It is just luck if two time() calls happen within the same
second. Introduced in 31d28e09.
Actually I don't like adding another global variable but this
way we avoid bigger refactoring. IMO it's questionable why
lastdate, lastdown, etc. are initialized with current time() at
all. It looks unsafe to print "still running" always when
logout_time = now.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
last(1) uses a global list of entries, this is unnecessary and it's
also mistake because the pointer to the list is not set to NULL when
last(1) opens another utmp file. For example:
last -f /var/log/wtmp -f /var/log/wtmp-20150220
ends with unexpected free() call or sometimes with never ending loop.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1201033
Signed-off-by: Karel Zak <kzak@redhat.com>
The message "stat failed %s" seems to say that stat() failed to
do something, or failed to pass a test, but of course it means
that the statting of something failed. So say so. Also make
two very similar messages equal to this one.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
When kernel CONFIG_AUDIT is not set the /proc/<pid>/loginuid information
is not present resulting live sessions to be marked 'gone - no logout' in
last(1) print out. To go-around this change makes last(1) to look
/dev/<tty> device ownership as a substitute of loginuid.
The go-around seems to work fairly well, but it has it short comings.
For example after closing a X window session the /dev/ttyN file seems to
be owned by root, not the user who had it before entering to the X
session. While that is suboptimal it is still better than an attmempt to
determine uid_t by looking owner of the /proc/<struct utmp ut_pid>, that
is a login(1) process running as root.
The issue was found using Archlinux installation.
$ pacman -Qi linux
Name : linux
Version : 3.16-2
[...]
Build Date : Mon Aug 4 18:06:51 2014
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Fixing plain typos, miswordings, inconsistent periods, some missing
angular brackets, and a proper pluralization (even when it involves
a constant, because for some languages the precise value matters).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
For no reason "full" did something else than "iso" or -F as you
see here:
$ ./last -f ../tests/ts/last/wtmp.LE --time-format=full | grep -A2 "no logout"
torvalds linux hobby Mon Aug 26 02:57:08 1991 gone - no logout
reboot system boot system-name Wed Aug 28 20:00:00 2013 still running
reboot system boot system-name Wed Aug 28 18:00:00 2013 - Wed Aug 28 19:00:00 2013 (01:00)
$ ./last -f ../tests/ts/last/wtmp.LE --time-format=iso | grep -A2 "no logout"
torvalds linux hobby 1991-08-26T02:57:08+0200 gone - no logout
reboot system boot system-name 2013-08-28T20:00:00+0200 still running
reboot system boot system-name 2013-08-28T18:00:00+0200 - 2013-08-28T19:00:00+0200 (01:00)
$ ./last -f ../tests/ts/last/wtmp.LE -F | grep -A2 "no logout"
torvalds linux hobby Mon Aug 26 02:57:08 1991 gone - no logout
reboot system boot system-name Wed Aug 28 20:00:00 2013 still running
reboot system boot system-name Wed Aug 28 18:00:00 2013 - Wed Aug 28 19:00:00 2013 (01:00)
Also note the useless leading space before "gone"
The only thing which matters is fmt->out width when printing these
strings like "still running". Now ctl->fulltime flag is unsused and
removed.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
The /proc/<pid>/loginuid is not always available, and when so a running
session should not be determined to be gone. This is a regression from
commit mentioned in reference.
Sessions that have started before previous system boot, and did not log
out meanwhile, will be marked as gone. It is fair to say that these
sessions are most likely result of a wtmp corruption.
Reference: 404fa3f93c
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Earlier determination that used kill with signal zero to pid was prone to
false positive reports, due reuse of pid space and unrelated processes.
New function is_phantom() tries do a little bit better job, but fails to
be perfect. It seems linking to gether utmp session start time or
terminal id with /proc/<pid>/ information is not as simple as one might
hope.
Reported-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
In include/bits/utmp.h the ut_user and ut_time macros are marked with
comment they are backwards compatibility hacks. It is probably best to
avoid use of these macros where ever possible.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Use of uptime time stamp as previous boot login time makes the output not
constant, which is rather difficult to test. Verbal message 'system is
still running' makes testing easy, and noticing which boot is still
running clear to a person.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
When a session time will reach whopping 10000 days the last round bracket
is unnecessarily removed from output.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The ISO-8601 format makes consuming time stamps easy with various
parsers. The format includes time zone information which is crucial when
an investigator is trying to make sense outputs collected from systems
all a across planet.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This allows reducing global variables and will minimize number of
arguments for functions making code a little bit easier to read, and
maintain.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Even while the YYYYMMDDHHMMSS time format it not magnificent it is best
to make it to be part of the one, and only, time format parser.
Proposed-by: Karel Zak <kzak@redhat.com>
References: http://markmail.org/message/6baqt4ttkopu7ra6
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Comment in the deletion tells everything necessary.
"This doesn't work on modern systems, where only a DNS lookup of the
result from hostname() will get you the domainname. Remember that
domainname() is the NIS domainname, not DNS. So basically this whole
piece of code is bullshit."
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Incremental number lists are more hard to get wrong with enum, and they
are nicer to debug as for example gdb is aware of these symbolic names.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Some of the ut_type numbers does not seem to be recognized by last(1) so
they are, at least for now, silently ignored. See glibc documentation
for information what the ignored EMPTY, INIT_PROCESS, LOGIN_PROCESS, and
ACCOUNTING mean.
Reference: FIXME
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This commit also changes the line count to use unsigned integers, as
negative numbers in this context does not make sense.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>