Lines Matching +full:- +full:- +full:info
2 * libxt_owner - iptables addon for xt_owner
4 * Copyright © CC Computer Consultants GmbH, 2007 - 2008
48 * Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved
66 "[!] --uid-owner userid Match local UID\n" in owner_mt_help_v0()
67 "[!] --gid-owner groupid Match local GID\n" in owner_mt_help_v0()
68 "[!] --pid-owner processid Match local PID\n" in owner_mt_help_v0()
69 "[!] --sid-owner sessionid Match local SID\n" in owner_mt_help_v0()
70 "[!] --cmd-owner name Match local command name\n" in owner_mt_help_v0()
78 "[!] --uid-owner userid Match local UID\n" in owner_mt6_help_v0()
79 "[!] --gid-owner groupid Match local GID\n" in owner_mt6_help_v0()
80 "[!] --pid-owner processid Match local PID\n" in owner_mt6_help_v0()
81 "[!] --sid-owner sessionid Match local SID\n" in owner_mt6_help_v0()
89 "[!] --uid-owner userid[-userid] Match local UID\n" in owner_mt_help()
90 "[!] --gid-owner groupid[-groupid] Match local GID\n" in owner_mt_help()
91 "[!] --socket-exists Match if socket exists\n" in owner_mt_help()
92 " --suppl-groups Also match supplementary groups set with --gid-owner\n"); in owner_mt_help()
97 {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING,
99 {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
101 {.name = "pid-owner", .id = O_PROCESS, .type = XTTYPE_UINT32,
104 {.name = "sid-owner", .id = O_SESSION, .type = XTTYPE_UINT32,
107 {.name = "cmd-owner", .id = O_COMM, .type = XTTYPE_STRING,
115 {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING,
117 {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
119 {.name = "pid-owner", .id = O_PROCESS, .type = XTTYPE_UINT32,
122 {.name = "sid-owner", .id = O_SESSION, .type = XTTYPE_UINT32,
130 {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING,
132 {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
134 {.name = "socket-exists", .id = O_SOCK_EXISTS, .type = XTTYPE_NONE,
136 {.name = "suppl-groups", .id = O_SUPPL_GROUPS, .type = XTTYPE_NONE},
142 struct ipt_owner_info *info = cb->data; in owner_mt_parse_v0() local
148 switch (cb->entry->id) { in owner_mt_parse_v0()
150 if ((pwd = getpwnam(cb->arg)) != NULL) in owner_mt_parse_v0()
151 id = pwd->pw_uid; in owner_mt_parse_v0()
152 else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) in owner_mt_parse_v0()
153 xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", cb->arg); in owner_mt_parse_v0()
154 if (cb->invert) in owner_mt_parse_v0()
155 info->invert |= IPT_OWNER_UID; in owner_mt_parse_v0()
156 info->match |= IPT_OWNER_UID; in owner_mt_parse_v0()
157 info->uid = id; in owner_mt_parse_v0()
160 if ((grp = getgrnam(cb->arg)) != NULL) in owner_mt_parse_v0()
161 id = grp->gr_gid; in owner_mt_parse_v0()
162 else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) in owner_mt_parse_v0()
163 xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", cb->arg); in owner_mt_parse_v0()
164 if (cb->invert) in owner_mt_parse_v0()
165 info->invert |= IPT_OWNER_GID; in owner_mt_parse_v0()
166 info->match |= IPT_OWNER_GID; in owner_mt_parse_v0()
167 info->gid = id; in owner_mt_parse_v0()
170 if (cb->invert) in owner_mt_parse_v0()
171 info->invert |= IPT_OWNER_PID; in owner_mt_parse_v0()
172 info->match |= IPT_OWNER_PID; in owner_mt_parse_v0()
175 if (cb->invert) in owner_mt_parse_v0()
176 info->invert |= IPT_OWNER_SID; in owner_mt_parse_v0()
177 info->match |= IPT_OWNER_SID; in owner_mt_parse_v0()
180 if (cb->invert) in owner_mt_parse_v0()
181 info->invert |= IPT_OWNER_COMM; in owner_mt_parse_v0()
182 info->match |= IPT_OWNER_COMM; in owner_mt_parse_v0()
189 struct ip6t_owner_info *info = cb->data; in owner_mt6_parse_v0() local
195 switch (cb->entry->id) { in owner_mt6_parse_v0()
197 if ((pwd = getpwnam(cb->arg)) != NULL) in owner_mt6_parse_v0()
198 id = pwd->pw_uid; in owner_mt6_parse_v0()
199 else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) in owner_mt6_parse_v0()
200 xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", cb->arg); in owner_mt6_parse_v0()
201 if (cb->invert) in owner_mt6_parse_v0()
202 info->invert |= IP6T_OWNER_UID; in owner_mt6_parse_v0()
203 info->match |= IP6T_OWNER_UID; in owner_mt6_parse_v0()
204 info->uid = id; in owner_mt6_parse_v0()
207 if ((grp = getgrnam(cb->arg)) != NULL) in owner_mt6_parse_v0()
208 id = grp->gr_gid; in owner_mt6_parse_v0()
209 else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) in owner_mt6_parse_v0()
210 xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", cb->arg); in owner_mt6_parse_v0()
211 if (cb->invert) in owner_mt6_parse_v0()
212 info->invert |= IP6T_OWNER_GID; in owner_mt6_parse_v0()
213 info->match |= IP6T_OWNER_GID; in owner_mt6_parse_v0()
214 info->gid = id; in owner_mt6_parse_v0()
217 if (cb->invert) in owner_mt6_parse_v0()
218 info->invert |= IP6T_OWNER_PID; in owner_mt6_parse_v0()
219 info->match |= IP6T_OWNER_PID; in owner_mt6_parse_v0()
222 if (cb->invert) in owner_mt6_parse_v0()
223 info->invert |= IP6T_OWNER_SID; in owner_mt6_parse_v0()
224 info->match |= IP6T_OWNER_SID; in owner_mt6_parse_v0()
234 /* -1 is reversed, so the max is one less than that. */ in owner_parse_range()
235 if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1)) in owner_parse_range()
238 if (*end == '-' || *end == ':') in owner_parse_range()
239 if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1)) in owner_parse_range()
247 struct xt_owner_match_info *info = cb->data; in owner_mt_parse() local
253 switch (cb->entry->id) { in owner_mt_parse()
255 if ((pwd = getpwnam(cb->arg)) != NULL) in owner_mt_parse()
256 from = to = pwd->pw_uid; in owner_mt_parse()
258 owner_parse_range(cb->arg, &from, &to, "--uid-owner"); in owner_mt_parse()
259 if (cb->invert) in owner_mt_parse()
260 info->invert |= XT_OWNER_UID; in owner_mt_parse()
261 info->match |= XT_OWNER_UID; in owner_mt_parse()
262 info->uid_min = from; in owner_mt_parse()
263 info->uid_max = to; in owner_mt_parse()
266 if ((grp = getgrnam(cb->arg)) != NULL) in owner_mt_parse()
267 from = to = grp->gr_gid; in owner_mt_parse()
269 owner_parse_range(cb->arg, &from, &to, "--gid-owner"); in owner_mt_parse()
270 if (cb->invert) in owner_mt_parse()
271 info->invert |= XT_OWNER_GID; in owner_mt_parse()
272 info->match |= XT_OWNER_GID; in owner_mt_parse()
273 info->gid_min = from; in owner_mt_parse()
274 info->gid_max = to; in owner_mt_parse()
277 if (cb->invert) in owner_mt_parse()
278 info->invert |= XT_OWNER_SOCKET; in owner_mt_parse()
279 info->match |= XT_OWNER_SOCKET; in owner_mt_parse()
282 if (!(info->match & XT_OWNER_GID)) in owner_mt_parse()
283 xtables_param_act(XTF_BAD_VALUE, "owner", "--suppl-groups", "you need to use --gid-owner first"); in owner_mt_parse()
284 info->match |= XT_OWNER_SUPPL_GROUPS; in owner_mt_parse()
291 if (cb->xflags == 0) in owner_mt_check()
293 "--uid-owner, --gid-owner or --socket-exists " in owner_mt_check()
298 owner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label, in owner_mt_print_item_v0() argument
301 if (!(info->match & flag)) in owner_mt_print_item_v0()
303 if (info->invert & flag) in owner_mt_print_item_v0()
307 switch (info->match & flag) { in owner_mt_print_item_v0()
310 struct passwd *pwd = getpwuid(info->uid); in owner_mt_print_item_v0()
312 if (pwd != NULL && pwd->pw_name != NULL) { in owner_mt_print_item_v0()
313 printf(" %s", pwd->pw_name); in owner_mt_print_item_v0()
317 printf(" %u", (unsigned int)info->uid); in owner_mt_print_item_v0()
322 struct group *grp = getgrgid(info->gid); in owner_mt_print_item_v0()
324 if (grp != NULL && grp->gr_name != NULL) { in owner_mt_print_item_v0()
325 printf(" %s", grp->gr_name); in owner_mt_print_item_v0()
329 printf(" %u", (unsigned int)info->gid); in owner_mt_print_item_v0()
333 printf(" %u", (unsigned int)info->pid); in owner_mt_print_item_v0()
337 printf(" %u", (unsigned int)info->sid); in owner_mt_print_item_v0()
341 printf(" %.*s", (int)sizeof(info->comm), info->comm); in owner_mt_print_item_v0()
347 owner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label, in owner_mt6_print_item_v0() argument
350 if (!(info->match & flag)) in owner_mt6_print_item_v0()
352 if (info->invert & flag) in owner_mt6_print_item_v0()
356 switch (info->match & flag) { in owner_mt6_print_item_v0()
359 struct passwd *pwd = getpwuid(info->uid); in owner_mt6_print_item_v0()
361 if (pwd != NULL && pwd->pw_name != NULL) { in owner_mt6_print_item_v0()
362 printf(" %s", pwd->pw_name); in owner_mt6_print_item_v0()
366 printf(" %u", (unsigned int)info->uid); in owner_mt6_print_item_v0()
371 struct group *grp = getgrgid(info->gid); in owner_mt6_print_item_v0()
373 if (grp != NULL && grp->gr_name != NULL) { in owner_mt6_print_item_v0()
374 printf(" %s", grp->gr_name); in owner_mt6_print_item_v0()
378 printf(" %u", (unsigned int)info->gid); in owner_mt6_print_item_v0()
382 printf(" %u", (unsigned int)info->pid); in owner_mt6_print_item_v0()
386 printf(" %u", (unsigned int)info->sid); in owner_mt6_print_item_v0()
392 owner_mt_print_item(const struct xt_owner_match_info *info, const char *label, in owner_mt_print_item() argument
395 if (!(info->match & flag)) in owner_mt_print_item()
397 if (info->invert & flag) in owner_mt_print_item()
401 switch (info->match & flag) { in owner_mt_print_item()
403 if (info->uid_min != info->uid_max) { in owner_mt_print_item()
404 printf(" %u-%u", (unsigned int)info->uid_min, in owner_mt_print_item()
405 (unsigned int)info->uid_max); in owner_mt_print_item()
408 const struct passwd *pwd = getpwuid(info->uid_min); in owner_mt_print_item()
410 if (pwd != NULL && pwd->pw_name != NULL) { in owner_mt_print_item()
411 printf(" %s", pwd->pw_name); in owner_mt_print_item()
415 printf(" %u", (unsigned int)info->uid_min); in owner_mt_print_item()
419 if (info->gid_min != info->gid_max) { in owner_mt_print_item()
420 printf(" %u-%u", (unsigned int)info->gid_min, in owner_mt_print_item()
421 (unsigned int)info->gid_max); in owner_mt_print_item()
424 const struct group *grp = getgrgid(info->gid_min); in owner_mt_print_item()
426 if (grp != NULL && grp->gr_name != NULL) { in owner_mt_print_item()
427 printf(" %s", grp->gr_name); in owner_mt_print_item()
431 printf(" %u", (unsigned int)info->gid_min); in owner_mt_print_item()
440 const struct ipt_owner_info *info = (void *)match->data; in owner_mt_print_v0() local
442 owner_mt_print_item_v0(info, "owner UID match", IPT_OWNER_UID, numeric); in owner_mt_print_v0()
443 owner_mt_print_item_v0(info, "owner GID match", IPT_OWNER_GID, numeric); in owner_mt_print_v0()
444 owner_mt_print_item_v0(info, "owner PID match", IPT_OWNER_PID, numeric); in owner_mt_print_v0()
445 owner_mt_print_item_v0(info, "owner SID match", IPT_OWNER_SID, numeric); in owner_mt_print_v0()
446 owner_mt_print_item_v0(info, "owner CMD match", IPT_OWNER_COMM, numeric); in owner_mt_print_v0()
453 const struct ip6t_owner_info *info = (void *)match->data; in owner_mt6_print_v0() local
455 owner_mt6_print_item_v0(info, "owner UID match", IPT_OWNER_UID, numeric); in owner_mt6_print_v0()
456 owner_mt6_print_item_v0(info, "owner GID match", IPT_OWNER_GID, numeric); in owner_mt6_print_v0()
457 owner_mt6_print_item_v0(info, "owner PID match", IPT_OWNER_PID, numeric); in owner_mt6_print_v0()
458 owner_mt6_print_item_v0(info, "owner SID match", IPT_OWNER_SID, numeric); in owner_mt6_print_v0()
464 const struct xt_owner_match_info *info = (void *)match->data; in owner_mt_print() local
466 owner_mt_print_item(info, "owner socket exists", XT_OWNER_SOCKET, numeric); in owner_mt_print()
467 owner_mt_print_item(info, "owner UID match", XT_OWNER_UID, numeric); in owner_mt_print()
468 owner_mt_print_item(info, "owner GID match", XT_OWNER_GID, numeric); in owner_mt_print()
469 owner_mt_print_item(info, "incl. suppl. groups", XT_OWNER_SUPPL_GROUPS, numeric); in owner_mt_print()
475 const struct ipt_owner_info *info = (void *)match->data; in owner_mt_save_v0() local
477 owner_mt_print_item_v0(info, "--uid-owner", IPT_OWNER_UID, true); in owner_mt_save_v0()
478 owner_mt_print_item_v0(info, "--gid-owner", IPT_OWNER_GID, true); in owner_mt_save_v0()
479 owner_mt_print_item_v0(info, "--pid-owner", IPT_OWNER_PID, true); in owner_mt_save_v0()
480 owner_mt_print_item_v0(info, "--sid-owner", IPT_OWNER_SID, true); in owner_mt_save_v0()
481 owner_mt_print_item_v0(info, "--cmd-owner", IPT_OWNER_COMM, true); in owner_mt_save_v0()
487 const struct ip6t_owner_info *info = (void *)match->data; in owner_mt6_save_v0() local
489 owner_mt6_print_item_v0(info, "--uid-owner", IPT_OWNER_UID, true); in owner_mt6_save_v0()
490 owner_mt6_print_item_v0(info, "--gid-owner", IPT_OWNER_GID, true); in owner_mt6_save_v0()
491 owner_mt6_print_item_v0(info, "--pid-owner", IPT_OWNER_PID, true); in owner_mt6_save_v0()
492 owner_mt6_print_item_v0(info, "--sid-owner", IPT_OWNER_SID, true); in owner_mt6_save_v0()
497 const struct xt_owner_match_info *info = (void *)match->data; in owner_mt_save() local
499 owner_mt_print_item(info, "--socket-exists", XT_OWNER_SOCKET, true); in owner_mt_save()
500 owner_mt_print_item(info, "--uid-owner", XT_OWNER_UID, true); in owner_mt_save()
501 owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, true); in owner_mt_save()
502 owner_mt_print_item(info, "--suppl-groups", XT_OWNER_SUPPL_GROUPS, true); in owner_mt_save()
506 owner_mt_print_uid_xlate(const struct xt_owner_match_info *info, in owner_mt_print_uid_xlate() argument
509 xt_xlate_add(xl, "skuid%s ", info->invert ? " !=" : ""); in owner_mt_print_uid_xlate()
511 if (info->uid_min != info->uid_max) in owner_mt_print_uid_xlate()
512 xt_xlate_add(xl, "%u-%u", (unsigned int)info->uid_min, in owner_mt_print_uid_xlate()
513 (unsigned int)info->uid_max); in owner_mt_print_uid_xlate()
515 xt_xlate_add(xl, "%u", (unsigned int)info->uid_min); in owner_mt_print_uid_xlate()
521 owner_mt_print_gid_xlate(const struct xt_owner_match_info *info, in owner_mt_print_gid_xlate() argument
524 xt_xlate_add(xl, "skgid%s ", info->invert ? " !=" : ""); in owner_mt_print_gid_xlate()
526 if (info->gid_min != info->gid_max) in owner_mt_print_gid_xlate()
527 xt_xlate_add(xl, "%u-%u", (unsigned int)info->gid_min, in owner_mt_print_gid_xlate()
528 (unsigned int)info->gid_max); in owner_mt_print_gid_xlate()
530 xt_xlate_add(xl, "%u", (unsigned int)info->gid_min); in owner_mt_print_gid_xlate()
538 const struct xt_owner_match_info *info = (void *)params->match->data; in owner_mt_xlate() local
541 switch (info->match) { in owner_mt_xlate()
543 ret = owner_mt_print_uid_xlate(info, xl); in owner_mt_xlate()
546 ret = owner_mt_print_gid_xlate(info, xl); in owner_mt_xlate()