static int lookup_and_set_time(const char *da, struct tm *d) { int retval = lookup_time(da); if (retval >= 0) { switch (retval) { case T_NOW: set_tm_now(d); break; case T_RECENT: set_tm_recent(d); break; case T_TODAY: set_tm_today(d); break; case T_YESTERDAY: set_tm_yesterday(d); break; case T_THIS_WEEK: set_tm_this_week(d); break; case T_WEEK_AGO: set_tm_week_ago(d); break; case T_THIS_MONTH: set_tm_this_month(d); break; case T_THIS_YEAR: set_tm_this_year(d); break; } return 0; } else return -1; }
void lookup_transforms(tf2::BufferCore& buffer, std::set<std::string> frame_ids) { std::string frame1 = "child"; std::string frame2 = "parent"; geometry_msgs::TransformStamped tfs; double num_lookups = 1e5; double tree_depth = 0.0; std::vector<std::string> set_vector(frame_ids.begin(), frame_ids.end()); // Want constant time element indexing size_t n_frames = set_vector.size(); std::stringstream rs; rs << num_lookups << " random lookups - on " << n_frames << " total frames"; log(rs.str().c_str()); double start = now(); for(size_t i = 0; i < num_lookups; i++) { frame1 = set_vector[true_random_index(n_frames)]; frame2 = set_vector[true_random_index(n_frames)]; ros::Time lookup_time(fRand(10.0, 20.0)); try { tfs = buffer.lookupTransform(frame1, frame2, lookup_time); tree_depth += abs(tfs.transform.translation.x); } catch(const tf2::ConnectivityException& e) { log("CONNECTIVITY EXCEPTION"); } catch(const tf2::ExtrapolationException& e) { log("EXTRAPOLATION EXCEPTION"); } catch(const tf2::LookupException& e) { log("LOOKUP EXCEPTION"); } catch (...) { log("SUPER BAD EXCEPTION"); } } double end = now(); double avg_depth = tree_depth / num_lookups; std::stringstream st; st << "Start time: " << start << "\nEnd time: " << end << "\n Diff: " << end - start << "\n Avg: " << (end-start)/num_lookups << "\n Avg tf tree depth:" << avg_depth; log(st.str().c_str()); }
/* * This function examines the commandline parameters and sets various * search options. It returns a 0 on success and < 0 on failure */ int check_params(int count, char *vars[]) { int c = 1; int retval = 0; const char *optarg; while (c < count && retval == 0) { // Go ahead and point to the next argument if (c+1 < count) { if (vars[c+1][0] != '-') optarg = vars[c+1]; else optarg = NULL; } else optarg = NULL; switch (audit_lookup_option(vars[c])) { case R_INFILE: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { user_file = strdup(optarg); if (user_file == NULL) retval = -1; c++; } break; case R_LOG_TIMES: if (set_report(RPT_TIME)) retval = -1; else set_detail(D_DETAILED); break; case R_AVCS: if (set_report(RPT_AVC)) retval = -1; else { set_detail(D_DETAILED); event_comm = dummy; event_subject = dummy; event_object = dummy; } break; case R_AUTH: if (set_report(RPT_AUTH)) retval = -1; else { set_detail(D_DETAILED); event_exe = dummy; event_hostname = dummy; event_terminal = dummy; } break; case R_MAC: if (set_report(RPT_MAC)) retval = -1; else set_detail(D_DETAILED); break; case R_CONFIGS: if (set_report(RPT_CONFIG)) retval = -1; else set_detail(D_DETAILED); break; case R_CRYPTO: if (set_report(RPT_CRYPTO)) retval = -1; else set_detail(D_DETAILED); break; case R_LOGINS: if (set_report(RPT_LOGIN)) retval = -1; else { set_detail(D_DETAILED); event_exe = dummy; event_hostname = dummy; event_terminal = dummy; } break; case R_ACCT_MODS: if (set_report(RPT_ACCT_MOD)) retval = -1; else { set_detail(D_DETAILED); event_exe = dummy; event_hostname = dummy; event_terminal = dummy; } break; case R_EVENTS: if (set_report(RPT_EVENT)) retval = -1; else { // if (!optarg) set_detail(D_DETAILED); // else { // UNIMPLEMENTED; // set_detail(D_SPECIFIC); // if (isdigit(optarg[0])) { // errno = 0; // event_id = strtoul(optarg, // NULL, 10); // if (errno) { // fprintf(stderr, // "Illegal value for audit event ID"); // retval = -1; // } // c++; // } else { // fprintf(stderr, // "Audit event id must be a numeric value, was %s\n", // optarg); // retval = -1; // } // } } break; case R_FILES: if (set_report(RPT_FILE)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_filename = dummy; event_exe = dummy; } else { UNIMPLEMENTED; } } break; case R_HOSTS: if (set_report(RPT_HOST)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_hostname = dummy; } else { UNIMPLEMENTED; } } break; case R_INTERPRET: report_format = RPT_INTERP; if (optarg) { fprintf(stderr, "Argument is NOT required for %s\n", vars[c]); retval = -1; } break; case R_PIDS: if (set_report(RPT_PID)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_exe = dummy; } else { UNIMPLEMENTED; } } break; case R_SYSCALLS: if (set_report(RPT_SYSCALL)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_comm = dummy; } else { UNIMPLEMENTED; } } break; case R_TERMINALS: if (set_report(RPT_TERM)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_terminal = dummy; event_hostname = dummy; event_exe = dummy; } else { UNIMPLEMENTED; } } break; case R_USERS: if (set_report(RPT_USER)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_terminal = dummy; event_hostname = dummy; event_exe = dummy; } else { UNIMPLEMENTED; } } break; case R_EXES: if (set_report(RPT_EXE)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_terminal = dummy; event_hostname = dummy; event_exe = dummy; } else { UNIMPLEMENTED; } } break; case R_ANOMALY: if (set_report(RPT_ANOMALY)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_terminal = dummy; event_hostname = dummy; event_exe = dummy; event_comm = dummy; } else { UNIMPLEMENTED; } } break; case R_RESPONSE: if (set_report(RPT_RESPONSE)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); } else { UNIMPLEMENTED; } } break; case R_KEYS: if (set_report(RPT_KEY)) retval = -1; else { if (!optarg) { set_detail(D_DETAILED); event_exe = dummy; event_key = dummy; } else { UNIMPLEMENTED; } } break; case R_TTY: if (set_report(RPT_TTY)) retval = -1; else { event_session_id = 1; event_terminal = dummy; event_comm = dummy; set_detail(D_DETAILED); } break; case R_TIME_END: if (optarg) { if ( (c+2 < count) && vars[c+2] && (vars[c+2][0] != '-') ) { /* Have both date and time - check order*/ if (strchr(optarg, ':')) { if (ausearch_time_end(vars[c+2], optarg) != 0) retval = -1; } else { if (ausearch_time_end(optarg, vars[c+2]) != 0) retval = -1; } c++; } else { // Check against recognized words int t = lookup_time(optarg); if (t >= 0) { if (ausearch_time_end(optarg, NULL) != 0) retval = -1; } else if ( (strchr(optarg, ':')) == NULL) { /* Only have date */ if (ausearch_time_end(optarg, NULL) != 0) retval = -1; } else { /* Only have time */ if (ausearch_time_end(NULL, optarg) != 0) retval = -1; } } c++; break; } fprintf(stderr, "%s requires either date and/or time\n", vars[c]); retval = -1; break; case R_TIME_START: if (optarg) { if ( (c+2 < count) && vars[c+2] && (vars[c+2][0] != '-') ) { /* Have both date and time - check order */ if (strchr(optarg, ':')) { if (ausearch_time_start( vars[c+2], optarg) != 0) retval = -1; } else { if (ausearch_time_start(optarg, vars[c+2]) != 0) retval = -1; } c++; } else { // Check against recognized words int t = lookup_time(optarg); if (t >= 0) { if (ausearch_time_start(optarg, "00:00:00") != 0) retval = -1; } else if ( strchr(optarg, ':') == NULL) { /* Only have date */ if (ausearch_time_start(optarg, "00:00:00") != 0) retval = -1; } else { /* Only have time */ if (ausearch_time_start(NULL, optarg) != 0) retval = -1; } } c++; break; } fprintf(stderr, "%s requires either date and/or time\n", vars[c]); retval = -1; break; case R_NODE: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { snode sn; c++; if (!event_node_list) { event_node_list = malloc(sizeof (slist)); if (!event_node_list) { retval = -1; break; } slist_create(event_node_list); } sn.str = strdup(optarg); sn.key = NULL; sn.hits=0; slist_append(event_node_list, &sn); } break; case R_SUMMARY_DET: set_detail(D_SUM); break; case R_FAILED: event_failed = F_FAILED; break; case R_SUCCESS: event_failed = F_SUCCESS; break; case R_ADD: event_conf_act = C_ADD; break; case R_DEL: event_conf_act = C_DEL; break; case R_IN_LOGS: force_logs = 1; break; case R_VERSION: printf("aureport version %s\n", VERSION); exit(0); break; case R_HELP: usage(); exit(0); break; default: fprintf(stderr, "%s is an unsupported option\n", vars[c]); retval = -1; break; } c++; } if (retval >= 0) { if (report_type == RPT_UNSET) { if (set_report(RPT_SUMMARY)) retval = -1; else { set_detail(D_SUM); event_filename = dummy; event_hostname = dummy; event_terminal = dummy; event_exe = dummy; event_key = dummy; } } } else usage(); return retval; }
int ausearch_time_end(const char *da, const char *ti) { /* If date == NULL, use current date */ /* If ti == NULL, use current time */ int rc = 0; struct tm d, t; char *ret; if (da == NULL) set_tm_now(&d); else { if (lookup_and_set_time(da, &d) < 0) { ret = strptime(da, "%x", &d); if (ret == NULL) { fprintf(stderr, "Invalid end date (%s). Month, Day, and Year are required.\n", da); return 1; } if (*ret != 0) { fprintf(stderr, "Error parsing end date (%s)\n", da); return 1; } } else { int keyword=lookup_time(da); if (keyword == T_RECENT || keyword == T_NOW) { if (ti == NULL || strcmp(ti, "00:00:00") == 0) goto set_it; } // Special case today if (keyword == T_TODAY) { set_tm_now(&d); if (ti == NULL || strcmp(ti, "00:00:00") == 0) goto set_it; } } } if (ti != NULL) { char tmp_t[36]; if (strlen(ti) <= 5) { snprintf(tmp_t, sizeof(tmp_t), "%s:00", ti); } else { tmp_t[0]=0; strncat(tmp_t, ti, sizeof(tmp_t)-1); } ret = strptime(tmp_t, "%X", &t); if (ret == NULL) { fprintf(stderr, "Invalid end time (%s). Hour, Minute, and Second are required.\n", ti); return 1; } if (*ret != 0) { fprintf(stderr, "Error parsing end time (%s)\n", ti); return 1; } } else { time_t tt = time(NULL); struct tm *tv = localtime(&tt); clear_tm(&t); t.tm_hour = tv->tm_hour; t.tm_min = tv->tm_min; t.tm_sec = tv->tm_sec; t.tm_isdst = tv->tm_isdst; } add_tm(&d, &t); if (d.tm_year < 104) { fprintf(stderr, "Error - year is %d\n", d.tm_year+1900); return -1; } set_it: // printf("end is: %s\n", ctime(&end_time)); end_time = mktime(&d); if (end_time == -1) { fprintf(stderr, "Error converting end time\n"); rc = -1; } return rc; }
int ausearch_time_start(const char *da, const char *ti) { /* If da == NULL, use current date */ /* If ti == NULL, then use midnight 00:00:00 */ int rc = 0; struct tm d, t; char *ret; if (da == NULL) set_tm_now(&d); else { if (lookup_and_set_time(da, &d) < 0) { ret = strptime(da, "%x", &d); if (ret == NULL) { fprintf(stderr, "Invalid start date (%s). Month, Day, and Year are required.\n", da); return 1; } if (*ret != 0) { fprintf(stderr, "Error parsing start date (%s)\n", da); return 1; } } else { int keyword=lookup_time(da); if (keyword == T_RECENT || keyword == T_NOW) { if (ti == NULL || strcmp(ti, "00:00:00") == 0) goto set_it; } } } if (ti != NULL) { char tmp_t[36]; if (strlen(ti) <= 5) { snprintf(tmp_t, sizeof(tmp_t), "%s:00", ti); } else { tmp_t[0]=0; strncat(tmp_t, ti, sizeof(tmp_t)-1); } ret = strptime(tmp_t, "%X", &t); if (ret == NULL) { fprintf(stderr, "Invalid start time (%s). Hour, Minute, and Second are required.\n", ti); return 1; } if (*ret != 0) { fprintf(stderr, "Error parsing start time (%s)\n", ti); return 1; } } else clear_tm(&t); add_tm(&d, &t); if (d.tm_year < 104) { fprintf(stderr, "Error - year is %d\n", d.tm_year+1900); return -1; } set_it: // printf("start is: %s\n", ctime(&start_time)); start_time = mktime(&d); if (start_time == -1) { fprintf(stderr, "Error converting start time\n"); rc = -1; } return rc; }
/* * This function examines the commandline parameters and sets various * search options. It returns a 0 on success and < 0 on failure */ int check_params(int count, char *vars[]) { int c = 1; int retval = 0; const char *optarg; if (count < 2) { usage(); return -1; } while (c < count && retval == 0) { // Go ahead and point to the next argument if (c+1 < count) { if (vars[c+1][0] != '-') optarg = vars[c+1]; else optarg = NULL; } else optarg = NULL; switch (audit_lookup_option(vars[c])) { case S_EVENT: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_id = strtoul(optarg, NULL, 10); if (errno) { fprintf(stderr, "Illegal value for audit event ID"); retval = -1; } c++; } else { fprintf(stderr, "Audit event id must be a numeric value, was %s\n", optarg); retval = -1; } break; case S_COMM: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } else { event_comm = strdup(optarg); if (event_comm == NULL) retval = -1; c++; } break; case S_FILENAME: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { event_filename = strdup(optarg); if (event_filename == NULL) retval = -1; c++; } break; case S_KEY: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { event_key = strdup(optarg); if (event_key == NULL) retval = -1; c++; } break; case S_ALL_GID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_gid = strtoul(optarg,NULL,10); if (errno) { fprintf(stderr, "Numeric group ID conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else { struct group *gr ; gr = getgrnam(optarg) ; if (gr == NULL) { fprintf(stderr, "Group ID is non-numeric and unknown (%s)\n", optarg); retval = -1; break; } event_gid = gr->gr_gid; } event_egid = event_gid; event_ga = 1; c++; break; case S_EFF_GID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_egid = strtoul(optarg,NULL,10); if (errno) { fprintf(stderr, "Numeric group ID conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else { struct group *gr ; gr = getgrnam(optarg) ; if (gr == NULL) { fprintf(stderr, "Effective group ID is non-numeric and unknown (%s)\n", optarg); retval = -1; break; } event_egid = gr->gr_gid; } c++; break; case S_GID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_gid = strtoul(optarg,NULL,10); if (errno) { fprintf(stderr, "Numeric group ID conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else { struct group *gr ; gr = getgrnam(optarg) ; if (gr == NULL) { fprintf(stderr, "Group ID is non-numeric and unknown (%s)\n", optarg); retval = -1; break; } event_gid = gr->gr_gid; } c++; break; case S_HELP: usage(); exit(0); break; case S_HOSTNAME: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { event_hostname = strdup(optarg); if (event_hostname == NULL) retval = -1; c++; } break; case S_INTERP: if (report_format == RPT_DEFAULT) report_format = RPT_INTERP; else { fprintf(stderr, "Conflicting output format %s\n", vars[c]); retval = -1; } if (optarg) { fprintf(stderr, "Argument is NOT required for %s\n", vars[c]); retval = -1; } break; case S_INFILE: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { user_file = strdup(optarg); if (user_file == NULL) retval = -1; c++; } break; case S_MESSAGE_TYPE: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { if (strcasecmp(optarg, "ALL") != 0) { retval = parse_msg(optarg); } c++; } if (retval < 0) { int i; fprintf(stderr, "Valid message types are: ALL "); for (i=AUDIT_USER;i<=AUDIT_LAST_VIRT_MSG;i++){ const char *name; if (i == AUDIT_WATCH_INS) // Skip a few i = AUDIT_FIRST_USER_MSG; name = audit_msg_type_to_name(i); if (name) fprintf(stderr, "%s ", name); } fprintf(stderr, "\n"); } break; case S_OBJECT: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } else { event_object = strdup(optarg); if (event_object == NULL) retval = -1; c++; } break; case S_PPID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_ppid = strtol(optarg,NULL,10); if (errno) retval = -1; c++; } else { fprintf(stderr, "Parent process id must be a numeric value, was %s\n", optarg); retval = -1; } break; case S_PID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_pid = strtol(optarg,NULL,10); if (errno) retval = -1; c++; } else { fprintf(stderr, "Process id must be a numeric value, was %s\n", optarg); retval = -1; } break; case S_RAW: if (report_format == RPT_DEFAULT) report_format = RPT_RAW; else { fprintf(stderr, "Conflicting output format --raw\n"); retval = -1; } if (optarg) { fprintf(stderr, "Argument is NOT required for --raw\n"); retval = -1; } break; case S_NODE: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { snode sn; c++; if (!event_node_list) { event_node_list = malloc(sizeof (slist)); if (!event_node_list) { retval = -1; break; } slist_create(event_node_list); } sn.str = strdup(optarg); sn.key = NULL; sn.hits=0; slist_append(event_node_list, &sn); } break; case S_SYSCALL: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_syscall = (int)strtoul(optarg, NULL, 10); if (errno) { fprintf(stderr, "Syscall numeric conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else { int machine; machine = audit_detect_machine(); if (machine < 0) { fprintf(stderr, "Error detecting machine type"); retval = -1; break; } event_syscall = audit_name_to_syscall(optarg, machine); if (event_syscall == -1) { fprintf(stderr, "Syscall %s not found\n", optarg); retval = -1; } } c++; break; case S_CONTEXT: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } else { event_subject = strdup(optarg); if (event_subject == NULL) retval = -1; event_object = strdup(optarg); if (event_object == NULL) retval = -1; event_se = 1; c++; } break; case S_SUBJECT: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } else { event_subject = strdup(optarg); if (event_subject == NULL) retval = -1; c++; } break; case S_OSUCCESS: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if ( (strstr(optarg, "yes")!=NULL) || (strstr(optarg, "no")!=NULL) ) { if (strcmp(optarg, "yes") == 0) event_success = S_SUCCESS; else event_success = S_FAILED; } else { fprintf(stderr, "Success must be 'yes' or 'no'.\n"); retval = -1; } c++; break; case S_SESSION: if (!optarg) { if ((c+1 < count) && vars[c+1]) optarg = vars[c+1]; else { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } } { size_t len = strlen(optarg); if (isdigit(optarg[0])) { errno = 0; event_session_id = strtol(optarg,NULL,10); if (errno) retval = -1; c++; } else if (len >= 2 && *(optarg)=='-' && (isdigit(optarg[1]))) { errno = 0; event_session_id = strtol(optarg, NULL, 0); if (errno) { retval = -1; fprintf(stderr, "Error converting %s\n", optarg); } c++; } else { fprintf(stderr, "Session id must be a numeric value, was %s\n", optarg); retval = -1; } } break; case S_EXIT: if (!optarg) { if ((c+1 < count) && vars[c+1]) optarg = vars[c+1]; else { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } } { size_t len = strlen(optarg); if (isdigit(optarg[0])) { errno = 0; event_exit = strtol(optarg, NULL, 0); if (errno) { retval = -1; fprintf(stderr, "Error converting %s\n", optarg); } } else if (len >= 2 && *(optarg)=='-' && (isdigit(optarg[1]))) { errno = 0; event_exit = strtol(optarg, NULL, 0); if (errno) { retval = -1; fprintf(stderr, "Error converting %s\n", optarg); } } else { event_exit = audit_name_to_errno(optarg); if (event_exit == 0) { retval = -1; fprintf(stderr, "Unknown errno, was %s\n", optarg); } } c++; if (retval != -1) event_exit_is_set = 1; } break; case S_TIME_END: if (optarg) { if ( (c+2 < count) && vars[c+2] && (vars[c+2][0] != '-') ) { /* Have both date and time - check order*/ if (strchr(optarg, ':')) { if (ausearch_time_end(vars[c+2], optarg) != 0) retval = -1; } else { if (ausearch_time_end(optarg, vars[c+2]) != 0) retval = -1; } c++; } else { // Check against recognized words int t = lookup_time(optarg); if (t >= 0) { if (ausearch_time_end(optarg, NULL) != 0) retval = -1; } else if ( (strchr(optarg, ':')) == NULL) { /* Only have date */ if (ausearch_time_end(optarg, NULL) != 0) retval = -1; } else { /* Only have time */ if (ausearch_time_end(NULL, optarg) != 0) retval = -1; } } c++; break; } fprintf(stderr, "%s requires either date and/or time\n", vars[c]); retval = -1; break; case S_TIME_START: if (optarg) { if ( (c+2 < count) && vars[c+2] && (vars[c+2][0] != '-') ) { /* Have both date and time - check order */ if (strchr(optarg, ':')) { if (ausearch_time_start( vars[c+2], optarg) != 0) retval = -1; } else { if (ausearch_time_start(optarg, vars[c+2]) != 0) retval = -1; } c++; } else { // Check against recognized words int t = lookup_time(optarg); if (t >= 0) { if (ausearch_time_start(optarg, "00:00:00") != 0) retval = -1; } else if ( strchr(optarg, ':') == NULL) { /* Only have date */ if (ausearch_time_start(optarg, "00:00:00") != 0) retval = -1; } else { /* Only have time */ if (ausearch_time_start(NULL, optarg) != 0) retval = -1; } } c++; break; } fprintf(stderr, "%s requires either date and/or time\n", vars[c]); retval = -1; break; case S_TERMINAL: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { event_terminal = strdup(optarg); if (event_terminal == NULL) retval = -1; c++; } break; case S_UID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_uid = strtoul(optarg,NULL,10); if (errno) { fprintf(stderr, "Numeric user ID conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else { struct passwd *pw; pw = getpwnam(optarg); if (pw == NULL) { fprintf(stderr, "Effective user ID is non-numeric and unknown (%s)\n", optarg); retval = -1; break; } event_uid = pw->pw_uid; } c++; break; case S_EFF_UID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_euid = strtoul(optarg,NULL,10); if (errno) { fprintf(stderr, "Numeric user ID conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else { struct passwd *pw ; pw = getpwnam(optarg) ; if (pw == NULL) { fprintf(stderr, "User ID is non-numeric and unknown (%s)\n", optarg); retval = -1; break; } event_euid = pw->pw_uid; } c++; break; case S_ALL_UID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } if (isdigit(optarg[0])) { errno = 0; event_uid = strtoul(optarg,NULL,10); if (errno) { fprintf(stderr, "Numeric user ID conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else { struct passwd *pw ; pw = getpwnam(optarg) ; if (pw == NULL) { fprintf(stderr, "User ID is non-numeric and unknown (%s)\n", optarg); retval = -1; break; } event_uid = pw->pw_uid; } event_ua = 1; event_euid = event_uid; event_loginuid = event_uid; c++; break; case S_LOGINID: if (!optarg) { if ((c+1 < count) && vars[c+1]) optarg = vars[c+1]; else { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; break; } } { size_t len = strlen(optarg); if (isdigit(optarg[0])) { errno = 0; event_loginuid = strtoul(optarg,NULL,10); if (errno) { fprintf(stderr, "Numeric user ID conversion error (%s) for %s\n", strerror(errno), optarg); retval = -1; } } else if (len >= 2 && *(optarg)=='-' && (isdigit(optarg[1]))) { errno = 0; event_loginuid = strtol(optarg, NULL, 0); if (errno) { retval = -1; fprintf(stderr, "Error converting %s\n", optarg); } } else { struct passwd *pw ; pw = getpwnam(optarg) ; if (pw == NULL) { fprintf(stderr, "Login user ID is non-numeric and unknown (%s)\n", optarg); retval = -1; break; } event_loginuid = pw->pw_uid; } } c++; break; case S_UUID: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { event_uuid = strdup(optarg); if (event_uuid == NULL) { retval = -1; } c++; } break; case S_VMNAME: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { event_vmname= strdup(optarg); if (event_vmname == NULL) { retval = -1; } c++; } break; case S_VERSION: printf("ausearch version %s\n", VERSION); exit(0); break; case S_EXACT_MATCH: event_exact_match=1; break; case S_IN_LOGS: force_logs = 1; break; case S_JUST_ONE: just_one = 1; break; case S_EXECUTABLE: if (!optarg) { fprintf(stderr, "Argument is required for %s\n", vars[c]); retval = -1; } else { event_exe = strdup(optarg); if (event_exe == NULL) retval = -1; c++; } break; case S_LINEBUFFERED: line_buffered = 1; break; default: fprintf(stderr, "%s is an unsupported option\n", vars[c]); retval = -1; break; } c++; } return retval; }