Rewrite handling of the USER/GROUP column

- Remove code that handled '+program' as that support was removed from the kernel in 2.6.14.
2012-06-19 08:14:31 -07:00 · 2012-06-19 08:14:31 -07:00 · 4d336ed8d6
commit 4d336ed8d6
parent da3e1b720c
2 changed files with 24 additions and 45 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -4206,45 +4206,38 @@ sub do_user( $ ) {

    require_capability 'OWNER_MATCH', 'A non-empty USER column', 's';

-    if ( $user =~ /^(!)?(.*)\+(.*)$/ ) {
-	$rule .= "! --cmd-owner $2 " if supplied $2;
-	$user = "!$1";
-    } elsif ( $user =~ /^(.*)\+(.*)$/ ) {
-	$rule .= "--cmd-owner $2 " if supplied $2;
-	$user = $1;
-    }
-
-    if ( $user =~ /^(!)?(.*):(.*)$/ ) {
+    assert ( $user =~ /^(!)?(.*?)(:(.*))?$/ );
    my $invert = $1 ? '! ' : '';
-	my $group  = defined $3 ? $3 : '';
+    my $group  = supplied $4 ? $4 : '';

    if ( supplied $2 ) {
 	$user  = $2;
-	    $user  = resolve_id( $user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
+	if ( $user =~ /(\d+)(-(\d+))?$/ ) {
+	    if ( supplied $2 ) {
+		fatal_error "Invalid User Range ($user)" unless $3 >= $1;
+	    }
+	} else {
+	    $user  = resolve_id( $user, 'user' );
+	}
+
 	$rule .= "${invert}--uid-owner $user ";
    }

    if ( $group ne '' ) {
-	    $group = resolve_id( $group, 'group' ) unless $group =~ /^\d+(-\d+)?$/;
-	    $rule .= "${invert}--gid-owner $group ";
+	if ( $group =~ /^(\d+)(-(\d+))?$/ ) {
+	    if ( supplied $2 ) {
+		fatal_error "Invalid Group Range ($group)" unless $3 >= $1;
 	    }
-    } elsif ( $user =~ /^(!)?(.*)$/ ) {
-	my $invert = $1 ? '! ' : '';
-	$user   = $2;
-
-	fatal_error "Invalid USER/GROUP (!)" if $user eq '';
-	$user = resolve_id ($user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
-	$rule .= "${invert}--uid-owner $user ";
 	} else {
-	$user  = resolve_id( $user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
-	$rule .= "--uid-owner $user ";
+	    $group = resolve_id( $group, 'group' );
+	}
+
+	$rule .= "${invert}--gid-owner $group ";
    }

    $rule;
 }

-
-
 #
 # Create a "-m tos" match for the passed TOS
 #
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@ -1084,8 +1084,7 @@
      <varlistentry>
        <term><emphasis role="bold">USER/GROUP</emphasis> (user) - [<emphasis
        role="bold">!</emphasis>][<emphasis>user-name-or-number</emphasis>][<emphasis
-        role="bold">:</emphasis><emphasis>group-name-or-number</emphasis>][<emphasis
-        role="bold">+</emphasis><emphasis>program-name</emphasis>]</term>
+        role="bold">:</emphasis><emphasis>group-name-or-number</emphasis>]</term>

        <listitem>
          <para>This optional column may only be non-empty if the SOURCE is
@ -1124,19 +1123,6 @@
                group</para>
              </listitem>
            </varlistentry>
-
-            <varlistentry>
-              <term>+upnpd</term>
-
-              <listitem>
-                <para>program named upnpd</para>
-
-                <important>
-                  <para>The ability to specify a program name was removed from
-                  Netfilter in kernel version 2.6.14.</para>
-                </important>
-              </listitem>
-            </varlistentry>
          </variablelist>
        </listitem>
      </varlistentry>