>permit numberic values for uid and gid; allow "<" and ">" for less and

>greate; requested by dugsong@,
strum ok

1 files changed, 25 insertions, 8 deletions

diff --git a/bin/systrace/filter.c b/bin/systrace/filter.c
index 3737b722767..94f815dce92 100644
--- a/bin/systrace/filter.c
+++ b/bin/systrace/filter.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: filter.c,v 1.25 2003/04/24 09:49:06 mpech Exp $	*/
+/*	$OpenBSD: filter.c,v 1.26 2003/05/29 00:39:12 itojun Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -134,19 +134,36 @@ filter_match(struct intercept_pid *icpid, struct intercept_tlq *tls,
 int
 filter_predicate(struct intercept_pid *icpid, struct predicate *pdc)
 {
-	int negative;
+	int pidnr, pdcnr;
 	int res = 0;
 
 	if (!pdc->p_flags)
 		return (1);
 
-	negative = pdc->p_flags & PREDIC_NEGATIVE;
-	if (pdc->p_flags & PREDIC_UID)
-		res = icpid->uid == pdc->p_uid;
-	else if (pdc->p_flags & PREDIC_GID)
-		res = icpid->gid == pdc->p_gid;
+	if (pdc->p_flags & PREDIC_UID) {
+		pidnr = icpid->uid;
+		pdcnr = pdc->p_uid;
+	} else {
+		pidnr = icpid->gid;
+		pdcnr = pdc->p_gid;
+	}
+
+	switch (pdc->p_flags & PREDIC_MASK) {
+	case PREDIC_NEGATIVE:
+		res = pidnr != pdcnr;
+		break;
+	case PREDIC_LESSER:
+		res = pidnr < pdcnr;
+		break;
+	case PREDIC_GREATER:
+		res = pidnr > pdcnr;
+		break;
+	default:
+		res = pidnr == pdcnr;
+		break;
+	}
 
-	return (negative ? !res : res);
+	return (res);
 }
 
 short