From nobody Wed Jul 9 08:59:01 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bcX2t2xQdz61N2W; Wed, 09 Jul 2025 08:59:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bcX2t1NBjz3cQn; Wed, 09 Jul 2025 08:59:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1752051542; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HiwRI8ova0KrSJbbOwY1rhUn7cMZhlkcBx72NIJ2nsE=; b=tkTMZTWJyn6GMUaC3hU8wwe8npK7F1fOuvAX86/a+48FFGNuXW4IMsACSm+1a6iErunuYd eLu4o1GM06XrcBcPXgk1WDBmkBL4tysx+G+rSJnguNJ+vCHy1TzPaN9kYvmnaxoO2TQyjV RCNKTiIK2WLQPeF3uttzCFEmXhDWFhD77KdTyTBuoCYJM9j3po/eEIQ5xFu3q+S9cyagoj 8RiRUQO0KkDuXWbeDygZM7iqNRNSKY39HiwQmrEvNg94NfA5aHveb+6EQXqyvywMR1DVtw 8jbV52TWRGAD0T5ZVQKAuFW6R5wdpqAH3HKqS0Z+8bkokPs0qMddEmGyXtgAbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1752051542; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HiwRI8ova0KrSJbbOwY1rhUn7cMZhlkcBx72NIJ2nsE=; b=wARM7sDsNe5G+Ewepvyq4yBJURliBbXs415MGjkpCRgNj0n+cIi9tCSjJB4amh1UQJeOJ+ OmjpdYUommvKRWh71lsHb5bEMxfQitSrHcUcNsJhvDUIC2GEqb8gKHefsE5WaZsFgI+Kur OIwf0DvW0qSMGPQsTVcUeUjIvJ6hpb0/mvJA7/yl2yKEgyLtDzmcSLrWygZtihKRhovCIm dDAFCpq62CjIM/jO6d9HCeY8c5xTEPXYQQ+gCIHGrkC+KutOP/BzRynMOo9SYXOVeWcCif ogcP/Hjd5RLmAk4GqSlqJtJDv9PRrr7ShQmgEG3++878zG3jpthNjuzTEsKjxQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1752051542; a=rsa-sha256; cv=none; b=I4TscnBFq12fPISXn6RvFI0Jt99xqD8iQWANw6etXRaTT8duQQpcyUooxtNAwrFLEyM020 MgdksFS8XXNon/NDtV5lALFZvL8hY4WVymva2IrHkjqqG49nGaK0pkUGKOz6GRsMgTj/vK MMkppnd4G3Lx1f2jtLR82SzTml/JE0j+GPB1udmSpHzNrTgKiguQi80fttimIBly1UHcjt hB74Mq0J04yJwbpD+uAta8etsj8ST+GsYV4jzaVwBzdHs0qKknq7KzGeyWrC4oK6RubAQa itpn6uDIxs1tLnH6xxvlHfHoCp2S9bUF0jtfRRBNHpjvASHB/zb3093Sb5cdMw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bcX2t0fQ7z15m; Wed, 09 Jul 2025 08:59:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5698x1qi044822; Wed, 9 Jul 2025 08:59:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5698x1bu044819; Wed, 9 Jul 2025 08:59:01 GMT (envelope-from git) Date: Wed, 9 Jul 2025 08:59:01 GMT Message-Id: <202507090859.5698x1bu044819@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 19973701098c - main - pfctl: Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 19973701098c8fce38a990ee78f66fab4f4f6a5c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=19973701098c8fce38a990ee78f66fab4f4f6a5c commit 19973701098c8fce38a990ee78f66fab4f4f6a5c Author: Kristof Provost AuthorDate: 2025-07-03 12:01:41 +0000 Commit: Kristof Provost CommitDate: 2025-07-09 08:57:48 +0000 pfctl: Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX. This is the userland portion. OK deraadt@ sashan@ Obtained from: OpenBSD, millert , b4de054894 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/parse.y | 12 ++++++------ sbin/pfctl/pfctl_parser.c | 16 +++++++--------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index dd6fb0116aea..28f461bf715d 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -3905,7 +3905,7 @@ uid_item : uid { $$->tail = $$; } | unaryop uid { - if ($2 == UID_MAX && $1 != PF_OP_EQ && $1 != PF_OP_NE) { + if ($2 == -1 && $1 != PF_OP_EQ && $1 != PF_OP_NE) { yyerror("user unknown requires operator = or " "!="); YYERROR; @@ -3920,7 +3920,7 @@ uid_item : uid { $$->tail = $$; } | uid PORTBINARY uid { - if ($1 == UID_MAX || $3 == UID_MAX) { + if ($1 == -1 || $3 == -1) { yyerror("user unknown requires operator = or " "!="); YYERROR; @@ -3938,7 +3938,7 @@ uid_item : uid { uid : STRING { if (!strcmp($1, "unknown")) - $$ = UID_MAX; + $$ = -1; else { uid_t uid; @@ -3983,7 +3983,7 @@ gid_item : gid { $$->tail = $$; } | unaryop gid { - if ($2 == GID_MAX && $1 != PF_OP_EQ && $1 != PF_OP_NE) { + if ($2 == -1 && $1 != PF_OP_EQ && $1 != PF_OP_NE) { yyerror("group unknown requires operator = or " "!="); YYERROR; @@ -3998,7 +3998,7 @@ gid_item : gid { $$->tail = $$; } | gid PORTBINARY gid { - if ($1 == GID_MAX || $3 == GID_MAX) { + if ($1 == -1 || $3 == -1) { yyerror("group unknown requires operator = or " "!="); YYERROR; @@ -4016,7 +4016,7 @@ gid_item : gid { gid : STRING { if (!strcmp($1, "unknown")) - $$ = GID_MAX; + $$ = -1; else { gid_t gid; diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 26a213c3ffd9..29d51214e2e5 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -68,7 +68,7 @@ void print_op (u_int8_t, const char *, const char *); void print_port (u_int8_t, u_int16_t, u_int16_t, const char *, int); -void print_ugid (u_int8_t, unsigned, unsigned, const char *, unsigned); +void print_ugid (u_int8_t, id_t, id_t, const char *); void print_flags (uint16_t); void print_fromto(struct pf_rule_addr *, pf_osfp_t, struct pf_rule_addr *, sa_family_t, u_int8_t, int, int); @@ -364,14 +364,14 @@ print_port(u_int8_t op, u_int16_t p1, u_int16_t p2, const char *proto, int numer } void -print_ugid(u_int8_t op, unsigned u1, unsigned u2, const char *t, unsigned umax) +print_ugid(u_int8_t op, id_t i1, id_t i2, const char *t) { char a1[11], a2[11]; - snprintf(a1, sizeof(a1), "%u", u1); - snprintf(a2, sizeof(a2), "%u", u2); + snprintf(a1, sizeof(a1), "%lu", i1); + snprintf(a2, sizeof(a2), "%lu", i2); printf(" %s", t); - if (u1 == umax && (op == PF_OP_EQ || op == PF_OP_NE)) + if (i1 == -1 && (op == PF_OP_EQ || op == PF_OP_NE)) print_op(op, "unknown", a2); else print_op(op, a1, a2); @@ -977,11 +977,9 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer printf(" %sreceived-on %s", r->rcvifnot ? "!" : "", r->rcv_ifname); if (r->uid.op) - print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user", - UID_MAX); + print_ugid(r->uid.op, r->uid.uid[0], r->uid.uid[1], "user"); if (r->gid.op) - print_ugid(r->gid.op, r->gid.gid[0], r->gid.gid[1], "group", - GID_MAX); + print_ugid(r->gid.op, r->gid.gid[0], r->gid.gid[1], "group"); if (r->flags || r->flagset) { printf(" flags "); print_flags(r->flags);