1 files changed, 25 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index 45e50fac3..a66e9ca6c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -126,6 +126,13 @@
 #include <Security/AuthSession.h>
 #endif
+#ifdef LIBWRAP
+#include <tcpd.h>
+#include <syslog.h>
+int allow_severity;
+int deny_severity;
+#endif /* LIBWRAP */
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD    (STDERR_FILENO + 1)
 #define REEXEC_STARTUP_PIPE_FD          (STDERR_FILENO + 2)
@@ -1987,6 +1994,24 @@ main(int ac, char **av)
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
 #endif
+#ifdef LIBWRAP
+        allow_severity = options.log_facility|LOG_INFO;
+        deny_severity = options.log_facility|LOG_WARNING;
+        /* Check whether logins are denied from this host. */
+        if (packet_connection_is_on_socket()) {
+                struct request_info req;
+                request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
+                fromhost(&req);
+                if (!hosts_access(&req)) {
+                        debug("Connection refused by tcp wrapper");
+                        refuse(&req);
+                        /* NOTREACHED */
+                        fatal("libwrap refuse returns");
+                }
+        }
+#endif /* LIBWRAP */
        /* Log the connection. */
        laddr = get_local_ipaddr(sock_in);

diff --git a/sshd.c b/sshd.c index 45e50fac3..a66e9ca6c 100644 --- a/sshd.c +++ b/sshd.c
@@ -126,6 +126,13 @@
126	#include <Security/AuthSession.h>	126	#include <Security/AuthSession.h>
127	#endif	127	#endif
128		128
		129	#ifdef LIBWRAP
		130	#include <tcpd.h>
		131	#include <syslog.h>
		132	int allow_severity;
		133	int deny_severity;
		134	#endif /* LIBWRAP */
		135
129	/* Re-exec fds */	136	/* Re-exec fds */
130	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)	137	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
131	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)	138	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -1987,6 +1994,24 @@ main(int ac, char **av)
1987	#ifdef SSH_AUDIT_EVENTS	1994	#ifdef SSH_AUDIT_EVENTS
1988	audit_connection_from(remote_ip, remote_port);	1995	audit_connection_from(remote_ip, remote_port);
1989	#endif	1996	#endif
		1997	#ifdef LIBWRAP
		1998	allow_severity = options.log_facility\|LOG_INFO;
		1999	deny_severity = options.log_facility\|LOG_WARNING;
		2000	/* Check whether logins are denied from this host. */
		2001	if (packet_connection_is_on_socket()) {
		2002	struct request_info req;
		2003
		2004	request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
		2005	fromhost(&req);
		2006
		2007	if (!hosts_access(&req)) {
		2008	debug("Connection refused by tcp wrapper");
		2009	refuse(&req);
		2010	/* NOTREACHED */
		2011	fatal("libwrap refuse returns");
		2012	}
		2013	}
		2014	#endif /* LIBWRAP */
1990		2015
1991	/* Log the connection. */	2016	/* Log the connection. */
1992	laddr = get_local_ipaddr(sock_in);	2017	laddr = get_local_ipaddr(sock_in);