By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,173 Members | 796 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,173 IT Pros & Developers. It's quick & easy.

Reading files in /var/spool/rwho/whod.*

P: n/a
Hello,

I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
anyone has done that before or could give me some clues on how to read those
files. I've tried to use the binascii module without any luck.

Best regards,
-fredrik-normann-
Jul 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Fredrik Normann wrote:
Hello,

I'm trying to read the binary files under /var/spool/rwho/ so I'm
wondering if anyone has done that before or could give me some clues on
how to read those files. I've tried to use the binascii module without
any luck.


A friend of mine made this C-program, that does the trick :)

#include <protocols/rwhod.h>
#include <stdio.h>
#include <unistd.h>
#include <strings.h>

#include <time.h>
#include <sys/time.h>

#include <sys/types.h>
#include <netinet/in.h>
#include <inttypes.h>

#ifdef SOL
#include <stddef.h>
#else
#include <linux/stddef.h>
#endif

int main (int argc, char **argv)
{

char *filename, *binary;
FILE *fp;
struct whod entry;
struct outmp who;
size_t ret;
size_t cnt = 0;
char *user = (char*) malloc (8);
char *timestr = (char*) malloc (512);
char *hostname = (char*) malloc (512);
int hostlen, ulen;
size_t prefix, we_len;

hostlen = 0;
ulen = 0;

struct timeval now;
struct tm *tptr;
time_t t;

binary = *argv;
ret = gettimeofday (&now, 0);
if (ret < 0) {
perror ("Error getting time of day");
exit (2);
}

if (argc < 2) {
printf ("%s: ERROR, no whod file specified\n", binary);
exit (1);
}

filename = *(argv + 1);

fp = fopen (filename, "r");
if (fp == NULL) {
perror ("Error opening file");
exit (3);
}

#ifdef SOL
ret = fread (&entry, 1, sizeof (entry), fp);
#else
ret = fread_unlocked (&entry, 1, sizeof (entry), fp);
#endif
if (ret < 0) {
perror ("Error reading file");
exit (4);
}

prefix = offsetof (struct whod, wd_we) / sizeof (struct whoent);
we_len = ret / sizeof (struct whoent) - prefix;

/* Find lengths of strings */
for (cnt = 0; cnt < we_len; cnt++) {
who = entry.wd_we[cnt].we_utmp;
strncpy (user, who.out_name, 8);
if (strlen (user) > ulen)
ulen = strlen (user);
if ((strlen (entry.wd_hostname) + strlen (who.out_line) + 1) > hostlen)
hostlen = strlen (entry.wd_hostname) + strlen (who.out_line) + 1;
}

for (cnt = 0; cnt < we_len; cnt++) {
who = entry.wd_we[cnt].we_utmp;
strncpy (user, who.out_name, 8);
strncpy (hostname, entry.wd_hostname, 512);
strcat (hostname, ":");
strncat (hostname, who.out_line, 8);

t = now.tv_sec - ntohl (entry.wd_we[cnt].we_idle);

entry.wd_we[cnt].we_idle = ntohl (entry.wd_we[cnt].we_idle) / 60;

printf ("%-*s %-*s",
ulen, user,
hostlen, hostname);
if (entry.wd_we[cnt].we_idle >= 0) {
tptr = localtime (&t);
strftime (timestr, 512, "%a %b %d %H:%m", tptr);

printf (" %s ", timestr);
printf ("%5d:%02d",
entry.wd_we[cnt].we_idle / 60,
entry.wd_we[cnt].we_idle % 60);
}
printf ("\n");
}

fclose (fp);
}
Jul 19 '05 #2

P: n/a
On Mon, 27 Jun 2005 13:26:12 +0200, Fredrik Normann <fr*****@ifi.uio.no>
declaimed the following in comp.lang.python:
Hello,

I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
anyone has done that before or could give me some clues on how to read those
files. I've tried to use the binascii module without any luck.
Have you looked at the struct module?

-- ================================================== ============ <
wl*****@ix.netcom.com | Wulfraed Dennis Lee Bieber KD6MOG <
wu******@dm.net | Bestiaria Support Staff <
================================================== ============ <
Home Page: <http://www.dm.net/~wulfraed/> <
Overflow Page: <http://wlfraed.home.netcom.com/> <

Jul 19 '05 #3

P: n/a
Dennis Lee Bieber wrote:
On Mon, 27 Jun 2005 13:26:12 +0200, Fredrik Normann <fr*****@ifi.uio.no>
declaimed the following in comp.lang.python:

Hello,

I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
anyone has done that before or could give me some clues on how to read those
files. I've tried to use the binascii module without any luck.


Have you looked at the struct module?


Thanks for the tip. A friend of mine helped me with making this small script:
#!/usr/bin/env python

"""whod file parser.

Made by: Igor V. Rafienko

This tiny script tries to grock whod files.
"""
from struct import calcsize, unpack, pack
from socket import ntohl
import time

outmp_format = '8s8s4s'
whoent_format = '%ds4s' % calcsize(outmp_format)
almost_whod = 'cc2s4s4s32s12s4s'
def make_string(s):
"""Stupid C. Chop the string off at the first '\0'."""

index = s.find('\0')
if index != -1:
return s[:index]
# fi
# end make_string
def make_time(seconds):
"""Convert from seconds since Epoch to ISO8601."""

return time.strftime("%Y-%m-%dT%H:%M:%S", time.localtime(seconds))
# end make_time
def make_int(binary):
"""Convert binary from network representation to host int."""

assert len(binary) == 4, "ints are 4 bytes long here"

if calcsize("i") == 4:
return ntohl(unpack("i", binary)[0])
elif calcsize("l") == 4:
return ntohl(unpack("l", binary)[0])
else:
raise "Dammit! no suitable integral type"
# fi
# end make_int
def parse_one_outmp(binary_data):
"""Parse an outmp struct."""

out_line, out_name, out_time = unpack(outmp_format, binary_data)
out_time = make_int(out_time)

return out_line, out_name, out_time
# end parse_one_outmp
def parse_one_whoent(binary_data):
"""Parse a whoent struct."""

outmp_part, we_idle = unpack(whoent_format, binary_data)

we_idle = make_int(we_idle)
out_line, out_name, out_time = parse_one_outmp(outmp_part)

return out_line, out_name, out_time, we_idle
# end parse_one_whoent
def parse_one_file(binary_data):
"""Parse the entire thing."""

# First we parse everything, except for the whoent-array
prefix = unpack(almost_whod, binary_data[:calcsize(almost_whod)])

print "prefix has %d elemenets" % len(prefix)
print "wd_vers:", ord(prefix[0])
print "wd_type:", ord(prefix[1])
print "wd_fill:", make_string(prefix[2])
print "wd_sendtime:", make_time(make_int(prefix[3]))
print "wd_recvtime:", make_time(make_int(prefix[4]))
print "wd_host: ", make_string(prefix[5])
load = prefix[6]
print "wd_load avg: %d, %d, %d" % tuple([make_int(x) for x in
(load[:4], load[4:8], load[8:])])
print "wd_boottime", make_time(make_int(prefix[7]))

sz = calcsize(whoent_format)
array_data = binary_data[calcsize(almost_whod):]
assert len(array_data) % sz == 0, "Aiee! corrupt chunk?"
whoent_chunks = [ array_data[sz*x:sz*(x+1)] for x in range(len(array_data)
/ sz) ]
print "%d whoent chunks" % len(whoent_chunks)

for out_line, out_name, out_time, we_idle in [parse_one_whoent(x)
for x in whoent_chunks]:
print "\tout_line:", make_string(out_line)
print "\tout_name:", make_string(out_name)
print "\tout_time:", make_time(out_time)
print "\twe_idle:", we_idle
# od
# end parse_one_file
Jul 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.