- tedu@cvs.openbsd.org 2014/03/26 19:58:37

[sshd.8 sshd.c] remove libwrap support. ok deraadt djm mfriedl
author: Damien Miller <djm@mindrot.org> 2014-04-20 13:22:18 +1000
committer: Damien Miller <djm@mindrot.org> 2014-04-20 13:22:18 +1000
commit: f2719b7c2b8a3b14d778d8a6d8dc729b5174b054 (patch)
tree: abf07c1ae81a813f67a86ed4074e43e2ed949de0
parent: 4f40209aa4060b9c066a2f0d9332ace7b8dfb391 (diff)
3 files changed, 6 insertions, 35 deletions
diff --git a/ChangeLog b/ChangeLog
index 93acf524e..1781b44bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -58,6 +58,9 @@
     longform __attribute__(__bounded(...));
     
     for brevity and a warning free compilation with llvm/clang
+   - tedu@cvs.openbsd.org 2014/03/26 19:58:37
+     [sshd.8 sshd.c]
+     remove libwrap support. ok deraadt djm mfriedl
 20140401
 - (djm) On platforms that support it, use prctl() to prevent sftp-server
diff --git a/sshd.8 b/sshd.8
index e6a900b06..289e13ded 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $
+.\" $OpenBSD: sshd.8,v 1.274 2014/03/26 19:58:37 tedu Exp $
-.Dd $Mdocdate: December 7 2013 $
+.Dd $Mdocdate: March 26 2014 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -851,12 +851,6 @@ the user's home directory becomes accessible.
 This file should be writable only by the user, and need not be
 readable by anyone else.
 .Pp
-.It Pa /etc/hosts.allow
-.It Pa /etc/hosts.deny
-Access controls that should be enforced by tcp-wrappers are defined here.
-Further details are described in
-.Xr hosts_access 5 .
-.Pp
 .It Pa /etc/hosts.equiv
 This file is for host-based authentication (see
 .Xr ssh 1 ) .
@@ -960,7 +954,6 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
-.Xr hosts_access 5 ,
 .Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
diff --git a/sshd.c b/sshd.c
index 045f14941..0ade55771 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -122,13 +122,6 @@
 #include "ssh-sandbox.h"
 #include "version.h"
-#ifdef LIBWRAP
-#include <tcpd.h>
-#include <syslog.h>
-int allow_severity;
-int deny_severity;
-#endif /* LIBWRAP */
 #ifndef O_NOCTTY
 #define O_NOCTTY        0
 #endif
@@ -2034,24 +2027,6 @@ main(int ac, char **av)
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
 #endif
-#ifdef LIBWRAP
-        allow_severity = options.log_facility|LOG_INFO;
-        deny_severity = options.log_facility|LOG_WARNING;
-        /* Check whether logins are denied from this host. */
-        if (packet_connection_is_on_socket()) {
-                struct request_info req;
-                request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
-                fromhost(&req);
-                if (!hosts_access(&req)) {
-                        debug("Connection refused by tcp wrapper");
-                        refuse(&req);
-                        /* NOTREACHED */
-                        fatal("libwrap refuse returns");
-                }
-        }
-#endif /* LIBWRAP */
        /* Log the connection. */
        verbose("Connection from %s port %d on %s port %d",
author	Damien Miller <djm@mindrot.org>	2014-04-20 13:22:18 +1000
committer	Damien Miller <djm@mindrot.org>	2014-04-20 13:22:18 +1000
commit	f2719b7c2b8a3b14d778d8a6d8dc729b5174b054 (patch)
tree	abf07c1ae81a813f67a86ed4074e43e2ed949de0
parent	4f40209aa4060b9c066a2f0d9332ace7b8dfb391 (diff)