[NETFILTER]: xt_owner: allow matching UID/GID ranges

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add support for ranges to the new revision. This doesn't affect
compatibility since the new revision was not released yet.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Jan Engelhardt and committed by

David S. Miller 18 years ago edc26f7a 37c08387

+10 -8

2 changed files

expand all

include

linux

netfilter

xt_owner.h

net

netfilter

xt_owner.c

+2 -2

include/linux/netfilter/xt_owner.h

··· 8 8 }; 9 9 10 10 struct xt_owner_match_info { 11 - u_int32_t uid; 12 - u_int32_t gid; 11 + u_int32_t uid_min, uid_max; 12 + u_int32_t gid_min, gid_max; 13 13 u_int8_t match, invert; 14 14 }; 15 15

+8 -6

net/netfilter/xt_owner.c

··· 4 4 * 5 5 * (C) 2000 Marc Boucher <marc@mbsi.ca> 6 6 * 7 - * Copyright © CC Computer Consultants GmbH, 2007 8 - * Contact: <jengelh@computergmbh.de> 7 + * Copyright © CC Computer Consultants GmbH, 2007 - 2008 8 + * <jengelh@computergmbh.de> 9 9 * 10 10 * This program is free software; you can redistribute it and/or modify 11 11 * it under the terms of the GNU General Public License version 2 as ··· 102 102 (XT_OWNER_UID | XT_OWNER_GID)) == 0; 103 103 104 104 if (info->match & XT_OWNER_UID) 105 - if ((filp->f_uid != info->uid) ^ 106 - !!(info->invert & XT_OWNER_UID)) 105 + if ((filp->f_uid >= info->uid_min && 106 + filp->f_uid <= info->uid_max) ^ 107 + !(info->invert & XT_OWNER_UID)) 107 108 return false; 108 109 109 110 if (info->match & XT_OWNER_GID) 110 - if ((filp->f_gid != info->gid) ^ 111 - !!(info->invert & XT_OWNER_GID)) 111 + if ((filp->f_gid >= info->gid_min && 112 + filp->f_gid <= info->gid_max) ^ 113 + !(info->invert & XT_OWNER_GID)) 112 114 return false; 113 115 114 116 return true;