diff options
author | Jan Engelhardt <jengelh@computergmbh.de> | 2008-01-31 07:06:38 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:43 -0500 |
commit | edc26f7aaa23591c779d6d6fc833c0c96fbeb3c0 (patch) | |
tree | 4ba051cb54853003e308f70f69dad58a25a07753 | |
parent | 37c08387fc31a0fe7a570664c93be4f1c1bc0c94 (diff) |
[NETFILTER]: xt_owner: allow matching UID/GID ranges
Add support for ranges to the new revision. This doesn't affect
compatibility since the new revision was not released yet.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/netfilter/xt_owner.h | 4 | ||||
-rw-r--r-- | net/netfilter/xt_owner.c | 14 |
2 files changed, 10 insertions, 8 deletions
diff --git a/include/linux/netfilter/xt_owner.h b/include/linux/netfilter/xt_owner.h index eacd34efebd5..c84e52cfe415 100644 --- a/include/linux/netfilter/xt_owner.h +++ b/include/linux/netfilter/xt_owner.h | |||
@@ -8,8 +8,8 @@ enum { | |||
8 | }; | 8 | }; |
9 | 9 | ||
10 | struct xt_owner_match_info { | 10 | struct xt_owner_match_info { |
11 | u_int32_t uid; | 11 | u_int32_t uid_min, uid_max; |
12 | u_int32_t gid; | 12 | u_int32_t gid_min, gid_max; |
13 | u_int8_t match, invert; | 13 | u_int8_t match, invert; |
14 | }; | 14 | }; |
15 | 15 | ||
diff --git a/net/netfilter/xt_owner.c b/net/netfilter/xt_owner.c index d382f9cc38b0..9059c16144c3 100644 --- a/net/netfilter/xt_owner.c +++ b/net/netfilter/xt_owner.c | |||
@@ -4,8 +4,8 @@ | |||
4 | * | 4 | * |
5 | * (C) 2000 Marc Boucher <marc@mbsi.ca> | 5 | * (C) 2000 Marc Boucher <marc@mbsi.ca> |
6 | * | 6 | * |
7 | * Copyright © CC Computer Consultants GmbH, 2007 | 7 | * Copyright © CC Computer Consultants GmbH, 2007 - 2008 |
8 | * Contact: <jengelh@computergmbh.de> | 8 | * <jengelh@computergmbh.de> |
9 | * | 9 | * |
10 | * This program is free software; you can redistribute it and/or modify | 10 | * This program is free software; you can redistribute it and/or modify |
11 | * it under the terms of the GNU General Public License version 2 as | 11 | * it under the terms of the GNU General Public License version 2 as |
@@ -102,13 +102,15 @@ owner_mt(const struct sk_buff *skb, const struct net_device *in, | |||
102 | (XT_OWNER_UID | XT_OWNER_GID)) == 0; | 102 | (XT_OWNER_UID | XT_OWNER_GID)) == 0; |
103 | 103 | ||
104 | if (info->match & XT_OWNER_UID) | 104 | if (info->match & XT_OWNER_UID) |
105 | if ((filp->f_uid != info->uid) ^ | 105 | if ((filp->f_uid >= info->uid_min && |
106 | !!(info->invert & XT_OWNER_UID)) | 106 | filp->f_uid <= info->uid_max) ^ |
107 | !(info->invert & XT_OWNER_UID)) | ||
107 | return false; | 108 | return false; |
108 | 109 | ||
109 | if (info->match & XT_OWNER_GID) | 110 | if (info->match & XT_OWNER_GID) |
110 | if ((filp->f_gid != info->gid) ^ | 111 | if ((filp->f_gid >= info->gid_min && |
111 | !!(info->invert & XT_OWNER_GID)) | 112 | filp->f_gid <= info->gid_max) ^ |
113 | !(info->invert & XT_OWNER_GID)) | ||
112 | return false; | 114 | return false; |
113 | 115 | ||
114 | return true; | 116 | return true; |