This project hosts some of the patches we've been working on. This project was
initially named OpenBSD-authpf but since the need for more
modifications came, we thought it would be better not to split them into
separate projects but rather host them under a single one.
Please make sure you update your git configuration files if you used the old repository names.
This code changes the way authpf looks for the configuration file
/etc/authpf/authpf.conf. The change forces authpf to read a different
configuration file based on the name of the executable. This is change is
implemented in a way that does not alter the original way of operation.
This allows us to separate certain configuration parameters that we otherwise couldn't.
anchor=defense/authpf
table=defense_authed
Compiled to test/run with:
cc -O2 -pipe -Wall -c authpf.c
cc -o authpf-offense authpf.o
cc -o authpf-defense authpf.o
This will create two binaries authpf-offense and authpf-defense that you'd have to copy to your /usr/sbin folder.
install -m 6555 -o root -g authpf authpf-offense /usr/sbin
install -m 6555 -o root -g authpf authpf-defense /usr/sbin
Activate and Change the user's shell
echo /usr/sbin/authpf-offense >>/etc/shells
usermod -s /usr/sbin/authpf-offense offense
In order to activate the feature follow the normal authpf instructions and create the required .conf files under /etc/authpf/
echo "anchor=authpf_offense\ntable=offense_authenticated\n">/etc/authpf/authpf-offense.conf
Code cloned from OpenBSD -current with the following command:
cvs -qd [email protected]:/cvs get -P src/usr.sbin/authpf
The diff is produced with the following way:
cd src
cvs diff -u usr.sbin/authpf/authpf.c > ../authpf.patch