Date: Wed, 11 Nov 1998 19:37:25 +1100 From: "John Saunders" <john.saunders@scitec.com.au> To: "Oles' Hnatkevych" <gnut@uct.kiev.ua> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: wtmp Message-ID: <004a01be0d4e$8200c010$6cb611cb@saruman.scitec.com.au> In-Reply-To: <Pine.BSF.4.02A.9811110927380.1062-100000@gw.uct.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is probably what you want. I have a collection of wtmp tools
I hacked up ages ago. Maybe I should make a formal release and a
port for it? :-)
cc zapwtmp.c -o zapwtmp
If you want to test it not on your main wtmp file...
cc -DDEBUG zapwtmp.c -o zapwtmp
cp /var/log/wtmp .
last -f wtmp | head -10
./zapwtmp ttyp0 fred host.com YYYYMMDDHHMM
last -f wtmp | head -10
I would also suggest using it during a quiet time as there is
an unavoidable race condition which may cause lost entries.
Although the wtmp file will not be corrupted.
Enjoy...
/*
* zapwtmp.c:
*
* Possible bugs.
*
* There is never any locking done on the wtmp file. I could have added file
* locking to this program, however it would not help as the other programs
* that write to wtmp do not have file locking either. This means there is a
* small window of possibility that a record can get lost. However this
window
* is much smaller than clnwtmp.c, and if used at a quiet period during the
* day will reduce the risk to almost 0%.
*
* Example use.
*
* zapwtmp ttyp1 fred host.com 199604131014
*/
#include <unistd.h>
#include <paths.h>
#include <fcntl.h>
#include <utmp.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
/*
* Make a copy of your wtmp file and play around with DEBUG enabled.
*/
#ifdef DEBUG
#undef _PATH_WTMP
#define _PATH_WTMP "wtmp"
#endif
static int convert_date(char *date_str, time_t *cvt_time);
int main(int argc, char **argv)
{
struct utmp wtmp;
time_t search_time;
time_t time_delta;
int fin, fout;
int searching = 0;
size_t length = 0;
if (argc != 5)
{
fprintf(stderr, "usage: %s port user host YYYYMMDDHHMM\n", argv[0]);
return (1);
}
if (! convert_date(argv[4], &search_time))
{
fprintf(stderr, "Invalid time \"%s\" (e.g. YYYYMMDDHHMM)\n", argv[4]);
return (1);
}
if ((fin = open(_PATH_WTMP, O_RDONLY)) < 0)
{
perror(_PATH_WTMP);
return (1);
}
if ((fout = open(_PATH_WTMP, O_WRONLY)) < 0)
{
perror(_PATH_WTMP);
close(fin);
return (1);
}
/*
* Read each wtmp record and sort based on the cutoff date.
*/
while (read(fin, &wtmp, sizeof(wtmp)) == sizeof(wtmp))
{
if (searching == 0)
{
time_delta = (search_time > wtmp.ut_time ?
search_time - wtmp.ut_time :
wtmp.ut_time - search_time);
/* Zap the login record */
if ((strncmp(wtmp.ut_line, argv[1], UT_LINESIZE) == 0) &&
(strncmp(wtmp.ut_name, argv[2], UT_NAMESIZE) == 0) &&
(strncmp(wtmp.ut_host, argv[3], UT_NAMESIZE) == 0) &&
(time_delta <= 60))
{
#ifdef DEBUG
printf("Found login record\n");
#endif
searching = 1;
}
else
{
write(fout, &wtmp, sizeof(wtmp));
length += sizeof(wtmp);
}
}
else if (searching == 1)
{
/* Zap the logout record */
if (strncmp(wtmp.ut_line, argv[1], UT_LINESIZE) == 0)
{
#ifdef DEBUG
printf("Found logout record\n");
#endif
searching = 2;
}
else
{
write(fout, &wtmp, sizeof(wtmp));
length += sizeof(wtmp);
}
}
else /* searching == 2 */
{
write(fout, &wtmp, sizeof(wtmp));
length += sizeof(wtmp);
}
}
/*
* The window mentioned in the bugs section is between the above
* read (insde the while loop) and this call to ftruncate.
*/
ftruncate(fout, length);
close(fout);
close(fin);
return (0);
}
/*
* Dipy date conversion. Hopefully it will be OK if it's not provided
* any "funny" dates.
*/
static int convert_date(char *date_str, time_t *cvt_time)
{
char string[5];
long date;
int year, month, day, hour, min;
struct tm cutdate;
string[4] = '\0';
string[0] = *date_str; if (*date_str) ++date_str;
string[1] = *date_str; if (*date_str) ++date_str;
string[2] = *date_str; if (*date_str) ++date_str;
string[3] = *date_str; if (*date_str) ++date_str;
year = atoi(string);
if (year < 1900)
{
return (0);
}
year -= 1900;
string[2] = '\0';
string[0] = *date_str; if (*date_str) ++date_str;
string[1] = *date_str; if (*date_str) ++date_str;
month = atoi(string);
if ((month < 1) || (month > 12))
{
return (0);
}
string[0] = *date_str; if (*date_str) ++date_str;
string[1] = *date_str; if (*date_str) ++date_str;
day = atoi(string);
if ((day < 1) || (day > 31))
{
return (0);
}
string[0] = *date_str; if (*date_str) ++date_str;
string[1] = *date_str; if (*date_str) ++date_str;
hour = atoi(string);
if (hour > 23)
{
return (0);
}
string[0] = *date_str; if (*date_str) ++date_str;
string[1] = *date_str; if (*date_str) ++date_str;
min = atoi(string);
if (min > 59)
{
return (0);
}
cutdate.tm_sec = 0;
cutdate.tm_min = min;
cutdate.tm_hour = hour;
cutdate.tm_mday = day;
cutdate.tm_mon = month - 1;
cutdate.tm_year = year;
cutdate.tm_isdst = -1;
/*
* Check that mktime didn't find any problems.
*/
if ((*cvt_time = mktime(&cutdate)) == (time_t)(-1))
{
return (0);
}
/*
* If the month has changed, that means mktime detected a
* day that is outside the allowable days for that month.
* i.e. you specified the 31st of February!
*/
if (cutdate.tm_mon != (month - 1))
{
return (0);
}
return (1);
}
-- . +-------------------------------------------------------+
,--_|\ | John Saunders mailto:John.Saunders@scitec.com.au |
/ Oz \ | SCITEC LIMITED Phone +61294289563 Fax +61294289933 |
\_,--\_/ | "By the time you make ends meet, they move the ends." |
v +-------------------------------------------------------+
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Oles'
> Hnatkevych
> Sent: Wednesday, 11 November 1998 18:30
> To: Jason C. Wells
> Cc: freebsd-questions@FreeBSD.ORG
> Subject: Re: wtmp
>
>
> >
> > OK. You erased the wtmp file. You want to know if there is
> documentation.
> >
>
> No. I have the file. I just want to remove a record that user XXX
> logged in at the time A and logged out at the time B. To pretend that
> he never did.
>
>
> Best wishes,
>
> Oles Hnatkevych, http://gnut.kiev.ua
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004a01be0d4e$8200c010$6cb611cb>