linux系統編程：自己動手寫一個who命令

who命令的作用用於顯示當前有哪些用戶登錄到系統。

這個命令執行的原理是讀取了系統上utmp文件中記錄的所有登錄信息，直接顯示出來的

utmp文件在哪裡呢？

man who的時候，在手冊下麵有這麼一段說明：意思就是不指定文件參數，那麼讀取的就是/var/run/utmp，到底是不是，驗證下

If FILE is not specified, use /var/run/utmp.  /var/log/wtmp as FILE  is
       common.   If  ARG1  ARG2  given, -m presumed: 'am i' or 'mom likes' are
       usual.

當我指定file參數為/var/run/utmp或者省略這個參數的時候，結果都是一樣， 當我用一個錯誤的文件時，沒有任何結果，從這裡可以推斷，who命令確實從/var/run/utmp中讀取用戶登錄的信息

ghostwu@ubuntu:~$ who
ghostwu  tty7         2018-01-08 09:09 (:0)
ghostwu  pts/18       2018-01-08 12:59 (:0)
ghostwu  pts/19       2018-01-08 13:00 (:0)
ghostwu  pts/20       2018-01-08 13:03 (:0)
ghostwu@ubuntu:~$ who -b
         system boot  2018-01-08 09:08
ghostwu@ubuntu:~$ who -b /var/run/utmp 
         system boot  2018-01-08 09:08
ghostwu@ubuntu:~$ who -b /var/run/utmp2
ghostwu@ubuntu:~$ who -b /var/run/utmp3

那麼utmp到底在哪裡？

利用man -k utmp 查找所有的可能：    推斷--->  utmp (5) - login records  這裡的可能性比較大，描述說，這裡是記錄登錄信息的

ghostwu@ubuntu:~$ man -k utmp
endutent (3)         - access utmp file entries
endutxent (3)        - access utmp file entries
getutent (3)         - access utmp file entries
getutent_r (3)       - access utmp file entries
getutid (3)          - access utmp file entries
getutid_r (3)        - access utmp file entries
getutline (3)        - access utmp file entries
getutline_r (3)      - access utmp file entries
getutmp (3)          - copy utmp structure to utmpx, and vice versa
getutmpx (3)         - copy utmp structure to utmpx, and vice versa
getutxent (3)        - access utmp file entries
getutxid (3)         - access utmp file entries
getutxline (3)       - access utmp file entries
login (3)            - write utmp and wtmp entries
logout (3)           - write utmp and wtmp entries
pututline (3)        - access utmp file entries
pututxline (3)       - access utmp file entries
sessreg (1)          - manage utmpx/wtmpx entries for non-init clients
setutent (3)         - access utmp file entries
setutxent (3)        - access utmp file entries
systemd-update-utmp (8) - Write audit and utmp updates at bootup, runlevel ch...
systemd-update-utmp-runlevel.service (8) - Write audit and utmp updates at bo...
systemd-update-utmp.service (8) - Write audit and utmp updates at bootup, run...
utmp (5)             - login records
utmpdump (1)         - dump UTMP and WTMP files in raw format
utmpname (3)         - access utmp file entries
utmpx (5)            - login records
utmpxname (3)        - access utmp file entries

接下來，我們去 man 5 utmp 看下，會發現有這麼一段提示：

The file is a sequence of utmp structures, declared as follows in <utmp.h> (note that this
       is only one of several definitions around; details depend on the version of libc):

意思是utmp文件的信息是一系列utmp結構體數據, 這個結構體定義在utmp.h文件中，  每個linux發行版可能不一樣.

接下來，我用強大的find命令查找到了2個目標：

ghostwu@ubuntu:~$ find /usr/include -name "utmp.h"
/usr/include/x86_64-linux-gnu/bits/utmp.h
/usr/include/utmp.h

結構體的定義就在這個文件中( /usr/include/x86_64-linux-gnu/bits/utmp.h  )

這裡有兩個巨集要註意下( ut_time和UTMP_FILE ), 下麵的程式會用到

#ifndef _NO_UT_TIME
/* We have a problem here: `ut_time' is also used otherwise.  Define
   _NO_UT_TIME if the compiler complains.  */
# define ut_time    ut_tv.tv_sec
#endif

ghostwu@ubuntu:~$ grep "UTMP_FILE" /usr/include/utmp.h 
#define UTMP_FILE    _PATH_UTMP
#define UTMP_FILENAME    _PATH_UTMP
ghostwu@ubuntu:~$ grep "_PATH_UTMP" /usr/include/utmp.h
#define UTMP_FILE    _PATH_UTMP
#define UTMP_FILENAME    _PATH_UTMP
ghostwu@ubuntu:~$ grep "_PATH_UTMP" /usr/include/x86_64-linux-gnu/bits/utmp.h 
ghostwu@ubuntu:~$ grep "_PATH_UTMP" /usr/include/*.h
/usr/include/paths.h:#define    _PATH_UTMP    "/var/run/utmp"
/usr/include/utmp.h:#define UTMP_FILE    _PATH_UTMP
/usr/include/utmp.h:#define UTMP_FILENAME    _PATH_UTMP
/usr/include/utmpx.h:# define UTMPX_FILE    _PATH_UTMPX
/usr/include/utmpx.h:# define UTMPX_FILENAME    _PATH_UTMPX
ghostwu@ubuntu:~$

UTMP_FILE的查找思路： 首先grep兩個目錄下麵的文件utmp.h，在/usr/include/utmp.h找到一個巨集定義 _PATH_UTMP，下一步就是確定 _PATH_UTMP到底是什麼，利用grep "_PATH_UTMP" /usr/include/*.h

最終在paths.h頭文件中，發現了他的真面目

who命令書寫思路：

1）從/var/run/utmp讀取文件，每次讀取一個struct utmp結構體這麼大，如果長度每次都有這麼大，繼續讀取

2）格式化4個信息：用戶名，主機，地址，時間

3）只列印當前活動的用戶(當前登錄的用戶)

4）格式化時間( 小時，分鐘，秒， >10的補0, <10的原樣返回 )

源代碼

  1 /*================================================================
  2 *   Copyright (C) 2018 . All rights reserved.
  3 *   
  4 *   文件名稱：mywho.c
  5 *   創 建 者：ghostwu(吳華)
  6 *   創建日期：2018年01月08日
  7 *   描    述：
  8 *
  9 ================================================================*/
 10 
 11 #include <stdio.h>
 12 #include <utmp.h>
 13 #include <sys/types.h>
 14 #include <sys/stat.h>
 15 #include <fcntl.h>
 16 #include <stdlib.h>
 17 #include <unistd.h>
 18 #include <time.h>
 19 #include <string.h>
 20 
 21 #ifndef UTMP_FILE
 22 #define UTMP_FILE "/var/run/utmp"
 23 #endif
 24 
 25 int count = 0;
 26 
 27 //格式化時間, <10 就補0, >10　原樣返回
 28 char* format_time( char* s, const char *time ) {
 29     if( strlen( time ) < 2 ) {
 30         return strcat( s, time );
 31     }
 32     return strcpy( s, time );
 33 }
 34 
 35 void show_info( struct utmp* t_utmp ) {
 36     if ( t_utmp->ut_type != USER_PROCESS ) //不顯示 非活躍的用戶信息
 37       return;
 38 
 39     printf( "%-8.8s", t_utmp->ut_user ); 
 40     printf( " " );
 41     printf( "%-8.8s", t_utmp->ut_line );
 42     printf( " " );
 43 
 44     //printf( " " );
 45     //printf( "%12.12s", ctime( (time_t*)&(t_utmp->ut_time) ) + 4 ); //+4--->去除天(day)和後面的空格
 46     
 47     /*測試localtime用法
 48     //當前時間
 49     time_t now;
 50     struct tm* pNow;
 51     time( &now );
 52     pNow = localtime( &now );
 53     printf( "%d-%d-%d %d:%d", pNow->tm_year + 1900, pNow->tm_mon + 1, pNow->tm_mday, pNow->tm_hour, pNow->tm_min );
 54     */
 55 
 56     struct tm* ptm;
 57     time_t u_time = t_utmp->ut_time;
 58     ptm = localtime( &u_time );
 59     int ihour = ptm->tm_hour;
 60     int imin = ptm->tm_min;
 61 
 62     char hour[3] = "0";
 63     char hour2[3] = "0";
 64     sprintf( hour2, "%d", ihour );
 65     format_time( hour, hour2 );
 66 
 67     char min[3] = "0";
 68     char min2[3] = "0";
 69     sprintf( min2, "%d", imin );
 70     format_time( min, min2 );
 71 
 72     //printf( "%d-%d-%d %d:%d", ptm->tm_year + 1900, ptm->tm_mon + 1, ptm->tm_mday, ihour, imin );
 73     printf( "%d-%d-%d %s:%s", ptm->tm_year + 1900, ptm->tm_mon + 1, ptm->tm_mday, hour, min );
 74 
 75     printf( " " );
 76     printf( "%-8.8s", t_utmp->ut_host );
 77 
 78     printf( "\n" );
 79 }
 80 
 81 int main(int argc, char *argv[])
 82 {
 83     struct utmp myutmp;
 84     int fd = -1;
 85     int reclen = sizeof( myutmp );
 86 
 87     fd = open( UTMP_FILE, O_RDONLY );
 88     
 89     if( -1 == fd ) {
 90         perror( "open utmp" );
 91         exit( -1 );
 92     }
 93 
 94     //printf( "fd = %d\n", fd );
 95     
 96     while( read( fd, &myutmp, reclen ) == reclen ) {
 97         count++;
 98         show_info( &myutmp );    
 99     }
100     printf( "文件讀取的次數:%d\n", count );
101     close( fd );
102 
103 
104     return 0;
105 }

總結：

 一個非常小的功能，囊括以下知識點：

1）文件讀取

2）man手冊與系統命令使用技巧

3）指針用法

4）字元串函數用法

5）時間函數用法

6）巨集與typedef的用法