summaryrefslogtreecommitdiffstats
path: root/login-utils/utmpdump.c
diff options
context:
space:
mode:
Diffstat (limited to 'login-utils/utmpdump.c')
-rw-r--r--login-utils/utmpdump.c397
1 files changed, 397 insertions, 0 deletions
diff --git a/login-utils/utmpdump.c b/login-utils/utmpdump.c
new file mode 100644
index 0000000..5cc8783
--- /dev/null
+++ b/login-utils/utmpdump.c
@@ -0,0 +1,397 @@
+/*
+ * utmpdump
+ *
+ * Simple program to dump UTMP and WTMP files in raw format, so they can be
+ * examined.
+ *
+ * Based on utmpdump dump from sysvinit suite.
+ *
+ * Copyright (C) 1991-2000 Miquel van Smoorenburg <miquels@cistron.nl>
+ *
+ * Copyright (C) 1998 Danek Duvall <duvall@alumni.princeton.edu>
+ * Copyright (C) 2012 Karel Zak <kzak@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <utmpx.h>
+#include <time.h>
+#include <ctype.h>
+#include <getopt.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/stat.h>
+#ifdef HAVE_INOTIFY_INIT
+#include <sys/inotify.h>
+#endif
+
+#include "c.h"
+#include "nls.h"
+#include "xalloc.h"
+#include "closestream.h"
+#include "timeutils.h"
+
+static time_t strtotime(const char *s_time)
+{
+ struct tm tm;
+
+ memset(&tm, '\0', sizeof(struct tm));
+
+ if (s_time[0] == ' ' || s_time[0] == '\0')
+ return (time_t)0;
+
+ if (isdigit(s_time[0])) {
+ /* [1998-09-01T01:00:00,000000+00:00]
+ * Subseconds are parsed with strtousec(). Timezone is
+ * always UTC-0 */
+ strptime(s_time, "%Y-%m-%dT%H:%M:%S", &tm);
+ } else {
+ /* [Tue Sep 01 00:00:00 1998 GMT] */
+ strptime(s_time, "%a %b %d %T %Y", &tm);
+ /* Cheesy way of checking for DST. This could be needed
+ * with legacy dumps that used localtime(3). */
+ if (s_time[26] == 'D')
+ tm.tm_isdst = 1;
+ }
+ return timegm(&tm);
+}
+
+static suseconds_t strtousec(const char *s_time)
+{
+ const char *s = strchr(s_time, ',');
+ if (s)
+ return (suseconds_t) atoi(s + 1);
+ return 0;
+}
+
+#define cleanse(x) xcleanse(x, sizeof(x))
+static void xcleanse(char *s, int len)
+{
+ for ( ; *s && len-- > 0; s++)
+ if (!isprint(*s) || *s == '[' || *s == ']')
+ *s = '?';
+}
+
+static void print_utline(struct utmpx *ut, FILE *out)
+{
+ const char *addr_string;
+ char buffer[INET6_ADDRSTRLEN];
+ char time_string[40];
+ struct timeval tv;
+
+ if (ut->ut_addr_v6[1] || ut->ut_addr_v6[2] || ut->ut_addr_v6[3])
+ addr_string = inet_ntop(AF_INET6, &(ut->ut_addr_v6), buffer, sizeof(buffer));
+ else
+ addr_string = inet_ntop(AF_INET, &(ut->ut_addr_v6), buffer, sizeof(buffer));
+
+ tv.tv_sec = ut->ut_tv.tv_sec;
+ tv.tv_usec = ut->ut_tv.tv_usec;
+
+ if (strtimeval_iso(&tv, ISO_TIMESTAMP_COMMA_GT, time_string,
+ sizeof(time_string)) != 0)
+ return;
+ cleanse(ut->ut_id);
+ cleanse(ut->ut_user);
+ cleanse(ut->ut_line);
+ cleanse(ut->ut_host);
+
+ /* type pid id user line host addr time */
+ fprintf(out, "[%d] [%05d] [%-4.4s] [%-*.*s] [%-*.*s] [%-*.*s] [%-15s] [%s]\n",
+ ut->ut_type, ut->ut_pid, ut->ut_id,
+ 8, (int)sizeof(ut->ut_user), ut->ut_user,
+ 12, (int)sizeof(ut->ut_line), ut->ut_line,
+ 20, (int)sizeof(ut->ut_host), ut->ut_host,
+ addr_string, time_string);
+}
+
+#ifdef HAVE_INOTIFY_INIT
+#define EVENTS (IN_MODIFY|IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT)
+#define NEVENTS 4
+
+static void roll_file(const char *filename, off_t *size, FILE *out)
+{
+ FILE *in;
+ struct stat st;
+ struct utmpx ut;
+ off_t pos;
+
+ if (!(in = fopen(filename, "r")))
+ err(EXIT_FAILURE, _("cannot open %s"), filename);
+
+ if (fstat(fileno(in), &st) == -1)
+ err(EXIT_FAILURE, _("stat of %s failed"), filename);
+
+ if (st.st_size == *size)
+ goto done;
+
+ if (fseek(in, *size, SEEK_SET) != (off_t) -1) {
+ while (fread(&ut, sizeof(ut), 1, in) == 1)
+ print_utline(&ut, out);
+ }
+
+ pos = ftello(in);
+ /* If we've successfully read something, use the file position, this
+ * avoids data duplication. If we read nothing or hit an error,
+ * reset to the reported size, this handles truncated files.
+ */
+ *size = (pos != -1 && pos != *size) ? pos : st.st_size;
+
+done:
+ fclose(in);
+}
+
+static int follow_by_inotify(FILE *in, const char *filename, FILE *out)
+{
+ char buf[NEVENTS * sizeof(struct inotify_event)];
+ int fd, wd, event;
+ ssize_t length;
+ off_t size;
+
+ fd = inotify_init();
+ if (fd == -1)
+ return -1; /* probably reached any limit ... */
+
+ size = ftello(in);
+ fclose(in);
+
+ wd = inotify_add_watch(fd, filename, EVENTS);
+ if (wd == -1)
+ err(EXIT_FAILURE, _("%s: cannot add inotify watch."), filename);
+
+ while (wd >= 0) {
+ errno = 0;
+ length = read(fd, buf, sizeof(buf));
+
+ if (length < 0 && (errno == EINTR || errno == EAGAIN))
+ continue;
+ if (length < 0)
+ err(EXIT_FAILURE, _("%s: cannot read inotify events"),
+ filename);
+
+ for (event = 0; event < length;) {
+ struct inotify_event *ev =
+ (struct inotify_event *) &buf[event];
+
+ if (ev->mask & IN_MODIFY)
+ roll_file(filename, &size, out);
+ else {
+ close(wd);
+ wd = -1;
+ break;
+ }
+ event += sizeof(struct inotify_event) + ev->len;
+ }
+ }
+
+ close(fd);
+ return 0;
+}
+#endif /* HAVE_INOTIFY_INIT */
+
+static FILE *dump(FILE *in, const char *filename, int follow, FILE *out)
+{
+ struct utmpx ut;
+
+ if (follow)
+ ignore_result( fseek(in, -10 * sizeof(ut), SEEK_END) );
+
+ while (fread(&ut, sizeof(ut), 1, in) == 1)
+ print_utline(&ut, out);
+
+ if (!follow)
+ return in;
+
+#ifdef HAVE_INOTIFY_INIT
+ if (follow_by_inotify(in, filename, out) == 0)
+ return NULL; /* file already closed */
+ else
+#endif
+ /* fallback for systems without inotify or with non-free
+ * inotify instances */
+ for (;;) {
+ while (fread(&ut, sizeof(ut), 1, in) == 1)
+ print_utline(&ut, out);
+ sleep(1);
+ }
+
+ return in;
+}
+
+
+/* This function won't work properly if there's a ']' or a ' ' in the real
+ * token. Thankfully, this should never happen. */
+static int gettok(char *line, char *dest, int size, int eatspace)
+{
+ int bpos, epos, eaten;
+
+ bpos = strchr(line, '[') - line;
+ if (bpos < 0)
+ errx(EXIT_FAILURE, _("Extraneous newline in file. Exiting."));
+
+ line += 1 + bpos;
+ epos = strchr(line, ']') - line;
+ if (epos < 0)
+ errx(EXIT_FAILURE, _("Extraneous newline in file. Exiting."));
+
+ line[epos] = '\0';
+ eaten = bpos + epos + 1;
+
+ if (eatspace) {
+ char *t;
+ if ((t = strchr(line, ' ')))
+ *t = 0;
+ }
+ strncpy(dest, line, size);
+
+ return eaten + 1;
+}
+
+static void undump(FILE *in, FILE *out)
+{
+ struct utmpx ut;
+ char s_addr[INET6_ADDRSTRLEN + 1], s_time[29], *linestart, *line;
+
+ linestart = xmalloc(1024 * sizeof(*linestart));
+ s_time[28] = 0;
+
+ while (fgets(linestart, 1023, in)) {
+ line = linestart;
+ memset(&ut, '\0', sizeof(ut));
+ sscanf(line, "[%hd] [%d] [%4c] ", &ut.ut_type, &ut.ut_pid, ut.ut_id);
+
+ line += 19;
+ line += gettok(line, ut.ut_user, sizeof(ut.ut_user), 1);
+ line += gettok(line, ut.ut_line, sizeof(ut.ut_line), 1);
+ line += gettok(line, ut.ut_host, sizeof(ut.ut_host), 1);
+ line += gettok(line, s_addr, sizeof(s_addr) - 1, 1);
+ gettok(line, s_time, sizeof(s_time) - 1, 0);
+ if (strchr(s_addr, '.'))
+ inet_pton(AF_INET, s_addr, &(ut.ut_addr_v6));
+ else
+ inet_pton(AF_INET6, s_addr, &(ut.ut_addr_v6));
+
+ ut.ut_tv.tv_sec = strtotime(s_time);
+ ut.ut_tv.tv_usec = strtousec(s_time);
+
+ ignore_result( fwrite(&ut, sizeof(ut), 1, out) );
+ }
+
+ free(linestart);
+}
+
+static void __attribute__((__noreturn__)) usage(void)
+{
+ FILE *out = stdout;
+ fputs(USAGE_HEADER, out);
+
+ fprintf(out,
+ _(" %s [options] [filename]\n"), program_invocation_short_name);
+
+ fputs(USAGE_SEPARATOR, out);
+ fputs(_("Dump UTMP and WTMP files in raw format.\n"), out);
+
+ fputs(USAGE_OPTIONS, out);
+ fputs(_(" -f, --follow output appended data as the file grows\n"), out);
+ fputs(_(" -r, --reverse write back dumped data into utmp file\n"), out);
+ fputs(_(" -o, --output <file> write to file instead of standard output\n"), out);
+ printf(USAGE_HELP_OPTIONS(22));
+
+ printf(USAGE_MAN_TAIL("utmpdump(1)"));
+ exit(EXIT_SUCCESS);
+}
+
+int main(int argc, char **argv)
+{
+ int c;
+ FILE *in = NULL, *out = NULL;
+ int reverse = 0, follow = 0;
+ const char *filename = NULL;
+
+ static const struct option longopts[] = {
+ { "follow", no_argument, NULL, 'f' },
+ { "reverse", no_argument, NULL, 'r' },
+ { "output", required_argument, NULL, 'o' },
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, 'V' },
+ { NULL, 0, NULL, 0 }
+ };
+
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+ atexit(close_stdout);
+
+ while ((c = getopt_long(argc, argv, "fro:hV", longopts, NULL)) != -1) {
+ switch (c) {
+ case 'r':
+ reverse = 1;
+ break;
+
+ case 'f':
+ follow = 1;
+ break;
+
+ case 'o':
+ out = fopen(optarg, "w");
+ if (!out)
+ err(EXIT_FAILURE, _("cannot open %s"),
+ optarg);
+ break;
+
+ case 'h':
+ usage();
+ break;
+ case 'V':
+ printf(UTIL_LINUX_VERSION);
+ return EXIT_SUCCESS;
+ default:
+ errtryhelp(EXIT_FAILURE);
+ }
+ }
+
+ if (!out)
+ out = stdout;
+
+ if (optind < argc) {
+ filename = argv[optind];
+ in = fopen(filename, "r");
+ if (!in)
+ err(EXIT_FAILURE, _("cannot open %s"), filename);
+ } else {
+ if (follow)
+ errx(EXIT_FAILURE, _("following standard input is unsupported"));
+ filename = "/dev/stdin";
+ in = stdin;
+ }
+
+ if (reverse) {
+ fprintf(stderr, _("Utmp undump of %s\n"), filename);
+ undump(in, out);
+ } else {
+ fprintf(stderr, _("Utmp dump of %s\n"), filename);
+ in = dump(in, filename, follow, out);
+ }
+
+ if (out != stdout && close_stream(out))
+ err(EXIT_FAILURE, _("write failed"));
+
+ if (in && in != stdin)
+ fclose(in);
+
+ return EXIT_SUCCESS;
+}