remove support for authorized_keys2; it is a relic from the early days

of protocol v.2 support and has been undocumented for many years;
ok markus@

6 files changed, 6 insertions, 36 deletions

diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index 9330fd09de0..3852843f4b7 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.92 2011/05/11 04:47:06 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -271,12 +271,6 @@ authorized_keys_file(struct passwd *pw)
 }
 
 char *
-authorized_keys_file2(struct passwd *pw)
-{
-	return expand_authorized_keys(options.authorized_keys_file2, pw);
-}
-
-char *
 authorized_principals_file(struct passwd *pw)
 {
 	if (options.authorized_principals_file == NULL)
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index cd6a7f57e3c..d551097b8ff 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.67 2011/03/10 11:34:25 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.68 2011/05/11 04:47:06 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -146,7 +146,6 @@ char	*get_challenge(Authctxt *);
 int	verify_response(Authctxt *, const char *);
 
 char	*authorized_keys_file(struct passwd *);
-char	*authorized_keys_file2(struct passwd *);
 char	*authorized_principals_file(struct passwd *);
 
 FILE	*auth_openkeyfile(const char *, struct passwd *, int);
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index 0eda7ade9ab..20ad508a905 100644
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.28 2011/05/11 04:47:06 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -450,13 +450,7 @@ user_key_allowed(struct passwd *pw, Key *key)
 	file = authorized_keys_file(pw);
 	success = user_key_allowed2(pw, key, file);
 	xfree(file);
-	if (success)
-		return success;
 
-	/* try suffix "2" for backward compat, too */
-	file = authorized_keys_file2(pw);
-	success = user_key_allowed2(pw, key, file);
-	xfree(file);
 	return success;
 }
 
diff --git a/usr.bin/ssh/pathnames.h b/usr.bin/ssh/pathnames.h
index 295893486ae..c7184eff3fb 100644
--- a/usr.bin/ssh/pathnames.h
+++ b/usr.bin/ssh/pathnames.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: pathnames.h,v 1.21 2011/05/11 04:47:06 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -88,9 +88,6 @@
  */
 #define _PATH_SSH_USER_PERMITTED_KEYS	".ssh/authorized_keys"
 
-/* backward compat for protocol v2 */
-#define _PATH_SSH_USER_PERMITTED_KEYS2	".ssh/authorized_keys2"
-
 /*
  * Per-user and system-wide ssh "rc" files.  These files are executed with
  * /bin/sh before starting the shell or command if they exist.  They will be
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 909c15d2009..4ba31b432bd 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.214 2011/03/29 18:54:17 stevesk Exp $ */
+/* $OpenBSD: servconf.c,v 1.215 2011/05/11 04:47:06 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -120,7 +120,6 @@ initialize_server_options(ServerOptions *options)
 	options->client_alive_interval = -1;
 	options->client_alive_count_max = -1;
 	options->authorized_keys_file = NULL;
-	options->authorized_keys_file2 = NULL;
 	options->num_accept_env = 0;
 	options->permit_tun = -1;
 	options->num_permitted_opens = -1;
@@ -250,13 +249,6 @@ fill_default_server_options(ServerOptions *options)
 		options->client_alive_interval = 0;
 	if (options->client_alive_count_max == -1)
 		options->client_alive_count_max = 3;
-	if (options->authorized_keys_file2 == NULL) {
-		/* authorized_keys_file2 falls back to authorized_keys_file */
-		if (options->authorized_keys_file != NULL)
-			options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);
-		else
-			options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
-	}
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
 	if (options->permit_tun == -1)
@@ -1207,9 +1199,6 @@ process_server_config_line(ServerOptions *options, char *line,
 	case sAuthorizedKeysFile:
 		charptr = &options->authorized_keys_file;
 		goto parse_tilde_filename;
-	case sAuthorizedKeysFile2:
-		charptr = &options->authorized_keys_file2;
-		goto parse_tilde_filename;
 	case sAuthorizedPrincipalsFile:
 		charptr = &options->authorized_principals_file;
  parse_tilde_filename:
@@ -1474,7 +1463,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 	M_CP_STROPT(trusted_user_ca_keys);
 	M_CP_STROPT(revoked_keys_file);
 	M_CP_STROPT(authorized_keys_file);
-	M_CP_STROPT(authorized_keys_file2);
 	M_CP_STROPT(authorized_principals_file);
 }
 
@@ -1687,7 +1675,6 @@ dump_config(ServerOptions *o)
 	dump_cfg_string(sMacs, o->macs);
 	dump_cfg_string(sBanner, o->banner);
 	dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
-	dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
 	dump_cfg_string(sForceCommand, o->adm_forced_command);
 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 70dba668b28..a977406ff90 100644
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.96 2011/05/11 04:47:06 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -146,7 +146,6 @@ typedef struct {
 					 */
 
 	char   *authorized_keys_file;	/* File containing public keys */
-	char   *authorized_keys_file2;
 
 	char   *adm_forced_command;