Age | Commit message (Collapse) | Author | |
---|---|---|---|
2009-01-10 | Uninitialized variable introduced in 1.110. | Miod Vallat | |
2009-01-10 | variable declaration before use, found by vax, no cookie | Todd T. Fries | |
2009-01-06 | Support group and login class in authpf.allow (%<group>, @<class>) | Ryan Thomas McBride | |
ok beck | |||
2008-10-07 | protect better against races from incoming signals; slightly changed | Theo de Raadt | |
from 5394 by tracking the fd instead of the fp. ok beck | |||
2008-10-05 | grammar; PR 5394 | Theo de Raadt | |
2008-03-18 | Fix mention of authpf_users table (s/authpf users/authpf_users/). | Michael Erdely | |
ok jmc@, mcbride@ | |||
2008-02-14 | Add authpf-noip, which allows multiple users to connect from a single IP; | Ryan Thomas McBride | |
forces users to write sane rulesets for this by not providing $user_ip or updating the authpf table. testing and prodding by mtu, manpage heavily worked over by jmc ok beck dhartmei henning | |||
2008-02-01 | Clean anchors recursively and directly via ioctls rather than using pfctl | Ryan Thomas McBride | |
with '-f /dev/null'. Properly clears the user's anchor even when anchors are nested inside it (And avoids having to fork() on exit to run pfctl) ok beck@, with testing by mtu@ | |||
2007-09-25 | handle empty strings returned by fgets | Charles Longeau | |
ok ray@ | |||
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2007-02-24 | exit right away if the config file isn't there, rather than | Bob Beck | |
doing a whole bunch of needless screwing around noticed by Stefan Krah <stefan-usenet@bytereef.org> | |||
2007-02-24 | license + copyright | Bob Beck | |
2007-02-24 | Pr 5395 from Stefan Krah <stefan-usenet@bytereef.org> | Bob Beck | |
cleanup: remove unused arg no need to clear locals return -1 to allow pid cleanup to happen if fork fails | |||
2007-02-22 | this ftruncate is really not needed now, if we're just unlinking. | Bob Beck | |
ok millert@ | |||
2007-02-22 | close 5389 and 5390, | Bob Beck | |
unused variable and a chance to unlink the pidfile without lock if we couldn't kill a preexisting authpf process. spotted by Stefan Krah <sfk1@bigfoot.com>. | |||
2006-10-23 | no need to use "keep state" and "flags S/SA" in pf rules, | Jason McIntyre | |
now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt | |||
2006-08-09 | handle SIGQUIT instead of SIGSTOP, from Stefan Krah | Daniel Hartmeier | |
2006-03-17 | FILE * leak | Theo de Raadt | |
2006-03-14 | fix incorrect sizeof(), spotted by ckuethe | Bob Beck | |
ok deraadt@ | |||
2006-01-07 | expand the section on ssh tunnelling machanisms; | Jason McIntyre | |
from michael knudsen | |||
2005-12-12 | correct err() usage and remove the do_death which is unneeded in | Bob Beck | |
the child proceess, (as noticed by <evol@online.ptt.ru>) | |||
2005-12-12 | Backout previous change back to 1.92 - My fault, committed diff | Bob Beck | |
from unclean tree. | |||
2005-12-09 | Mine, so modernize license | Bob Beck | |
2005-12-09 | calling do_death() after err makes us exit is not smart, and is in | Bob Beck | |
fact unnecessary, my usage of err() here also repeated the formatted error message twice. - We don't need do_death() here, and fix err to print the message a bit more sanely. Noticed by Andrey Matveev <evol@online.ptt.ru> - Thanks | |||
2005-12-08 | make authpf give up group privs before exec'ing pfctl - makes it | Bob Beck | |
so the new taint enforcement for /dev/fd/X opens don't kill it | |||
2005-09-23 | default port for ftp-proxy is 8021; | Jason McIntyre | |
from johnb (pr #4520); ok deraadt@ ian@ | |||
2005-05-23 | useless endpwent | Henning Brauer | |
2005-05-12 | Xr securelevel 7 | Jason McIntyre | |
from tamas tevesz; | |||
2005-05-02 | more setres[ug]id; ok deraadt@ | Damien Miller | |
2005-02-10 | Minor punctuation nit. | Joel Knight | |
ok henning@ | |||
2005-01-31 | warn(3) + _exit(2) instead of err(3) in the forked child | Henning Brauer | |
From: Andrey Matveev <andrushock@korovino.net> | |||
2005-01-31 | -Wsign-compare clean, Andrey Matveev <andrushock@korovino.net> | Henning Brauer | |
2005-01-04 | simplified FILTER AND TRANSLATION RULES; | Jason McIntyre | |
from michael knudsen; | |||
2004-09-16 | ftruncate() with ftello() instead of ftell(); ok millert | Theo de Raadt | |
2004-09-15 | AllowTcpForwarding should be disabled for authpf users; | Jason McIntyre | |
plus a typo; from michael knudsen; ok beck@ | |||
2004-08-15 | document the use of "authpf/*" as anchor name for pf to process | Can Erkin Acar | |
sub rulesets added by authpf. ok dhartmei@, oh yes! henning@ | |||
2004-08-08 | spacing | Theo de Raadt | |
2004-06-14 | Use new ioctls. ok beck@ henning@ | Cedric Berger | |
2004-06-07 | consistently refer to the authpf_users table; | Jason McIntyre | |
noticed by die tuere; ok beck@ | |||
2004-05-21 | Use '/' instead of ':' as separator for anchor path components. Note that | Daniel Hartmeier | |
the parser now needs quotes around paths containing separators. ok mcbride@ | |||
2004-05-19 | Allow recursive anchors (anchors within anchors, up to 64 | Daniel Hartmeier | |
levels deep). More work required, but this is already functional. authpf users will need to adjust their anchor calls, but this will change again soon. ok beck@, cedric@, henning@, mcbride@ | |||
2004-05-13 | as the authpf manpage describes, the connecting user's shell can be | Henning Brauer | |
overloaded via login.conf. When verifying that the user's login shell is indeed authpf it is not sufficient to look at (struct passwd)->pw_shell, we also have to use login_getclass etc to check wether the shell gets overloaded. ok millert@ beck@ | |||
2004-04-28 | kill whitespace and make example consistent w/ rest of page; | Jason McIntyre | |
2004-04-28 | speed up -> sped up, from tedu@, ok beck@ | Cedric Berger | |
2004-04-28 | Put authpf user's IP addresses in the <authpf_users> table. | Cedric Berger | |
ok deraadt@ dhartmei@ markus@ mcbride@ | |||
2004-04-28 | IPv6 support; ok beck@ | Damien Miller | |
2004-04-25 | clean; ok beck | Theo de Raadt | |
2004-04-25 | Make authpf exec pfctl instead of sucking in code from pfctl | Bob Beck | |
ok cedric@ | |||
2004-04-09 | Do not try to load directories. found+ok mpech@ | Cedric Berger | |
2004-01-29 | MORE BULLSHIT BECAUSE THIS PIECE OF SHIT IS INTERTWINED WITH PFCTL | Theo de Raadt | |