sarg  2.4.0
About: SARG ia a Squid Analysis Report Generator.
  Fossies Dox: sarg-2.4.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

authfail.c
Go to the documentation of this file.
1 /*
2  * SARG Squid Analysis Report Generator http://sarg.sourceforge.net
3  * 1998, 2015
4  *
5  * SARG donations:
6  * please look at http://sarg.sourceforge.net/donations.php
7  * Support:
8  * http://sourceforge.net/projects/sarg/forums/forum/363374
9  * ---------------------------------------------------------------------
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
24  *
25  */
26 
27 #include "include/conf.h"
28 #include "include/defs.h"
29 #include "include/readlog.h"
30 
32 static char authfail_unsort[MAXLEN]="";
34 static FILE *fp_authfail=NULL;
36 static bool authfail_exists=false;
37 
43 void authfail_open(void)
44 {
46  if (debugz>=LogLevel_Process) debugaz(__FILE__,__LINE__,_("Authentication failures report not produced as it is not requested\n"));
47  return;
48  }
49  if (Privacy) {
50  if (debugz>=LogLevel_Process) debugaz(__FILE__,__LINE__,_("Authentication failures report not produced because privacy option is active\n"));
51  return;
52  }
53 
54  format_path(__FILE__, __LINE__, authfail_unsort, sizeof(authfail_unsort), "%s/authfail.int_unsort", tmp);
55  if ((fp_authfail=MY_FOPEN(authfail_unsort,"w"))==NULL) {
56  debuga(__FILE__,__LINE__,_("Cannot open file \"%s\": %s\n"),authfail_unsort,strerror(errno));
57  exit(EXIT_FAILURE);
58  }
59  return;
60 }
61 
67 void authfail_write(const struct ReadLogStruct *log_entry)
68 {
69  char date[80];
70 
71  if (fp_authfail && (strstr(log_entry->HttpCode,"DENIED/401") != 0 || strstr(log_entry->HttpCode,"DENIED/407") != 0)) {
72  strftime(date,sizeof(date),"%d/%m/%Y\t%H:%M:%S",&log_entry->EntryTime);
73  fprintf(fp_authfail, "%s\t%s\t%s\t%s\n",date,log_entry->User,log_entry->Ip,log_entry->Url);
74  authfail_exists=true;
75  }
76 }
77 
81 void authfail_close(void)
82 {
83  if (fp_authfail)
84  {
85  if (fclose(fp_authfail)==EOF) {
86  debuga(__FILE__,__LINE__,_("Write error in \"%s\": %s\n"),authfail_unsort,strerror(errno));
87  exit(EXIT_FAILURE);
88  }
89  fp_authfail=NULL;
90  }
91 }
92 
99 bool is_authfail(void)
100 {
101  return(authfail_exists);
102 }
103 
104 
105 static void show_ignored_auth(FILE *fp_ou,int count)
106 {
107  char ignored[80];
108 
109  snprintf(ignored,sizeof(ignored),ngettext("%d more authentication failure not shown here…","%d more authentication failures not shown here…",count),count);
110  fprintf(fp_ou,"<tr><td class=\"data\"></td><td class=\"data\"></td><td class=\"data\"></td><td class=\"data2 more\">%s</td></tr>\n",ignored);
111 }
112 
113 void authfail_report(void)
114 {
115  FileObject *fp_in = NULL;
116  FILE *fp_ou = NULL;
117 
118  char *buf;
119  char *url;
120  char authfail_sort[MAXLEN];
121  char report[MAXLEN];
122  char ip[MAXLEN];
123  char oip[MAXLEN]="";
124  char user[MAXLEN];
125  char ouser[MAXLEN]="";
126  char ouser2[MAXLEN]="";
127  char data[15];
128  char hora[15];
129  char csort[MAXLEN];
130  int z=0;
131  int count=0;
132  int cstatus;
133  int day,month,year;
134  bool new_user;
135  struct getwordstruct gwarea;
136  longline line;
137  struct userinfostruct *uinfo;
138  struct tm t;
139 
140  if (!authfail_exists) {
141  if (!KeepTempLog && authfail_unsort[0]!='\0' && unlink(authfail_unsort))
142  debuga(__FILE__,__LINE__,_("Failed to delete \"%s\": %s\n"),authfail_unsort,strerror(errno));
143 
144  authfail_unsort[0]='\0';
145  if (debugz>=LogLevel_Process) debugaz(__FILE__,__LINE__,_("Authentication failures report not produced because it is empty\n"));
146  return;
147  }
149  debuga(__FILE__,__LINE__,_("Creating authentication failures report...\n"));
150 
151  format_path(__FILE__, __LINE__, authfail_sort, sizeof(authfail_sort), "%s/authfail.int_log", tmp);
152  format_path(__FILE__, __LINE__, report, sizeof(report), "%s/authfail.html", outdirname);
153 
154  if (snprintf(csort, sizeof(csort), "sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp, authfail_sort, authfail_unsort) >= sizeof(csort)) {
155  debuga(__FILE__,__LINE__,_("Sort command too long when sorting file \"%s\" to \"%s\"\n"), authfail_unsort, authfail_sort);
156  debuga_more("sort -b -t \"\t\" -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp, authfail_sort, authfail_unsort);
157  exit(EXIT_FAILURE);
158  }
159  cstatus=system(csort);
160  if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
161  debuga(__FILE__,__LINE__,_("sort command return status %d\n"),WEXITSTATUS(cstatus));
162  debuga(__FILE__,__LINE__,_("sort command: %s\n"),csort);
163  exit(EXIT_FAILURE);
164  }
165  if ((fp_in=FileObject_Open(authfail_sort))==NULL) {
166  debuga(__FILE__,__LINE__,_("Cannot open file \"%s\": %s\n"),authfail_sort,FileObject_GetLastOpenError());
167  debuga(__FILE__,__LINE__,_("sort command: %s\n"),csort);
168  exit(EXIT_FAILURE);
169  }
170  if (!KeepTempLog && unlink(authfail_unsort)) {
171  debuga(__FILE__,__LINE__,_("Cannot delete \"%s\": %s\n"),authfail_unsort,strerror(errno));
172  exit(EXIT_FAILURE);
173  }
174  authfail_unsort[0]='\0';
175 
176  if ((fp_ou=MY_FOPEN(report,"w"))==NULL) {
177  debuga(__FILE__,__LINE__,_("Cannot open file \"%s\": %s\n"),report,strerror(errno));
178  exit(EXIT_FAILURE);
179  }
180 
181  write_html_header(fp_ou,(IndexTree == INDEX_TREE_DATE) ? 3 : 1,_("Authentication Failures"),HTML_JS_NONE);
182  fputs("<tr><td class=\"header_c\">",fp_ou);
183  fprintf(fp_ou,_("Period: %s"),period.html);
184  fputs("</td></tr>\n",fp_ou);
185  fprintf(fp_ou,"<tr><th class=\"header_c\">%s</th></tr>\n",_("Authentication Failures"));
186  close_html_header(fp_ou);
187 
188  fputs("<div class=\"report\"><table cellpadding=\"0\" cellspacing=\"2\">\n",fp_ou);
189  fprintf(fp_ou,"<tr><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th><th class=\"header_l\">%s</th></tr>\n",_("USERID"),_("IP/NAME"),_("DATE/TIME"),_("ACCESSED SITE"));
190 
191  if ((line=longline_create())==NULL) {
192  debuga(__FILE__,__LINE__,_("Not enough memory to read file \"%s\"\n"),authfail_sort);
193  exit(EXIT_FAILURE);
194  }
195 
196  while((buf=longline_read(fp_in,line))!=NULL) {
197  getword_start(&gwarea,buf);
198  if (getword(data,sizeof(data),&gwarea,'\t')<0) {
199  debuga(__FILE__,__LINE__,_("Invalid date in file \"%s\"\n"),authfail_sort);
200  exit(EXIT_FAILURE);
201  }
202  if (getword(hora,sizeof(hora),&gwarea,'\t')<0) {
203  debuga(__FILE__,__LINE__,_("Invalid time in file \"%s\"\n"),authfail_sort);
204  exit(EXIT_FAILURE);
205  }
206  if (getword(user,sizeof(user),&gwarea,'\t')<0) {
207  debuga(__FILE__,__LINE__,_("Invalid user ID in file \"%s\"\n"),authfail_sort);
208  exit(EXIT_FAILURE);
209  }
210  if (getword(ip,sizeof(ip),&gwarea,'\t')<0) {
211  debuga(__FILE__,__LINE__,_("Invalid IP address in file \"%s\"\n"),authfail_sort);
212  exit(EXIT_FAILURE);
213  }
214  if (getword_ptr(buf,&url,&gwarea,'\t')<0) {
215  debuga(__FILE__,__LINE__,_("Invalid url in file \"%s\"\n"),authfail_sort);
216  exit(EXIT_FAILURE);
217  }
218  if (sscanf(data,"%d/%d/%d",&day,&month,&year)!=3) continue;
219  computedate(year,month,day,&t);
220  strftime(data,sizeof(data),"%x",&t);
221 
222  uinfo=userinfo_find_from_id(user);
223  if (!uinfo) {
224  debuga(__FILE__,__LINE__,_("Unknown user ID %s in file \"%s\"\n"),user,authfail_sort);
225  exit(EXIT_FAILURE);
226  }
227 
228  new_user=false;
229  if (z == 0) {
230  strcpy(ouser,user);
231  strcpy(oip,ip);
232  z++;
233  new_user=true;
234  } else {
235  if (strcmp(ouser,user) != 0) {
236  strcpy(ouser,user);
237  new_user=true;
238  }
239  if (strcmp(oip,ip) != 0) {
240  strcpy(oip,ip);
241  new_user=true;
242  }
243  }
244 
245  if (AuthfailReportLimit>0) {
246  if (strcmp(ouser2,uinfo->label) == 0) {
247  count++;
248  } else {
251  count=1;
252  strcpy(ouser2,uinfo->label);
253  }
254  if (count > AuthfailReportLimit)
255  continue;
256  }
257 
258  fputs("<tr>",fp_ou);
259  if (new_user)
260  fprintf(fp_ou,"<td class=\"data2\">%s</td><td class=\"data2\">%s</td>",uinfo->label,ip);
261  else
262  fputs("<td class=\"data2\"></td><td class=\"data2\"></td>",fp_ou);
263  fprintf(fp_ou,"<td class=\"data2\">%s-%s</td><td class=\"data2\">",data,hora);
264  if (BlockIt[0]!='\0' && url[0]!=ALIAS_PREFIX) {
265  fprintf(fp_ou,"<a href=\"%s%s?url=",wwwDocumentRoot,BlockIt);
266  output_html_url(fp_ou,url);
267  fputs("\"><img src=\"../images/sarg-squidguard-block.png\"></a>&nbsp;",fp_ou);
268  }
269  output_html_link(fp_ou,url,100);
270  fputs("</td></th>\n",fp_ou);
271  }
272  if (FileObject_Close(fp_in)) {
273  debuga(__FILE__,__LINE__,_("Read error in \"%s\": %s\n"),authfail_sort,FileObject_GetLastCloseError());
274  exit(EXIT_FAILURE);
275  }
276  longline_destroy(&line);
277 
280 
281  fputs("</table></div>\n",fp_ou);
282  write_html_trailer(fp_ou);
283  if (fclose(fp_ou)==EOF) {
284  debuga(__FILE__,__LINE__,_("Write error in \"%s\": %s\n"),report,strerror(errno));
285  exit(EXIT_FAILURE);
286  }
287 
288  if (!KeepTempLog && unlink(authfail_sort)) {
289  debuga(__FILE__,__LINE__,_("Cannot delete \"%s\": %s\n"),authfail_sort,strerror(errno));
290  exit(EXIT_FAILURE);
291  }
292 
293  return;
294 }
295 
300 {
301  if (fp_authfail) {
302  if (fclose(fp_authfail)==EOF) {
303  debuga(__FILE__,__LINE__,_("Write error in \"%s\": %s\n"),authfail_unsort,strerror(errno));
304  exit(EXIT_FAILURE);
305  }
306  fp_authfail=NULL;
307  }
308  if (authfail_unsort[0]) {
309  if (!KeepTempLog && unlink(authfail_unsort)==-1)
310  debuga(__FILE__,__LINE__,_("Failed to delete \"%s\": %s\n"),authfail_unsort,strerror(errno));
311  }
312 }
authfail_write
void authfail_write(const struct ReadLogStruct *log_entry)
Definition: authfail.c:67
ReadLogStruct::EntryTime
struct tm EntryTime
The time corresponding to the entry.
Definition: readlog.h:27
getword_start
void getword_start(struct getwordstruct *gwarea, const char *line)
Definition: util.c:74
write_html_header
void write_html_header(FILE *fp_ou, int depth, const char *title, int javascript)
Definition: util.c:2144
debuga
void debuga(const char *File, int Line, const char *msg,...)
Definition: util.c:601
output_html_url
void output_html_url(FILE *fp_ou, const char *url)
Definition: util.c:2194
ReadLogStruct::HttpCode
char * HttpCode
HTTP code returned to the user for the entry.
Definition: readlog.h:43
userinfostruct
What is known about a user.
Definition: defs.h:78
longline_read
char * longline_read(FileObject *fp_in, longline line)
Definition: longline.c:97
format_path
int format_path(const char *file, int line, char *output_buffer, int buffer_size, const char *format,...)
Definition: util.c:2665
FileObject_GetLastCloseError
const char * FileObject_GetLastCloseError(void)
Definition: fileobject.c:263
AuthfailReportLimit
int AuthfailReportLimit
Definition: conf.h:491
longlinestruct
Definition: longline.c:56
KeepTempLog
bool KeepTempLog
True to keep the temporary files for inspection.
Definition: conf.h:505
FileObject_GetLastOpenError
const char * FileObject_GetLastOpenError(void)
Definition: fileobject.c:236
MY_FOPEN
#define MY_FOPEN
Definition: conf.h:129
_
#define _(String)
Definition: conf.h:155
MAXLEN
#define MAXLEN
Definition: conf.h:176
authfail_report
void authfail_report(void)
Definition: authfail.c:113
INDEX_TREE_DATE
#define INDEX_TREE_DATE
Definition: conf.h:240
fp_authfail
static FILE * fp_authfail
The file handle to write the entries.
Definition: authfail.c:34
HTML_JS_NONE
#define HTML_JS_NONE
Value to exclude all the javascripts from the html page.
Definition: conf.h:285
userinfo_find_from_id
struct userinfostruct * userinfo_find_from_id(const char *id)
Definition: userinfo.c:218
ReadLogStruct::Ip
const char * Ip
The IP address connecting to internet.
Definition: readlog.h:29
userinfostruct::label
const char * label
The name of the user to display in the report.
Definition: defs.h:89
is_authfail
bool is_authfail(void)
Definition: authfail.c:99
wwwDocumentRoot
char wwwDocumentRoot[20000]
Definition: conf.h:411
ReportType
unsigned long int ReportType
Definition: conf.h:332
authfail_cleanup
void authfail_cleanup(void)
Definition: authfail.c:299
close_html_header
void close_html_header(FILE *fp_ou)
Definition: util.c:2152
getword_ptr
int getword_ptr(char *orig_line, char **word, struct getwordstruct *gwarea, char stop)
Definition: util.c:343
computedate
void computedate(int year, int month, int day, struct tm *t)
Definition: util.c:892
IndexTree
unsigned long int IndexTree
How to display the index of the reports.
Definition: conf.h:416
ReadLogStruct
Data read from an input log file.
Definition: readlog.h:24
authfail_exists
static bool authfail_exists
True if at least one anthentication failure entry exists.
Definition: authfail.c:36
periodstruct::html
char html[90]
The HTML representation of the date.
Definition: conf.h:307
ReadLogStruct::User
const char * User
The user's name.
Definition: readlog.h:31
getword
int getword(char *word, int limit, struct getwordstruct *gwarea, char stop)
Definition: util.c:90
FileObject_Open
FileObject * FileObject_Open(const char *FileName)
Definition: fileobject.c:104
conf.h
Include headers and define global variables. */.
ALIAS_PREFIX
#define ALIAS_PREFIX
The character prefixed in front of the host names that are aliased.
Definition: conf.h:290
longline_create
longline longline_create(void)
Definition: longline.c:70
readlog.h
authfail_close
void authfail_close(void)
Definition: authfail.c:81
Privacy
bool Privacy
Definition: conf.h:372
getwordstruct
Definition: defs.h:26
longline_destroy
void longline_destroy(longline *line_ptr)
Definition: longline.c:168
REPORT_TYPE_AUTH_FAILURES
#define REPORT_TYPE_AUTH_FAILURES
Definition: conf.h:198
show_ignored_auth
static void show_ignored_auth(FILE *fp_ou, int count)
Definition: authfail.c:105
authfail_unsort
static char authfail_unsort[20000]
Name of the file containing the unsorted authentication failure entries.
Definition: authfail.c:32
debugaz
void debugaz(const char *File, int Line, const char *msg,...)
Definition: util.c:646
write_html_trailer
void write_html_trailer(FILE *fp_ou)
Definition: util.c:2157
tmp
char tmp[20000]
Definition: conf.h:315
authfail_open
void authfail_open(void)
Definition: authfail.c:43
defs.h
Declaration of the structures and functions.
ngettext
#define ngettext(Msgid1, Msgid2, N)
Definition: gettext.h:75
outdirname
char outdirname[20000]
Definition: conf.h:311
BlockIt
char BlockIt[255]
Definition: conf.h:413
debugz
int debugz
Definition: conf.h:490
period
struct periodstruct period
Definition: conf.h:312
FileObject_Close
int FileObject_Close(FileObject *File)
Definition: fileobject.c:206
debuga_more
void debuga_more(const char *msg,...)
Definition: util.c:631
FileObjectStruct
Definition: fileobject.h:4
ReadLogStruct::Url
char * Url
Definition: readlog.h:37
output_html_link
void output_html_link(FILE *fp_ou, const char *url, int maxlen)
Definition: util.c:2214
LogLevel_Process
@ LogLevel_Process
Process informational messages.
Definition: defs.h:15