diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-29 12:49:00 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-29 15:07:35 +0100 |
commit | 1a5153117784c267ceb81c048dd5e9b9c4309fbb (patch) | |
tree | 23b5b83b5a8e76c4ed1463e8f93980564f2c3ebd | |
parent | 48636e1fe6f6d3141de735f9faf4c359938b837c (diff) |
src: default to numeric UID and GID listing
Like iptables-save, print UID and GID as numeric values by default.
Add a new option `-u' to print the UID and GID names as defined by
/etc/passwd and /etc/group.
Note that -n is ignored after this patch, since default are numeric
printing for UID and GID.
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | doc/libnftables.adoc | 3 | ||||
-rw-r--r-- | doc/nft.txt | 4 | ||||
-rw-r--r-- | include/nftables.h | 5 | ||||
-rw-r--r-- | include/nftables/libnftables.h | 1 | ||||
-rw-r--r-- | src/json.c | 4 | ||||
-rw-r--r-- | src/main.c | 11 | ||||
-rw-r--r-- | src/meta.c | 4 |
7 files changed, 27 insertions, 5 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index 6b8098fd..67d9f261 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -90,6 +90,7 @@ enum { NFT_CTX_OUTPUT_HANDLE = (1 << 3), NFT_CTX_OUTPUT_JSON = (1 << 4), NFT_CTX_OUTPUT_ECHO = (1 << 5), + NFT_CTX_OUTPUT_GUID = (1 << 6), }; ---- @@ -112,6 +113,8 @@ This flag controls JSON output format, input is auto-detected. NFT_CTX_OUTPUT_ECHO:: The echo setting makes libnftables print the changes once they are committed to the kernel, just like a running instance of *nft monitor* would. Amongst other things, this allows to retrieve an added rule's handle atomically. +NFT_CTX_OUTPUT_GUID:: + Display UID and GID as described in the /etc/passwd and /etc/group files. The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'. diff --git a/doc/nft.txt b/doc/nft.txt index 711d8a4f..39527c4e 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -52,6 +52,10 @@ For a full summary of options, run *nft --help*. *--service*:: Translate ports to service names as defined by /etc/services. +*-u*:: +*--guid**:: + Translate numeric UID/GID to names as defined by /etc/passwd and /etc/group. + *-c*:: *--check*:: Check commands validity without actually applying the changes. diff --git a/include/nftables.h b/include/nftables.h index fa6665a1..2dff07fe 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -58,6 +58,11 @@ static inline bool nft_output_echo(const struct output_ctx *octx) return octx->flags & NFT_CTX_OUTPUT_ECHO; } +static inline bool nft_output_guid(const struct output_ctx *octx) +{ + return octx->flags & NFT_CTX_OUTPUT_GUID; +} + struct nft_cache { uint16_t genid; struct list_head list; diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h index 47772408..ff7b47aa 100644 --- a/include/nftables/libnftables.h +++ b/include/nftables/libnftables.h @@ -51,6 +51,7 @@ enum { NFT_CTX_OUTPUT_HANDLE = (1 << 3), NFT_CTX_OUTPUT_JSON = (1 << 4), NFT_CTX_OUTPUT_ECHO = (1 << 5), + NFT_CTX_OUTPUT_GUID = (1 << 6), }; unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx); @@ -1021,7 +1021,7 @@ json_t *uid_type_json(const struct expr *expr, struct output_ctx *octx) { uint32_t uid = mpz_get_uint32(expr->value); - if (octx->numeric < NFT_NUMERIC_ALL) { + if (nft_output_guid(octx)) { struct passwd *pw = getpwuid(uid); if (pw) @@ -1034,7 +1034,7 @@ json_t *gid_type_json(const struct expr *expr, struct output_ctx *octx) { uint32_t gid = mpz_get_uint32(expr->value); - if (octx->numeric < NFT_NUMERIC_ALL) { + if (nft_output_guid(octx)) { struct group *gr = getgrgid(gid); if (gr) @@ -39,10 +39,11 @@ enum opt_vals { OPT_DEBUG = 'd', OPT_HANDLE_OUTPUT = 'a', OPT_ECHO = 'e', + OPT_GUID = 'u', OPT_INVALID = '?', }; -#define OPTSTRING "hvcf:iI:jvnsNaeS" +#define OPTSTRING "hvcf:iI:jvnsNaeSu" static const struct option options[] = { { @@ -105,6 +106,10 @@ static const struct option options[] = { .val = OPT_JSON, }, { + .name = "guid", + .val = OPT_GUID, + }, + { .name = NULL } }; @@ -127,6 +132,7 @@ static void show_help(const char *name) " Specify twice to also show Internet services (port numbers) numerically.\n" " Specify three times to also show protocols, user IDs, and group IDs numerically.\n" " -s, --stateless Omit stateful information of ruleset.\n" +" -u, --guid Print UID/GID as defined in /etc/passwd and /etc/group.\n" " -N Translate IP addresses to names.\n" " -S, --service Translate ports to service names as described in /etc/services.\n" " -a, --handle Output rule handle.\n" @@ -276,6 +282,9 @@ int main(int argc, char * const *argv) output_flags |= NFT_CTX_OUTPUT_JSON; #endif break; + case OPT_GUID: + output_flags |= NFT_CTX_OUTPUT_GUID; + break; case OPT_INVALID: exit(EXIT_FAILURE); } @@ -207,7 +207,7 @@ static void uid_type_print(const struct expr *expr, struct output_ctx *octx) { struct passwd *pw; - if (octx->numeric < NFT_NUMERIC_ALL) { + if (nft_output_guid(octx)) { uint32_t uid = mpz_get_uint32(expr->value); pw = getpwuid(uid); @@ -260,7 +260,7 @@ static void gid_type_print(const struct expr *expr, struct output_ctx *octx) { struct group *gr; - if (octx->numeric < NFT_NUMERIC_ALL) { + if (nft_output_guid(octx)) { uint32_t gid = mpz_get_uint32(expr->value); gr = getgrgid(gid); |