static int lookup_and_set_time(const char *da, struct tm *d)
{
int retval = lookup_time(da);
if (retval >= 0) {
switch (retval)
{
case T_NOW:
set_tm_now(d);
break;
case T_RECENT:
set_tm_recent(d);
break;
case T_TODAY:
set_tm_today(d);
break;
case T_YESTERDAY:
set_tm_yesterday(d);
break;
case T_THIS_WEEK:
set_tm_this_week(d);
break;
case T_WEEK_AGO:
set_tm_week_ago(d);
break;
case T_THIS_MONTH:
set_tm_this_month(d);
break;
case T_THIS_YEAR:
set_tm_this_year(d);
break;
}
return 0;
} else
return -1;
}
void lookup_transforms(tf2::BufferCore& buffer, std::set<std::string> frame_ids) {
std::string frame1 = "child";
std::string frame2 = "parent";
geometry_msgs::TransformStamped tfs;
double num_lookups = 1e5;
double tree_depth = 0.0;
std::vector<std::string> set_vector(frame_ids.begin(), frame_ids.end()); // Want constant time element indexing
size_t n_frames = set_vector.size();
std::stringstream rs;
rs << num_lookups << " random lookups - on " << n_frames << " total frames";
log(rs.str().c_str());
double start = now();
for(size_t i = 0; i < num_lookups; i++) {
frame1 = set_vector[true_random_index(n_frames)];
frame2 = set_vector[true_random_index(n_frames)];
ros::Time lookup_time(fRand(10.0, 20.0));
try {
tfs = buffer.lookupTransform(frame1, frame2, lookup_time);
tree_depth += abs(tfs.transform.translation.x);
} catch(const tf2::ConnectivityException& e) {
log("CONNECTIVITY EXCEPTION");
} catch(const tf2::ExtrapolationException& e) {
log("EXTRAPOLATION EXCEPTION");
} catch(const tf2::LookupException& e) {
log("LOOKUP EXCEPTION");
} catch (...) {
log("SUPER BAD EXCEPTION");
}
}
double end = now();
double avg_depth = tree_depth / num_lookups;
std::stringstream st;
st << "Start time: " << start << "\nEnd time: " << end
<< "\n Diff: " << end - start << "\n Avg: " << (end-start)/num_lookups
<< "\n Avg tf tree depth:" << avg_depth;
log(st.str().c_str());
}
/*
* This function examines the commandline parameters and sets various
* search options. It returns a 0 on success and < 0 on failure
*/
int check_params(int count, char *vars[])
{
int c = 1;
int retval = 0;
const char *optarg;
while (c < count && retval == 0) {
// Go ahead and point to the next argument
if (c+1 < count) {
if (vars[c+1][0] != '-')
optarg = vars[c+1];
else
optarg = NULL;
} else
optarg = NULL;
switch (audit_lookup_option(vars[c])) {
case R_INFILE:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
user_file = strdup(optarg);
if (user_file == NULL)
retval = -1;
c++;
}
break;
case R_LOG_TIMES:
if (set_report(RPT_TIME))
retval = -1;
else
set_detail(D_DETAILED);
break;
case R_AVCS:
if (set_report(RPT_AVC))
retval = -1;
else {
set_detail(D_DETAILED);
event_comm = dummy;
event_subject = dummy;
event_object = dummy;
}
break;
case R_AUTH:
if (set_report(RPT_AUTH))
retval = -1;
else {
set_detail(D_DETAILED);
event_exe = dummy;
event_hostname = dummy;
event_terminal = dummy;
}
break;
case R_MAC:
if (set_report(RPT_MAC))
retval = -1;
else
set_detail(D_DETAILED);
break;
case R_CONFIGS:
if (set_report(RPT_CONFIG))
retval = -1;
else
set_detail(D_DETAILED);
break;
case R_CRYPTO:
if (set_report(RPT_CRYPTO))
retval = -1;
else
set_detail(D_DETAILED);
break;
case R_LOGINS:
if (set_report(RPT_LOGIN))
retval = -1;
else {
set_detail(D_DETAILED);
event_exe = dummy;
event_hostname = dummy;
event_terminal = dummy;
}
break;
case R_ACCT_MODS:
if (set_report(RPT_ACCT_MOD))
retval = -1;
else {
set_detail(D_DETAILED);
event_exe = dummy;
event_hostname = dummy;
event_terminal = dummy;
}
break;
case R_EVENTS:
if (set_report(RPT_EVENT))
retval = -1;
else {
// if (!optarg)
set_detail(D_DETAILED);
// else {
// UNIMPLEMENTED;
// set_detail(D_SPECIFIC);
// if (isdigit(optarg[0])) {
// errno = 0;
// event_id = strtoul(optarg,
// NULL, 10);
// if (errno) {
// fprintf(stderr,
// "Illegal value for audit event ID");
// retval = -1;
// }
// c++;
// } else {
// fprintf(stderr,
// "Audit event id must be a numeric value, was %s\n",
// optarg);
// retval = -1;
// }
// }
}
break;
case R_FILES:
if (set_report(RPT_FILE))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_filename = dummy;
event_exe = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_HOSTS:
if (set_report(RPT_HOST))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_hostname = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_INTERPRET:
report_format = RPT_INTERP;
if (optarg) {
fprintf(stderr,
"Argument is NOT required for %s\n",
vars[c]);
retval = -1;
}
break;
case R_PIDS:
if (set_report(RPT_PID))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_exe = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_SYSCALLS:
if (set_report(RPT_SYSCALL))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_comm = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_TERMINALS:
if (set_report(RPT_TERM))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_terminal = dummy;
event_hostname = dummy;
event_exe = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_USERS:
if (set_report(RPT_USER))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_terminal = dummy;
event_hostname = dummy;
event_exe = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_EXES:
if (set_report(RPT_EXE))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_terminal = dummy;
event_hostname = dummy;
event_exe = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_ANOMALY:
if (set_report(RPT_ANOMALY))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_terminal = dummy;
event_hostname = dummy;
event_exe = dummy;
event_comm = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_RESPONSE:
if (set_report(RPT_RESPONSE))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
} else {
UNIMPLEMENTED;
}
}
break;
case R_KEYS:
if (set_report(RPT_KEY))
retval = -1;
else {
if (!optarg) {
set_detail(D_DETAILED);
event_exe = dummy;
event_key = dummy;
} else {
UNIMPLEMENTED;
}
}
break;
case R_TTY:
if (set_report(RPT_TTY))
retval = -1;
else {
event_session_id = 1;
event_terminal = dummy;
event_comm = dummy;
set_detail(D_DETAILED);
}
break;
case R_TIME_END:
if (optarg) {
if ( (c+2 < count) && vars[c+2] &&
(vars[c+2][0] != '-') ) {
/* Have both date and time - check order*/
if (strchr(optarg, ':')) {
if (ausearch_time_end(vars[c+2],
optarg) != 0)
retval = -1;
} else {
if (ausearch_time_end(optarg,
vars[c+2]) != 0)
retval = -1;
}
c++;
} else {
// Check against recognized words
int t = lookup_time(optarg);
if (t >= 0) {
if (ausearch_time_end(optarg,
NULL) != 0)
retval = -1;
} else if ( (strchr(optarg, ':')) == NULL) {
/* Only have date */
if (ausearch_time_end(optarg,
NULL) != 0)
retval = -1;
} else {
/* Only have time */
if (ausearch_time_end(NULL,
optarg) != 0)
retval = -1;
}
}
c++;
break;
}
fprintf(stderr,
"%s requires either date and/or time\n",
vars[c]);
retval = -1;
break;
case R_TIME_START:
if (optarg) {
if ( (c+2 < count) && vars[c+2] &&
(vars[c+2][0] != '-') ) {
/* Have both date and time - check order */
if (strchr(optarg, ':')) {
if (ausearch_time_start(
vars[c+2], optarg) != 0)
retval = -1;
} else {
if (ausearch_time_start(optarg,
vars[c+2]) != 0)
retval = -1;
}
c++;
} else {
// Check against recognized words
int t = lookup_time(optarg);
if (t >= 0) {
if (ausearch_time_start(optarg,
"00:00:00") != 0)
retval = -1;
} else if ( strchr(optarg, ':') == NULL) {
/* Only have date */
if (ausearch_time_start(optarg,
"00:00:00") != 0)
retval = -1;
} else {
/* Only have time */
if (ausearch_time_start(NULL,
optarg) != 0)
retval = -1;
}
}
c++;
break;
}
fprintf(stderr,
"%s requires either date and/or time\n",
vars[c]);
retval = -1;
break;
case R_NODE:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
snode sn;
c++;
if (!event_node_list) {
event_node_list = malloc(sizeof (slist));
if (!event_node_list) {
retval = -1;
break;
}
slist_create(event_node_list);
}
sn.str = strdup(optarg);
sn.key = NULL;
sn.hits=0;
slist_append(event_node_list, &sn);
}
break;
case R_SUMMARY_DET:
set_detail(D_SUM);
break;
case R_FAILED:
event_failed = F_FAILED;
break;
case R_SUCCESS:
event_failed = F_SUCCESS;
break;
case R_ADD:
event_conf_act = C_ADD;
break;
case R_DEL:
event_conf_act = C_DEL;
break;
case R_IN_LOGS:
force_logs = 1;
break;
case R_VERSION:
printf("aureport version %s\n", VERSION);
exit(0);
break;
case R_HELP:
usage();
exit(0);
break;
default:
fprintf(stderr, "%s is an unsupported option\n",
vars[c]);
retval = -1;
break;
}
c++;
}
if (retval >= 0) {
if (report_type == RPT_UNSET) {
if (set_report(RPT_SUMMARY))
retval = -1;
else {
set_detail(D_SUM);
event_filename = dummy;
event_hostname = dummy;
event_terminal = dummy;
event_exe = dummy;
event_key = dummy;
}
}
} else
usage();
return retval;
}
int ausearch_time_end(const char *da, const char *ti)
{
/* If date == NULL, use current date */
/* If ti == NULL, use current time */
int rc = 0;
struct tm d, t;
char *ret;
if (da == NULL)
set_tm_now(&d);
else {
if (lookup_and_set_time(da, &d) < 0) {
ret = strptime(da, "%x", &d);
if (ret == NULL) {
fprintf(stderr,
"Invalid end date (%s). Month, Day, and Year are required.\n",
da);
return 1;
}
if (*ret != 0) {
fprintf(stderr,
"Error parsing end date (%s)\n", da);
return 1;
}
} else {
int keyword=lookup_time(da);
if (keyword == T_RECENT || keyword == T_NOW) {
if (ti == NULL || strcmp(ti, "00:00:00") == 0)
goto set_it;
}
// Special case today
if (keyword == T_TODAY) {
set_tm_now(&d);
if (ti == NULL || strcmp(ti, "00:00:00") == 0)
goto set_it;
}
}
}
if (ti != NULL) {
char tmp_t[36];
if (strlen(ti) <= 5) {
snprintf(tmp_t, sizeof(tmp_t), "%s:00", ti);
} else {
tmp_t[0]=0;
strncat(tmp_t, ti, sizeof(tmp_t)-1);
}
ret = strptime(tmp_t, "%X", &t);
if (ret == NULL) {
fprintf(stderr,
"Invalid end time (%s). Hour, Minute, and Second are required.\n",
ti);
return 1;
}
if (*ret != 0) {
fprintf(stderr, "Error parsing end time (%s)\n", ti);
return 1;
}
} else {
time_t tt = time(NULL);
struct tm *tv = localtime(&tt);
clear_tm(&t);
t.tm_hour = tv->tm_hour;
t.tm_min = tv->tm_min;
t.tm_sec = tv->tm_sec;
t.tm_isdst = tv->tm_isdst;
}
add_tm(&d, &t);
if (d.tm_year < 104) {
fprintf(stderr, "Error - year is %d\n", d.tm_year+1900);
return -1;
}
set_it:
// printf("end is: %s\n", ctime(&end_time));
end_time = mktime(&d);
if (end_time == -1) {
fprintf(stderr, "Error converting end time\n");
rc = -1;
}
return rc;
}
int ausearch_time_start(const char *da, const char *ti)
{
/* If da == NULL, use current date */
/* If ti == NULL, then use midnight 00:00:00 */
int rc = 0;
struct tm d, t;
char *ret;
if (da == NULL)
set_tm_now(&d);
else {
if (lookup_and_set_time(da, &d) < 0) {
ret = strptime(da, "%x", &d);
if (ret == NULL) {
fprintf(stderr,
"Invalid start date (%s). Month, Day, and Year are required.\n",
da);
return 1;
}
if (*ret != 0) {
fprintf(stderr,
"Error parsing start date (%s)\n", da);
return 1;
}
} else {
int keyword=lookup_time(da);
if (keyword == T_RECENT || keyword == T_NOW) {
if (ti == NULL || strcmp(ti, "00:00:00") == 0)
goto set_it;
}
}
}
if (ti != NULL) {
char tmp_t[36];
if (strlen(ti) <= 5) {
snprintf(tmp_t, sizeof(tmp_t), "%s:00", ti);
} else {
tmp_t[0]=0;
strncat(tmp_t, ti, sizeof(tmp_t)-1);
}
ret = strptime(tmp_t, "%X", &t);
if (ret == NULL) {
fprintf(stderr,
"Invalid start time (%s). Hour, Minute, and Second are required.\n",
ti);
return 1;
}
if (*ret != 0) {
fprintf(stderr, "Error parsing start time (%s)\n", ti);
return 1;
}
} else
clear_tm(&t);
add_tm(&d, &t);
if (d.tm_year < 104) {
fprintf(stderr, "Error - year is %d\n", d.tm_year+1900);
return -1;
}
set_it:
// printf("start is: %s\n", ctime(&start_time));
start_time = mktime(&d);
if (start_time == -1) {
fprintf(stderr, "Error converting start time\n");
rc = -1;
}
return rc;
}
/*
* This function examines the commandline parameters and sets various
* search options. It returns a 0 on success and < 0 on failure
*/
int check_params(int count, char *vars[])
{
int c = 1;
int retval = 0;
const char *optarg;
if (count < 2) {
usage();
return -1;
}
while (c < count && retval == 0) {
// Go ahead and point to the next argument
if (c+1 < count) {
if (vars[c+1][0] != '-')
optarg = vars[c+1];
else
optarg = NULL;
} else
optarg = NULL;
switch (audit_lookup_option(vars[c])) {
case S_EVENT:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_id = strtoul(optarg, NULL, 10);
if (errno) {
fprintf(stderr,
"Illegal value for audit event ID");
retval = -1;
}
c++;
} else {
fprintf(stderr,
"Audit event id must be a numeric value, was %s\n",
optarg);
retval = -1;
}
break;
case S_COMM:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
} else {
event_comm = strdup(optarg);
if (event_comm == NULL)
retval = -1;
c++;
}
break;
case S_FILENAME:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
event_filename = strdup(optarg);
if (event_filename == NULL)
retval = -1;
c++;
}
break;
case S_KEY:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
event_key = strdup(optarg);
if (event_key == NULL)
retval = -1;
c++;
}
break;
case S_ALL_GID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
fprintf(stderr,
"Numeric group ID conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else {
struct group *gr ;
gr = getgrnam(optarg) ;
if (gr == NULL) {
fprintf(stderr,
"Group ID is non-numeric and unknown (%s)\n",
optarg);
retval = -1;
break;
}
event_gid = gr->gr_gid;
}
event_egid = event_gid;
event_ga = 1;
c++;
break;
case S_EFF_GID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_egid = strtoul(optarg,NULL,10);
if (errno) {
fprintf(stderr,
"Numeric group ID conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else {
struct group *gr ;
gr = getgrnam(optarg) ;
if (gr == NULL) {
fprintf(stderr,
"Effective group ID is non-numeric and unknown (%s)\n",
optarg);
retval = -1;
break;
}
event_egid = gr->gr_gid;
}
c++;
break;
case S_GID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
fprintf(stderr,
"Numeric group ID conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else {
struct group *gr ;
gr = getgrnam(optarg) ;
if (gr == NULL) {
fprintf(stderr,
"Group ID is non-numeric and unknown (%s)\n",
optarg);
retval = -1;
break;
}
event_gid = gr->gr_gid;
}
c++;
break;
case S_HELP:
usage();
exit(0);
break;
case S_HOSTNAME:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
event_hostname = strdup(optarg);
if (event_hostname == NULL)
retval = -1;
c++;
}
break;
case S_INTERP:
if (report_format == RPT_DEFAULT)
report_format = RPT_INTERP;
else {
fprintf(stderr,
"Conflicting output format %s\n",
vars[c]);
retval = -1;
}
if (optarg) {
fprintf(stderr,
"Argument is NOT required for %s\n",
vars[c]);
retval = -1;
}
break;
case S_INFILE:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
user_file = strdup(optarg);
if (user_file == NULL)
retval = -1;
c++;
}
break;
case S_MESSAGE_TYPE:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
if (strcasecmp(optarg, "ALL") != 0) {
retval = parse_msg(optarg);
}
c++;
}
if (retval < 0) {
int i;
fprintf(stderr,
"Valid message types are: ALL ");
for (i=AUDIT_USER;i<=AUDIT_LAST_VIRT_MSG;i++){
const char *name;
if (i == AUDIT_WATCH_INS) // Skip a few
i = AUDIT_FIRST_USER_MSG;
name = audit_msg_type_to_name(i);
if (name)
fprintf(stderr, "%s ", name);
}
fprintf(stderr, "\n");
}
break;
case S_OBJECT:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
} else {
event_object = strdup(optarg);
if (event_object == NULL)
retval = -1;
c++;
}
break;
case S_PPID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_ppid = strtol(optarg,NULL,10);
if (errno)
retval = -1;
c++;
} else {
fprintf(stderr,
"Parent process id must be a numeric value, was %s\n",
optarg);
retval = -1;
}
break;
case S_PID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_pid = strtol(optarg,NULL,10);
if (errno)
retval = -1;
c++;
} else {
fprintf(stderr,
"Process id must be a numeric value, was %s\n",
optarg);
retval = -1;
}
break;
case S_RAW:
if (report_format == RPT_DEFAULT)
report_format = RPT_RAW;
else {
fprintf(stderr,
"Conflicting output format --raw\n");
retval = -1;
}
if (optarg) {
fprintf(stderr,
"Argument is NOT required for --raw\n");
retval = -1;
}
break;
case S_NODE:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
snode sn;
c++;
if (!event_node_list) {
event_node_list = malloc(sizeof (slist));
if (!event_node_list) {
retval = -1;
break;
}
slist_create(event_node_list);
}
sn.str = strdup(optarg);
sn.key = NULL;
sn.hits=0;
slist_append(event_node_list, &sn);
}
break;
case S_SYSCALL:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_syscall = (int)strtoul(optarg, NULL, 10);
if (errno) {
fprintf(stderr,
"Syscall numeric conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else {
int machine;
machine = audit_detect_machine();
if (machine < 0) {
fprintf(stderr,
"Error detecting machine type");
retval = -1;
break;
}
event_syscall = audit_name_to_syscall(optarg,
machine);
if (event_syscall == -1) {
fprintf(stderr,
"Syscall %s not found\n",
optarg);
retval = -1;
}
}
c++;
break;
case S_CONTEXT:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
} else {
event_subject = strdup(optarg);
if (event_subject == NULL)
retval = -1;
event_object = strdup(optarg);
if (event_object == NULL)
retval = -1;
event_se = 1;
c++;
}
break;
case S_SUBJECT:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
} else {
event_subject = strdup(optarg);
if (event_subject == NULL)
retval = -1;
c++;
}
break;
case S_OSUCCESS:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if ( (strstr(optarg, "yes")!=NULL) ||
(strstr(optarg, "no")!=NULL) ) {
if (strcmp(optarg, "yes") == 0)
event_success = S_SUCCESS;
else
event_success = S_FAILED;
} else {
fprintf(stderr,
"Success must be 'yes' or 'no'.\n");
retval = -1;
}
c++;
break;
case S_SESSION:
if (!optarg) {
if ((c+1 < count) && vars[c+1])
optarg = vars[c+1];
else {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
}
{
size_t len = strlen(optarg);
if (isdigit(optarg[0])) {
errno = 0;
event_session_id = strtol(optarg,NULL,10);
if (errno)
retval = -1;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
(isdigit(optarg[1]))) {
errno = 0;
event_session_id = strtol(optarg, NULL, 0);
if (errno) {
retval = -1;
fprintf(stderr, "Error converting %s\n",
optarg);
}
c++;
} else {
fprintf(stderr,
"Session id must be a numeric value, was %s\n",
optarg);
retval = -1;
}
}
break;
case S_EXIT:
if (!optarg) {
if ((c+1 < count) && vars[c+1])
optarg = vars[c+1];
else {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
}
{
size_t len = strlen(optarg);
if (isdigit(optarg[0])) {
errno = 0;
event_exit = strtol(optarg, NULL, 0);
if (errno) {
retval = -1;
fprintf(stderr, "Error converting %s\n",
optarg);
}
} else if (len >= 2 && *(optarg)=='-' &&
(isdigit(optarg[1]))) {
errno = 0;
event_exit = strtol(optarg, NULL, 0);
if (errno) {
retval = -1;
fprintf(stderr, "Error converting %s\n",
optarg);
}
} else {
event_exit = audit_name_to_errno(optarg);
if (event_exit == 0) {
retval = -1;
fprintf(stderr,
"Unknown errno, was %s\n",
optarg);
}
}
c++;
if (retval != -1)
event_exit_is_set = 1;
}
break;
case S_TIME_END:
if (optarg) {
if ( (c+2 < count) && vars[c+2] &&
(vars[c+2][0] != '-') ) {
/* Have both date and time - check order*/
if (strchr(optarg, ':')) {
if (ausearch_time_end(vars[c+2],
optarg) != 0)
retval = -1;
} else {
if (ausearch_time_end(optarg,
vars[c+2]) != 0)
retval = -1;
}
c++;
} else {
// Check against recognized words
int t = lookup_time(optarg);
if (t >= 0) {
if (ausearch_time_end(optarg,
NULL) != 0)
retval = -1;
} else if ( (strchr(optarg, ':')) == NULL) {
/* Only have date */
if (ausearch_time_end(optarg,
NULL) != 0)
retval = -1;
} else {
/* Only have time */
if (ausearch_time_end(NULL,
optarg) != 0)
retval = -1;
}
}
c++;
break;
}
fprintf(stderr,
"%s requires either date and/or time\n",
vars[c]);
retval = -1;
break;
case S_TIME_START:
if (optarg) {
if ( (c+2 < count) && vars[c+2] &&
(vars[c+2][0] != '-') ) {
/* Have both date and time - check order */
if (strchr(optarg, ':')) {
if (ausearch_time_start(
vars[c+2], optarg) != 0)
retval = -1;
} else {
if (ausearch_time_start(optarg,
vars[c+2]) != 0)
retval = -1;
}
c++;
} else {
// Check against recognized words
int t = lookup_time(optarg);
if (t >= 0) {
if (ausearch_time_start(optarg,
"00:00:00") != 0)
retval = -1;
}
else if ( strchr(optarg, ':') == NULL) {
/* Only have date */
if (ausearch_time_start(optarg,
"00:00:00") != 0)
retval = -1;
} else {
/* Only have time */
if (ausearch_time_start(NULL,
optarg) != 0)
retval = -1;
}
}
c++;
break;
}
fprintf(stderr,
"%s requires either date and/or time\n",
vars[c]);
retval = -1;
break;
case S_TERMINAL:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
event_terminal = strdup(optarg);
if (event_terminal == NULL)
retval = -1;
c++;
}
break;
case S_UID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
fprintf(stderr,
"Numeric user ID conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else {
struct passwd *pw;
pw = getpwnam(optarg);
if (pw == NULL) {
fprintf(stderr,
"Effective user ID is non-numeric and unknown (%s)\n",
optarg);
retval = -1;
break;
}
event_uid = pw->pw_uid;
}
c++;
break;
case S_EFF_UID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_euid = strtoul(optarg,NULL,10);
if (errno) {
fprintf(stderr,
"Numeric user ID conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else {
struct passwd *pw ;
pw = getpwnam(optarg) ;
if (pw == NULL) {
fprintf(stderr,
"User ID is non-numeric and unknown (%s)\n",
optarg);
retval = -1;
break;
}
event_euid = pw->pw_uid;
}
c++;
break;
case S_ALL_UID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
if (isdigit(optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
fprintf(stderr,
"Numeric user ID conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else {
struct passwd *pw ;
pw = getpwnam(optarg) ;
if (pw == NULL) {
fprintf(stderr,
"User ID is non-numeric and unknown (%s)\n",
optarg);
retval = -1;
break;
}
event_uid = pw->pw_uid;
}
event_ua = 1;
event_euid = event_uid;
event_loginuid = event_uid;
c++;
break;
case S_LOGINID:
if (!optarg) {
if ((c+1 < count) && vars[c+1])
optarg = vars[c+1];
else {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
break;
}
}
{
size_t len = strlen(optarg);
if (isdigit(optarg[0])) {
errno = 0;
event_loginuid = strtoul(optarg,NULL,10);
if (errno) {
fprintf(stderr,
"Numeric user ID conversion error (%s) for %s\n",
strerror(errno), optarg);
retval = -1;
}
} else if (len >= 2 && *(optarg)=='-' &&
(isdigit(optarg[1]))) {
errno = 0;
event_loginuid = strtol(optarg, NULL, 0);
if (errno) {
retval = -1;
fprintf(stderr, "Error converting %s\n",
optarg);
}
} else {
struct passwd *pw ;
pw = getpwnam(optarg) ;
if (pw == NULL) {
fprintf(stderr,
"Login user ID is non-numeric and unknown (%s)\n",
optarg);
retval = -1;
break;
}
event_loginuid = pw->pw_uid;
}
}
c++;
break;
case S_UUID:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
event_uuid = strdup(optarg);
if (event_uuid == NULL) {
retval = -1;
}
c++;
}
break;
case S_VMNAME:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
event_vmname= strdup(optarg);
if (event_vmname == NULL) {
retval = -1;
}
c++;
}
break;
case S_VERSION:
printf("ausearch version %s\n", VERSION);
exit(0);
break;
case S_EXACT_MATCH:
event_exact_match=1;
break;
case S_IN_LOGS:
force_logs = 1;
break;
case S_JUST_ONE:
just_one = 1;
break;
case S_EXECUTABLE:
if (!optarg) {
fprintf(stderr,
"Argument is required for %s\n",
vars[c]);
retval = -1;
} else {
event_exe = strdup(optarg);
if (event_exe == NULL)
retval = -1;
c++;
}
break;
case S_LINEBUFFERED:
line_buffered = 1;
break;
default:
fprintf(stderr, "%s is an unsupported option\n",
vars[c]);
retval = -1;
break;
}
c++;
}
return retval;
}
