diff options
| author | Damien Miller <djm@mindrot.org> | 2014-04-20 13:22:18 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-04-20 13:22:18 +1000 |
| commit | f2719b7c2b8a3b14d778d8a6d8dc729b5174b054 (patch) | |
| tree | abf07c1ae81a813f67a86ed4074e43e2ed949de0 | |
| parent | 4f40209aa4060b9c066a2f0d9332ace7b8dfb391 (diff) | |
- tedu@cvs.openbsd.org 2014/03/26 19:58:37
[sshd.8 sshd.c]
remove libwrap support. ok deraadt djm mfriedl
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | sshd.8 | 11 | ||||
| -rw-r--r-- | sshd.c | 27 |
3 files changed, 6 insertions, 35 deletions
@@ -58,6 +58,9 @@ longform __attribute__(__bounded(...)); for brevity and a warning free compilation with llvm/clang + - tedu@cvs.openbsd.org 2014/03/26 19:58:37 + [sshd.8 sshd.c] + remove libwrap support. ok deraadt djm mfriedl 20140401 - (djm) On platforms that support it, use prctl() to prevent sftp-server @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $ -.Dd $Mdocdate: December 7 2013 $ +.\" $OpenBSD: sshd.8,v 1.274 2014/03/26 19:58:37 tedu Exp $ +.Dd $Mdocdate: March 26 2014 $ .Dt SSHD 8 .Os .Sh NAME @@ -851,12 +851,6 @@ the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. .Pp -.It Pa /etc/hosts.allow -.It Pa /etc/hosts.deny -Access controls that should be enforced by tcp-wrappers are defined here. -Further details are described in -.Xr hosts_access 5 . -.Pp .It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . @@ -960,7 +954,6 @@ The content of this file is not sensitive; it can be world-readable. .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr chroot 2 , -.Xr hosts_access 5 , .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -122,13 +122,6 @@ #include "ssh-sandbox.h" #include "version.h" -#ifdef LIBWRAP -#include <tcpd.h> -#include <syslog.h> -int allow_severity; -int deny_severity; -#endif /* LIBWRAP */ - #ifndef O_NOCTTY #define O_NOCTTY 0 #endif @@ -2034,24 +2027,6 @@ main(int ac, char **av) #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); #endif -#ifdef LIBWRAP - allow_severity = options.log_facility|LOG_INFO; - deny_severity = options.log_facility|LOG_WARNING; - /* Check whether logins are denied from this host. */ - if (packet_connection_is_on_socket()) { - struct request_info req; - - request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); - fromhost(&req); - - if (!hosts_access(&req)) { - debug("Connection refused by tcp wrapper"); - refuse(&req); - /* NOTREACHED */ - fatal("libwrap refuse returns"); - } - } -#endif /* LIBWRAP */ /* Log the connection. */ verbose("Connection from %s port %d on %s port %d", |