From 56c177590e47de26dd39b51823a09800a96fa1fd Mon Sep 17 00:00:00 2001 From: laforge Date: Sun, 13 Apr 2003 16:32:49 +0000 Subject: apply ipv6 port of ownercmd patch (Patrick McHardy) --- extensions/libip6t_owner.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c index ce34358..ee3283c 100644 --- a/extensions/libip6t_owner.c +++ b/extensions/libip6t_owner.c @@ -14,14 +14,26 @@ static void help(void) { +#ifdef IP6T_OWNER_COMM printf( "OWNER match v%s options:\n" "[!] --uid-owner userid Match local uid\n" "[!] --gid-owner groupid Match local gid\n" "[!] --pid-owner processid Match local pid\n" "[!] --sid-owner sessionid Match local sid\n" +"[!] --cmd-owner name Match local command name\n" "\n", IPTABLES_VERSION); +#else + printf( +"OWNER match v%s options:\n" +"[!] --uid-owner userid Match local uid\n" +"[!] --gid-owner groupid Match local gid\n" +"[!] --pid-owner processid Match local pid\n" +"[!] --sid-owner sessionid Match local sid\n" +"\n", +IPTABLES_VERSION); +#endif /* IP6T_OWNER_COMM */ } static struct option opts[] = { @@ -29,6 +41,9 @@ static struct option opts[] = { { "gid-owner", 1, 0, '2' }, { "pid-owner", 1, 0, '3' }, { "sid-owner", 1, 0, '4' }, +#ifdef IP6T_OWNER_COMM + { "cmd-owner", 1, 0, '5' }, +#endif {0} }; @@ -107,6 +122,21 @@ parse(int c, char **argv, int invert, unsigned int *flags, *flags = 1; break; +#ifdef IP6T_OWNER_COMM + case '5': + check_inverse(optarg, &invert, &optind, 0); + if(strlen(optarg) > sizeof(ownerinfo->comm)) + exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm)); + + strncpy(ownerinfo->comm, optarg, sizeof(ownerinfo->comm)); + + if (invert) + ownerinfo->invert |= IP6T_OWNER_COMM; + ownerinfo->match |= IP6T_OWNER_COMM; + *flags = 1; + break; +#endif + default: return 0; } @@ -154,6 +184,11 @@ print_item(struct ip6t_owner_info *info, u_int8_t flag, int numeric, char *label case IP6T_OWNER_SID: printf("%u ", info->sid); break; +#ifdef IP6T_OWNER_COMM + case IP6T_OWNER_COMM: + printf("%.*s ", (int)sizeof(info->comm), info->comm); + break; +#endif default: break; } @@ -181,6 +216,9 @@ print(const struct ip6t_ip6 *ip, print_item(info, IP6T_OWNER_GID, numeric, "OWNER GID match "); print_item(info, IP6T_OWNER_PID, numeric, "OWNER PID match "); print_item(info, IP6T_OWNER_SID, numeric, "OWNER SID match "); +#ifdef IP6T_OWNER_COMM + print_item(info, IP6T_OWNER_COMM, numeric, "OWNER CMD match "); +#endif } /* Saves the union ip6t_matchinfo in parsable form to stdout. */ @@ -193,6 +231,9 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match) print_item(info, IP6T_OWNER_GID, 0, "--gid-owner "); print_item(info, IP6T_OWNER_PID, 0, "--pid-owner "); print_item(info, IP6T_OWNER_SID, 0, "--sid-owner "); +#ifdef IP6T_OWNER_COMM + print_item(info, IP6T_OWNER_COMM, 0, "--cmd-owner "); +#endif } static -- cgit v1.2.3