mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code
236,936 Commits 1 Branch 0 Tags 812 MiB
394d9b5a8b
Commit Graph

180 Commits

Author SHA1 Message Date
jca
2119819d27 Ignore extra groups that don't fit in the buffer passed to getgrouplist(3) 
Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups.  With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3).  That behavior is explicitely described in initgroups(3).

ok millert@ gilles@
 2024-11-04 21:59:15 +00:00
jsg
25a24f0b58 Avoid gendered language in man pages when not referring to a specific 
person. Rewrite or use singular they.

ok thfr@ sthen@ daniel@ ian@ job@ kmos@ jcs@ ratchov@ phessler@ and
others I'm likely missing on an earlier version.
feedback tj@, feedback and ok jmc@
 2022-02-18 23:17:13 +00:00
guenther
6668a73640 When it's the possessive of 'it', it's spelled "its", without the 
apostrophe.
 2022-01-28 06:33:26 +00:00
jmc
e623aa45f7 "Protocol" keyword no longer used; from martin vahlensieck 2020-04-05 10:11:07 +00:00
deraadt
df69c215c7 When system calls indicate an error they return -1, not some arbitrary 
value < 0.  errno is only updated in this case.  Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
 2019-06-28 13:32:41 +00:00
guenther
f414793931 Use <fcntl.h> instead of <sys/file.h> for open() and friends. 
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.

ok deraadt@ krw@
 2018-04-26 12:42:50 +00:00
cheloha
6f074127ef Use the monotonic clock to compute the session duration. 
Ensures the correct duration is logged even if the system
time is changed during the session.

ok jca@
 2018-01-16 17:07:49 +00:00
jmc
faa33665ab for some time now mandoc has not required MLINKS to function 
correctly - logically complete that now by removing MLINKS from base;

authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;

ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung
 2016-03-30 06:38:40 +00:00
mestre
c364e0ec61 - Add missing goto in order to avoid a dereference of a null object 
- While here remove lint comment

OK millert@
 2016-03-29 14:53:27 +00:00
mmcc
402e12b767 Remove a NULL-check before free(). 2015-12-08 07:11:53 +00:00
jmc
0aee06c65c replace "can not" with "cannot"; 2015-11-01 21:26:48 +00:00
deraadt
68928c43a9 Include <netinet/in.h> before <net/pfvar.h>. In a future change when 
ports is ready, <net/pfvar.h> will stop including a pile of balony.
 2015-01-21 21:50:32 +00:00
deraadt
b06f065dc1 switch to PATH_MAX 2015-01-15 23:59:28 +00:00
deraadt
e0e27c8121 remove stupid cast 2014-10-08 02:11:54 +00:00
deraadt
f265b59b94 use setresgid() 
ok guenther millert
 2014-04-02 02:12:24 +00:00
guenther
42cfecbbf1 Handle big time_t 
ok deraadt@
 2013-04-02 06:04:50 +00:00
miod
0987cbc7e1 fix build with gcc 2 2013-01-19 16:58:16 +00:00
beck
e5a64f8b6f Per group support for authpf rules files in /etc/authpf/groups. 
largely by Frank Timmers <frankt@smurfnet.eu> with fixups by me
and jmc@.
 2013-01-15 23:03:37 +00:00
claudio
3b6169f364 Fix file descriptor leak reported by someone on the mailing list long time 
ago. OK beck@
 2012-07-07 12:55:29 +00:00
sobrado
3cc742f358 remove trailing spaces and tabs; no binary change. 
written with help from henning@, who suggested ensuring that there
are no changes in the digests for object files, thanks!

ok henning@
 2010-09-02 14:01:04 +00:00
jmc
6e3dac889b tweak previous: there was a word missing, but i've just changed 
the wording to match that of a similar piece of text already in this page;
 2010-01-27 21:36:58 +00:00
todd
33c3bf743f search for authpf.message in $USER dirs also 
from Rafal Bisingier ravbc at man dot pozman dot pl, ok beck@
 2010-01-27 15:36:17 +00:00
claudio
a0a7d58196 Make the tree compile again. Henning and I are both quite sure this is 
correct.
 2009-11-23 00:47:56 +00:00
sthen
c0e2b491eb "rdr" -> "match in...rdr-to" in example. 2009-10-26 22:06:13 +00:00
sthen
8ddfa74e40 Replace remaining occurrence of old PF syntax with "match...nat-to", 
and just talk about "rules" rather than "filter and translation rules".
Spotted by/ok jmc@
 2009-09-08 07:34:48 +00:00
sthen
1d96d4a0ef Remove some nat-anchor, binat-anchor, rdr-anchor. Noticed by jmc@. 
ok henning@
 2009-09-08 06:59:18 +00:00
miod
979e17136f Uninitialized variable introduced in 1.110. 2009-01-10 19:08:53 +00:00
todd
e67ff5042c variable declaration before use, found by vax, no cookie 2009-01-10 17:17:32 +00:00
mcbride
7940323a0c Support group and login class in authpf.allow (%<group>, @<class>) 
ok beck
 2009-01-06 03:11:50 +00:00
deraadt
1be1eb5cb3 protect better against races from incoming signals; slightly changed 
from 5394 by tracking the fd instead of the fp.
ok beck
 2008-10-07 17:27:17 +00:00
deraadt
1e12106a47 grammar; PR 5394 2008-10-05 21:10:14 +00:00
merdely
6a41b579d5 Fix mention of authpf_users table (s/authpf users/authpf_users/). 
ok jmc@, mcbride@
 2008-03-18 23:03:14 +00:00
mcbride
bdd45003ab Add authpf-noip, which allows multiple users to connect from a single IP; 
forces users to write sane rulesets for this by not providing $user_ip or
updating the authpf table.

testing and prodding by mtu, manpage heavily worked over by jmc
ok beck dhartmei henning
 2008-02-14 01:49:17 +00:00
mcbride
59d5b6a4fa Clean anchors recursively and directly via ioctls rather than using pfctl 
with '-f /dev/null'.  Properly clears the user's anchor even when anchors
are nested inside it (And avoids having to fork() on exit to run pfctl)

ok beck@, with testing by mtu@
 2008-02-01 07:08:03 +00:00
chl
4b7b714f47 handle empty strings returned by fgets 
ok ray@
 2007-09-25 11:20:34 +00:00
jmc
9490d37cb6 convert to new .Dd format; 2007-05-31 19:19:00 +00:00
beck
bd736532b3 exit right away if the config file isn't there, rather than 
doing a whole bunch of needless screwing around
noticed by Stefan Krah <stefan-usenet@bytereef.org>
 2007-02-24 17:35:08 +00:00
beck
8aff7383e6 license + copyright 2007-02-24 17:21:04 +00:00
beck
f6004c0df0 Pr 5395 from Stefan Krah <stefan-usenet@bytereef.org> 
cleanup:
remove unused arg
no need to clear locals
return -1 to allow pid cleanup to happen if fork fails
 2007-02-24 17:14:26 +00:00
beck
f1e90e6e08 this ftruncate is really not needed now, if we're just unlinking. 
ok millert@
 2007-02-22 21:54:23 +00:00
beck
5fba32bbdf close 5389 and 5390, 
unused variable and a chance to unlink the pidfile without lock
if we couldn't kill a preexisting authpf process.
spotted by Stefan Krah <sfk1@bigfoot.com>.
 2007-02-22 21:15:41 +00:00
jmc
8605b7ebee no need to use "keep state" and "flags S/SA" in pf rules, 
now that it is the default;

ok henning mcbride camield (ftp-proxy bits) deraadt
 2006-10-23 07:05:49 +00:00
dhartmei
19338c8e6f handle SIGQUIT instead of SIGSTOP, from Stefan Krah 2006-08-09 16:21:39 +00:00
deraadt
59e75d462a FILE * leak 2006-03-17 22:00:27 +00:00
beck
c8c96bff88 fix incorrect sizeof(), spotted by ckuethe 
ok deraadt@
 2006-03-14 21:45:14 +00:00
jmc
76fa9c97a4 expand the section on ssh tunnelling machanisms; 
from michael knudsen
 2006-01-07 16:42:16 +00:00
beck
ab1312c306 correct err() usage and remove the do_death which is unneeded in 
the child proceess, (as noticed by <evol@online.ptt.ru>)
 2005-12-12 16:06:01 +00:00
beck
d81ff81e16 Backout previous change back to 1.92 - My fault, committed diff 
from unclean tree.
 2005-12-12 16:02:32 +00:00
beck
516698e36f Mine, so modernize license 2005-12-09 23:51:21 +00:00
beck
ac1b594eea calling do_death() after err makes us exit is not smart, and is in 
fact unnecessary, my usage of err() here also repeated the formatted
error message twice. - We don't need do_death() here, and fix err
to print the message a bit more sanely.
Noticed by Andrey Matveev <evol@online.ptt.ru> - Thanks
 2005-12-09 23:41:57 +00:00