Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | "Protocol" keyword no longer used; from martin vahlensieck | jmc | 2020-04-05 | 1 | -3/+2 |
| | |||||
* | When system calls indicate an error they return -1, not some arbitrary | deraadt | 2019-06-28 | 1 | -10/+10 |
| | | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. | ||||
* | Use <fcntl.h> instead of <sys/file.h> for open() and friends. | guenther | 2018-04-26 | 1 | -2/+2 |
| | | | | | | | Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup. ok deraadt@ krw@ | ||||
* | Use the monotonic clock to compute the session duration. | cheloha | 2018-01-16 | 1 | -5/+5 |
| | | | | | | | Ensures the correct duration is logged even if the system time is changed during the session. ok jca@ | ||||
* | for some time now mandoc has not required MLINKS to function | jmc | 2016-03-30 | 1 | -2/+1 |
| | | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung | ||||
* | - Add missing goto in order to avoid a dereference of a null object | mestre | 2016-03-29 | 1 | -2/+2 |
| | | | | | | - While here remove lint comment OK millert@ | ||||
* | Remove a NULL-check before free(). | mmcc | 2015-12-08 | 1 | -5/+3 |
| | |||||
* | replace "can not" with "cannot"; | jmc | 2015-11-01 | 1 | -3/+3 |
| | |||||
* | Include <netinet/in.h> before <net/pfvar.h>. In a future change when | deraadt | 2015-01-21 | 1 | -2/+3 |
| | | | | ports is ready, <net/pfvar.h> will stop including a pile of balony. | ||||
* | switch to PATH_MAX | deraadt | 2015-01-15 | 1 | -8/+8 |
| | |||||
* | remove stupid cast | deraadt | 2014-10-08 | 1 | -2/+2 |
| | |||||
* | use setresgid() | deraadt | 2014-04-02 | 1 | -2/+2 |
| | | | | ok guenther millert | ||||
* | Handle big time_t | guenther | 2013-04-02 | 1 | -3/+3 |
| | | | | ok deraadt@ | ||||
* | fix build with gcc 2 | miod | 2013-01-19 | 1 | -6/+6 |
| | |||||
* | Per group support for authpf rules files in /etc/authpf/groups. | beck | 2013-01-15 | 3 | -8/+27 |
| | | | | | largely by Frank Timmers <frankt@smurfnet.eu> with fixups by me and jmc@. | ||||
* | Fix file descriptor leak reported by someone on the mailing list long time | claudio | 2012-07-07 | 1 | -2/+6 |
| | | | | ago. OK beck@ | ||||
* | remove trailing spaces and tabs; no binary change. | sobrado | 2010-09-02 | 1 | -6/+6 |
| | | | | | | | written with help from henning@, who suggested ensuring that there are no changes in the digests for object files, thanks! ok henning@ | ||||
* | tweak previous: there was a word missing, but i've just changed | jmc | 2010-01-27 | 1 | -2/+2 |
| | | | | the wording to match that of a similar piece of text already in this page; | ||||
* | search for authpf.message in $USER dirs also | todd | 2010-01-27 | 2 | -7/+21 |
| | | | | from Rafal Bisingier ravbc at man dot pozman dot pl, ok beck@ | ||||
* | Make the tree compile again. Henning and I are both quite sure this is | claudio | 2009-11-23 | 1 | -11/+7 |
| | | | | correct. | ||||
* | "rdr" -> "match in...rdr-to" in example. | sthen | 2009-10-26 | 1 | -4/+4 |
| | |||||
* | Replace remaining occurrence of old PF syntax with "match...nat-to", | sthen | 2009-09-08 | 1 | -14/+13 |
| | | | | | and just talk about "rules" rather than "filter and translation rules". Spotted by/ok jmc@ | ||||
* | Remove some nat-anchor, binat-anchor, rdr-anchor. Noticed by jmc@. | sthen | 2009-09-08 | 1 | -13/+6 |
| | | | | ok henning@ | ||||
* | Uninitialized variable introduced in 1.110. | miod | 2009-01-10 | 1 | -1/+3 |
| | |||||
* | variable declaration before use, found by vax, no cookie | todd | 2009-01-10 | 1 | -2/+2 |
| | |||||
* | Support group and login class in authpf.allow (%<group>, @<class>) | mcbride | 2009-01-06 | 2 | -10/+53 |
| | | | | ok beck | ||||
* | protect better against races from incoming signals; slightly changed | deraadt | 2008-10-07 | 1 | -15/+20 |
| | | | | | from 5394 by tracking the fd instead of the fp. ok beck | ||||
* | grammar; PR 5394 | deraadt | 2008-10-05 | 1 | -2/+2 |
| | |||||
* | Fix mention of authpf_users table (s/authpf users/authpf_users/). | merdely | 2008-03-18 | 1 | -3/+3 |
| | | | | ok jmc@, mcbride@ | ||||
* | Add authpf-noip, which allows multiple users to connect from a single IP; | mcbride | 2008-02-14 | 4 | -41/+107 |
| | | | | | | | | forces users to write sane rulesets for this by not providing $user_ip or updating the authpf table. testing and prodding by mtu, manpage heavily worked over by jmc ok beck dhartmei henning | ||||
* | Clean anchors recursively and directly via ioctls rather than using pfctl | mcbride | 2008-02-01 | 1 | -73/+112 |
| | | | | | | | with '-f /dev/null'. Properly clears the user's anchor even when anchors are nested inside it (And avoids having to fork() on exit to run pfctl) ok beck@, with testing by mtu@ | ||||
* | handle empty strings returned by fgets | chl | 2007-09-25 | 1 | -1/+3 |
| | | | | ok ray@ | ||||
* | convert to new .Dd format; | jmc | 2007-05-31 | 1 | -2/+2 |
| | |||||
* | exit right away if the config file isn't there, rather than | beck | 2007-02-24 | 1 | -3/+7 |
| | | | | | doing a whole bunch of needless screwing around noticed by Stefan Krah <stefan-usenet@bytereef.org> | ||||
* | license + copyright | beck | 2007-02-24 | 2 | -43/+24 |
| | |||||
* | Pr 5395 from Stefan Krah <stefan-usenet@bytereef.org> | beck | 2007-02-24 | 1 | -15/+9 |
| | | | | | | | cleanup: remove unused arg no need to clear locals return -1 to allow pid cleanup to happen if fork fails | ||||
* | this ftruncate is really not needed now, if we're just unlinking. | beck | 2007-02-22 | 1 | -3/+1 |
| | | | | ok millert@ | ||||
* | close 5389 and 5390, | beck | 2007-02-22 | 1 | -7/+6 |
| | | | | | | unused variable and a chance to unlink the pidfile without lock if we couldn't kill a preexisting authpf process. spotted by Stefan Krah <sfk1@bigfoot.com>. | ||||
* | no need to use "keep state" and "flags S/SA" in pf rules, | jmc | 2006-10-23 | 1 | -8/+6 |
| | | | | | | now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt | ||||
* | handle SIGQUIT instead of SIGSTOP, from Stefan Krah | dhartmei | 2006-08-09 | 1 | -2/+2 |
| | |||||
* | FILE * leak | deraadt | 2006-03-17 | 1 | -1/+3 |
| | |||||
* | fix incorrect sizeof(), spotted by ckuethe | beck | 2006-03-14 | 1 | -2/+3 |
| | | | | ok deraadt@ | ||||
* | expand the section on ssh tunnelling machanisms; | jmc | 2006-01-07 | 1 | -2/+5 |
| | | | | from michael knudsen | ||||
* | correct err() usage and remove the do_death which is unneeded in | beck | 2005-12-12 | 1 | -3/+2 |
| | | | | the child proceess, (as noticed by <evol@online.ptt.ru>) | ||||
* | Backout previous change back to 1.92 - My fault, committed diff | beck | 2005-12-12 | 1 | -27/+32 |
| | | | | from unclean tree. | ||||
* | Mine, so modernize license | beck | 2005-12-09 | 1 | -21/+12 |
| | |||||
* | calling do_death() after err makes us exit is not smart, and is in | beck | 2005-12-09 | 1 | -12/+16 |
| | | | | | | | fact unnecessary, my usage of err() here also repeated the formatted error message twice. - We don't need do_death() here, and fix err to print the message a bit more sanely. Noticed by Andrey Matveev <evol@online.ptt.ru> - Thanks | ||||
* | make authpf give up group privs before exec'ing pfctl - makes it | beck | 2005-12-08 | 1 | -2/+16 |
| | | | | so the new taint enforcement for /dev/fd/X opens don't kill it | ||||
* | default port for ftp-proxy is 8021; | jmc | 2005-09-23 | 1 | -2/+2 |
| | | | | | from johnb (pr #4520); ok deraadt@ ian@ | ||||
* | useless endpwent | henning | 2005-05-23 | 1 | -2/+1 |
| |