0';
	ouser2[0]='\0';
	oip[0]='\0';

	snprintf(tmp4,sizeof(tmp4),"%s/authfail.int_unsort",tmp);

	if(authfail_count == 0) {
		if (!KeepTempLog && unlink(tmp4)) {
			debuga(_("Cannot delete \"%s\": %s\n"),tmp4,strerror(errno));
		}
		if (debugz) debugaz(_("Authentication failures report not produced because it is empty\n"));
		return;
	}

	snprintf(authfail_in,sizeof(authfail_in),"%s/authfail.int_log",tmp);
	snprintf(report,sizeof(report),"%s/authfail.html",outdirname);

	snprintf(csort,sizeof(csort),"sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp, authfail_in, tmp4);
	cstatus=system(csort);
	if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
		debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));
		debuga(_("sort command: %s\n"),csort);
		exit(EXIT_FAILURE);
	}
	if((fp_in=MY_FOPEN(authfail_in,"r"))==NULL) {
		debuga(_("(authfail) Cannot open file %s\n"),authfail_in);
		debuga(_("sort command: %s\n"),csort);
		exit(EXIT_FAILURE);
	}
	if (!KeepTempLog && unlink(tmp4)) {
		debuga(_("Cannot delete \"%s\": %s\n"),tmp4,strerror(errno));
		exit(EXIT_FAILURE);
	}

	if((fp_ou=MY_FOPEN(report,"w"))==NULL) {
		debuga(_("(authfail) Cannot open file %s\n"),report);
		exit(EXIT_FAILURE);
	}

	write_html_header(fp_ou,(IndexTree == INDEX_TREE_DATE) ? 3 : 1,_("Authentication Failures"),HTML_JS_NONE);
	fputs("<tr><td class=\"header_c\">",fp_ou);
	fprintf(fp_ou,_("Period: %s"),period.html);
	fputs("</td></tr>\n",fp_ou);
	fprintf(fp_ou,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures"));
	close_html_header(fp_ou);

	fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou);
	fprintf(fp_ou,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE"));

	if ((line=longline_create())==NULL) {
		debuga(_("Not enough memory to read file %s\n"),authfail_in);
		exit(EXIT_FAILURE);
	}

	while((buf=longline_read(fp_in,line))!=NULL) {
		getword_start(&gwarea,buf);
		if (getword(data,sizeof(data),&gwarea,'\t')<0) {
			debuga(_("There is a broken date in file %s\n"),authfail_in);
			exit(EXIT_FAILURE);
		}
		if (getword(hora,sizeof(hora),&gwarea,'\t')<0) {
			debuga(_("There is a broken time in file %s\n"),authfail_in);
			exit(EXIT_FAILURE);
		}
		if (getword(user,sizeof(user),&gwarea,'\t')<0) {
			debuga(_("There is a broken user ID in file %s\n"),authfail_in);
			exit(EXIT_FAILURE);
		}
		if (getword(ip,sizeof(ip),&gwarea,'\t')<0) {
			debuga(_("There is a broken IP address in file %s\n"),authfail_in);
			exit(EXIT_FAILURE);
		}
		if (getword_ptr(buf,&url,&gwarea,'\t')<0) {
			debuga(_("There is a broken url in file %s\n"),authfail_in);
			exit(EXIT_FAILURE);
		}
		if (sscanf(data,"%d/%d/%d",&day,&month,&year)!=3) continue;
		computedate(year,month,day,&t);
		strftime(data,sizeof(data),"%x",&t);

		uinfo=userinfo_find_from_id(user);
		if (!uinfo) {
			debuga(_("Unknown user ID %s in file %s\n"),user,authfail_in);
			exit(EXIT_FAILURE);
		}

		new_user=false;
		if(z == 0) {
			strcpy(ouser,user);
			strcpy(oip,ip);
			z++;
			new_user=true;
		} else {
			if(strcmp(ouser,user) != 0) {
				strcpy(ouser,user);
				new_user=true;
			}
			if(strcmp(oip,ip) != 0) {
				strcpy(oip,ip);
				new_user=true;
			}
		}

		if(AuthfailReportLimit>0) {
			if(strcmp(ouser2,uinfo->label) == 0) {
				count++;
			} else {
				if(count>AuthfailReportLimit && AuthfailReportLimit>0)
					show_ignored_auth(fp_ou,count-AuthfailReportLimit);
				count=1;
				strcpy(ouser2,uinfo->label);
			}
			if(count > AuthfailReportLimit)
				continue;
		}

		fputs("<tr>",fp_ou);
		if (new_user)
			fprintf(fp_ou,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo->label,ip);
		else
			fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou);
		fprintf(fp_ou,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data,hora);
		if(BlockIt[0]!='\0' && url[0]!=ALIAS_PREFIX) {
			fprintf(fp_ou,"<a href=\"%s%s?url=",wwwDocumentRoot,BlockIt);
			output_html_url(fp_ou,url);
			fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a>&nbsp;",fp_ou);
		}
		output_html_link(fp_ou,url,100);
		fputs("</td></th>\n",fp_ou);
	}
	fclose(fp_in);
	longline_destroy(&line);

	if(count>AuthfailReportLimit && AuthfailReportLimit>0)
		show_ignored_auth(fp_ou,count-AuthfailReportLimit);

	fputs("</table></div>\n",fp_ou);
	if (write_html_trailer(fp_ou)<0)
		debuga(_("Write error in file %s\n"),report);
	if (fclose(fp_ou)==EOF)
		debuga(_("Failed to close file %s - %s\n"),report,strerror(errno));

	if (!KeepTempLog && unlink(authfail_in)) {
		debuga(_("Cannot delete \"%s\": %s\n"),authfail_in,strerror(errno));
		exit(EXIT_FAILURE);
	}

	return;
}
Commit	Line	Data
25697a35	1	/*
94ff9470	2	* SARG Squid Analysis Report Generator http://sarg.sourceforge.net
61d965f3	3	* 1998, 2012
94ff9470 GS	4	*
	5	* SARG donations:
	6	* please look at http://sarg.sourceforge.net/donations.php
1164c474 FM	7	* Support:
1164c474 FM	8	* http://sourceforge.net/projects/sarg/forums/forum/363374
25697a35 GS	9	* ---------------------------------------------------------------------
	10	*
	11	* This program is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License as published by
	13	* the Free Software Foundation; either version 2 of the License, or
	14	* (at your option) any later version.
	15	*
	16	* This program is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	* GNU General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License
	22	* along with this program; if not, write to the Free Software
	23	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	24	*
	25	*/
	26
	27	#include "include/conf.h"
5f3cfd1d	28	#include "include/defs.h"
25697a35	29
7ae50eee FM	30	static void show_ignored_auth(FILE *fp_ou,int count)
	31	{
	32	char ignored[80];
	33
	34	snprintf(ignored,sizeof(ignored),ngettext("%d more authentication failure not shown here…","%d more authentication failures not shown here…",count),count);
	35	fprintf(fp_ou,"<tr><td class=\"data\"></td><td class=\"data\"></td><td class=\"data\"></td><td class=\"data2 more\">%s</td></tr>\n",ignored);
	36	}
	37
32e71fa4	38	void authfail_report(void)
25697a35	39	{
9bd92830 FM	40	FILE fp_in = NULL, fp_ou = NULL;
	41
	42	char *buf;
	43	char *url;
	44	char authfail_in[MAXLEN];
	45	char report[MAXLEN];
	46	char ip[MAXLEN];
	47	char oip[MAXLEN];
	48	char user[MAXLEN];
	49	char ouser[MAXLEN];
	50	char ouser2[MAXLEN];
	51	char data[15];
	52	char hora[15];
	53	char tmp4[MAXLEN];
	54	char csort[MAXLEN];
	55	int z=0;
	56	int count=0;
	57	int cstatus;
	58	int day,month,year;
	59	bool new_user;
	60	struct getwordstruct gwarea;
	61	longline line;
	62	struct userinfostruct *uinfo;
	63	struct tm t;
	64
	65	if(DataFile[0] != '\0') return;
	66
	67	ouser[0]='\0';
	68	ouser2[0]='\0';
	69	oip[0]='\0';
	70
c98d6a0f	71	snprintf(tmp4,sizeof(tmp4),"%s/authfail.int_unsort",tmp);
9bd92830 FM	72
9bd92830 FM	73	if(authfail_count == 0) {
11767c6a FM	74	if (!KeepTempLog && unlink(tmp4)) {
	75	debuga(_("Cannot delete \"%s\": %s\n"),tmp4,strerror(errno));
	76	}
9f93fec3	77	if (debugz) debugaz(_("Authentication failures report not produced because it is empty\n"));
9bd92830 FM	78	return;
	79	}
	80
c98d6a0f	81	snprintf(authfail_in,sizeof(authfail_in),"%s/authfail.int_log",tmp);
9bd92830 FM	82	snprintf(report,sizeof(report),"%s/authfail.html",outdirname);
9bd92830 FM	83
eb843369	84	snprintf(csort,sizeof(csort),"sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp, authfail_in, tmp4);
9bd92830 FM	85	cstatus=system(csort);
	86	if (!WIFEXITED(cstatus) \|\| WEXITSTATUS(cstatus)) {
	87	debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));
	88	debuga(_("sort command: %s\n"),csort);
	89	exit(EXIT_FAILURE);
	90	}
	91	if((fp_in=MY_FOPEN(authfail_in,"r"))==NULL) {
	92	debuga(_("(authfail) Cannot open file %s\n"),authfail_in);
	93	debuga(_("sort command: %s\n"),csort);
	94	exit(EXIT_FAILURE);
	95	}
11767c6a FM	96	if (!KeepTempLog && unlink(tmp4)) {
11767c6a FM	97	debuga(_("Cannot delete \"%s\": %s\n"),tmp4,strerror(errno));
08f9b029 FM	98	exit(EXIT_FAILURE);
08f9b029 FM	99	}
9bd92830 FM	100
9bd92830 FM	101	if((fp_ou=MY_FOPEN(report,"w"))==NULL) {
007905af FM	102	debuga(_("(authfail) Cannot open file %s\n"),report);
007905af FM	103	exit(EXIT_FAILURE);
9bd92830 FM	104	}
	105
	106	write_html_header(fp_ou,(IndexTree == INDEX_TREE_DATE) ? 3 : 1,_("Authentication Failures"),HTML_JS_NONE);
	107	fputs("<tr><td class=\"header_c\">",fp_ou);
	108	fprintf(fp_ou,_("Period: %s"),period.html);
	109	fputs("</td></tr>\n",fp_ou);
	110	fprintf(fp_ou,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures"));
	111	close_html_header(fp_ou);
	112
	113	fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou);
	114	fprintf(fp_ou,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE"));
	115
	116	if ((line=longline_create())==NULL) {
	117	debuga(_("Not enough memory to read file %s\n"),authfail_in);
	118	exit(EXIT_FAILURE);
	119	}
	120
	121	while((buf=longline_read(fp_in,line))!=NULL) {
	122	getword_start(&gwarea,buf);
	123	if (getword(data,sizeof(data),&gwarea,'\t')<0) {
	124	debuga(_("There is a broken date in file %s\n"),authfail_in);
	125	exit(EXIT_FAILURE);
	126	}
	127	if (getword(hora,sizeof(hora),&gwarea,'\t')<0) {
	128	debuga(_("There is a broken time in file %s\n"),authfail_in);
	129	exit(EXIT_FAILURE);
	130	}
	131	if (getword(user,sizeof(user),&gwarea,'\t')<0) {
	132	debuga(_("There is a broken user ID in file %s\n"),authfail_in);
	133	exit(EXIT_FAILURE);
	134	}
	135	if (getword(ip,sizeof(ip),&gwarea,'\t')<0) {
	136	debuga(_("There is a broken IP address in file %s\n"),authfail_in);
	137	exit(EXIT_FAILURE);
	138	}
	139	if (getword_ptr(buf,&url,&gwarea,'\t')<0) {
	140	debuga(_("There is a broken url in file %s\n"),authfail_in);
	141	exit(EXIT_FAILURE);
	142	}
	143	if (sscanf(data,"%d/%d/%d",&day,&month,&year)!=3) continue;
	144	computedate(year,month,day,&t);
	145	strftime(data,sizeof(data),"%x",&t);
	146
	147	uinfo=userinfo_find_from_id(user);
	148	if (!uinfo) {
	149	debuga(_("Unknown user ID %s in file %s\n"),user,authfail_in);
	150	exit(EXIT_FAILURE);
	151	}
	152
	153	new_user=false;
	154	if(z == 0) {
	155	strcpy(ouser,user);
	156	strcpy(oip,ip);
	157	z++;
	158	new_user=true;
	159	} else {
	160	if(strcmp(ouser,user) != 0) {
	161	strcpy(ouser,user);
	162	new_user=true;
	163	}
	164	if(strcmp(oip,ip) != 0) {
	165	strcpy(oip,ip);
	166	new_user=true;
	167	}
168	}
169
007905af FM	170	if(AuthfailReportLimit>0) {
007905af FM	171	if(strcmp(ouser2,uinfo->label) == 0) {
9bd92830 FM	172	count++;
9bd92830 FM	173	} else {
7ae50eee FM	174	if(count>AuthfailReportLimit && AuthfailReportLimit>0)
7ae50eee FM	175	show_ignored_auth(fp_ou,count-AuthfailReportLimit);
9bd92830 FM	176	count=1;
	177	strcpy(ouser2,uinfo->label);
	178	}
7ae50eee	179	if(count > AuthfailReportLimit)
9bd92830 FM	180	continue;
	181	}
	182
	183	fputs("<tr>",fp_ou);
	184	if (new_user)
	185	fprintf(fp_ou,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo->label,ip);
	186	else
	187	fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou);
	188	fprintf(fp_ou,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data,hora);
67a93701	189	if(BlockIt[0]!='\0' && url[0]!=ALIAS_PREFIX) {
9bd92830 FM	190	fprintf(fp_ou,"<a href=\"%s%s?url=",wwwDocumentRoot,BlockIt);
	191	output_html_url(fp_ou,url);
	192	fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a> ",fp_ou);
	193	}
6fa33a32	194	output_html_link(fp_ou,url,100);
67a93701	195	fputs("</td></th>\n",fp_ou);
9bd92830 FM	196	}
	197	fclose(fp_in);
	198	longline_destroy(&line);
	199
7ae50eee FM	200	if(count>AuthfailReportLimit && AuthfailReportLimit>0)
	201	show_ignored_auth(fp_ou,count-AuthfailReportLimit);
	202
9bd92830 FM	203	fputs("</table></div>\n",fp_ou);
	204	if (write_html_trailer(fp_ou)<0)
	205	debuga(_("Write error in file %s\n"),report);
	206	if (fclose(fp_ou)==EOF)
	207	debuga(_("Failed to close file %s - %s\n"),report,strerror(errno));
	208
11767c6a FM	209	if (!KeepTempLog && unlink(authfail_in)) {
11767c6a FM	210	debuga(_("Cannot delete \"%s\": %s\n"),authfail_in,strerror(errno));
08f9b029 FM	211	exit(EXIT_FAILURE);
08f9b029 FM	212	}
9bd92830 FM	213
9bd92830 FM	214	return;
25697a35	215	}