utmp log file, Linux/glibc version: C++/STL parsing library

KS implementation details

License: CC0-1.0

This page hosts a formal specification of utmp log file, Linux/glibc version using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Usage

Using Kaitai Struct in C++/STL usually consists of 3 steps.

  1. We need to create an STL input stream (std::istream).
    • One can open a stream for reading from a local file:
      #include <fstream>
      
      std::ifstream is("path/to/local/file.glibc_utmp", std::ifstream::binary);
    • Or one can prepare a stream for reading from existing std::string str:
      #include <sstream>
      
      std::istringstream is(str);
    • Or one can parse arbitrary char* buffer in memory, given that we know its size:
      #include <sstream>
      
      const char buf[] = { ... };
      std::string str(buf, sizeof buf);
      std::istringstream is(str);
  2. We need to wrap our input stream into Kaitai stream:
    #include <kaitai/kaitaistream.h>
    
    kaitai::kstream ks(&is);
  3. And finally, we can invoke the parsing:
    glibc_utmp_t data(&ks);

After that, one can get various attributes from the structure by invoking getter methods like:

data.records() // => get records

C++/STL source code to parse utmp log file, Linux/glibc version

glibc_utmp.h

#ifndef GLIBC_UTMP_H_
#define GLIBC_UTMP_H_

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "kaitai/kaitaistruct.h"

#include <stdint.h>
#include <vector>

#if KAITAI_STRUCT_VERSION < 7000L
#error "Incompatible Kaitai Struct C++/STL API: version 0.7 or later is required"
#endif

class glibc_utmp_t : public kaitai::kstruct {

public:
    class record_t;
    class timeval_t;

    enum entry_type_t {
        ENTRY_TYPE_EMPTY = 0,
        ENTRY_TYPE_RUN_LVL = 1,
        ENTRY_TYPE_BOOT_TIME = 2,
        ENTRY_TYPE_NEW_TIME = 3,
        ENTRY_TYPE_OLD_TIME = 4,
        ENTRY_TYPE_INIT_PROCESS = 5,
        ENTRY_TYPE_LOGIN_PROCESS = 6,
        ENTRY_TYPE_USER_PROCESS = 7,
        ENTRY_TYPE_DEAD_PROCESS = 8,
        ENTRY_TYPE_ACCOUNTING = 9
    };

    glibc_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent = 0, glibc_utmp_t* p__root = 0);

private:
    void _read();

public:
    ~glibc_utmp_t();

    class record_t : public kaitai::kstruct {

    public:

        record_t(kaitai::kstream* p__io, glibc_utmp_t* p__parent = 0, glibc_utmp_t* p__root = 0);

    private:
        void _read();

    public:
        ~record_t();

    private:
        entry_type_t m_ut_type;
        uint32_t m_pid;
        std::string m_line;
        std::string m_id;
        std::string m_user;
        std::string m_host;
        uint32_t m_exit;
        int32_t m_session;
        timeval_t* m_tv;
        std::string m_addr_v6;
        std::string m_reserved;
        glibc_utmp_t* m__root;
        glibc_utmp_t* m__parent;

    public:

        /**
         * Type of login
         */
        entry_type_t ut_type() const { return m_ut_type; }

        /**
         * Process ID of login process
         */
        uint32_t pid() const { return m_pid; }

        /**
         * Devicename
         */
        std::string line() const { return m_line; }

        /**
         * Inittab ID
         */
        std::string id() const { return m_id; }

        /**
         * Username
         */
        std::string user() const { return m_user; }

        /**
         * Hostname for remote login
         */
        std::string host() const { return m_host; }

        /**
         * Exit status of a process marked as DEAD_PROCESS
         */
        uint32_t exit() const { return m_exit; }

        /**
         * Session ID, used for windowing
         */
        int32_t session() const { return m_session; }

        /**
         * Time entry was made
         */
        timeval_t* tv() const { return m_tv; }

        /**
         * Internet address of remote host
         */
        std::string addr_v6() const { return m_addr_v6; }
        std::string reserved() const { return m_reserved; }
        glibc_utmp_t* _root() const { return m__root; }
        glibc_utmp_t* _parent() const { return m__parent; }
    };

    class timeval_t : public kaitai::kstruct {

    public:

        timeval_t(kaitai::kstream* p__io, glibc_utmp_t::record_t* p__parent = 0, glibc_utmp_t* p__root = 0);

    private:
        void _read();

    public:
        ~timeval_t();

    private:
        int32_t m_sec;
        int32_t m_usec;
        glibc_utmp_t* m__root;
        glibc_utmp_t::record_t* m__parent;

    public:

        /**
         * Seconds
         */
        int32_t sec() const { return m_sec; }

        /**
         * Microseconds
         */
        int32_t usec() const { return m_usec; }
        glibc_utmp_t* _root() const { return m__root; }
        glibc_utmp_t::record_t* _parent() const { return m__parent; }
    };

private:
    std::vector<record_t*>* m_records;
    glibc_utmp_t* m__root;
    kaitai::kstruct* m__parent;
    std::vector<std::string>* m__raw_records;
    std::vector<kaitai::kstream*>* m__io__raw_records;

public:
    std::vector<record_t*>* records() const { return m_records; }
    glibc_utmp_t* _root() const { return m__root; }
    kaitai::kstruct* _parent() const { return m__parent; }
    std::vector<std::string>* _raw_records() const { return m__raw_records; }
    std::vector<kaitai::kstream*>* _io__raw_records() const { return m__io__raw_records; }
};

#endif  // GLIBC_UTMP_H_

glibc_utmp.cpp

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "glibc_utmp.h"



glibc_utmp_t::glibc_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = this;
    _read();
}

void glibc_utmp_t::_read() {
    m__raw_records = new std::vector<std::string>();
    m__io__raw_records = new std::vector<kaitai::kstream*>();
    m_records = new std::vector<record_t*>();
    {
        int i = 0;
        while (!m__io->is_eof()) {
            m__raw_records->push_back(m__io->read_bytes(384));
            kaitai::kstream* io__raw_records = new kaitai::kstream(m__raw_records->at(m__raw_records->size() - 1));
            m__io__raw_records->push_back(io__raw_records);
            m_records->push_back(new record_t(io__raw_records, this, m__root));
            i++;
        }
    }
}

glibc_utmp_t::~glibc_utmp_t() {
    delete m__raw_records;
    for (std::vector<kaitai::kstream*>::iterator it = m__io__raw_records->begin(); it != m__io__raw_records->end(); ++it) {
        delete *it;
    }
    delete m__io__raw_records;
    for (std::vector<record_t*>::iterator it = m_records->begin(); it != m_records->end(); ++it) {
        delete *it;
    }
    delete m_records;
}

glibc_utmp_t::record_t::record_t(kaitai::kstream* p__io, glibc_utmp_t* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    _read();
}

void glibc_utmp_t::record_t::_read() {
    m_ut_type = static_cast<glibc_utmp_t::entry_type_t>(m__io->read_s4le());
    m_pid = m__io->read_u4le();
    m_line = kaitai::kstream::bytes_to_str(m__io->read_bytes(32), std::string("UTF-8"));
    m_id = kaitai::kstream::bytes_to_str(m__io->read_bytes(4), std::string("UTF-8"));
    m_user = kaitai::kstream::bytes_to_str(m__io->read_bytes(32), std::string("UTF-8"));
    m_host = kaitai::kstream::bytes_to_str(m__io->read_bytes(256), std::string("UTF-8"));
    m_exit = m__io->read_u4le();
    m_session = m__io->read_s4le();
    m_tv = new timeval_t(m__io, this, m__root);
    m_addr_v6 = m__io->read_bytes(16);
    m_reserved = m__io->read_bytes(20);
}

glibc_utmp_t::record_t::~record_t() {
    delete m_tv;
}

glibc_utmp_t::timeval_t::timeval_t(kaitai::kstream* p__io, glibc_utmp_t::record_t* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    _read();
}

void glibc_utmp_t::timeval_t::_read() {
    m_sec = m__io->read_s4le();
    m_usec = m__io->read_s4le();
}

glibc_utmp_t::timeval_t::~timeval_t() {
}