]>
Commit | Line | Data |
---|---|---|
78d5ceac | 1 | /* |
fa9baa80 | 2 | * utmpdump |
78d5ceac | 3 | * |
fa9baa80 KZ |
4 | * Simple program to dump UTMP and WTMP files in raw format, so they can be |
5 | * examined. | |
78d5ceac | 6 | * |
fa9baa80 | 7 | * Based on utmpdump dump from sysvinit suite. |
78d5ceac | 8 | * |
fa9baa80 | 9 | * Copyright (C) 1991-2000 Miquel van Smoorenburg <miquels@cistron.nl> |
78d5ceac | 10 | * |
fa9baa80 KZ |
11 | * Copyright (C) 1998 Danek Duvall <duvall@alumni.princeton.edu> |
12 | * Copyright (C) 2012 Karel Zak <kzak@redhat.com> | |
78d5ceac | 13 | * |
fa9baa80 KZ |
14 | * This program is free software; you can redistribute it and/or modify |
15 | * it under the terms of the GNU General Public License as published by | |
16 | * the Free Software Foundation; either version 2 of the License, or | |
17 | * (at your option) any later version. | |
78d5ceac | 18 | * |
fa9baa80 KZ |
19 | * This program is distributed in the hope that it will be useful, |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | * GNU General Public License for more details. | |
78d5ceac | 23 | * |
fa9baa80 KZ |
24 | * You should have received a copy of the GNU General Public License |
25 | * along with this program; if not, write to the Free Software | |
26 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
78d5ceac | 27 | */ |
78d5ceac KZ |
28 | #include <stdio.h> |
29 | #include <stdlib.h> | |
30 | #include <string.h> | |
b4b919fe | 31 | #include <utmpx.h> |
78d5ceac KZ |
32 | #include <time.h> |
33 | #include <ctype.h> | |
9e15c93d | 34 | #include <getopt.h> |
78d5ceac KZ |
35 | #include <unistd.h> |
36 | #include <netinet/in.h> | |
37 | #include <arpa/inet.h> | |
7346f2b6 SK |
38 | #include <sys/stat.h> |
39 | #ifdef HAVE_INOTIFY_INIT | |
40 | #include <sys/inotify.h> | |
41 | #endif | |
78d5ceac | 42 | |
23031b99 KZ |
43 | #include "c.h" |
44 | #include "nls.h" | |
34f4d961 | 45 | #include "xalloc.h" |
23031b99 | 46 | #include "closestream.h" |
b72a75e9 | 47 | #include "timeutils.h" |
23031b99 | 48 | |
34f4d961 | 49 | static time_t strtotime(const char *s_time) |
78d5ceac KZ |
50 | { |
51 | struct tm tm; | |
fa9baa80 | 52 | |
78d5ceac KZ |
53 | memset(&tm, '\0', sizeof(struct tm)); |
54 | ||
55 | if (s_time[0] == ' ' || s_time[0] == '\0') | |
56 | return (time_t)0; | |
57 | ||
1173d0a6 SK |
58 | if (isdigit(s_time[0])) { |
59 | /* [1998-09-01T01:00:00,000000+00:00] | |
60 | * Subseconds are parsed with strtousec(). Timezone is | |
61 | * always UTC-0 */ | |
62 | strptime(s_time, "%Y-%m-%dT%H:%M:%S", &tm); | |
63 | } else { | |
64 | /* [Tue Sep 01 00:00:00 1998 GMT] */ | |
65 | strptime(s_time, "%a %b %d %T %Y", &tm); | |
66 | /* Cheesy way of checking for DST. This could be needed | |
67 | * with legacy dumps that used localtime(3). */ | |
68 | if (s_time[26] == 'D') | |
69 | tm.tm_isdst = 1; | |
70 | } | |
3749bdce | 71 | return timegm(&tm); |
78d5ceac KZ |
72 | } |
73 | ||
1173d0a6 SK |
74 | static suseconds_t strtousec(const char *s_time) |
75 | { | |
76 | const char *s = strchr(s_time, ','); | |
77 | if (s) | |
78 | return (suseconds_t) atoi(s + 1); | |
79 | return 0; | |
80 | } | |
1173d0a6 | 81 | |
78d5ceac | 82 | #define cleanse(x) xcleanse(x, sizeof(x)) |
34f4d961 | 83 | static void xcleanse(char *s, int len) |
78d5ceac KZ |
84 | { |
85 | for ( ; *s && len-- > 0; s++) | |
86 | if (!isprint(*s) || *s == '[' || *s == ']') | |
87 | *s = '?'; | |
88 | } | |
89 | ||
b4b919fe | 90 | static void print_utline(struct utmpx *ut, FILE *out) |
78d5ceac | 91 | { |
1173d0a6 | 92 | const char *addr_string; |
ee508c15 | 93 | char buffer[INET6_ADDRSTRLEN]; |
1173d0a6 SK |
94 | char time_string[40]; |
95 | struct timeval tv; | |
ee508c15 | 96 | |
912a7077 KZ |
97 | if (ut->ut_addr_v6[1] || ut->ut_addr_v6[2] || ut->ut_addr_v6[3]) |
98 | addr_string = inet_ntop(AF_INET6, &(ut->ut_addr_v6), buffer, sizeof(buffer)); | |
ee508c15 | 99 | else |
912a7077 | 100 | addr_string = inet_ntop(AF_INET, &(ut->ut_addr_v6), buffer, sizeof(buffer)); |
78d5ceac | 101 | |
1173d0a6 SK |
102 | tv.tv_sec = ut->ut_tv.tv_sec; |
103 | tv.tv_usec = ut->ut_tv.tv_usec; | |
104 | ||
105 | if (strtimeval_iso(&tv, | |
106 | ISO_8601_DATE | ISO_8601_TIME | ISO_8601_COMMAUSEC | | |
107 | ISO_8601_TIMEZONE | ISO_8601_GMTIME, time_string, | |
108 | sizeof(time_string)) != 0) | |
109 | return; | |
912a7077 KZ |
110 | cleanse(ut->ut_id); |
111 | cleanse(ut->ut_user); | |
112 | cleanse(ut->ut_line); | |
113 | cleanse(ut->ut_host); | |
78d5ceac | 114 | |
f718c2fc | 115 | /* type pid id user line host addr time */ |
1173d0a6 | 116 | fprintf(out, "[%d] [%05d] [%-4.4s] [%-*.*s] [%-*.*s] [%-*.*s] [%-15s] [%s]\n", |
f718c2fc RM |
117 | ut->ut_type, ut->ut_pid, ut->ut_id, |
118 | 8, (int)sizeof(ut->ut_user), ut->ut_user, | |
119 | 12, (int)sizeof(ut->ut_line), ut->ut_line, | |
120 | 20, (int)sizeof(ut->ut_host), ut->ut_host, | |
cd903a0e | 121 | addr_string, time_string); |
78d5ceac KZ |
122 | } |
123 | ||
7346f2b6 SK |
124 | #ifdef HAVE_INOTIFY_INIT |
125 | #define EVENTS (IN_MODIFY|IN_DELETE_SELF|IN_MOVE_SELF|IN_UNMOUNT) | |
126 | #define NEVENTS 4 | |
127 | ||
930954d8 | 128 | static void roll_file(const char *filename, off_t *size, FILE *out) |
78d5ceac | 129 | { |
930954d8 | 130 | FILE *in; |
7346f2b6 | 131 | struct stat st; |
b4b919fe | 132 | struct utmpx ut; |
7346f2b6 | 133 | off_t pos; |
78d5ceac | 134 | |
930954d8 | 135 | if (!(in = fopen(filename, "r"))) |
289dcc90 | 136 | err(EXIT_FAILURE, _("cannot open %s"), filename); |
7346f2b6 | 137 | |
930954d8 | 138 | if (fstat(fileno(in), &st) == -1) |
fc14ceba | 139 | err(EXIT_FAILURE, _("stat of %s failed"), filename); |
7346f2b6 | 140 | |
faebdd91 KZ |
141 | if (st.st_size == *size) |
142 | goto done; | |
78d5ceac | 143 | |
930954d8 SK |
144 | if (fseek(in, *size, SEEK_SET) != (off_t) -1) { |
145 | while (fread(&ut, sizeof(ut), 1, in) == 1) | |
912a7077 | 146 | print_utline(&ut, out); |
7346f2b6 SK |
147 | } |
148 | ||
930954d8 | 149 | pos = ftello(in); |
7346f2b6 SK |
150 | /* If we've successfully read something, use the file position, this |
151 | * avoids data duplication. If we read nothing or hit an error, | |
152 | * reset to the reported size, this handles truncated files. | |
153 | */ | |
154 | *size = (pos != -1 && pos != *size) ? pos : st.st_size; | |
155 | ||
faebdd91 | 156 | done: |
930954d8 | 157 | fclose(in); |
7346f2b6 SK |
158 | } |
159 | ||
930954d8 | 160 | static int follow_by_inotify(FILE *in, const char *filename, FILE *out) |
7346f2b6 SK |
161 | { |
162 | char buf[NEVENTS * sizeof(struct inotify_event)]; | |
7346f2b6 SK |
163 | int fd, wd, event; |
164 | ssize_t length; | |
165 | off_t size; | |
166 | ||
167 | fd = inotify_init(); | |
168 | if (fd == -1) | |
169 | return -1; /* probably reached any limit ... */ | |
170 | ||
930954d8 SK |
171 | size = ftello(in); |
172 | fclose(in); | |
7346f2b6 SK |
173 | |
174 | wd = inotify_add_watch(fd, filename, EVENTS); | |
175 | if (wd == -1) | |
176 | err(EXIT_FAILURE, _("%s: cannot add inotify watch."), filename); | |
177 | ||
178 | while (wd >= 0) { | |
179 | errno = 0; | |
180 | length = read(fd, buf, sizeof(buf)); | |
181 | ||
182 | if (length < 0 && (errno == EINTR || errno == EAGAIN)) | |
183 | continue; | |
184 | if (length < 0) | |
185 | err(EXIT_FAILURE, _("%s: cannot read inotify events"), | |
186 | filename); | |
187 | ||
188 | for (event = 0; event < length;) { | |
189 | struct inotify_event *ev = | |
190 | (struct inotify_event *) &buf[event]; | |
191 | ||
192 | if (ev->mask & IN_MODIFY) | |
930954d8 | 193 | roll_file(filename, &size, out); |
7346f2b6 SK |
194 | else { |
195 | close(wd); | |
196 | wd = -1; | |
197 | break; | |
198 | } | |
199 | event += sizeof(struct inotify_event) + ev->len; | |
200 | } | |
201 | } | |
202 | ||
203 | close(fd); | |
204 | return 0; | |
205 | } | |
206 | #endif /* HAVE_INOTIFY_INIT */ | |
207 | ||
930954d8 | 208 | static FILE *dump(FILE *in, const char *filename, int follow, FILE *out) |
7346f2b6 | 209 | { |
b4b919fe | 210 | struct utmpx ut; |
7346f2b6 SK |
211 | |
212 | if (follow) | |
85dd024d | 213 | ignore_result( fseek(in, -10 * sizeof(ut), SEEK_END) ); |
7346f2b6 | 214 | |
930954d8 | 215 | while (fread(&ut, sizeof(ut), 1, in) == 1) |
912a7077 | 216 | print_utline(&ut, out); |
7346f2b6 SK |
217 | |
218 | if (!follow) | |
930954d8 | 219 | return in; |
faebdd91 | 220 | |
7346f2b6 | 221 | #ifdef HAVE_INOTIFY_INIT |
930954d8 | 222 | if (follow_by_inotify(in, filename, out) == 0) |
faebdd91 KZ |
223 | return NULL; /* file already closed */ |
224 | else | |
7346f2b6 SK |
225 | #endif |
226 | /* fallback for systems without inotify or with non-free | |
227 | * inotify instances */ | |
228 | for (;;) { | |
930954d8 | 229 | while (fread(&ut, sizeof(ut), 1, in) == 1) |
912a7077 | 230 | print_utline(&ut, out); |
704bd903 | 231 | sleep(1); |
7346f2b6 | 232 | } |
faebdd91 | 233 | |
930954d8 | 234 | return in; |
78d5ceac KZ |
235 | } |
236 | ||
7346f2b6 | 237 | |
78d5ceac KZ |
238 | /* This function won't work properly if there's a ']' or a ' ' in the real |
239 | * token. Thankfully, this should never happen. */ | |
34f4d961 | 240 | static int gettok(char *line, char *dest, int size, int eatspace) |
78d5ceac KZ |
241 | { |
242 | int bpos, epos, eaten; | |
78d5ceac KZ |
243 | |
244 | bpos = strchr(line, '[') - line; | |
704bd903 KZ |
245 | if (bpos < 0) |
246 | errx(EXIT_FAILURE, _("Extraneous newline in file. Exiting.")); | |
78d5ceac | 247 | |
704bd903 | 248 | line += 1 + bpos; |
78d5ceac | 249 | epos = strchr(line, ']') - line; |
704bd903 | 250 | if (epos < 0) |
cd903a0e | 251 | errx(EXIT_FAILURE, _("Extraneous newline in file. Exiting.")); |
78d5ceac | 252 | |
704bd903 | 253 | line[epos] = '\0'; |
78d5ceac KZ |
254 | eaten = bpos + epos + 1; |
255 | ||
704bd903 | 256 | if (eatspace) { |
e31926b4 | 257 | char *t; |
cd903a0e SK |
258 | if ((t = strchr(line, ' '))) |
259 | *t = 0; | |
704bd903 | 260 | } |
cd903a0e | 261 | strncpy(dest, line, size); |
78d5ceac KZ |
262 | |
263 | return eaten + 1; | |
264 | } | |
265 | ||
930954d8 | 266 | static void undump(FILE *in, FILE *out) |
78d5ceac | 267 | { |
b4b919fe | 268 | struct utmpx ut; |
ee508c15 | 269 | char s_addr[INET6_ADDRSTRLEN + 1], s_time[29], *linestart, *line; |
78d5ceac | 270 | |
ad20f0d8 | 271 | linestart = xmalloc(1024 * sizeof(*linestart)); |
78d5ceac KZ |
272 | s_time[28] = 0; |
273 | ||
930954d8 | 274 | while (fgets(linestart, 1023, in)) { |
78d5ceac | 275 | line = linestart; |
cd903a0e SK |
276 | memset(&ut, '\0', sizeof(ut)); |
277 | sscanf(line, "[%hd] [%d] [%4c] ", &ut.ut_type, &ut.ut_pid, ut.ut_id); | |
78d5ceac KZ |
278 | |
279 | line += 19; | |
cd903a0e SK |
280 | line += gettok(line, ut.ut_user, sizeof(ut.ut_user), 1); |
281 | line += gettok(line, ut.ut_line, sizeof(ut.ut_line), 1); | |
282 | line += gettok(line, ut.ut_host, sizeof(ut.ut_host), 1); | |
283 | line += gettok(line, s_addr, sizeof(s_addr) - 1, 1); | |
ad20f0d8 | 284 | gettok(line, s_time, sizeof(s_time) - 1, 0); |
ee508c15 SK |
285 | if (strchr(s_addr, '.')) |
286 | inet_pton(AF_INET, s_addr, &(ut.ut_addr_v6)); | |
287 | else | |
288 | inet_pton(AF_INET6, s_addr, &(ut.ut_addr_v6)); | |
55771f54 | 289 | |
cfa7fe89 | 290 | ut.ut_tv.tv_sec = strtotime(s_time); |
1173d0a6 | 291 | ut.ut_tv.tv_usec = strtousec(s_time); |
55771f54 | 292 | |
930954d8 | 293 | ignore_result( fwrite(&ut, sizeof(ut), 1, out) ); |
78d5ceac KZ |
294 | } |
295 | ||
296 | free(linestart); | |
297 | } | |
298 | ||
c8a6af07 | 299 | static void __attribute__((__noreturn__)) usage(FILE *out) |
78d5ceac | 300 | { |
c8a6af07 KZ |
301 | fputs(USAGE_HEADER, out); |
302 | ||
303 | fprintf(out, | |
4810de91 | 304 | _(" %s [options] [filename]\n"), program_invocation_short_name); |
c8a6af07 | 305 | |
451dbcfa BS |
306 | fputs(USAGE_SEPARATOR, out); |
307 | fputs(_("Dump UTMP and WTMP files in raw format.\n"), out); | |
308 | ||
c8a6af07 | 309 | fputs(USAGE_OPTIONS, out); |
930954d8 SK |
310 | fputs(_(" -f, --follow output appended data as the file grows\n"), out); |
311 | fputs(_(" -r, --reverse write back dumped data into utmp file\n"), out); | |
312 | fputs(_(" -o, --output <file> write to file instead of standard output\n"), out); | |
400bc941 SK |
313 | fputs(USAGE_HELP, out); |
314 | fputs(USAGE_VERSION, out); | |
c8a6af07 KZ |
315 | |
316 | fprintf(out, USAGE_MAN_TAIL("utmpdump(1)")); | |
317 | exit(out == stderr ? EXIT_FAILURE : EXIT_SUCCESS); | |
78d5ceac KZ |
318 | } |
319 | ||
320 | int main(int argc, char **argv) | |
321 | { | |
322 | int c; | |
930954d8 | 323 | FILE *in = NULL, *out = NULL; |
faebdd91 | 324 | int reverse = 0, follow = 0; |
704bd903 | 325 | const char *filename = NULL; |
78d5ceac | 326 | |
9e15c93d | 327 | static const struct option longopts[] = { |
87918040 SK |
328 | { "follow", no_argument, NULL, 'f' }, |
329 | { "reverse", no_argument, NULL, 'r' }, | |
330 | { "output", required_argument, NULL, 'o' }, | |
331 | { "help", no_argument, NULL, 'h' }, | |
332 | { "version", no_argument, NULL, 'V' }, | |
333 | { NULL, 0, NULL, 0 } | |
9e15c93d KZ |
334 | }; |
335 | ||
23031b99 KZ |
336 | setlocale(LC_ALL, ""); |
337 | bindtextdomain(PACKAGE, LOCALEDIR); | |
338 | textdomain(PACKAGE); | |
339 | atexit(close_stdout); | |
340 | ||
930954d8 | 341 | while ((c = getopt_long(argc, argv, "fro:hV", longopts, NULL)) != -1) { |
78d5ceac KZ |
342 | switch (c) { |
343 | case 'r': | |
344 | reverse = 1; | |
345 | break; | |
346 | ||
347 | case 'f': | |
faebdd91 | 348 | follow = 1; |
78d5ceac KZ |
349 | break; |
350 | ||
930954d8 SK |
351 | case 'o': |
352 | out = fopen(optarg, "w"); | |
353 | if (!out) | |
354 | err(EXIT_FAILURE, _("cannot open %s"), | |
355 | optarg); | |
356 | break; | |
357 | ||
78d5ceac | 358 | case 'h': |
c8a6af07 | 359 | usage(stdout); |
78d5ceac | 360 | break; |
9e15c93d KZ |
361 | case 'V': |
362 | printf(UTIL_LINUX_VERSION); | |
c8a6af07 | 363 | return EXIT_SUCCESS; |
78d5ceac | 364 | default: |
677ec86c | 365 | errtryhelp(EXIT_FAILURE); |
78d5ceac KZ |
366 | } |
367 | } | |
368 | ||
930954d8 SK |
369 | if (!out) |
370 | out = stdout; | |
371 | ||
78d5ceac | 372 | if (optind < argc) { |
704bd903 | 373 | filename = argv[optind]; |
930954d8 SK |
374 | in = fopen(filename, "r"); |
375 | if (!in) | |
289dcc90 | 376 | err(EXIT_FAILURE, _("cannot open %s"), filename); |
704bd903 | 377 | } else { |
faebdd91 KZ |
378 | if (follow) |
379 | errx(EXIT_FAILURE, _("following standard input is unsupported")); | |
5ec1ad13 | 380 | filename = "/dev/stdin"; |
930954d8 | 381 | in = stdin; |
78d5ceac KZ |
382 | } |
383 | ||
704bd903 KZ |
384 | if (reverse) { |
385 | fprintf(stderr, _("Utmp undump of %s\n"), filename); | |
930954d8 | 386 | undump(in, out); |
704bd903 KZ |
387 | } else { |
388 | fprintf(stderr, _("Utmp dump of %s\n"), filename); | |
930954d8 | 389 | in = dump(in, filename, follow, out); |
704bd903 KZ |
390 | } |
391 | ||
74ce680a SK |
392 | if (out != stdout && close_stream(out)) |
393 | err(EXIT_FAILURE, _("write failed")); | |
930954d8 SK |
394 | |
395 | if (in && in != stdin) | |
396 | fclose(in); | |
78d5ceac | 397 | |
704bd903 | 398 | return EXIT_SUCCESS; |
78d5ceac | 399 | } |