From 7c1b2c4ea8a5d06908dda3f8e406b902b81fe905 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 15 May 2011 08:51:05 +1000
Subject: [PATCH]    - djm@cvs.openbsd.org 2011/05/11 04:47:06      [auth.c
 auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]      remove support
 for authorized_keys2; it is a relic from the early days      of protocol v.2
 support and has been undocumented for many years;      ok markus@

---
 ChangeLog      |  5 +++++
 auth.c         |  8 +-------
 auth.h         |  3 +--
 auth2-pubkey.c |  8 +-------
 pathnames.h    |  5 +----
 servconf.c     | 15 +--------------
 servconf.h     |  3 +--
 7 files changed, 11 insertions(+), 36 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 92aff179b..288a202cf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,6 +66,11 @@
      [authfile.c]
      despam debug() logs by detecting that we are trying to load a private key
      in key_try_load_public() and returning early; ok markus@
+   - djm@cvs.openbsd.org 2011/05/11 04:47:06
+     [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
+     remove support for authorized_keys2; it is a relic from the early days
+     of protocol v.2 support and has been undocumented for many years;
+     ok markus@
 
 20110510
  - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
diff --git a/auth.c b/auth.c
index 33680b91b..be78f1a28 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.92 2011/05/11 04:47:06 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -360,12 +360,6 @@ authorized_keys_file(struct passwd *pw)
 	return expand_authorized_keys(options.authorized_keys_file, pw);
 }
 
-char *
-authorized_keys_file2(struct passwd *pw)
-{
-	return expand_authorized_keys(options.authorized_keys_file2, pw);
-}
-
 char *
 authorized_principals_file(struct passwd *pw)
 {
diff --git a/auth.h b/auth.h
index 772a8c898..227395863 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.67 2011/03/10 11:34:25 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.68 2011/05/11 04:47:06 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -169,7 +169,6 @@ int	verify_response(Authctxt *, const char *);
 void	abandon_challenge_response(Authctxt *);
 
 char	*authorized_keys_file(struct passwd *);
-char	*authorized_keys_file2(struct passwd *);
 char	*authorized_principals_file(struct passwd *);
 
 FILE	*auth_openkeyfile(const char *, struct passwd *, int);
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 7d2141355..a97509c28 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.28 2011/05/11 04:47:06 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -451,13 +451,7 @@ user_key_allowed(struct passwd *pw, Key *key)
 	file = authorized_keys_file(pw);
 	success = user_key_allowed2(pw, key, file);
 	xfree(file);
-	if (success)
-		return success;
 
-	/* try suffix "2" for backward compat, too */
-	file = authorized_keys_file2(pw);
-	success = user_key_allowed2(pw, key, file);
-	xfree(file);
 	return success;
 }
 
diff --git a/pathnames.h b/pathnames.h
index e2dd49a9b..787bdb676 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: pathnames.h,v 1.21 2011/05/11 04:47:06 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -96,9 +96,6 @@
  */
 #define _PATH_SSH_USER_PERMITTED_KEYS	".ssh/authorized_keys"
 
-/* backward compat for protocol v2 */
-#define _PATH_SSH_USER_PERMITTED_KEYS2	".ssh/authorized_keys2"
-
 /*
  * Per-user and system-wide ssh "rc" files.  These files are executed with
  * /bin/sh before starting the shell or command if they exist.  They will be
diff --git a/servconf.c b/servconf.c
index 48cb0d5b1..03a503d07 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.214 2011/03/29 18:54:17 stevesk Exp $ */
+/* $OpenBSD: servconf.c,v 1.215 2011/05/11 04:47:06 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -127,7 +127,6 @@ initialize_server_options(ServerOptions *options)
 	options->client_alive_interval = -1;
 	options->client_alive_count_max = -1;
 	options->authorized_keys_file = NULL;
-	options->authorized_keys_file2 = NULL;
 	options->num_accept_env = 0;
 	options->permit_tun = -1;
 	options->num_permitted_opens = -1;
@@ -264,13 +263,6 @@ fill_default_server_options(ServerOptions *options)
 		options->client_alive_interval = 0;
 	if (options->client_alive_count_max == -1)
 		options->client_alive_count_max = 3;
-	if (options->authorized_keys_file2 == NULL) {
-		/* authorized_keys_file2 falls back to authorized_keys_file */
-		if (options->authorized_keys_file != NULL)
-			options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);
-		else
-			options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
-	}
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
 	if (options->permit_tun == -1)
@@ -1252,9 +1244,6 @@ process_server_config_line(ServerOptions *options, char *line,
 	case sAuthorizedKeysFile:
 		charptr = &options->authorized_keys_file;
 		goto parse_tilde_filename;
-	case sAuthorizedKeysFile2:
-		charptr = &options->authorized_keys_file2;
-		goto parse_tilde_filename;
 	case sAuthorizedPrincipalsFile:
 		charptr = &options->authorized_principals_file;
  parse_tilde_filename:
@@ -1519,7 +1508,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 	M_CP_STROPT(trusted_user_ca_keys);
 	M_CP_STROPT(revoked_keys_file);
 	M_CP_STROPT(authorized_keys_file);
-	M_CP_STROPT(authorized_keys_file2);
 	M_CP_STROPT(authorized_principals_file);
 }
 
@@ -1737,7 +1725,6 @@ dump_config(ServerOptions *o)
 	dump_cfg_string(sMacs, o->macs);
 	dump_cfg_string(sBanner, o->banner);
 	dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
-	dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
 	dump_cfg_string(sForceCommand, o->adm_forced_command);
 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
diff --git a/servconf.h b/servconf.h
index 5a058a416..3f04b8501 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.96 2011/05/11 04:47:06 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -146,7 +146,6 @@ typedef struct {
 					 */
 
 	char   *authorized_keys_file;	/* File containing public keys */
-	char   *authorized_keys_file2;
 
 	char   *adm_forced_command;