summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--sshd.811
-rw-r--r--sshd.c27
3 files changed, 6 insertions, 35 deletions
diff --git a/ChangeLog b/ChangeLog
index 93acf524e..1781b44bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -58,6 +58,9 @@
58 longform __attribute__(__bounded(...)); 58 longform __attribute__(__bounded(...));
59 59
60 for brevity and a warning free compilation with llvm/clang 60 for brevity and a warning free compilation with llvm/clang
61 - tedu@cvs.openbsd.org 2014/03/26 19:58:37
62 [sshd.8 sshd.c]
63 remove libwrap support. ok deraadt djm mfriedl
61 64
6220140401 6520140401
63 - (djm) On platforms that support it, use prctl() to prevent sftp-server 66 - (djm) On platforms that support it, use prctl() to prevent sftp-server
diff --git a/sshd.8 b/sshd.8
index e6a900b06..289e13ded 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $ 36.\" $OpenBSD: sshd.8,v 1.274 2014/03/26 19:58:37 tedu Exp $
37.Dd $Mdocdate: December 7 2013 $ 37.Dd $Mdocdate: March 26 2014 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -851,12 +851,6 @@ the user's home directory becomes accessible.
851This file should be writable only by the user, and need not be 851This file should be writable only by the user, and need not be
852readable by anyone else. 852readable by anyone else.
853.Pp 853.Pp
854.It Pa /etc/hosts.allow
855.It Pa /etc/hosts.deny
856Access controls that should be enforced by tcp-wrappers are defined here.
857Further details are described in
858.Xr hosts_access 5 .
859.Pp
860.It Pa /etc/hosts.equiv 854.It Pa /etc/hosts.equiv
861This file is for host-based authentication (see 855This file is for host-based authentication (see
862.Xr ssh 1 ) . 856.Xr ssh 1 ) .
@@ -960,7 +954,6 @@ The content of this file is not sensitive; it can be world-readable.
960.Xr ssh-keygen 1 , 954.Xr ssh-keygen 1 ,
961.Xr ssh-keyscan 1 , 955.Xr ssh-keyscan 1 ,
962.Xr chroot 2 , 956.Xr chroot 2 ,
963.Xr hosts_access 5 ,
964.Xr login.conf 5 , 957.Xr login.conf 5 ,
965.Xr moduli 5 , 958.Xr moduli 5 ,
966.Xr sshd_config 5 , 959.Xr sshd_config 5 ,
diff --git a/sshd.c b/sshd.c
index 045f14941..0ade55771 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */ 1/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -122,13 +122,6 @@
122#include "ssh-sandbox.h" 122#include "ssh-sandbox.h"
123#include "version.h" 123#include "version.h"
124 124
125#ifdef LIBWRAP
126#include <tcpd.h>
127#include <syslog.h>
128int allow_severity;
129int deny_severity;
130#endif /* LIBWRAP */
131
132#ifndef O_NOCTTY 125#ifndef O_NOCTTY
133#define O_NOCTTY 0 126#define O_NOCTTY 0
134#endif 127#endif
@@ -2034,24 +2027,6 @@ main(int ac, char **av)
2034#ifdef SSH_AUDIT_EVENTS 2027#ifdef SSH_AUDIT_EVENTS
2035 audit_connection_from(remote_ip, remote_port); 2028 audit_connection_from(remote_ip, remote_port);
2036#endif 2029#endif
2037#ifdef LIBWRAP
2038 allow_severity = options.log_facility|LOG_INFO;
2039 deny_severity = options.log_facility|LOG_WARNING;
2040 /* Check whether logins are denied from this host. */
2041 if (packet_connection_is_on_socket()) {
2042 struct request_info req;
2043
2044 request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
2045 fromhost(&req);
2046
2047 if (!hosts_access(&req)) {
2048 debug("Connection refused by tcp wrapper");
2049 refuse(&req);
2050 /* NOTREACHED */
2051 fatal("libwrap refuse returns");
2052 }
2053 }
2054#endif /* LIBWRAP */
2055 2030
2056 /* Log the connection. */ 2031 /* Log the connection. */
2057 verbose("Connection from %s port %d on %s port %d", 2032 verbose("Connection from %s port %d on %s port %d",