utmp log file, IBM AIX version: C++/STL parsing library

This spec can be used to parse utmp, wtmp and other similar as created by IBM AIX.

KS implementation details

License: CC0-1.0

This page hosts a formal specification of utmp log file, IBM AIX version using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Usage

Using Kaitai Struct in C++/STL usually consists of 3 steps.

  1. We need to create an STL input stream (std::istream). One can open local file for that, or use existing std::string or char* buffer.
    #include <fstream>
    
    std::ifstream is("path/to/local/file.aix_utmp", std::ifstream::binary);
    #include <sstream>
    
    std::istringstream is(str);
    #include <sstream>
    
    const char buf[] = { ... };
    std::string str(buf, sizeof buf);
    std::istringstream is(str);
  2. We need to wrap our input stream into Kaitai stream:
    #include <kaitai/kaitaistream.h>
    
    kaitai::kstream ks(&is);
  3. And finally, we can invoke the parsing:
    aix_utmp_t data(&ks);

After that, one can get various attributes from the structure by invoking getter methods like:

data.records() // => get records

C++/STL source code to parse utmp log file, IBM AIX version

aix_utmp.h

#ifndef AIX_UTMP_H_
#define AIX_UTMP_H_

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "kaitai/kaitaistruct.h"

#include <stdint.h>
#include <vector>

#if KAITAI_STRUCT_VERSION < 7000L
#error "Incompatible Kaitai Struct C++/STL API: version 0.7 or later is required"
#endif

/**
 * This spec can be used to parse utmp, wtmp and other similar as created by IBM AIX.
 * \sa Source
 */

class aix_utmp_t : public kaitai::kstruct {

public:
    class record_t;
    class exit_status_t;

    enum entry_type_t {
        ENTRY_TYPE_EMPTY = 0,
        ENTRY_TYPE_RUN_LVL = 1,
        ENTRY_TYPE_BOOT_TIME = 2,
        ENTRY_TYPE_OLD_TIME = 3,
        ENTRY_TYPE_NEW_TIME = 4,
        ENTRY_TYPE_INIT_PROCESS = 5,
        ENTRY_TYPE_LOGIN_PROCESS = 6,
        ENTRY_TYPE_USER_PROCESS = 7,
        ENTRY_TYPE_DEAD_PROCESS = 8,
        ENTRY_TYPE_ACCOUNTING = 9
    };

    aix_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent = 0, aix_utmp_t* p__root = 0);

private:
    void _read();

public:
    ~aix_utmp_t();

    class record_t : public kaitai::kstruct {

    public:

        record_t(kaitai::kstream* p__io, aix_utmp_t* p__parent = 0, aix_utmp_t* p__root = 0);

    private:
        void _read();

    public:
        ~record_t();

    private:
        std::string m_user;
        std::string m_inittab_id;
        std::string m_device;
        uint64_t m_pid;
        entry_type_t m_type;
        int64_t m_timestamp;
        exit_status_t* m_exit_status;
        std::string m_hostname;
        int32_t m_dbl_word_pad;
        std::string m_reserved_a;
        std::string m_reserved_v;
        aix_utmp_t* m__root;
        aix_utmp_t* m__parent;

    public:

        /**
         * User login name
         */
        std::string user() const { return m_user; }

        /**
         * /etc/inittab id
         */
        std::string inittab_id() const { return m_inittab_id; }

        /**
         * device name (console, lnxx)
         */
        std::string device() const { return m_device; }

        /**
         * process id
         */
        uint64_t pid() const { return m_pid; }

        /**
         * Type of login
         */
        entry_type_t type() const { return m_type; }

        /**
         * time entry was made
         */
        int64_t timestamp() const { return m_timestamp; }

        /**
         * the exit status of a process marked as DEAD PROCESS
         */
        exit_status_t* exit_status() const { return m_exit_status; }

        /**
         * host name
         */
        std::string hostname() const { return m_hostname; }
        int32_t dbl_word_pad() const { return m_dbl_word_pad; }
        std::string reserved_a() const { return m_reserved_a; }
        std::string reserved_v() const { return m_reserved_v; }
        aix_utmp_t* _root() const { return m__root; }
        aix_utmp_t* _parent() const { return m__parent; }
    };

    class exit_status_t : public kaitai::kstruct {

    public:

        exit_status_t(kaitai::kstream* p__io, aix_utmp_t::record_t* p__parent = 0, aix_utmp_t* p__root = 0);

    private:
        void _read();

    public:
        ~exit_status_t();

    private:
        int16_t m_termination_code;
        int16_t m_exit_code;
        aix_utmp_t* m__root;
        aix_utmp_t::record_t* m__parent;

    public:

        /**
         * process termination status
         */
        int16_t termination_code() const { return m_termination_code; }

        /**
         * process exit status
         */
        int16_t exit_code() const { return m_exit_code; }
        aix_utmp_t* _root() const { return m__root; }
        aix_utmp_t::record_t* _parent() const { return m__parent; }
    };

private:
    std::vector<record_t*>* m_records;
    aix_utmp_t* m__root;
    kaitai::kstruct* m__parent;

public:
    std::vector<record_t*>* records() const { return m_records; }
    aix_utmp_t* _root() const { return m__root; }
    kaitai::kstruct* _parent() const { return m__parent; }
};

#endif  // AIX_UTMP_H_

aix_utmp.cpp

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "aix_utmp.h"



aix_utmp_t::aix_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent, aix_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = this;
    _read();
}

void aix_utmp_t::_read() {
    m_records = new std::vector<record_t*>();
    {
        int i = 0;
        while (!m__io->is_eof()) {
            m_records->push_back(new record_t(m__io, this, m__root));
            i++;
        }
    }
}

aix_utmp_t::~aix_utmp_t() {
    for (std::vector<record_t*>::iterator it = m_records->begin(); it != m_records->end(); ++it) {
        delete *it;
    }
    delete m_records;
}

aix_utmp_t::record_t::record_t(kaitai::kstream* p__io, aix_utmp_t* p__parent, aix_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    _read();
}

void aix_utmp_t::record_t::_read() {
    m_user = kaitai::kstream::bytes_to_str(m__io->read_bytes(256), std::string("ascii"));
    m_inittab_id = kaitai::kstream::bytes_to_str(m__io->read_bytes(14), std::string("ascii"));
    m_device = kaitai::kstream::bytes_to_str(m__io->read_bytes(64), std::string("ascii"));
    m_pid = m__io->read_u8be();
    m_type = static_cast<aix_utmp_t::entry_type_t>(m__io->read_s2be());
    m_timestamp = m__io->read_s8be();
    m_exit_status = new exit_status_t(m__io, this, m__root);
    m_hostname = kaitai::kstream::bytes_to_str(m__io->read_bytes(256), std::string("ascii"));
    m_dbl_word_pad = m__io->read_s4be();
    m_reserved_a = m__io->read_bytes(8);
    m_reserved_v = m__io->read_bytes(24);
}

aix_utmp_t::record_t::~record_t() {
    delete m_exit_status;
}

aix_utmp_t::exit_status_t::exit_status_t(kaitai::kstream* p__io, aix_utmp_t::record_t* p__parent, aix_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    _read();
}

void aix_utmp_t::exit_status_t::_read() {
    m_termination_code = m__io->read_s2be();
    m_exit_code = m__io->read_s2be();
}

aix_utmp_t::exit_status_t::~exit_status_t() {
}