1 files changed, 25 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index 8c5d5822e..a50ec3584 100644
--- a/sshd.c
+++ b/sshd.c
@@ -124,6 +124,13 @@
 #include "ssherr.h"
 #include "sk-api.h"
+#ifdef LIBWRAP
+#include <tcpd.h>
+#include <syslog.h>
+int allow_severity;
+int deny_severity;
+#endif /* LIBWRAP */
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD    (STDERR_FILENO + 1)
 #define REEXEC_STARTUP_PIPE_FD          (STDERR_FILENO + 2)
@@ -2183,6 +2190,24 @@ main(int ac, char **av)
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
 #endif
+#ifdef LIBWRAP
+        allow_severity = options.log_facility|LOG_INFO;
+        deny_severity = options.log_facility|LOG_WARNING;
+        /* Check whether logins are denied from this host. */
+        if (ssh_packet_connection_is_on_socket(ssh)) {
+                struct request_info req;
+                request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
+                fromhost(&req);
+                if (!hosts_access(&req)) {
+                        debug("Connection refused by tcp wrapper");
+                        refuse(&req);
+                        /* NOTREACHED */
+                        fatal("libwrap refuse returns");
+                }
+        }
+#endif /* LIBWRAP */
        rdomain = ssh_packet_rdomain_in(ssh);

diff --git a/sshd.c b/sshd.c index 8c5d5822e..a50ec3584 100644 --- a/sshd.c +++ b/sshd.c
@@ -124,6 +124,13 @@
124	#include "ssherr.h"	124	#include "ssherr.h"
125	#include "sk-api.h"	125	#include "sk-api.h"
126		126
		127	#ifdef LIBWRAP
		128	#include <tcpd.h>
		129	#include <syslog.h>
		130	int allow_severity;
		131	int deny_severity;
		132	#endif /* LIBWRAP */
		133
127	/* Re-exec fds */	134	/* Re-exec fds */
128	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)	135	#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
129	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)	136	#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -2183,6 +2190,24 @@ main(int ac, char **av)
2183	#ifdef SSH_AUDIT_EVENTS	2190	#ifdef SSH_AUDIT_EVENTS
2184	audit_connection_from(remote_ip, remote_port);	2191	audit_connection_from(remote_ip, remote_port);
2185	#endif	2192	#endif
		2193	#ifdef LIBWRAP
		2194	allow_severity = options.log_facility\|LOG_INFO;
		2195	deny_severity = options.log_facility\|LOG_WARNING;
		2196	/* Check whether logins are denied from this host. */
		2197	if (ssh_packet_connection_is_on_socket(ssh)) {
		2198	struct request_info req;
		2199
		2200	request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
		2201	fromhost(&req);
		2202
		2203	if (!hosts_access(&req)) {
		2204	debug("Connection refused by tcp wrapper");
		2205	refuse(&req);
		2206	/* NOTREACHED */
		2207	fatal("libwrap refuse returns");
		2208	}
		2209	}
		2210	#endif /* LIBWRAP */
2186		2211
2187	rdomain = ssh_packet_rdomain_in(ssh);	2212	rdomain = ssh_packet_rdomain_in(ssh);
2188		2213