Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Jul 2023 21:58:08 GMT
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 90f10db8a996 - main - sshd: remove unneeded initialization of libwrap logging severities
Message-ID:  <202307202158.36KLw8ba052181@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=90f10db8a99659d1baea7b2609d9256c331f61ae

commit 90f10db8a99659d1baea7b2609d9256c331f61ae
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2023-07-20 21:56:20 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2023-07-20 21:56:20 +0000

    sshd: remove unneeded initialization of libwrap logging severities
    
    This part of ca573c9a177 proved to be unnecessary.  As the removed
    comment says, we set them merely for logging syntax errors, as we log
    refusals ourselves.  However, inside the libwrap the parser logs any
    syntax errors with tcpd_warn() which has hardcoded LOG_WARNING inside.
    
    Reviewed by:            philip, emaste
    Differential revision:  https://reviews.freebsd.org/D40068
---
 crypto/openssh/sshd.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index 620a7efe7797..ce8db54a2b72 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -142,8 +142,6 @@
 #ifdef LIBWRAP
 #include <tcpd.h>
 #include <syslog.h>
-extern int allow_severity;
-extern int deny_severity;
 #endif /* LIBWRAP */
 
 /* Re-exec fds */
@@ -1303,7 +1301,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 				 * exactly.  sshguard, and supposedly lots
 				 * of custom made scripts rely on it.
 				 */
-				syslog(deny_severity,
+				syslog(LOG_WARNING,
 				    "refused connect from %s (%s)",
 				    eval_client(&req),
 				    eval_hostaddr(req.client));
@@ -2112,14 +2110,6 @@ main(int ac, char **av)
 	/* Reinitialize the log (because of the fork above). */
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
 
-#ifdef LIBWRAP
-	/*
-	 * We log refusals ourselves.  However, libwrap will report
-	 * syntax errors in hosts.allow via syslog(3).
-	 */
-	allow_severity = options.log_facility|LOG_INFO;
-	deny_severity = options.log_facility|LOG_WARNING;
-#endif
 	/* Avoid killing the process in high-pressure swapping environments. */
 	if (!inetd_flag && madvise(NULL, 0, MADV_PROTECT) != 0)
 		debug("madvise(): %.200s", strerror(errno));

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202307202158.36KLw8ba052181>