This removes libwrap support from ftpd and sshd.
Index: libexec/ftpd/Makefile
===================================================================
RCS file: /cvs/src/libexec/ftpd/Makefile,v
retrieving revision 1.24
diff -u -p -r1.24 Makefile
--- libexec/ftpd/Makefile 15 Jun 2005 16:13:27 -0000 1.24
+++ libexec/ftpd/Makefile 23 Mar 2014 21:27:13 -0000
@@ -24,10 +24,4 @@ CPPFLAGS+=-DINET6
LDADD+= -lutil
DPADD+= ${LIBUTIL}
-.if (${TCP_WRAPPERS:L} == "yes")
-CFLAGS+=-DTCPWRAPPERS
-LDADD+= -lwrap
-DPADD+= ${LIBWRAP}
-.endif
-
.include <bsd.prog.mk>
Index: libexec/ftpd/ftpd.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.202
diff -u -p -r1.202 ftpd.c
--- libexec/ftpd/ftpd.c 17 Mar 2014 23:23:37 -0000 1.202
+++ libexec/ftpd/ftpd.c 23 Mar 2014 21:27:53 -0000
@@ -101,10 +101,6 @@
#include <utmp.h>
#include <poll.h>
-#if defined(TCPWRAPPERS)
-#include <tcpd.h>
-#endif /* TCPWRAPPERS */
-
#include "pathnames.h"
#include "monitor.h"
#include "extern.h"
@@ -169,11 +165,6 @@ static login_cap_t *lc;
static auth_session_t *as;
static volatile sig_atomic_t recvurg;
-#if defined(TCPWRAPPERS)
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_NOTICE;
-#endif /* TCPWRAPPERS */
-
int epsvall = 0;
/*
@@ -229,9 +220,6 @@ static int send_data(FILE *, FILE *, of
static struct passwd *
sgetpwnam(char *, struct passwd *);
static void reapchild(int);
-#if defined(TCPWRAPPERS)
-static int check_host(struct sockaddr *);
-#endif /* TCPWRAPPERS */
static void usage(void);
void logxfer(char *, off_t, time_t);
@@ -530,11 +518,6 @@ main(int argc, char *argv[])
(void)dup2(fd, STDOUT_FILENO);
for (i = 0; i < n; i++)
close(fds[i]);
-#if defined(TCPWRAPPERS)
- /* ..in the child. */
- if (!check_host((struct sockaddr *)&his_addr))
- exit(1);
-#endif /* TCPWRAPPERS */
} else {
addrlen = sizeof(his_addr);
if (getpeername(0, (struct sockaddr *)&his_addr,
@@ -2890,37 +2873,6 @@ set_slave_signals(void)
syslog(LOG_ERR, "fcntl F_SETOWN: %m");
#endif
}
-
-#if defined(TCPWRAPPERS)
-static int
-check_host(struct sockaddr *sa)
-{
- struct sockaddr_in *sin;
- struct hostent *hp;
- char *addr;
-
- if (sa->sa_family != AF_INET)
- return 1; /*XXX*/
-
- sin = (struct sockaddr_in *)sa;
- hp = gethostbyaddr((char *)&sin->sin_addr,
- sizeof(struct in_addr), AF_INET);
- addr = inet_ntoa(sin->sin_addr);
- if (hp) {
- if (!hosts_ctl("ftpd", hp->h_name, addr, STRING_UNKNOWN)) {
- syslog(LOG_NOTICE, "tcpwrappers rejected: %s [%s]",
- hp->h_name, addr);
- return (0);
- }
- } else {
- if (!hosts_ctl("ftpd", STRING_UNKNOWN, addr, STRING_UNKNOWN)) {
- syslog(LOG_NOTICE, "tcpwrappers rejected: [%s]", addr);
- return (0);
- }
- }
- return (1);
-}
-#endif /* TCPWRAPPERS */
/*
* Allocate space and return a copy of the specified dir.
Index: usr.bin/ssh/sshd.8
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.8,v
retrieving revision 1.273
diff -u -p -r1.273 sshd.8
--- usr.bin/ssh/sshd.8 7 Dec 2013 11:58:46 -0000 1.273
+++ usr.bin/ssh/sshd.8 23 Mar 2014 21:29:30 -0000
@@ -824,12 +824,6 @@ the user's home directory becomes access
This file should be writable only by the user, and need not be
readable by anyone else.
.Pp
-.It Pa /etc/hosts.allow
-.It Pa /etc/hosts.deny
-Access controls that should be enforced by tcp-wrappers are defined here.
-Further details are described in
-.Xr hosts_access 5 .
-.Pp
.It Pa /etc/hosts.equiv
This file is for host-based authentication (see
.Xr ssh 1 ) .
@@ -933,7 +927,6 @@ The content of this file is not sensitiv
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
-.Xr hosts_access 5 ,
.Xr login.conf 5 ,
.Xr moduli 5 ,
.Xr sshd_config 5 ,
Index: usr.bin/ssh/sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.420
diff -u -p -r1.420 sshd.c
--- usr.bin/ssh/sshd.c 26 Feb 2014 21:53:37 -0000 1.420
+++ usr.bin/ssh/sshd.c 23 Mar 2014 21:28:56 -0000
@@ -106,13 +106,6 @@
#include "ssh-sandbox.h"
#include "version.h"
-#ifdef LIBWRAP
-#include <tcpd.h>
-#include <syslog.h>
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_WARNING;
-#endif /* LIBWRAP */
-
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
@@ -1918,23 +1911,6 @@ main(int ac, char **av)
* the socket goes away.
*/
remote_ip = get_remote_ipaddr();
-
-#ifdef LIBWRAP
- /* Check whether logins are denied from this host. */
- if (packet_connection_is_on_socket()) {
- struct request_info req;
-
- request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
- fromhost(&req);
-
- if (!hosts_access(&req)) {
- debug("Connection refused by tcp wrapper");
- refuse(&req);
- /* NOTREACHED */
- fatal("libwrap refuse returns");
- }
- }
-#endif /* LIBWRAP */
/* Log the connection. */
verbose("Connection from %s port %d on %s port %d",
Index: usr.bin/ssh/sshd/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd/Makefile,v
retrieving revision 1.81
diff -u -p -r1.81 Makefile
--- usr.bin/ssh/sshd/Makefile 29 Jan 2014 06:18:35 -0000 1.81
+++ usr.bin/ssh/sshd/Makefile 23 Mar 2014 21:28:39 -0000
@@ -38,9 +38,3 @@ DPADD+= ${LIBGSSAPI} ${LIBKRB5}
LDADD+= -lcrypto -lutil -lz
DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
-
-.if (${TCP_WRAPPERS:L} == "yes")
-CFLAGS+= -DLIBWRAP
-DPADD+= ${LIBWRAP}
-LDADD+= -lwrap
-.endif
