- markus@cvs.openbsd.org 2001/11/10 13:19:45

[sshd.c]
     cleanup libwrap support (remove bogus comment, bogus close(), add debug, etc).

ChangeLog

@@ -58,6 +58,9 @@
      [clientloop.c serverloop.c]
      don't memset too much memory, ok millert@
      original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
+   - markus@cvs.openbsd.org 2001/11/10 13:19:45
+     [sshd.c]
+     cleanup libwrap support (remove bogus comment, bogus close(), add debug, etc).
 
 20011109
  - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
@@ -6870,4 +6873,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1652 2001/11/12 00:06:54 djm Exp $
+$Id: ChangeLog,v 1.1653 2001/11/12 00:07:11 djm Exp $

sshd.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.208 2001/11/09 19:08:35 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.209 2001/11/10 13:19:45 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1134,9 +1134,8 @@ main(int ac, char **av)
 	remote_port = get_remote_port();
 	remote_ip = get_remote_ipaddr();
 
-	/* Check whether logins are denied from this host. */
 #ifdef LIBWRAP
-	/* XXX LIBWRAP noes not know about IPv6 */
+	/* Check whether logins are denied from this host. */
 	{
 		struct request_info req;
 
@@ -1144,13 +1143,14 @@ main(int ac, char **av)
 		fromhost(&req);
 
 		if (!hosts_access(&req)) {
+			debug("Connection refused by tcp wrapper");
 			refuse(&req);
-			close(sock_in);
-			close(sock_out);
+			/* NOTREACHED */
+			fatal("libwrap refuse returns");
 		}
-/*XXX IPv6 verbose("Connection from %.500s port %d", eval_client(&req), remote_port); */
 	}
 #endif /* LIBWRAP */
+
 	/* Log the connection. */
 	verbose("Connection from %.500s port %d", remote_ip, remote_port);