#!/usr/bin/perl -w
##########################################################################
# $Id: identd,v 1.5 1998/09/08 13:08:21 kirk Exp $
##########################################################################
# $Log: identd,v $
# Revision 1.5  1998/09/08 13:08:21  kirk
# Applied patches submitted by Simon Liddington <sjl96v@ecs.soton.ac.uk>.
# Thanks!
#
# Revision 1.4  1998/05/11 13:03:29  kirk
# Applied some wonderful patches sent in by
# Luuk de Boer <luuk_de_boer@pi.net>.
#
# Revision 1.3  1998/03/10 05:41:23  kirk
# Added support for a few more messages...
#
# Revision 1.2  1998/02/23 01:16:56  kirk
# Getting ready for a first distribution
#
# Revision 1.1  1998/02/22 03:07:51  kirk
# Re-organization
#
# Revision 1.2  1998/02/12 18:58:47  kirk
# Still need to finish and debug
#
# Revision 1.1  1998/02/12 06:06:53  kirk
# Started identd service.
#
##########################################################################

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
#
########################################################

$Debug = $ENV{'LOGWATCH_DEBUG'};
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

# No sense in running if 'identd' doesn't even exist on this system...
unless (( -f "/usr/sbin/in.identd" ) or ( -f "/usr/local/sbin/in.identd")
     or ( -f "/usr/sbin/identd"    ) or ( -f "/usr/local/sbin/identd")) {
    exit (0);
}

if ( $Debug >= 5 ) {
    print STDERR "\n\nDEBUG: Inside Identd Filter \n\n";
    $DebugCounter = 1;
}

# This whole NeedNextLine thing is because there are multiple lines that
# go together for these log entries...

$ThisLine = <STDIN>;
while (defined($ThisLine)) {
    if ( $Debug >= 5 ) {
	print STDERR "DEBUG: Line Number " . $DebugCounter . ":\n";
	print STDERR "DEBUG: " . $ThisLine;
    }
    $NeedNextLine = 1;
    if ( ($IP,$Hostname,$Port) = ($ThisLine =~ m/^from: ([0123456789]+\.[0123456789]+\.[0123456789]+\.[0123456789]+) \( ([^ ]*) \) for: [0123456789]+, ([0123456789]+)$/) ) {
	# this means that somebody accessed identd...
	if ( $Debug >= 5 ) {
	    print STDERR "DEBUG: Found -Connection From- Line -- Reading another line\n";
	    $DebugCounter++;
        }
	if (defined($NextLine = <STDIN>)) {
	    if ( $Debug >= 5 ) {
		print STDERR "DEBUG: Line Number " . $DebugCounter . ":\n";
		print STDERR "DEBUG: " . $NextLine;
	    }
	    if ( ($User) = ($NextLine =~ m/^Successful lookup: [0123456789]+ , [0123456789]+ : ([^ ]+)\.[^ ]+/) ) {
		if ( $Debug >= 5 ) {
		    print STDERR "DEBUG: Found -Successful Lookup- line (" . $User . ")\n";
		}
		${Identd{$IP}}[0] = $Hostname;
		${Identd{$IP}}[1]++;
		push @{${Identd{$IP}}[2]}, $Port;
		push @{${Identd{$IP}}[3]}, $User;
            }
	    else {
		if ( $Debug >= 5 ) {
		    print STDERR "DEBUG: No matches... keeping current line.\n";
		}
		$ThisLine = $NextLine;
		$NeedNextLine = 0;
            }
        }
    }
    elsif ( ($IP,$Hostname) = ($ThisLine =~ m/^from: ([0123456789]+\.[0123456789]+\.[0123456789]+\.[0123456789]+) \(([^ ]*)\) EMPTY REQUEST$/) ) {
	if ( $Debug >= 5 ) {
	    print STDERR "DEBUG: Found -Empty Request- Line\n";
        }
        $Text = "   " . $Hostname . " (" . $IP . ")";
	push @EmptyRequests,$Text;
    }
    elsif ( ($IP,$Hostname,$Name) = ($ThisLine =~ m/^from: ([0123456789]+\.[0123456789]+\.[0123456789]+\.[0123456789]+) \(([^ ]*)\) INVALID REQUEST: (.*)$/) ) {
	if ( $Debug >= 5 ) {
	    print STDERR "DEBUG: Found -Invalid Request- Line\n";
        }
        $Text = "   " . $Hostname . " (" . $IP . ") - " . $Name;
	push @InvalidRequests,$Text;
    }
    elsif ( $ThisLine =~ m/^Returned: [0123456789]+ , [0123456789]+ : NO-USER/ ) {
	# Do nothing...
    }
    elsif ( ($Host) = ( $ThisLine =~ /^Connection from ([^ ]+)/ ) ) {
	chomp($Host);
	if (defined($NextLine = <STDIN>)) {
	    if ( $Debug >= 5 ) {
		print STDERR "DEBUG: Line Number " . $DebugCounter . ":\n";
		print STDERR "DEBUG: " . $NextLine;
	    }
	    if ( ($Port,$User) = ($NextLine =~ m/^Successful lookup: [0123456789]+ , ([0123456789]+) : ([^ ]+)/) ) {
		if ( $Debug >= 5 ) {
		    print STDERR "DEBUG: Found -Successful Lookup- line (" . $User . ")\n";
		}
		chomp($Port); chomp($User);
		${Identd{$Host}}[0] = $Host;
		${Identd{$Host}}[1]++;
		push @{${Identd{$Host}}[2]}, $Port;
		push @{${Identd{$Host}}[3]}, $User;
            }
	    else {
		if ( $Debug >= 5 ) {
		    print STDERR "DEBUG: No matches... keeping current line.\n";
		}
		$ThisLine = $NextLine;
		$NeedNextLine = 0;
            }
        }
    }
    elsif ($ThisLine =~ /^Successful lookup: [1234567890]+ , [1234567890]+ : [^ ]+/ ) {
	# skip empty entry ...
    } 
    else {
        # Report any unmatched entries...
	if ( $Debug >= 5 ) {
	    print STDERR "DEBUG: Found unmatched line\n";
        }
	chomp($ThisLine);
        $OtherList{$ThisLine}++;
    }
    if ($NeedNextLine == 1) {
        $ThisLine = <STDIN>;
    }
}

if ( ( ( $Detail >= 5 ) and
       ( (keys %Identd) or ($#EmptyRequests >= 0) or ($#InvalidRequests >= 0)) )
     or ($#OtherList >= 0) ){

    print "\n\n --------------------- Identd Begin ------------------------ \n";

    
    if ( $Detail >= 10 ) {
	print "Identd Lookups:\n";
        foreach $ThisOne (keys %Identd) {
            print "   Host: " . ${Identd{$ThisOne}}[0] . " (" . $ThisOne . ") - " . ${Identd{$ThisOne}}[1] . " Connection(s).\n";
            
        }
    } 

    if ($#EmptyRequests >= 0) {
        print "\nEmpty requests:\n";
        foreach $ThisOne (@EmptyRequests) {
            print "   " . $ThisOne . "\n";
	}
    }

    if ($#InvalidRequests >= 0) {
	print "\nInvalid requests:\n";
	foreach $ThisOne (@InvalidRequests) {
	    print "   " . $ThisOne . "\n";
	}
    }

    if (keys %OtherList) {
        print "\n**Unmatched Entries**\n";
	foreach $line (sort {$a cmp $b} keys %OtherList) {
	    print "$line: $OtherList{$line} Time(s)\n";
	}
    }

    print "\n\n ---------------------- Identd End ------------------------- \n\n";

}

exit(0);



