int ausearch_add_timestamp_item_ex(auparse_state_t *au, const char *op,
time_t sec, unsigned milli, unsigned serial, ausearch_rule_t how)
{
static const struct {
unsigned value;
const char name[3];
} ts_tab[] = {
{EO_VALUE_LT, "<"},
{EO_VALUE_LE, "<="},
{EO_VALUE_GE, ">="},
{EO_VALUE_GT, ">"},
{EO_VALUE_EQ, "="},
};
struct expr *expr;
size_t i;
unsigned t_op;
for (i = 0; i < sizeof(ts_tab) / sizeof(*ts_tab); i++) {
if (strcmp(ts_tab[i].name, op) == 0)
goto found_op;
}
goto err_out;
found_op:
t_op = ts_tab[i].value;
if (milli >= 1000)
goto err_out;
// Make sure how is within range
if (how < AUSEARCH_RULE_CLEAR || how > AUSEARCH_RULE_AND)
goto err_out;
// All pre-checks are done, build a rule
expr = expr_create_timestamp_comparison_ex(t_op, sec, milli, serial);
if (expr == NULL)
return -1;
if (add_expr(au, expr, how) != 0)
return -1; /* expr is freed by add_expr() */
return 0;
err_out:
errno = EINVAL;
return -1;
}
/* Create a timestamp comparison-expression for with OP, SEC, MILLI.
On success, return the created expression.
On error, set errno and return NULL. */
struct expr *
expr_create_timestamp_comparison(unsigned op, time_t sec, unsigned milli)
{
return expr_create_timestamp_comparison_ex(op, sec, milli, 0);
}