summaryrefslogtreecommitdiff
path: root/usr.sbin/authpf
AgeCommit message (Collapse)Author
2009-01-10Uninitialized variable introduced in 1.110.Miod Vallat
2009-01-10variable declaration before use, found by vax, no cookieTodd T. Fries
2009-01-06Support group and login class in authpf.allow (%<group>, @<class>)Ryan Thomas McBride
ok beck
2008-10-07protect better against races from incoming signals; slightly changedTheo de Raadt
from 5394 by tracking the fd instead of the fp. ok beck
2008-10-05grammar; PR 5394Theo de Raadt
2008-03-18Fix mention of authpf_users table (s/authpf users/authpf_users/).Michael Erdely
ok jmc@, mcbride@
2008-02-14Add authpf-noip, which allows multiple users to connect from a single IP;Ryan Thomas McBride
forces users to write sane rulesets for this by not providing $user_ip or updating the authpf table. testing and prodding by mtu, manpage heavily worked over by jmc ok beck dhartmei henning
2008-02-01Clean anchors recursively and directly via ioctls rather than using pfctlRyan Thomas McBride
with '-f /dev/null'. Properly clears the user's anchor even when anchors are nested inside it (And avoids having to fork() on exit to run pfctl) ok beck@, with testing by mtu@
2007-09-25handle empty strings returned by fgetsCharles Longeau
ok ray@
2007-05-31convert to new .Dd format;Jason McIntyre
2007-02-24exit right away if the config file isn't there, rather thanBob Beck
doing a whole bunch of needless screwing around noticed by Stefan Krah <stefan-usenet@bytereef.org>
2007-02-24license + copyrightBob Beck
2007-02-24Pr 5395 from Stefan Krah <stefan-usenet@bytereef.org>Bob Beck
cleanup: remove unused arg no need to clear locals return -1 to allow pid cleanup to happen if fork fails
2007-02-22this ftruncate is really not needed now, if we're just unlinking.Bob Beck
ok millert@
2007-02-22close 5389 and 5390,Bob Beck
unused variable and a chance to unlink the pidfile without lock if we couldn't kill a preexisting authpf process. spotted by Stefan Krah <sfk1@bigfoot.com>.
2006-10-23no need to use "keep state" and "flags S/SA" in pf rules,Jason McIntyre
now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt
2006-08-09handle SIGQUIT instead of SIGSTOP, from Stefan KrahDaniel Hartmeier
2006-03-17FILE * leakTheo de Raadt
2006-03-14fix incorrect sizeof(), spotted by ckuetheBob Beck
ok deraadt@
2006-01-07expand the section on ssh tunnelling machanisms;Jason McIntyre
from michael knudsen
2005-12-12correct err() usage and remove the do_death which is unneeded inBob Beck
the child proceess, (as noticed by <evol@online.ptt.ru>)
2005-12-12Backout previous change back to 1.92 - My fault, committed diffBob Beck
from unclean tree.
2005-12-09Mine, so modernize licenseBob Beck
2005-12-09calling do_death() after err makes us exit is not smart, and is inBob Beck
fact unnecessary, my usage of err() here also repeated the formatted error message twice. - We don't need do_death() here, and fix err to print the message a bit more sanely. Noticed by Andrey Matveev <evol@online.ptt.ru> - Thanks
2005-12-08make authpf give up group privs before exec'ing pfctl - makes itBob Beck
so the new taint enforcement for /dev/fd/X opens don't kill it
2005-09-23default port for ftp-proxy is 8021;Jason McIntyre
from johnb (pr #4520); ok deraadt@ ian@
2005-05-23useless endpwentHenning Brauer
2005-05-12Xr securelevel 7Jason McIntyre
from tamas tevesz;
2005-05-02more setres[ug]id; ok deraadt@Damien Miller
2005-02-10Minor punctuation nit.Joel Knight
ok henning@
2005-01-31warn(3) + _exit(2) instead of err(3) in the forked childHenning Brauer
From: Andrey Matveev <andrushock@korovino.net>
2005-01-31-Wsign-compare clean, Andrey Matveev <andrushock@korovino.net>Henning Brauer
2005-01-04simplified FILTER AND TRANSLATION RULES;Jason McIntyre
from michael knudsen;
2004-09-16ftruncate() with ftello() instead of ftell(); ok millertTheo de Raadt
2004-09-15AllowTcpForwarding should be disabled for authpf users;Jason McIntyre
plus a typo; from michael knudsen; ok beck@
2004-08-15document the use of "authpf/*" as anchor name for pf to processCan Erkin Acar
sub rulesets added by authpf. ok dhartmei@, oh yes! henning@
2004-08-08spacingTheo de Raadt
2004-06-14Use new ioctls. ok beck@ henning@Cedric Berger
2004-06-07consistently refer to the authpf_users table;Jason McIntyre
noticed by die tuere; ok beck@
2004-05-21Use '/' instead of ':' as separator for anchor path components. Note thatDaniel Hartmeier
the parser now needs quotes around paths containing separators. ok mcbride@
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
levels deep). More work required, but this is already functional. authpf users will need to adjust their anchor calls, but this will change again soon. ok beck@, cedric@, henning@, mcbride@
2004-05-13as the authpf manpage describes, the connecting user's shell can beHenning Brauer
overloaded via login.conf. When verifying that the user's login shell is indeed authpf it is not sufficient to look at (struct passwd)->pw_shell, we also have to use login_getclass etc to check wether the shell gets overloaded. ok millert@ beck@
2004-04-28kill whitespace and make example consistent w/ rest of page;Jason McIntyre
2004-04-28speed up -> sped up, from tedu@, ok beck@Cedric Berger
2004-04-28Put authpf user's IP addresses in the <authpf_users> table.Cedric Berger
ok deraadt@ dhartmei@ markus@ mcbride@
2004-04-28IPv6 support; ok beck@Damien Miller
2004-04-25clean; ok beckTheo de Raadt
2004-04-25Make authpf exec pfctl instead of sucking in code from pfctlBob Beck
ok cedric@
2004-04-09Do not try to load directories. found+ok mpech@Cedric Berger
2004-01-29MORE BULLSHIT BECAUSE THIS PIECE OF SHIT IS INTERTWINED WITH PFCTLTheo de Raadt