utmp log file, Linux/glibc version: C++11/STL parsing library

KS implementation details

License: CC0-1.0

References

This page hosts a formal specification of utmp log file, Linux/glibc version using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.

Usage

Runtime library

All parsing code for C++11/STL generated by Kaitai Struct depends on the C++/STL runtime library. You have to install it before you can parse data.

For C++, the easiest way is to clone the runtime library sources and build them along with your project.

Code

Using Kaitai Struct in C++/STL usually consists of 3 steps.

  1. We need to create an STL input stream (std::istream). One can open local file for that, or use existing std::string or char* buffer.
    #include <fstream>
    
    std::ifstream is("path/to/local/file.glibc_utmp", std::ifstream::binary);
    
    #include <sstream>
    
    std::istringstream is(str);
    
    #include <sstream>
    
    const char buf[] = { ... };
    std::string str(buf, sizeof buf);
    std::istringstream is(str);
    
  2. We need to wrap our input stream into Kaitai stream:
    #include "kaitai/kaitaistream.h"
    
    kaitai::kstream ks(&is);
    
  3. And finally, we can invoke the parsing:
    glibc_utmp_t data(&ks);
    

After that, one can get various attributes from the structure by invoking getter methods like:

data.records() // => get records

C++11/STL source code to parse utmp log file, Linux/glibc version

glibc_utmp.h

#pragma once

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "kaitai/kaitaistruct.h"
#include <stdint.h>
#include <memory>
#include <vector>

#if KAITAI_STRUCT_VERSION < 9000L
#error "Incompatible Kaitai Struct C++/STL API: version 0.9 or later is required"
#endif

class glibc_utmp_t : public kaitai::kstruct {

public:
    class record_t;
    class timeval_t;

    enum entry_type_t {
        ENTRY_TYPE_EMPTY = 0,
        ENTRY_TYPE_RUN_LVL = 1,
        ENTRY_TYPE_BOOT_TIME = 2,
        ENTRY_TYPE_NEW_TIME = 3,
        ENTRY_TYPE_OLD_TIME = 4,
        ENTRY_TYPE_INIT_PROCESS = 5,
        ENTRY_TYPE_LOGIN_PROCESS = 6,
        ENTRY_TYPE_USER_PROCESS = 7,
        ENTRY_TYPE_DEAD_PROCESS = 8,
        ENTRY_TYPE_ACCOUNTING = 9
    };

    glibc_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent = nullptr, glibc_utmp_t* p__root = nullptr);

private:
    void _read();
    void _clean_up();

public:
    ~glibc_utmp_t();

    class record_t : public kaitai::kstruct {

    public:

        record_t(kaitai::kstream* p__io, glibc_utmp_t* p__parent = nullptr, glibc_utmp_t* p__root = nullptr);

    private:
        void _read();
        void _clean_up();

    public:
        ~record_t();

    private:
        entry_type_t m_ut_type;
        uint32_t m_pid;
        std::string m_line;
        std::string m_id;
        std::string m_user;
        std::string m_host;
        uint32_t m_exit;
        int32_t m_session;
        std::unique_ptr<timeval_t> m_tv;
        std::string m_addr_v6;
        std::string m_reserved;
        glibc_utmp_t* m__root;
        glibc_utmp_t* m__parent;

    public:

        /**
         * Type of login
         */
        entry_type_t ut_type() const { return m_ut_type; }

        /**
         * Process ID of login process
         */
        uint32_t pid() const { return m_pid; }

        /**
         * Devicename
         */
        std::string line() const { return m_line; }

        /**
         * Inittab ID
         */
        std::string id() const { return m_id; }

        /**
         * Username
         */
        std::string user() const { return m_user; }

        /**
         * Hostname for remote login
         */
        std::string host() const { return m_host; }

        /**
         * Exit status of a process marked as DEAD_PROCESS
         */
        uint32_t exit() const { return m_exit; }

        /**
         * Session ID, used for windowing
         */
        int32_t session() const { return m_session; }

        /**
         * Time entry was made
         */
        timeval_t* tv() const { return m_tv.get(); }

        /**
         * Internet address of remote host
         */
        std::string addr_v6() const { return m_addr_v6; }
        std::string reserved() const { return m_reserved; }
        glibc_utmp_t* _root() const { return m__root; }
        glibc_utmp_t* _parent() const { return m__parent; }
    };

    class timeval_t : public kaitai::kstruct {

    public:

        timeval_t(kaitai::kstream* p__io, glibc_utmp_t::record_t* p__parent = nullptr, glibc_utmp_t* p__root = nullptr);

    private:
        void _read();
        void _clean_up();

    public:
        ~timeval_t();

    private:
        int32_t m_sec;
        int32_t m_usec;
        glibc_utmp_t* m__root;
        glibc_utmp_t::record_t* m__parent;

    public:

        /**
         * Seconds
         */
        int32_t sec() const { return m_sec; }

        /**
         * Microseconds
         */
        int32_t usec() const { return m_usec; }
        glibc_utmp_t* _root() const { return m__root; }
        glibc_utmp_t::record_t* _parent() const { return m__parent; }
    };

private:
    std::unique_ptr<std::vector<std::unique_ptr<record_t>>> m_records;
    glibc_utmp_t* m__root;
    kaitai::kstruct* m__parent;
    std::unique_ptr<std::vector<std::string>> m__raw_records;
    std::unique_ptr<std::vector<std::unique_ptr<kaitai::kstream>>> m__io__raw_records;

public:
    std::vector<std::unique_ptr<record_t>>* records() const { return m_records.get(); }
    glibc_utmp_t* _root() const { return m__root; }
    kaitai::kstruct* _parent() const { return m__parent; }
    std::vector<std::string>* _raw_records() const { return m__raw_records.get(); }
    std::vector<std::unique_ptr<kaitai::kstream>>* _io__raw_records() const { return m__io__raw_records.get(); }
};

glibc_utmp.cpp

// This is a generated file! Please edit source .ksy file and use kaitai-struct-compiler to rebuild

#include "glibc_utmp.h"

glibc_utmp_t::glibc_utmp_t(kaitai::kstream* p__io, kaitai::kstruct* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = this;
    m_records = nullptr;
    m__raw_records = nullptr;
    m__io__raw_records = nullptr;
    _read();
}

void glibc_utmp_t::_read() {
    m__raw_records = std::unique_ptr<std::vector<std::string>>(new std::vector<std::string>());
    m__io__raw_records = std::unique_ptr<std::vector<std::unique_ptr<kaitai::kstream>>>(new std::vector<std::unique_ptr<kaitai::kstream>>());
    m_records = std::unique_ptr<std::vector<std::unique_ptr<record_t>>>(new std::vector<std::unique_ptr<record_t>>());
    {
        int i = 0;
        while (!m__io->is_eof()) {
            m__raw_records->push_back(std::move(m__io->read_bytes(384)));
            kaitai::kstream* io__raw_records = new kaitai::kstream(m__raw_records->at(m__raw_records->size() - 1));
            m__io__raw_records->emplace_back(io__raw_records);
            m_records->push_back(std::move(std::unique_ptr<record_t>(new record_t(io__raw_records, this, m__root))));
            i++;
        }
    }
}

glibc_utmp_t::~glibc_utmp_t() {
    _clean_up();
}

void glibc_utmp_t::_clean_up() {
}

glibc_utmp_t::record_t::record_t(kaitai::kstream* p__io, glibc_utmp_t* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    m_tv = nullptr;
    _read();
}

void glibc_utmp_t::record_t::_read() {
    m_ut_type = static_cast<glibc_utmp_t::entry_type_t>(m__io->read_s4le());
    m_pid = m__io->read_u4le();
    m_line = kaitai::kstream::bytes_to_str(m__io->read_bytes(32), std::string("UTF-8"));
    m_id = kaitai::kstream::bytes_to_str(m__io->read_bytes(4), std::string("UTF-8"));
    m_user = kaitai::kstream::bytes_to_str(m__io->read_bytes(32), std::string("UTF-8"));
    m_host = kaitai::kstream::bytes_to_str(m__io->read_bytes(256), std::string("UTF-8"));
    m_exit = m__io->read_u4le();
    m_session = m__io->read_s4le();
    m_tv = std::unique_ptr<timeval_t>(new timeval_t(m__io, this, m__root));
    m_addr_v6 = m__io->read_bytes(16);
    m_reserved = m__io->read_bytes(20);
}

glibc_utmp_t::record_t::~record_t() {
    _clean_up();
}

void glibc_utmp_t::record_t::_clean_up() {
}

glibc_utmp_t::timeval_t::timeval_t(kaitai::kstream* p__io, glibc_utmp_t::record_t* p__parent, glibc_utmp_t* p__root) : kaitai::kstruct(p__io) {
    m__parent = p__parent;
    m__root = p__root;
    _read();
}

void glibc_utmp_t::timeval_t::_read() {
    m_sec = m__io->read_s4le();
    m_usec = m__io->read_s4le();
}

glibc_utmp_t::timeval_t::~timeval_t() {
    _clean_up();
}

void glibc_utmp_t::timeval_t::_clean_up() {
}