From f2719b7c2b8a3b14d778d8a6d8dc729b5174b054 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 20 Apr 2014 13:22:18 +1000 Subject: - tedu@cvs.openbsd.org 2014/03/26 19:58:37 [sshd.8 sshd.c] remove libwrap support. ok deraadt djm mfriedl --- ChangeLog | 3 +++ sshd.8 | 11 ++--------- sshd.c | 27 +-------------------------- 3 files changed, 6 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index 93acf524e..1781b44bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,9 @@ longform __attribute__(__bounded(...)); for brevity and a warning free compilation with llvm/clang + - tedu@cvs.openbsd.org 2014/03/26 19:58:37 + [sshd.8 sshd.c] + remove libwrap support. ok deraadt djm mfriedl 20140401 - (djm) On platforms that support it, use prctl() to prevent sftp-server diff --git a/sshd.8 b/sshd.8 index e6a900b06..289e13ded 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $ -.Dd $Mdocdate: December 7 2013 $ +.\" $OpenBSD: sshd.8,v 1.274 2014/03/26 19:58:37 tedu Exp $ +.Dd $Mdocdate: March 26 2014 $ .Dt SSHD 8 .Os .Sh NAME @@ -851,12 +851,6 @@ the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp -.It Pa /etc/hosts.allow -.It Pa /etc/hosts.deny -Access controls that should be enforced by tcp-wrappers are defined here. -Further details are described in -.Xr hosts_access 5 . -.Pp .It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . @@ -960,7 +954,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr chroot 2 , -.Xr hosts_access 5 , .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , diff --git a/sshd.c b/sshd.c index 045f14941..0ade55771 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -122,13 +122,6 @@ #include "ssh-sandbox.h" #include "version.h" -#ifdef LIBWRAP -#include -#include -int allow_severity; -int deny_severity; -#endif /* LIBWRAP */ - #ifndef O_NOCTTY #define O_NOCTTY 0 #endif @@ -2034,24 +2027,6 @@ main(int ac, char **av) #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); #endif -#ifdef LIBWRAP - allow_severity = options.log_facility|LOG_INFO; - deny_severity = options.log_facility|LOG_WARNING; - /* Check whether logins are denied from this host. */ - if (packet_connection_is_on_socket()) { - struct request_info req; - - request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); - fromhost(&req); - - if (!hosts_access(&req)) { - debug("Connection refused by tcp wrapper"); - refuse(&req); - /* NOTREACHED */ - fatal("libwrap refuse returns"); - } - } -#endif /* LIBWRAP */ /* Log the connection. */ verbose("Connection from %s port %d on %s port %d", -- cgit v1.2.3