[PATCH] src: default to numeric UID and GID listing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Like iptables-save, print UID and GID as numeric values by default.

Add a new option `-u' to print the UID and GID names as defined by
/etc/passwd and /etc/group.

Note that -n is ignored after this patch, since default are numeric
printing for UID and GID.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 doc/libnftables.adoc           |  3 +++
 include/nftables.h             |  5 +++++
 include/nftables/libnftables.h |  1 +
 src/json.c                     |  4 ++--
 src/main.c                     | 11 ++++++++++-
 src/meta.c                     |  4 ++--
 6 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index 28a43abb4a4e..5b2605f4c02d 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -90,6 +90,7 @@ enum {
         NFT_CTX_OUTPUT_HANDLE      = (1 << 3),
         NFT_CTX_OUTPUT_JSON        = (1 << 4),
         NFT_CTX_OUTPUT_ECHO        = (1 << 5),
+        NFT_CTX_OUTPUT_UIDGID      = (1 << 6),
 };
 ----
 
@@ -105,6 +106,8 @@ NFT_CTX_OUTPUT_JSON::
 	If enabled at compile-time, libnftables accepts input in JSON format and is able to print output in JSON format as well. See *libnftables-json*(5) for a description of the supported schema. These functions control JSON output format, input is auto-detected.
 NFT_CTX_OUTPUT_ECHO::
 	The echo setting makes libnftables print the changes once they are committed to the kernel, just like a running instance of *nft monitor* would. Amongst other things, this allows to retrieve an added rule's handle atomically.
+NFT_CTX_OUTPUT_UIDGID::
+	Display UID and GID as described in the /etc/passwd and /etc/group files.
 
 The *nft_ctx_output_get_flags*() function returns the output flags setting's value in 'ctx'.
 
diff --git a/include/nftables.h b/include/nftables.h
index fa6665a17a7e..f766818d2629 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -58,6 +58,11 @@ static inline bool nft_output_echo(const struct output_ctx *octx)
 	return octx->flags & NFT_CTX_OUTPUT_ECHO;
 }
 
+static inline bool nft_output_uidgid(const struct output_ctx *octx)
+{
+	return octx->flags & NFT_CTX_OUTPUT_UIDGID;
+}
+
 struct nft_cache {
 	uint16_t		genid;
 	struct list_head	list;
diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 4777240883f0..1b2dd19f3059 100644
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -51,6 +51,7 @@ enum {
 	NFT_CTX_OUTPUT_HANDLE		= (1 << 3),
 	NFT_CTX_OUTPUT_JSON		= (1 << 4),
 	NFT_CTX_OUTPUT_ECHO		= (1 << 5),
+	NFT_CTX_OUTPUT_UIDGID		= (1 << 6),
 };
 
 unsigned int nft_ctx_output_get_flags(struct nft_ctx *ctx);
diff --git a/src/json.c b/src/json.c
index 5edd3a0851e4..cf6707917d02 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1020,7 +1020,7 @@ json_t *uid_type_json(const struct expr *expr, struct output_ctx *octx)
 {
 	uint32_t uid = mpz_get_uint32(expr->value);
 
-	if (octx->numeric < NFT_NUMERIC_ALL) {
+	if (nft_output_uidgid(octx)) {
 		struct passwd *pw = getpwuid(uid);
 
 		if (pw)
@@ -1033,7 +1033,7 @@ json_t *gid_type_json(const struct expr *expr, struct output_ctx *octx)
 {
 	uint32_t gid = mpz_get_uint32(expr->value);
 
-	if (octx->numeric < NFT_NUMERIC_ALL) {
+	if (nft_output_uidgid(octx)) {
 		struct group *gr = getgrgid(gid);
 
 		if (gr)
diff --git a/src/main.c b/src/main.c
index eee3abc46161..155a63673b82 100644
--- a/src/main.c
+++ b/src/main.c
@@ -39,10 +39,11 @@ enum opt_vals {
 	OPT_DEBUG		= 'd',
 	OPT_HANDLE_OUTPUT	= 'a',
 	OPT_ECHO		= 'e',
+	OPT_UIDGID		= 'u',
 	OPT_INVALID		= '?',
 };
 
-#define OPTSTRING	"hvcf:iI:jvnsNaeS"
+#define OPTSTRING	"hvcf:iI:jvnsNaeSu"
 
 static const struct option options[] = {
 	{
@@ -105,6 +106,10 @@ static const struct option options[] = {
 		.val		= OPT_JSON,
 	},
 	{
+		.name		= "uidgid",
+		.val		= OPT_UIDGID,
+	},
+	{
 		.name		= NULL
 	}
 };
@@ -127,6 +132,7 @@ static void show_help(const char *name)
 "  				Specify twice to also show Internet services (port numbers) numerically.\n"
 "				Specify three times to also show protocols, user IDs, and group IDs numerically.\n"
 "  -s, --stateless		Omit stateful information of ruleset.\n"
+"  -u, --uidgid			Print UID/GID as defined in /etc/passwd and /etc/group.\n"
 "  -N				Translate IP addresses to names.\n"
 "  -S, --service                Translate ports to service names as described in /etc/services.\n"
 "  -a, --handle			Output rule handle.\n"
@@ -274,6 +280,9 @@ int main(int argc, char * const *argv)
 		case OPT_JSON:
 			output_flags |= NFT_CTX_OUTPUT_JSON;
 			break;
+		case OPT_UIDGID:
+			output_flags |= NFT_CTX_OUTPUT_UIDGID;
+			break;
 		case OPT_INVALID:
 			exit(EXIT_FAILURE);
 		}
diff --git a/src/meta.c b/src/meta.c
index 3677561bd137..ee4c890bc7f2 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -207,7 +207,7 @@ static void uid_type_print(const struct expr *expr, struct output_ctx *octx)
 {
 	struct passwd *pw;
 
-	if (octx->numeric < NFT_NUMERIC_ALL) {
+	if (nft_output_uidgid(octx)) {
 		uint32_t uid = mpz_get_uint32(expr->value);
 
 		pw = getpwuid(uid);
@@ -260,7 +260,7 @@ static void gid_type_print(const struct expr *expr, struct output_ctx *octx)
 {
 	struct group *gr;
 
-	if (octx->numeric < NFT_NUMERIC_ALL) {
+	if (nft_output_uidgid(octx)) {
 		uint32_t gid = mpz_get_uint32(expr->value);
 
 		gr = getgrgid(gid);
-- 
2.11.0
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux