15c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt/* 25c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt * libxt_owner - iptables addon for xt_owner 35c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt * 45c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt * Copyright © CC Computer Consultants GmbH, 2007 - 2008 55c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt * Jan Engelhardt <jengelh@computergmbh.de> 65c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt */ 75c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt#include <grp.h> 85c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt#include <pwd.h> 95c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt#include <stdbool.h> 105c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt#include <stdio.h> 119a90f9075cbcaa743c93b57f12f6e38b04dfc790Phil Oester#include <limits.h> 125c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt#include <xtables.h> 135c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt#include <linux/netfilter/xt_owner.h> 14350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt 15350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt/* match and invert flags */ 16350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtenum { 17350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IPT_OWNER_UID = 0x01, 18350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IPT_OWNER_GID = 0x02, 19350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IPT_OWNER_PID = 0x04, 20350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IPT_OWNER_SID = 0x08, 21350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IPT_OWNER_COMM = 0x10, 22350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IP6T_OWNER_UID = IPT_OWNER_UID, 23350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IP6T_OWNER_GID = IPT_OWNER_GID, 24350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IP6T_OWNER_PID = IPT_OWNER_PID, 25350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IP6T_OWNER_SID = IPT_OWNER_SID, 26350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt IP6T_OWNER_COMM = IPT_OWNER_COMM, 27350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt}; 28350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt 29350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_owner_info { 30350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt uid_t uid; 31350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt gid_t gid; 32350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt pid_t pid; 33350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt pid_t sid; 34350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt char comm[16]; 357ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint8_t match, invert; /* flags */ 36350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt}; 37350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt 38350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_owner_info { 39350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt uid_t uid; 40350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt gid_t gid; 41350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt pid_t pid; 42350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt pid_t sid; 43350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt char comm[16]; 447ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint8_t match, invert; /* flags */ 45350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt}; 465c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 475f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt/* 485f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt * Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved 495f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt * UID/GID value anyway. 505f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt */ 515f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt 525c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtenum { 5321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt O_USER = 0, 5421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt O_GROUP, 5521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt O_SOCK_EXISTS, 5621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt O_PROCESS, 5721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt O_SESSION, 5821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt O_COMM, 595c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt}; 605c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 615c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void owner_mt_help_v0(void) 625c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 635c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt printf( 645c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"owner match options:\n" 655c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --uid-owner userid Match local UID\n" 665c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --gid-owner groupid Match local GID\n" 675c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --pid-owner processid Match local PID\n" 685c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --sid-owner sessionid Match local SID\n" 695c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --cmd-owner name Match local command name\n" 708b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt"NOTE: PID, SID and command matching are broken on SMP\n"); 715c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 725c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 735c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void owner_mt6_help_v0(void) 745c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 755c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt printf( 765c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"owner match options:\n" 775c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --uid-owner userid Match local UID\n" 785c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --gid-owner groupid Match local GID\n" 795c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --pid-owner processid Match local PID\n" 805c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"[!] --sid-owner sessionid Match local SID\n" 818b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt"NOTE: PID and SID matching are broken on SMP\n"); 825c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 835c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 845c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void owner_mt_help(void) 855c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 865c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt printf( 875c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt"owner match options:\n" 88ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt"[!] --uid-owner userid[-userid] Match local UID\n" 89ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt"[!] --gid-owner groupid[-groupid] Match local GID\n" 908b7c64d6ba156a99008fcd810cba874c73294333Jan Engelhardt"[!] --socket-exists Match if socket exists\n"); 915c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 925c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 9321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt#define s struct ipt_owner_info 9421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardtstatic const struct xt_option_entry owner_mt_opts_v0[] = { 9521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING, 9621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT}, 9721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING, 9821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT}, 9921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "pid-owner", .id = O_PROCESS, .type = XTTYPE_UINT32, 10021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, pid), 10121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .max = INT_MAX}, 10221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "sid-owner", .id = O_SESSION, .type = XTTYPE_UINT32, 10321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, sid), 10421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .max = INT_MAX}, 10521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "cmd-owner", .id = O_COMM, .type = XTTYPE_STRING, 10621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, comm)}, 10721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt XTOPT_TABLEEND, 1085c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt}; 10921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt#undef s 11021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt 11121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt#define s struct ip6t_owner_info 11221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardtstatic const struct xt_option_entry owner_mt6_opts_v0[] = { 11321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING, 11421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT}, 11521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING, 11621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT}, 11721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "pid-owner", .id = O_PROCESS, .type = XTTYPE_UINT32, 11821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, pid), 11921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .max = INT_MAX}, 12021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt {.name = "sid-owner", .id = O_SESSION, .type = XTTYPE_UINT32, 12121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, sid), 12221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .max = INT_MAX}, 12321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt XTOPT_TABLEEND, 1245c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt}; 12521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt#undef s 1265c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 12721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardtstatic const struct xt_option_entry owner_mt_opts[] = { 128874b76221f74a00520a712ef89b5254a1ed896f8Jan Engelhardt {.name = "uid-owner", .id = O_USER, .type = XTTYPE_STRING, 129874b76221f74a00520a712ef89b5254a1ed896f8Jan Engelhardt .flags = XTOPT_INVERT}, 130874b76221f74a00520a712ef89b5254a1ed896f8Jan Engelhardt {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING, 131874b76221f74a00520a712ef89b5254a1ed896f8Jan Engelhardt .flags = XTOPT_INVERT}, 132c4e1c0992937bce3ac72987aa43f4f3c219cf3e3Jan Engelhardt {.name = "socket-exists", .id = O_SOCK_EXISTS, .type = XTTYPE_NONE, 133c4e1c0992937bce3ac72987aa43f4f3c219cf3e3Jan Engelhardt .flags = XTOPT_INVERT}, 13421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt XTOPT_TABLEEND, 1355c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt}; 1365c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 13721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardtstatic void owner_mt_parse_v0(struct xt_option_call *cb) 1385c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 13921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt struct ipt_owner_info *info = cb->data; 1405c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct passwd *pwd; 1415c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct group *grp; 1425c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt unsigned int id; 1435c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 14421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt xtables_option_parse(cb); 14521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt switch (cb->entry->id) { 14621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_USER: 14721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if ((pwd = getpwnam(cb->arg)) != NULL) 1485c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt id = pwd->pw_uid; 14921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) 15021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", cb->arg); 15121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 1525c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IPT_OWNER_UID; 1535c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IPT_OWNER_UID; 1545c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->uid = id; 15521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 15621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_GROUP: 15721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if ((grp = getgrnam(cb->arg)) != NULL) 1585c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt id = grp->gr_gid; 15921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) 16021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", cb->arg); 16121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 1625c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IPT_OWNER_GID; 1635c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IPT_OWNER_GID; 1645c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->gid = id; 16521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 16621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_PROCESS: 16721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 1685c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IPT_OWNER_PID; 1695c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IPT_OWNER_PID; 17021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 17121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_SESSION: 17221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 1735c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IPT_OWNER_SID; 1745c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IPT_OWNER_SID; 17521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 17621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_COMM: 17721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 1785c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IPT_OWNER_COMM; 1795c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IPT_OWNER_COMM; 18021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 1815c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 1825c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 1835c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 18421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardtstatic void owner_mt6_parse_v0(struct xt_option_call *cb) 1855c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 18621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt struct ip6t_owner_info *info = cb->data; 1875c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct passwd *pwd; 1885c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct group *grp; 1895c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt unsigned int id; 1905c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 19121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt xtables_option_parse(cb); 19221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt switch (cb->entry->id) { 19321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_USER: 19421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if ((pwd = getpwnam(cb->arg)) != NULL) 1955c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt id = pwd->pw_uid; 19621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) 19721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt xtables_param_act(XTF_BAD_VALUE, "owner", "--uid-owner", cb->arg); 19821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 1995c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IP6T_OWNER_UID; 2005c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IP6T_OWNER_UID; 2015c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->uid = id; 20221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 20321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_GROUP: 20421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if ((grp = getgrnam(cb->arg)) != NULL) 2055c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt id = grp->gr_gid; 20621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt else if (!xtables_strtoui(cb->arg, NULL, &id, 0, UINT32_MAX - 1)) 20721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt xtables_param_act(XTF_BAD_VALUE, "owner", "--gid-owner", cb->arg); 20821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 2095c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IP6T_OWNER_GID; 2105c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IP6T_OWNER_GID; 2115c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->gid = id; 21221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 21321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_PROCESS: 21421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 2155c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IP6T_OWNER_PID; 2165c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IP6T_OWNER_PID; 21721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 21821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_SESSION: 21921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 2205c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= IP6T_OWNER_SID; 2215c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= IP6T_OWNER_SID; 22221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 2235c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 2245c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 2255c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 226ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardtstatic void owner_parse_range(const char *s, unsigned int *from, 227ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt unsigned int *to, const char *opt) 228ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt{ 229ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt char *end; 230ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt 2317a63ca74dbcd323217cab7296e68a19b8c9ea6c4Jan Engelhardt /* -1 is reversed, so the max is one less than that. */ 2325f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt if (!xtables_strtoui(s, &end, from, 0, UINT32_MAX - 1)) 233a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); 234ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt *to = *from; 235ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt if (*end == '-' || *end == ':') 2365f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardt if (!xtables_strtoui(end + 1, &end, to, 0, UINT32_MAX - 1)) 237a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); 238ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt if (*end != '\0') 239a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt xtables_param_act(XTF_BAD_VALUE, "owner", opt, s); 240ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt} 241ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt 24221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardtstatic void owner_mt_parse(struct xt_option_call *cb) 2435c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 24421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt struct xt_owner_match_info *info = cb->data; 2455c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct passwd *pwd; 2465c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct group *grp; 247ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt unsigned int from, to; 2485c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 24921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt xtables_option_parse(cb); 25021d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt switch (cb->entry->id) { 25121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_USER: 25221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if ((pwd = getpwnam(cb->arg)) != NULL) 253ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt from = to = pwd->pw_uid; 254ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt else 25521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt owner_parse_range(cb->arg, &from, &to, "--uid-owner"); 25621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 2575c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= XT_OWNER_UID; 258ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt info->match |= XT_OWNER_UID; 259ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt info->uid_min = from; 260ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt info->uid_max = to; 26121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 26221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_GROUP: 26321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if ((grp = getgrnam(cb->arg)) != NULL) 264ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt from = to = grp->gr_gid; 265ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt else 26621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt owner_parse_range(cb->arg, &from, &to, "--gid-owner"); 26721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 2685c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= XT_OWNER_GID; 269ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt info->match |= XT_OWNER_GID; 270ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt info->gid_min = from; 271ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt info->gid_max = to; 27221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 27321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt case O_SOCK_EXISTS: 27421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->invert) 2755c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->invert |= XT_OWNER_SOCKET; 2765c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt info->match |= XT_OWNER_SOCKET; 27721d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt break; 2785c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 2795c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 2805c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 28121d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardtstatic void owner_mt_check(struct xt_fcheck_call *cb) 2825c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 28321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt if (cb->xflags == 0) 2841829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt xtables_error(PARAMETER_PROBLEM, "owner: At least one of " 2855c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt "--uid-owner, --gid-owner or --socket-exists " 2865c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt "is required"); 2875c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 2885c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 2895c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void 2905c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtowner_mt_print_item_v0(const struct ipt_owner_info *info, const char *label, 2917ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint8_t flag, bool numeric) 2925c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 2935c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (!(info->match & flag)) 2945c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt return; 2955c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (info->invert & flag) 29673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" !"); 29773866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", label); 2985c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 2995c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt switch (info->match & flag) { 3005c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IPT_OWNER_UID: 3015c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (!numeric) { 3025c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct passwd *pwd = getpwuid(info->uid); 3035c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3045c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (pwd != NULL && pwd->pw_name != NULL) { 30573866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", pwd->pw_name); 3065c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3075c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 3085c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 30973866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->uid); 3105c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3115c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3125c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IPT_OWNER_GID: 3135c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (!numeric) { 3145c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct group *grp = getgrgid(info->gid); 3155c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3165c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (grp != NULL && grp->gr_name != NULL) { 31773866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", grp->gr_name); 3185c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3195c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 3205c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 32173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->gid); 3225c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3235c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3245c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IPT_OWNER_PID: 32573866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->pid); 3265c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3275c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3285c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IPT_OWNER_SID: 32973866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->sid); 3305c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3315c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3325c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IPT_OWNER_COMM: 33373866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %.*s", (int)sizeof(info->comm), info->comm); 3345c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3355c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 3365c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 3375c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3385c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void 3395c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtowner_mt6_print_item_v0(const struct ip6t_owner_info *info, const char *label, 3407ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint8_t flag, bool numeric) 3415c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 3425c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (!(info->match & flag)) 3435c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt return; 3445c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (info->invert & flag) 34573866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" !"); 34673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", label); 3475c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3485c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt switch (info->match & flag) { 3495c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IP6T_OWNER_UID: 3505c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (!numeric) { 3515c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct passwd *pwd = getpwuid(info->uid); 3525c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3535c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (pwd != NULL && pwd->pw_name != NULL) { 35473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", pwd->pw_name); 3555c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3565c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 3575c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 35873866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->uid); 3595c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3605c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3615c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IP6T_OWNER_GID: 3625c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (!numeric) { 3635c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt struct group *grp = getgrgid(info->gid); 3645c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3655c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (grp != NULL && grp->gr_name != NULL) { 36673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", grp->gr_name); 3675c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3685c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 3695c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 37073866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->gid); 3715c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3725c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3735c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IP6T_OWNER_PID: 37473866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->pid); 3755c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3765c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3775c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case IP6T_OWNER_SID: 37873866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->sid); 3795c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 3805c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 3815c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 3825c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3835c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void 3845c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtowner_mt_print_item(const struct xt_owner_match_info *info, const char *label, 3857ac405297ec38449b30e3b05fd6bf2082fd3d803Jan Engelhardt uint8_t flag, bool numeric) 3865c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 3875c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (!(info->match & flag)) 3885c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt return; 3895c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (info->invert & flag) 39073866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" !"); 39173866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", label); 3925c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 3935c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt switch (info->match & flag) { 3945c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case XT_OWNER_UID: 395ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt if (info->uid_min != info->uid_max) { 39673866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u-%u", (unsigned int)info->uid_min, 397ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt (unsigned int)info->uid_max); 398ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt break; 399ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt } else if (!numeric) { 400ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt const struct passwd *pwd = getpwuid(info->uid_min); 4015c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4025c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (pwd != NULL && pwd->pw_name != NULL) { 40373866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", pwd->pw_name); 4045c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 4055c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 4065c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 40773866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->uid_min); 4085c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 4095c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4105c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt case XT_OWNER_GID: 411ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt if (info->gid_min != info->gid_max) { 41273866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u-%u", (unsigned int)info->gid_min, 413ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt (unsigned int)info->gid_max); 414ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt break; 415ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt } else if (!numeric) { 416ca1da708b6d41dbc5df99335b4370bd1592b4de3Jan Engelhardt const struct group *grp = getgrgid(info->gid_min); 4175c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4185c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt if (grp != NULL && grp->gr_name != NULL) { 41973866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %s", grp->gr_name); 4205c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 4215c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 4225c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 42373866357e4a7a0fdc1b293bf8863fee2bd56da9eJan Engelhardt printf(" %u", (unsigned int)info->gid_min); 4245c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt break; 4255c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt } 4265c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 4275c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4285c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void 4295c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtowner_mt_print_v0(const void *ip, const struct xt_entry_match *match, 4305c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt int numeric) 4315c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 4325c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt const struct ipt_owner_info *info = (void *)match->data; 4335c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 434bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "owner UID match", IPT_OWNER_UID, numeric); 435bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "owner GID match", IPT_OWNER_GID, numeric); 436bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "owner PID match", IPT_OWNER_PID, numeric); 437bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "owner SID match", IPT_OWNER_SID, numeric); 438bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "owner CMD match", IPT_OWNER_COMM, numeric); 4395c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 4405c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4415c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void 4425c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtowner_mt6_print_v0(const void *ip, const struct xt_entry_match *match, 4435c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt int numeric) 4445c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 4455c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt const struct ip6t_owner_info *info = (void *)match->data; 4465c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 447bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "owner UID match", IPT_OWNER_UID, numeric); 448bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "owner GID match", IPT_OWNER_GID, numeric); 449bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "owner PID match", IPT_OWNER_PID, numeric); 450bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "owner SID match", IPT_OWNER_SID, numeric); 4515c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 4525c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4535c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void owner_mt_print(const void *ip, const struct xt_entry_match *match, 4545c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt int numeric) 4555c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 4565c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt const struct xt_owner_match_info *info = (void *)match->data; 4575c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 458bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item(info, "owner socket exists", XT_OWNER_SOCKET, numeric); 459bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item(info, "owner UID match", XT_OWNER_UID, numeric); 460bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item(info, "owner GID match", XT_OWNER_GID, numeric); 4615c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 4625c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4635c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void 4645c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtowner_mt_save_v0(const void *ip, const struct xt_entry_match *match) 4655c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 4665c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt const struct ipt_owner_info *info = (void *)match->data; 4675c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 468bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "--uid-owner", IPT_OWNER_UID, true); 469bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "--gid-owner", IPT_OWNER_GID, true); 470bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "--pid-owner", IPT_OWNER_PID, true); 471bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "--sid-owner", IPT_OWNER_SID, true); 472bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt_print_item_v0(info, "--cmd-owner", IPT_OWNER_COMM, true); 4735c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 4745c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4755c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void 4765c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtowner_mt6_save_v0(const void *ip, const struct xt_entry_match *match) 4775c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 4785c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt const struct ip6t_owner_info *info = (void *)match->data; 4795c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 480bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "--uid-owner", IPT_OWNER_UID, true); 481bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "--gid-owner", IPT_OWNER_GID, true); 482bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "--pid-owner", IPT_OWNER_PID, true); 483bb9284d153f338b01975344e96c1b8bcde7d82a8Jan Engelhardt owner_mt6_print_item_v0(info, "--sid-owner", IPT_OWNER_SID, true); 4845c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 4855c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 4865c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtstatic void owner_mt_save(const void *ip, const struct xt_entry_match *match) 4875c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 4885c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt const struct xt_owner_match_info *info = (void *)match->data; 4895c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 490f3578faae096f191a44742777275a23b566d7566Jan Engelhardt owner_mt_print_item(info, "--socket-exists", XT_OWNER_SOCKET, true); 491f3578faae096f191a44742777275a23b566d7566Jan Engelhardt owner_mt_print_item(info, "--uid-owner", XT_OWNER_UID, true); 492f3578faae096f191a44742777275a23b566d7566Jan Engelhardt owner_mt_print_item(info, "--gid-owner", XT_OWNER_GID, true); 4935c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 4945c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 495f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardtstatic struct xtables_match owner_mt_reg[] = { 496f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt { 497f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .version = XTABLES_VERSION, 498f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .name = "owner", 499f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .revision = 0, 500f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .family = NFPROTO_IPV4, 501f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .size = XT_ALIGN(sizeof(struct ipt_owner_info)), 502f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .userspacesize = XT_ALIGN(sizeof(struct ipt_owner_info)), 503f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .help = owner_mt_help_v0, 50421d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_parse = owner_mt_parse_v0, 50521d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_fcheck = owner_mt_check, 506f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .print = owner_mt_print_v0, 507f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .save = owner_mt_save_v0, 50821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_options = owner_mt_opts_v0, 509f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt }, 510f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt { 511f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .version = XTABLES_VERSION, 512f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .name = "owner", 513f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .revision = 0, 514f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .family = NFPROTO_IPV6, 515f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .size = XT_ALIGN(sizeof(struct ip6t_owner_info)), 516f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .userspacesize = XT_ALIGN(sizeof(struct ip6t_owner_info)), 517f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .help = owner_mt6_help_v0, 51821d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_parse = owner_mt6_parse_v0, 51921d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_fcheck = owner_mt_check, 520f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .print = owner_mt6_print_v0, 521f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .save = owner_mt6_save_v0, 52221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_options = owner_mt6_opts_v0, 523f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt }, 524f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt { 525f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .version = XTABLES_VERSION, 526f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .name = "owner", 527f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .revision = 1, 528f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .family = NFPROTO_UNSPEC, 529f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .size = XT_ALIGN(sizeof(struct xt_owner_match_info)), 530f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .userspacesize = XT_ALIGN(sizeof(struct xt_owner_match_info)), 531f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .help = owner_mt_help, 53221d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_parse = owner_mt_parse, 53321d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_fcheck = owner_mt_check, 534f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .print = owner_mt_print, 535f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt .save = owner_mt_save, 53621d243c3152f0798683aacbf95acfc8c1378924eJan Engelhardt .x6_options = owner_mt_opts, 537f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt }, 5385c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt}; 5395c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt 5405c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardtvoid _init(void) 5415c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt{ 542f2a77520693f0a6dd1df1f87be4b81913961c1f5Jan Engelhardt xtables_register_matches(owner_mt_reg, ARRAY_SIZE(owner_mt_reg)); 5435c5cd885daf43256f7bd24a3a698306764438145Jan Engelhardt} 544