authfail.c

   1 /*
   2  * SARG Squid Analysis Report Generator      http://sarg.sourceforge.net
   3  *                                                            1998, 2010
   4  *
   5  * SARG donations:
   6  *      please look at http://sarg.sourceforge.net/donations.php
   7  * Support:
   8  *     http://sourceforge.net/projects/sarg/forums/forum/363374
   9  * ---------------------------------------------------------------------
  10  *
  11  *  This program is free software; you can redistribute it and/or modify
  12  *  it under the terms of the GNU General Public License as published by
  13  *  the Free Software Foundation; either version 2 of the License, or
  14  *  (at your option) any later version.
  15  *
  16  *  This program is distributed in the hope that it will be useful,
  17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  *  GNU General Public License for more details.
  20  *
  21  *  You should have received a copy of the GNU General Public License
  22  *  along with this program; if not, write to the Free Software
  23  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  24  *
  25  */
  26
  27 #include "include/conf.h"
  28 #include "include/defs.h"
  29
  30 void authfail_report(void)
  31 {
  32
  33    FILE *fp_in = NULL, *fp_ou = NULL;
  34
  35    char *buf;
  36    char *url;
  37    char authfail_in[MAXLEN];
  38    char report[MAXLEN];
  39    char ip[MAXLEN];
  40    char oip[MAXLEN];
  41    char user[MAXLEN];
  42    char ouser[MAXLEN];
  43    char ouser2[MAXLEN];
  44    char data[15];
  45    char hora[15];
  46    char tmp4[MAXLEN];
  47    char csort[MAXLEN];
  48    int  z=0;
  49    int  count=0;
  50    int  cstatus;
  51    int day,month,year;
  52    bool new_user;
  53    struct getwordstruct gwarea;
  54    longline line;
  55    struct userinfostruct *uinfo;
  56    struct tm t;
  57
  58    if(DataFile[0] != '\0') return;
  59
  60    ouser[0]='\0';
  61    ouser2[0]='\0';
  62    oip[0]='\0';
  63
  64    snprintf(tmp4,sizeof(tmp4),"%s/authfail.log.unsort",tmp);
  65
  66    if(authfail_count == 0) {
  67       unlink(tmp4);
  68       return;
  69    }
  70
  71    snprintf(authfail_in,sizeof(authfail_in),"%s/authfail.log",tmp);
  72    snprintf(report,sizeof(report),"%s/authfail.html",outdirname);
  73
  74    snprintf(csort,sizeof(csort),"sort -b -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp, authfail_in, tmp4);
  75    cstatus=system(csort);
  76    if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
  77       debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));
  78       debuga(_("sort command: %s\n"),csort);
  79       exit(EXIT_FAILURE);
  80    }
  81    if((fp_in=MY_FOPEN(authfail_in,"r"))==NULL) {
  82       debuga(_("(authfail) Cannot open file %s\n"),authfail_in);
  83       debuga(_("sort command: %s\n"),csort);
  84       exit(EXIT_FAILURE);
  85    }
  86    unlink(tmp4);
  87
  88    if((fp_ou=MY_FOPEN(report,"w"))==NULL) {
  89      debuga(_("(authfail) Cannot open file %s\n"),report);
  90      exit(EXIT_FAILURE);
  91    }
  92
  93    write_html_header(fp_ou,(IndexTree == INDEX_TREE_DATE) ? 3 : 1,_("Authentication Failures"));
  94    fputs("<tr><td class=\"header_c\">",fp_ou);
  95    fprintf(fp_ou,_("Period: %s"),period.html);
  96    fputs("</td></tr>\n",fp_ou);
  97    fprintf(fp_ou,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures"));
  98    close_html_header(fp_ou);
  99
 100    fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou);
 101    fprintf(fp_ou,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE"));
 102
 103    if ((line=longline_create())==NULL) {
 104       debuga(_("Not enough memory to read file %s\n"),authfail_in);
 105       exit(EXIT_FAILURE);
 106    }
 107
 108    while((buf=longline_read(fp_in,line))!=NULL) {
 109       getword_start(&gwarea,buf);
 110       if (getword(data,sizeof(data),&gwarea,'\t')<0) {
 111          debuga(_("There is a broken date in file %s\n"),authfail_in);
 112          exit(EXIT_FAILURE);
 113       }
 114       if (getword(hora,sizeof(hora),&gwarea,'\t')<0) {
 115          debuga(_("There is a broken time in file %s\n"),authfail_in);
 116          exit(EXIT_FAILURE);
 117       }
 118       if (getword(user,sizeof(user),&gwarea,'\t')<0) {
 119          debuga(_("There is a broken user ID in file %s\n"),authfail_in);
 120          exit(EXIT_FAILURE);
 121       }
 122       if (getword(ip,sizeof(ip),&gwarea,'\t')<0) {
 123          debuga(_("There is a broken IP address in file %s\n"),authfail_in);
 124          exit(EXIT_FAILURE);
 125       }
 126       if (getword_ptr(buf,&url,&gwarea,'\t')<0) {
 127          debuga(_("There is a broken url in file %s\n"),authfail_in);
 128          exit(EXIT_FAILURE);
 129       }
 130       if (sscanf(data,"%d/%d/%d",&day,&month,&year)!=3) continue;
 131       computedate(year,month,day,&t);
 132       strftime(data,sizeof(data),"%x",&t);
 133
 134       uinfo=userinfo_find_from_id(user);
 135       if (!uinfo) {
 136          debuga(_("Unknown user ID %s in file %s\n"),user,authfail_in);
 137          exit(EXIT_FAILURE);
 138       }
 139
 140       new_user=false;
 141       if(z == 0) {
 142          strcpy(ouser,user);
 143          strcpy(oip,ip);
 144          z++;
 145          new_user=true;
 146       } else {
 147          if(strcmp(ouser,user) != 0) {
 148             strcpy(ouser,user);
 149             new_user=true;
 150          }
 151          if(strcmp(oip,ip) != 0) {
 152             strcpy(oip,ip);
 153             new_user=true;
 154          }
 155       }
 156
 157      if(AuthfailReportLimit>0) {
 158         if(strcmp(ouser2,uinfo->label) == 0) {
 159             count++;
 160          } else {
 161             count=1;
 162             strcpy(ouser2,uinfo->label);
 163          }
 164          if(count >= AuthfailReportLimit)
 165             continue;
 166       }
 167
 168       fputs("<tr>",fp_ou);
 169       if (new_user)
 170          fprintf(fp_ou,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo->label,ip);
 171       else
 172          fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou);
 173       fprintf(fp_ou,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data,hora);
 174       if(BlockIt[0]!='\0') {
 175          fprintf(fp_ou,"<a href=\"%s%s?url=",wwwDocumentRoot,BlockIt);
 176          output_html_url(fp_ou,url);
 177          fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a>&nbsp;",fp_ou);
 178       }
 179       fputs("<a href=\"",fp_ou);
 180       output_html_url(fp_ou,url);
 181       fputs("\">",fp_ou);
 182       output_html_string(fp_ou,url,100);
 183       fputs("</a></td></th>\n",fp_ou);
 184    }
 185    fclose(fp_in);
 186    longline_destroy(&line);
 187
 188    fputs("</table></div>\n",fp_ou);
 189    if (write_html_trailer(fp_ou)<0)
 190       debuga(_("Write error in file %s\n"),report);
 191    if (fclose(fp_ou)==EOF)
 192       debuga(_("Failed to close file %s - %s\n"),report,strerror(errno));
 193
 194    unlink(authfail_in);
 195
 196    return;
 197 }