Replace '/' by '+' in cmd-owner implementation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2079 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/accounting

@@ -69,7 +69,7 @@
 #			
 #			The column may contain:
 #
-#			   [!][<user name or number>][:<group name or number>][/<program name>]
+#			   [!][<user name or number>][:<group name or number>][+<program name>]
 #
 #			When this column is non-empty, the rule applies only
 #			if the program generating the output is running under
@@ -83,7 +83,7 @@
 #					#the 'kids' group
 #				!:kids  #program must not be run by a member
 #					#of the 'kids' group
-#				/upnpd  #program named upnpd
+#				+upnpd  #program named upnpd
 #
 #	In all of the above columns except ACTION and CHAIN, the values "-",
 #	"any" and "all" may be used as wildcards

Shorewall2/action.template

@@ -146,7 +146,7 @@
 #			
 #			The column may contain:
 #
-#			   [!][<user name or number>][:<group name or number>][/<program name>]
+#			   [!][<user name or number>][:<group name or number>][+<program name>]
 #
 #			When this column is non-empty, the rule applies only
 #			if the program generating the output is running under
@@ -160,7 +160,7 @@
 #					#the 'kids' group
 #				!:kids  #program must not be run by a member
 #					#of the 'kids' group
-#				/upnpd  #program named upnpd
+#				+upnpd  #program named upnpd
 #
 ######################################################################################
 #TARGET  SOURCE		DEST      	PROTO	DEST		SOURCE	   RATE		USER/

Shorewall2/firewall

@@ -2408,9 +2408,9 @@ process_tc_rule()
 	    r="$r-m owner"
 	    
 	    case "$user" in
-		*/*)
+		*+*)
 		    r="$r --cmd-owner ${user#*/}"
-		    user=${user%/*}
+		    user=${user%+*}
 		    ;;
 	    esac
 
@@ -2752,15 +2752,17 @@ process_accounting_rule() {
 	    user1="$user"
 
 	    case "$user" in
-		!*/*)
-		    if [ "$user" != "!/" ]; then
-			rule="$rule ! --cmd-owner ${user#*/} "
-			user1=${user%/*}
+		!*+*)
+		    if [ -n "${user#*+}" ]; then
+			rule="$rule ! --cmd-owner ${user#*+} "
 		    fi
+		    user1=${user%/+}
 		    ;;		
-		*/*)
-		    rule="$rule --cmd-owner ${user#*/} "
-		    user1=${user%/*}
+		*+*)
+		    if [ -n "${user#*+}" ]; then
+			rule="$rule --cmd-owner ${user#*+} "
+		    fi
+		    user1=${user%+*}
 		    ;;
 	    esac
 
@@ -3180,17 +3182,17 @@ process_action() # $1 = chain    (Chain to add the rules to)
 	userandgroup="-m owner"
 	
 	case "$userspec" in
-	    !*/*)
-		if [ "$userspec" != "!/" ]; then
-		    userandgroup="$userandgroup ! --cmd-owner ${userspec#*/}"
-		    userspec=${userspec%/*}
+	    !*+*)
+		if [ -n "${userspec#*+}" ]; then
+		    userandgroup="$userandgroup ! --cmd-owner ${userspec#*+}"
 		fi
+		userspec=${userspec%+*}
 		;;		
 	    */*)
-		if [ "$userspec" != "/" ]; then
-		    userandgroup="$userandgroup --cmd-owner ${userspec#*/}"
-		    userspec=${userspec%/*}
+		if [ -n "${userspec#*+}" ]; then
+		    userandgroup="$userandgroup --cmd-owner ${userspec#*+}"
 		fi
+		userspec=${userspec%+*}
 		;;
 	esac
 
@@ -4357,16 +4359,16 @@ process_rule() # $1 = target
 	userandgroup="-m owner"
 	
 	case "$userspec" in
-	    !*/*)
-		if [ "$userspec" != "!/" ]; then
-		    userandgroup="$userandgroup ! --cmd-owner ${userspec#*/}"
-		    userspec=${userspec%/*}
+	    !*+*)
+		if [ "$userspec" != "!+" ]; then
+		    userandgroup="$userandgroup ! --cmd-owner ${userspec#*+}"
+		    userspec=${userspec%+*}
 		fi
 		;;		
 	    */*)
-		if [ "$userspec" != "/" ]; then
-		    userandgroup="$userandgroup --cmd-owner ${userspec#*/}"
-		    userspec=${userspec%/*}
+		if [ "$userspec" != "+" ]; then
+		    userandgroup="$userandgroup --cmd-owner ${userspec#*+}"
+		    userspec=${userspec%+*}
 		fi
 		;;
 	esac

Shorewall2/releasenotes.txt

@@ -20,14 +20,14 @@ New Features in version 2.3.0
 	/etc/shorewall/tcrules
 	/usr/share/shorewall/action.template
 
-   To specify a command, prefix the command name with "/".
+   To specify a command, prefix the command name with "+".
 
    Examples:
 
-	/mozilla-bin		#The program is named "mozilla-bin"
-	joe/mozilla-bin		#The program is named "mozilla-bin" and
+	+mozilla-bin		#The program is named "mozilla-bin"
+	joe+mozilla-bin		#The program is named "mozilla-bin" and
 				#is being run by user "joe"
-	joe:users/mozilla-bin	#The program is named "mozilla-bin" and
+	joe:users+mozilla-bin	#The program is named "mozilla-bin" and
 				#is being run by user "joe" with 
 				#effective group "users".
 

Shorewall2/rules

@@ -285,7 +285,7 @@
 #			
 #			The column may contain:
 #
-#			   [!][<user name or number>][:<group name or number>][/<program name>]
+#			   [!][<user name or number>][:<group name or number>][+<program name>]
 #
 #			When this column is non-empty, the rule applies only
 #			if the program generating the output is running under
@@ -299,7 +299,7 @@
 #					#the 'kids' group
 #				!:kids  #program must not be run by a member
 #					#of the 'kids' group
-#				/upnpd  #program named 'upnpd'
+#				+upnpd  #program named 'upnpd'
 #
 #	Example: Accept SMTP requests from the DMZ to the internet
 #

Shorewall2/tcrules

@@ -130,10 +130,11 @@
 #
 #			It may contain :
 #
-#			   [<user name or number>]:[<group name or number>]
+#			   [<user name or number>]:[<group name or number>][+<program name>]
 #
-#			The colon is optionnal when specifying only a user.
-#			Examples : john: / john / :users / john:users
+#			The colon is optionnal when specifying only a user 
+#			or a program name.
+#			Examples : john: , john , :users , john:users , +mozilla-bin
 #
 #	TEST		Defines a test on the existing packet or connection mark. 
 #			The rule will match only if the test returns true. Tests