3 files changed, 6 insertions, 35 deletions

diff --git a/ChangeLog b/ChangeLog
index 93acf524e..1781b44bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -58,6 +58,9 @@
      longform __attribute__(__bounded(...));
      
      for brevity and a warning free compilation with llvm/clang
+   - tedu@cvs.openbsd.org 2014/03/26 19:58:37
+     [sshd.8 sshd.c]
+     remove libwrap support. ok deraadt djm mfriedl
 
 20140401
  - (djm) On platforms that support it, use prctl() to prevent sftp-server
diff --git a/sshd.8 b/sshd.8
index e6a900b06..289e13ded 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $
-.Dd $Mdocdate: December 7 2013 $
+.\" $OpenBSD: sshd.8,v 1.274 2014/03/26 19:58:37 tedu Exp $
+.Dd $Mdocdate: March 26 2014 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -851,12 +851,6 @@ the user's home directory becomes accessible.
 This file should be writable only by the user, and need not be
 readable by anyone else.
 .Pp
-.It Pa /etc/hosts.allow
-.It Pa /etc/hosts.deny
-Access controls that should be enforced by tcp-wrappers are defined here.
-Further details are described in
-.Xr hosts_access 5 .
-.Pp
 .It Pa /etc/hosts.equiv
 This file is for host-based authentication (see
 .Xr ssh 1 ) .
@@ -960,7 +954,6 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
-.Xr hosts_access 5 ,
 .Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
diff --git a/sshd.c b/sshd.c
index 045f14941..0ade55771 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -122,13 +122,6 @@
 #include "ssh-sandbox.h"
 #include "version.h"
 
-#ifdef LIBWRAP
-#include <tcpd.h>
-#include <syslog.h>
-int allow_severity;
-int deny_severity;
-#endif /* LIBWRAP */
-
 #ifndef O_NOCTTY
 #define O_NOCTTY        0
 #endif
@@ -2034,24 +2027,6 @@ main(int ac, char **av)
 #ifdef SSH_AUDIT_EVENTS
         audit_connection_from(remote_ip, remote_port);
 #endif
-#ifdef LIBWRAP
-        allow_severity = options.log_facility|LOG_INFO;
-        deny_severity = options.log_facility|LOG_WARNING;
-        /* Check whether logins are denied from this host. */
-        if (packet_connection_is_on_socket()) {
-                struct request_info req;
-
-                request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
-                fromhost(&req);
-
-                if (!hosts_access(&req)) {
-                        debug("Connection refused by tcp wrapper");
-                        refuse(&req);
-                        /* NOTREACHED */
-                        fatal("libwrap refuse returns");
-                }
-        }
-#endif /* LIBWRAP */
 
         /* Log the connection. */
         verbose("Connection from %s port %d on %s port %d",