Reading files in /var/spool/rwho/whod.*

Discussion in 'Python' started by Fredrik Normann, Jun 27, 2005.

  1. Hello,

    I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
    anyone has done that before or could give me some clues on how to read those
    files. I've tried to use the binascii module without any luck.

    Best regards,
    -fredrik-normann-
     
    Fredrik Normann, Jun 27, 2005
    #1
    1. Advertising

  2. Fredrik Normann wrote:
    > Hello,
    >
    > I'm trying to read the binary files under /var/spool/rwho/ so I'm
    > wondering if anyone has done that before or could give me some clues on
    > how to read those files. I've tried to use the binascii module without
    > any luck.


    A friend of mine made this C-program, that does the trick :)

    #include <protocols/rwhod.h>
    #include <stdio.h>
    #include <unistd.h>
    #include <strings.h>

    #include <time.h>
    #include <sys/time.h>

    #include <sys/types.h>
    #include <netinet/in.h>
    #include <inttypes.h>

    #ifdef SOL
    #include <stddef.h>
    #else
    #include <linux/stddef.h>
    #endif

    int main (int argc, char **argv)
    {

    char *filename, *binary;
    FILE *fp;
    struct whod entry;
    struct outmp who;
    size_t ret;
    size_t cnt = 0;
    char *user = (char*) malloc (8);
    char *timestr = (char*) malloc (512);
    char *hostname = (char*) malloc (512);
    int hostlen, ulen;
    size_t prefix, we_len;

    hostlen = 0;
    ulen = 0;

    struct timeval now;
    struct tm *tptr;
    time_t t;

    binary = *argv;
    ret = gettimeofday (&now, 0);
    if (ret < 0) {
    perror ("Error getting time of day");
    exit (2);
    }

    if (argc < 2) {
    printf ("%s: ERROR, no whod file specified\n", binary);
    exit (1);
    }

    filename = *(argv + 1);

    fp = fopen (filename, "r");
    if (fp == NULL) {
    perror ("Error opening file");
    exit (3);
    }

    #ifdef SOL
    ret = fread (&entry, 1, sizeof (entry), fp);
    #else
    ret = fread_unlocked (&entry, 1, sizeof (entry), fp);
    #endif
    if (ret < 0) {
    perror ("Error reading file");
    exit (4);
    }

    prefix = offsetof (struct whod, wd_we) / sizeof (struct whoent);
    we_len = ret / sizeof (struct whoent) - prefix;

    /* Find lengths of strings */
    for (cnt = 0; cnt < we_len; cnt++) {
    who = entry.wd_we[cnt].we_utmp;
    strncpy (user, who.out_name, 8);
    if (strlen (user) > ulen)
    ulen = strlen (user);
    if ((strlen (entry.wd_hostname) + strlen (who.out_line) + 1) > hostlen)
    hostlen = strlen (entry.wd_hostname) + strlen (who.out_line) + 1;
    }

    for (cnt = 0; cnt < we_len; cnt++) {
    who = entry.wd_we[cnt].we_utmp;
    strncpy (user, who.out_name, 8);
    strncpy (hostname, entry.wd_hostname, 512);
    strcat (hostname, ":");
    strncat (hostname, who.out_line, 8);

    t = now.tv_sec - ntohl (entry.wd_we[cnt].we_idle);

    entry.wd_we[cnt].we_idle = ntohl (entry.wd_we[cnt].we_idle) / 60;

    printf ("%-*s %-*s",
    ulen, user,
    hostlen, hostname);
    if (entry.wd_we[cnt].we_idle >= 0) {
    tptr = localtime (&t);
    strftime (timestr, 512, "%a %b %d %H:%m", tptr);

    printf (" %s ", timestr);
    printf ("%5d:%02d",
    entry.wd_we[cnt].we_idle / 60,
    entry.wd_we[cnt].we_idle % 60);
    }
    printf ("\n");
    }

    fclose (fp);
    }
     
    Fredrik Normann, Jun 28, 2005
    #2
    1. Advertising

  3. On Mon, 27 Jun 2005 13:26:12 +0200, Fredrik Normann <>
    declaimed the following in comp.lang.python:

    > Hello,
    >
    > I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
    > anyone has done that before or could give me some clues on how to read those
    > files. I've tried to use the binascii module without any luck.
    >

    Have you looked at the struct module?

    --
    > ============================================================== <
    > | Wulfraed Dennis Lee Bieber KD6MOG <
    > | Bestiaria Support Staff <
    > ============================================================== <
    > Home Page: <http://www.dm.net/~wulfraed/> <
    > Overflow Page: <http://wlfraed.home.netcom.com/> <
     
    Dennis Lee Bieber, Jun 28, 2005
    #3
  4. Dennis Lee Bieber wrote:
    > On Mon, 27 Jun 2005 13:26:12 +0200, Fredrik Normann <>
    > declaimed the following in comp.lang.python:
    >
    >
    >>Hello,
    >>
    >>I'm trying to read the binary files under /var/spool/rwho/ so I'm wondering if
    >>anyone has done that before or could give me some clues on how to read those
    >>files. I've tried to use the binascii module without any luck.
    >>

    >
    > Have you looked at the struct module?
    >


    Thanks for the tip. A friend of mine helped me with making this small script:


    #!/usr/bin/env python

    """whod file parser.

    Made by: Igor V. Rafienko

    This tiny script tries to grock whod files.
    """


    from struct import calcsize, unpack, pack
    from socket import ntohl
    import time





    outmp_format = '8s8s4s'
    whoent_format = '%ds4s' % calcsize(outmp_format)
    almost_whod = 'cc2s4s4s32s12s4s'


    def make_string(s):
    """Stupid C. Chop the string off at the first '\0'."""

    index = s.find('\0')
    if index != -1:
    return s[:index]
    # fi
    # end make_string


    def make_time(seconds):
    """Convert from seconds since Epoch to ISO8601."""

    return time.strftime("%Y-%m-%dT%H:%M:%S", time.localtime(seconds))
    # end make_time


    def make_int(binary):
    """Convert binary from network representation to host int."""

    assert len(binary) == 4, "ints are 4 bytes long here"

    if calcsize("i") == 4:
    return ntohl(unpack("i", binary)[0])
    elif calcsize("l") == 4:
    return ntohl(unpack("l", binary)[0])
    else:
    raise "Dammit! no suitable integral type"
    # fi
    # end make_int


    def parse_one_outmp(binary_data):
    """Parse an outmp struct."""

    out_line, out_name, out_time = unpack(outmp_format, binary_data)
    out_time = make_int(out_time)

    return out_line, out_name, out_time
    # end parse_one_outmp


    def parse_one_whoent(binary_data):
    """Parse a whoent struct."""

    outmp_part, we_idle = unpack(whoent_format, binary_data)

    we_idle = make_int(we_idle)
    out_line, out_name, out_time = parse_one_outmp(outmp_part)

    return out_line, out_name, out_time, we_idle
    # end parse_one_whoent


    def parse_one_file(binary_data):
    """Parse the entire thing."""

    # First we parse everything, except for the whoent-array
    prefix = unpack(almost_whod, binary_data[:calcsize(almost_whod)])

    print "prefix has %d elemenets" % len(prefix)
    print "wd_vers:", ord(prefix[0])
    print "wd_type:", ord(prefix[1])
    print "wd_fill:", make_string(prefix[2])
    print "wd_sendtime:", make_time(make_int(prefix[3]))
    print "wd_recvtime:", make_time(make_int(prefix[4]))
    print "wd_host: ", make_string(prefix[5])
    load = prefix[6]
    print "wd_load avg: %d, %d, %d" % tuple([make_int(x) for x in
    (load[:4], load[4:8], load[8:])])
    print "wd_boottime", make_time(make_int(prefix[7]))

    sz = calcsize(whoent_format)
    array_data = binary_data[calcsize(almost_whod):]
    assert len(array_data) % sz == 0, "Aiee! corrupt chunk?"
    whoent_chunks = [ array_data[sz*x:sz*(x+1)] for x in range(len(array_data)
    / sz) ]
    print "%d whoent chunks" % len(whoent_chunks)

    for out_line, out_name, out_time, we_idle in [parse_one_whoent(x)
    for x in whoent_chunks]:
    print "\tout_line:", make_string(out_line)
    print "\tout_name:", make_string(out_name)
    print "\tout_time:", make_time(out_time)
    print "\twe_idle:", we_idle
    # od
    # end parse_one_file
     
    Fredrik Normann, Jun 30, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. popo
    Replies:
    4
    Views:
    460
  2. Allan
    Replies:
    1
    Views:
    1,392
    Thomas Matthews
    Feb 16, 2004
  3. S. M. Tuttle
    Replies:
    2
    Views:
    1,204
    Brian van den Broek
    Jul 21, 2005
  4. semaphore
    Replies:
    0
    Views:
    710
    semaphore
    Feb 26, 2009
  5. die
    Replies:
    2
    Views:
    81
    Gunnar Hjalmarsson
    Dec 22, 2004
Loading...

Share This Page