summaryrefslogtreecommitdiffstats
path: root/usr.sbin/authpf (follow)
Commit message (Collapse)AuthorAgeFilesLines
* "Protocol" keyword no longer used; from martin vahlensieckjmc2020-04-051-3/+2
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-10/+10
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Use <fcntl.h> instead of <sys/file.h> for open() and friends.guenther2018-04-261-2/+2
| | | | | | | Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup. ok deraadt@ krw@
* Use the monotonic clock to compute the session duration.cheloha2018-01-161-5/+5
| | | | | | | Ensures the correct duration is logged even if the system time is changed during the session. ok jca@
* for some time now mandoc has not required MLINKS to functionjmc2016-03-301-2/+1
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* - Add missing goto in order to avoid a dereference of a null objectmestre2016-03-291-2/+2
| | | | | | - While here remove lint comment OK millert@
* Remove a NULL-check before free().mmcc2015-12-081-5/+3
|
* replace "can not" with "cannot";jmc2015-11-011-3/+3
|
* Include <netinet/in.h> before <net/pfvar.h>. In a future change whenderaadt2015-01-211-2/+3
| | | | ports is ready, <net/pfvar.h> will stop including a pile of balony.
* switch to PATH_MAXderaadt2015-01-151-8/+8
|
* remove stupid castderaadt2014-10-081-2/+2
|
* use setresgid()deraadt2014-04-021-2/+2
| | | | ok guenther millert
* Handle big time_tguenther2013-04-021-3/+3
| | | | ok deraadt@
* fix build with gcc 2miod2013-01-191-6/+6
|
* Per group support for authpf rules files in /etc/authpf/groups.beck2013-01-153-8/+27
| | | | | largely by Frank Timmers <frankt@smurfnet.eu> with fixups by me and jmc@.
* Fix file descriptor leak reported by someone on the mailing list long timeclaudio2012-07-071-2/+6
| | | | ago. OK beck@
* remove trailing spaces and tabs; no binary change.sobrado2010-09-021-6/+6
| | | | | | | written with help from henning@, who suggested ensuring that there are no changes in the digests for object files, thanks! ok henning@
* tweak previous: there was a word missing, but i've just changedjmc2010-01-271-2/+2
| | | | the wording to match that of a similar piece of text already in this page;
* search for authpf.message in $USER dirs alsotodd2010-01-272-7/+21
| | | | from Rafal Bisingier ravbc at man dot pozman dot pl, ok beck@
* Make the tree compile again. Henning and I are both quite sure this isclaudio2009-11-231-11/+7
| | | | correct.
* "rdr" -> "match in...rdr-to" in example.sthen2009-10-261-4/+4
|
* Replace remaining occurrence of old PF syntax with "match...nat-to",sthen2009-09-081-14/+13
| | | | | and just talk about "rules" rather than "filter and translation rules". Spotted by/ok jmc@
* Remove some nat-anchor, binat-anchor, rdr-anchor. Noticed by jmc@.sthen2009-09-081-13/+6
| | | | ok henning@
* Uninitialized variable introduced in 1.110.miod2009-01-101-1/+3
|
* variable declaration before use, found by vax, no cookietodd2009-01-101-2/+2
|
* Support group and login class in authpf.allow (%<group>, @<class>)mcbride2009-01-062-10/+53
| | | | ok beck
* protect better against races from incoming signals; slightly changedderaadt2008-10-071-15/+20
| | | | | from 5394 by tracking the fd instead of the fp. ok beck
* grammar; PR 5394deraadt2008-10-051-2/+2
|
* Fix mention of authpf_users table (s/authpf users/authpf_users/).merdely2008-03-181-3/+3
| | | | ok jmc@, mcbride@
* Add authpf-noip, which allows multiple users to connect from a single IP;mcbride2008-02-144-41/+107
| | | | | | | | forces users to write sane rulesets for this by not providing $user_ip or updating the authpf table. testing and prodding by mtu, manpage heavily worked over by jmc ok beck dhartmei henning
* Clean anchors recursively and directly via ioctls rather than using pfctlmcbride2008-02-011-73/+112
| | | | | | | with '-f /dev/null'. Properly clears the user's anchor even when anchors are nested inside it (And avoids having to fork() on exit to run pfctl) ok beck@, with testing by mtu@
* handle empty strings returned by fgetschl2007-09-251-1/+3
| | | | ok ray@
* convert to new .Dd format;jmc2007-05-311-2/+2
|
* exit right away if the config file isn't there, rather thanbeck2007-02-241-3/+7
| | | | | doing a whole bunch of needless screwing around noticed by Stefan Krah <stefan-usenet@bytereef.org>
* license + copyrightbeck2007-02-242-43/+24
|
* Pr 5395 from Stefan Krah <stefan-usenet@bytereef.org>beck2007-02-241-15/+9
| | | | | | | cleanup: remove unused arg no need to clear locals return -1 to allow pid cleanup to happen if fork fails
* this ftruncate is really not needed now, if we're just unlinking.beck2007-02-221-3/+1
| | | | ok millert@
* close 5389 and 5390,beck2007-02-221-7/+6
| | | | | | unused variable and a chance to unlink the pidfile without lock if we couldn't kill a preexisting authpf process. spotted by Stefan Krah <sfk1@bigfoot.com>.
* no need to use "keep state" and "flags S/SA" in pf rules,jmc2006-10-231-8/+6
| | | | | | now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt
* handle SIGQUIT instead of SIGSTOP, from Stefan Krahdhartmei2006-08-091-2/+2
|
* FILE * leakderaadt2006-03-171-1/+3
|
* fix incorrect sizeof(), spotted by ckuethebeck2006-03-141-2/+3
| | | | ok deraadt@
* expand the section on ssh tunnelling machanisms;jmc2006-01-071-2/+5
| | | | from michael knudsen
* correct err() usage and remove the do_death which is unneeded inbeck2005-12-121-3/+2
| | | | the child proceess, (as noticed by <evol@online.ptt.ru>)
* Backout previous change back to 1.92 - My fault, committed diffbeck2005-12-121-27/+32
| | | | from unclean tree.
* Mine, so modernize licensebeck2005-12-091-21/+12
|
* calling do_death() after err makes us exit is not smart, and is inbeck2005-12-091-12/+16
| | | | | | | fact unnecessary, my usage of err() here also repeated the formatted error message twice. - We don't need do_death() here, and fix err to print the message a bit more sanely. Noticed by Andrey Matveev <evol@online.ptt.ru> - Thanks
* make authpf give up group privs before exec'ing pfctl - makes itbeck2005-12-081-2/+16
| | | | so the new taint enforcement for /dev/fd/X opens don't kill it
* default port for ftp-proxy is 8021;jmc2005-09-231-2/+2
| | | | | from johnb (pr #4520); ok deraadt@ ian@
* useless endpwenthenning2005-05-231-2/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.