sshd: remove unneeded initialization of libwrap logging severities

This part of ca573c9a17 proved to be unnecessary. As the removed comment says, we set them merely for logging syntax errors, as we log refusals ourselves. However, inside the libwrap the parser logs any syntax errors with tcpd_warn() which has hardcoded LOG_WARNING inside. Reviewed by: philip, emaste Differential revision: https://reviews.freebsd.org/D40068
2024-07-21 18:27:22 +00:00 · 2023-07-20 14:56:20 -07:00 · 2023-07-20 14:56:20 -07:00 · 90f10db8a9
parent 615d167cb8
commit 90f10db8a9
1 changed files with 1 additions and 11 deletions
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@ -142,8 +142,6 @@
 #ifdef LIBWRAP
 #include <tcpd.h>
 #include <syslog.h>
-extern int allow_severity;
-extern int deny_severity;
 #endif /* LIBWRAP */

 /* Re-exec fds */
@ -1303,7 +1301,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 				 * exactly.  sshguard, and supposedly lots
 				 * of custom made scripts rely on it.
 				 */
-				syslog(deny_severity,
+				syslog(LOG_WARNING,
 				    "refused connect from %s (%s)",
 				    eval_client(&req),
 				    eval_hostaddr(req.client));
@ -2112,14 +2110,6 @@ main(int ac, char **av)
 	/* Reinitialize the log (because of the fork above). */
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);

-#ifdef LIBWRAP
-	/*
-	 * We log refusals ourselves.  However, libwrap will report
-	 * syntax errors in hosts.allow via syslog(3).
-	 */
-	allow_severity = options.log_facility|LOG_INFO;
-	deny_severity = options.log_facility|LOG_WARNING;
-#endif
 	/* Avoid killing the process in high-pressure swapping environments. */
 	if (!inetd_flag && madvise(NULL, 0, MADV_PROTECT) != 0)
 		debug("madvise(): %.200s", strerror(errno));