1 files changed, 25 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index cf38baebf..9cbe8c4ae 100644
--- a/sshd.c
+++ b/sshd.c
@@ -129,6 +129,13 @@
 #include <Security/AuthSession.h>
 #endif
+#ifdef LIBWRAP
+#include <tcpd.h>
+#include <syslog.h>
+int allow_severity;
+int deny_severity;
+#endif /* LIBWRAP */
 #ifndef O_NOCTTY
 #define O_NOCTTY        0
 #endif
@@ -2133,6 +2140,24 @@ main(int ac, char **av)
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
 #endif
+#ifdef LIBWRAP
+        allow_severity = options.log_facility|LOG_INFO;
+        deny_severity = options.log_facility|LOG_WARNING;
+        /* Check whether logins are denied from this host. */
+        if (packet_connection_is_on_socket()) {
+                struct request_info req;
+                request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
+                fromhost(&req);
+                if (!hosts_access(&req)) {
+                        debug("Connection refused by tcp wrapper");
+                        refuse(&req);
+                        /* NOTREACHED */
+                        fatal("libwrap refuse returns");
+                }
+        }
+#endif /* LIBWRAP */
        /* Log the connection. */
        verbose("Connection from %s port %d on %s port %d",

diff --git a/sshd.c b/sshd.c index cf38baebf..9cbe8c4ae 100644 --- a/sshd.c +++ b/sshd.c
@@ -129,6 +129,13 @@
129	#include <Security/AuthSession.h>	129	#include <Security/AuthSession.h>
130	#endif	130	#endif
131		131
		132	#ifdef LIBWRAP
		133	#include <tcpd.h>
		134	#include <syslog.h>
		135	int allow_severity;
		136	int deny_severity;
		137	#endif /* LIBWRAP */
		138
132	#ifndef O_NOCTTY	139	#ifndef O_NOCTTY
133	#define O_NOCTTY 0	140	#define O_NOCTTY 0
134	#endif	141	#endif
@@ -2133,6 +2140,24 @@ main(int ac, char **av)
2133	#ifdef SSH_AUDIT_EVENTS	2140	#ifdef SSH_AUDIT_EVENTS
2134	audit_connection_from(remote_ip, remote_port);	2141	audit_connection_from(remote_ip, remote_port);
2135	#endif	2142	#endif
		2143	#ifdef LIBWRAP
		2144	allow_severity = options.log_facility\|LOG_INFO;
		2145	deny_severity = options.log_facility\|LOG_WARNING;
		2146	/* Check whether logins are denied from this host. */
		2147	if (packet_connection_is_on_socket()) {
		2148	struct request_info req;
		2149
		2150	request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
		2151	fromhost(&req);
		2152
		2153	if (!hosts_access(&req)) {
		2154	debug("Connection refused by tcp wrapper");
		2155	refuse(&req);
		2156	/* NOTREACHED */
		2157	fatal("libwrap refuse returns");
		2158	}
		2159	}
		2160	#endif /* LIBWRAP */
2136		2161
2137	/* Log the connection. */	2162	/* Log the connection. */
2138	verbose("Connection from %s port %d on %s port %d",	2163	verbose("Connection from %s port %d on %s port %d",