This page hosts a formal specification of utmp log file, Linux/glibc version using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
All parsing code for C++11/STL generated by Kaitai Struct depends on the C++/STL runtime library. You have to install it before you can parse data.
For C++, the easiest way is to clone the runtime library sources and build them along with your project.
Using Kaitai Struct in C++/STL usually consists of 3 steps.
std::istream
). One can open local file for that, or use existing std::string
or char*
buffer.
#include <fstream>
std::ifstream is("path/to/local/file.bin", std::ifstream::binary);
#include <sstream>
std::istringstream is(str);
#include <sstream>
const char buf[] = { ... };
std::string str(buf, sizeof buf);
std::istringstream is(str);
#include "kaitai/kaitaistream.h"
kaitai::kstream ks(&is);
glibc_utmp_t data(&ks);
After that, one can get various attributes from the structure by invoking getter methods like:
data.records() // => get records
#pragma once
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
#include "kaitai/kaitaistruct.h"
#include <stdint.h>
#include <memory>
#include <vector>
#if KAITAI_STRUCT_VERSION < 9000L
#error "Incompatible Kaitai Struct C++/STL API: version 0.9 or later is required"
#endif
class glibc_utmp_t : public kaitai::kstruct {
public:
class record_t;
class timeval_t;
enum entry_type_t {
ENTRY_TYPE_EMPTY = 0,
ENTRY_TYPE_RUN_LVL = 1,
ENTRY_TYPE_BOOT_TIME = 2,
ENTRY_TYPE_NEW_TIME = 3,
ENTRY_TYPE_OLD_TIME = 4,
ENTRY_TYPE_INIT_PROCESS = 5,
ENTRY_TYPE_LOGIN_PROCESS = 6,
ENTRY_TYPE_USER_PROCESS = 7,
ENTRY_TYPE_DEAD_PROCESS = 8,
ENTRY_TYPE_ACCOUNTING = 9
};
glibc_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent = nullptr, glibc_utmp_t* p__root = nullptr);
private:
void _read();
void _clean_up();
public:
~glibc_utmp_t();
class record_t : public kaitai::kstruct {
public:
record_t(kaitai::kstream* p__io, glibc_utmp_t* p__parent = nullptr, glibc_utmp_t* p__root = nullptr);
private:
void _read();
void _clean_up();
public:
~record_t();
private:
entry_type_t m_ut_type;
uint32_t m_pid;
std::string m_line;
std::string m_id;
std::string m_user;
std::string m_host;
uint32_t m_exit;
int32_t m_session;
std::unique_ptr<timeval_t> m_tv;
std::string m_addr_v6;
std::string m_reserved;
glibc_utmp_t* m__root;
glibc_utmp_t* m__parent;
public:
/**
* Type of login
*/
entry_type_t ut_type() const { return m_ut_type; }
/**
* Process ID of login process
*/
uint32_t pid() const { return m_pid; }
/**
* Devicename
*/
std::string line() const { return m_line; }
/**
* Inittab ID
*/
std::string id() const { return m_id; }
/**
* Username
*/
std::string user() const { return m_user; }
/**
* Hostname for remote login
*/
std::string host() const { return m_host; }
/**
* Exit status of a process marked as DEAD_PROCESS
*/
uint32_t exit() const { return m_exit; }
/**
* Session ID, used for windowing
*/
int32_t session() const { return m_session; }
/**
* Time entry was made
*/
timeval_t* tv() const { return m_tv.get(); }
/**
* Internet address of remote host
*/
std::string addr_v6() const { return m_addr_v6; }
std::string reserved() const { return m_reserved; }
glibc_utmp_t* _root() const { return m__root; }
glibc_utmp_t* _parent() const { return m__parent; }
};
class timeval_t : public kaitai::kstruct {
public:
timeval_t(kaitai::kstream* p__io, glibc_utmp_t::record_t* p__parent = nullptr, glibc_utmp_t* p__root = nullptr);
private:
void _read();
void _clean_up();
public:
~timeval_t();
private:
int32_t m_sec;
int32_t m_usec;
glibc_utmp_t* m__root;
glibc_utmp_t::record_t* m__parent;
public:
/**
* Seconds
*/
int32_t sec() const { return m_sec; }
/**
* Microseconds
*/
int32_t usec() const { return m_usec; }
glibc_utmp_t* _root() const { return m__root; }
glibc_utmp_t::record_t* _parent() const { return m__parent; }
};
private:
std::unique_ptr<std::vector<std::unique_ptr<record_t>>> m_records;
glibc_utmp_t* m__root;
kaitai::kstruct* m__parent;
std::unique_ptr<std::vector<std::string>> m__raw_records;
std::unique_ptr<std::vector<std::unique_ptr<kaitai::kstream>>> m__io__raw_records;
public:
std::vector<std::unique_ptr<record_t>>* records() const { return m_records.get(); }
glibc_utmp_t* _root() const { return m__root; }
kaitai::kstruct* _parent() const { return m__parent; }
std::vector<std::string>* _raw_records() const { return m__raw_records.get(); }
std::vector<std::unique_ptr<kaitai::kstream>>* _io__raw_records() const { return m__io__raw_records.get(); }
};
// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild
#include "glibc_utmp.h"
glibc_utmp_t::glibc_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
m__parent = p__parent;
m__root = this;
m_records = nullptr;
m__raw_records = nullptr;
m__io__raw_records = nullptr;
_read();
}
void glibc_utmp_t::_read() {
m__raw_records = std::unique_ptr<std::vector<std::string>>(new std::vector<std::string>());
m__io__raw_records = std::unique_ptr<std::vector<std::unique_ptr<kaitai::kstream>>>(new std::vector<std::unique_ptr<kaitai::kstream>>());
m_records = std::unique_ptr<std::vector<std::unique_ptr<record_t>>>(new std::vector<std::unique_ptr<record_t>>());
{
int i = 0;
while (!m__io->is_eof()) {
m__raw_records->push_back(std::move(m__io->read_bytes(384)));
kaitai::kstream* io__raw_records = new kaitai::kstream(m__raw_records->at(m__raw_records->size() - 1));
m__io__raw_records->emplace_back(io__raw_records);
m_records->push_back(std::move(std::unique_ptr<record_t>(new record_t(io__raw_records, this, m__root))));
i++;
}
}
}
glibc_utmp_t::~glibc_utmp_t() {
_clean_up();
}
void glibc_utmp_t::_clean_up() {
}
glibc_utmp_t::record_t::record_t(kaitai::kstream* p__io, glibc_utmp_t* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
m__parent = p__parent;
m__root = p__root;
m_tv = nullptr;
_read();
}
void glibc_utmp_t::record_t::_read() {
m_ut_type = static_cast<glibc_utmp_t::entry_type_t>(m__io->read_s4le());
m_pid = m__io->read_u4le();
m_line = kaitai::kstream::bytes_to_str(m__io->read_bytes(32), std::string("UTF-8"));
m_id = kaitai::kstream::bytes_to_str(m__io->read_bytes(4), std::string("UTF-8"));
m_user = kaitai::kstream::bytes_to_str(m__io->read_bytes(32), std::string("UTF-8"));
m_host = kaitai::kstream::bytes_to_str(m__io->read_bytes(256), std::string("UTF-8"));
m_exit = m__io->read_u4le();
m_session = m__io->read_s4le();
m_tv = std::unique_ptr<timeval_t>(new timeval_t(m__io, this, m__root));
m_addr_v6 = m__io->read_bytes(16);
m_reserved = m__io->read_bytes(20);
}
glibc_utmp_t::record_t::~record_t() {
_clean_up();
}
void glibc_utmp_t::record_t::_clean_up() {
}
glibc_utmp_t::timeval_t::timeval_t(kaitai::kstream* p__io, glibc_utmp_t::record_t* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
m__parent = p__parent;
m__root = p__root;
_read();
}
void glibc_utmp_t::timeval_t::_read() {
m_sec = m__io->read_s4le();
m_usec = m__io->read_s4le();
}
glibc_utmp_t::timeval_t::~timeval_t() {
_clean_up();
}
void glibc_utmp_t::timeval_t::_clean_up() {
}