summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--auth.c8
-rw-r--r--auth.h3
-rw-r--r--auth2-pubkey.c8
-rw-r--r--pathnames.h5
-rw-r--r--servconf.c15
-rw-r--r--servconf.h3
7 files changed, 11 insertions, 36 deletions
diff --git a/ChangeLog b/ChangeLog
index 92aff179b..288a202cf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,6 +66,11 @@
66 [authfile.c] 66 [authfile.c]
67 despam debug() logs by detecting that we are trying to load a private key 67 despam debug() logs by detecting that we are trying to load a private key
68 in key_try_load_public() and returning early; ok markus@ 68 in key_try_load_public() and returning early; ok markus@
69 - djm@cvs.openbsd.org 2011/05/11 04:47:06
70 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
71 remove support for authorized_keys2; it is a relic from the early days
72 of protocol v.2 support and has been undocumented for many years;
73 ok markus@
69 74
7020110510 7520110510
71 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix 76 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
diff --git a/auth.c b/auth.c
index 33680b91b..be78f1a28 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.92 2011/05/11 04:47:06 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -361,12 +361,6 @@ authorized_keys_file(struct passwd *pw)
361} 361}
362 362
363char * 363char *
364authorized_keys_file2(struct passwd *pw)
365{
366 return expand_authorized_keys(options.authorized_keys_file2, pw);
367}
368
369char *
370authorized_principals_file(struct passwd *pw) 364authorized_principals_file(struct passwd *pw)
371{ 365{
372 if (options.authorized_principals_file == NULL) 366 if (options.authorized_principals_file == NULL)
diff --git a/auth.h b/auth.h
index 772a8c898..227395863 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.67 2011/03/10 11:34:25 djm Exp $ */ 1/* $OpenBSD: auth.h,v 1.68 2011/05/11 04:47:06 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -169,7 +169,6 @@ int verify_response(Authctxt *, const char *);
169void abandon_challenge_response(Authctxt *); 169void abandon_challenge_response(Authctxt *);
170 170
171char *authorized_keys_file(struct passwd *); 171char *authorized_keys_file(struct passwd *);
172char *authorized_keys_file2(struct passwd *);
173char *authorized_principals_file(struct passwd *); 172char *authorized_principals_file(struct passwd *);
174 173
175FILE *auth_openkeyfile(const char *, struct passwd *, int); 174FILE *auth_openkeyfile(const char *, struct passwd *, int);
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 7d2141355..a97509c28 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.28 2011/05/11 04:47:06 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -451,13 +451,7 @@ user_key_allowed(struct passwd *pw, Key *key)
451 file = authorized_keys_file(pw); 451 file = authorized_keys_file(pw);
452 success = user_key_allowed2(pw, key, file); 452 success = user_key_allowed2(pw, key, file);
453 xfree(file); 453 xfree(file);
454 if (success)
455 return success;
456 454
457 /* try suffix "2" for backward compat, too */
458 file = authorized_keys_file2(pw);
459 success = user_key_allowed2(pw, key, file);
460 xfree(file);
461 return success; 455 return success;
462} 456}
463 457
diff --git a/pathnames.h b/pathnames.h
index e2dd49a9b..787bdb676 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */ 1/* $OpenBSD: pathnames.h,v 1.21 2011/05/11 04:47:06 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -96,9 +96,6 @@
96 */ 96 */
97#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" 97#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
98 98
99/* backward compat for protocol v2 */
100#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
101
102/* 99/*
103 * Per-user and system-wide ssh "rc" files. These files are executed with 100 * Per-user and system-wide ssh "rc" files. These files are executed with
104 * /bin/sh before starting the shell or command if they exist. They will be 101 * /bin/sh before starting the shell or command if they exist. They will be
diff --git a/servconf.c b/servconf.c
index 48cb0d5b1..03a503d07 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.c,v 1.214 2011/03/29 18:54:17 stevesk Exp $ */ 1/* $OpenBSD: servconf.c,v 1.215 2011/05/11 04:47:06 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -127,7 +127,6 @@ initialize_server_options(ServerOptions *options)
127 options->client_alive_interval = -1; 127 options->client_alive_interval = -1;
128 options->client_alive_count_max = -1; 128 options->client_alive_count_max = -1;
129 options->authorized_keys_file = NULL; 129 options->authorized_keys_file = NULL;
130 options->authorized_keys_file2 = NULL;
131 options->num_accept_env = 0; 130 options->num_accept_env = 0;
132 options->permit_tun = -1; 131 options->permit_tun = -1;
133 options->num_permitted_opens = -1; 132 options->num_permitted_opens = -1;
@@ -264,13 +263,6 @@ fill_default_server_options(ServerOptions *options)
264 options->client_alive_interval = 0; 263 options->client_alive_interval = 0;
265 if (options->client_alive_count_max == -1) 264 if (options->client_alive_count_max == -1)
266 options->client_alive_count_max = 3; 265 options->client_alive_count_max = 3;
267 if (options->authorized_keys_file2 == NULL) {
268 /* authorized_keys_file2 falls back to authorized_keys_file */
269 if (options->authorized_keys_file != NULL)
270 options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);
271 else
272 options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
273 }
274 if (options->authorized_keys_file == NULL) 266 if (options->authorized_keys_file == NULL)
275 options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); 267 options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
276 if (options->permit_tun == -1) 268 if (options->permit_tun == -1)
@@ -1252,9 +1244,6 @@ process_server_config_line(ServerOptions *options, char *line,
1252 case sAuthorizedKeysFile: 1244 case sAuthorizedKeysFile:
1253 charptr = &options->authorized_keys_file; 1245 charptr = &options->authorized_keys_file;
1254 goto parse_tilde_filename; 1246 goto parse_tilde_filename;
1255 case sAuthorizedKeysFile2:
1256 charptr = &options->authorized_keys_file2;
1257 goto parse_tilde_filename;
1258 case sAuthorizedPrincipalsFile: 1247 case sAuthorizedPrincipalsFile:
1259 charptr = &options->authorized_principals_file; 1248 charptr = &options->authorized_principals_file;
1260 parse_tilde_filename: 1249 parse_tilde_filename:
@@ -1519,7 +1508,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
1519 M_CP_STROPT(trusted_user_ca_keys); 1508 M_CP_STROPT(trusted_user_ca_keys);
1520 M_CP_STROPT(revoked_keys_file); 1509 M_CP_STROPT(revoked_keys_file);
1521 M_CP_STROPT(authorized_keys_file); 1510 M_CP_STROPT(authorized_keys_file);
1522 M_CP_STROPT(authorized_keys_file2);
1523 M_CP_STROPT(authorized_principals_file); 1511 M_CP_STROPT(authorized_principals_file);
1524} 1512}
1525 1513
@@ -1737,7 +1725,6 @@ dump_config(ServerOptions *o)
1737 dump_cfg_string(sMacs, o->macs); 1725 dump_cfg_string(sMacs, o->macs);
1738 dump_cfg_string(sBanner, o->banner); 1726 dump_cfg_string(sBanner, o->banner);
1739 dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); 1727 dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
1740 dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
1741 dump_cfg_string(sForceCommand, o->adm_forced_command); 1728 dump_cfg_string(sForceCommand, o->adm_forced_command);
1742 dump_cfg_string(sChrootDirectory, o->chroot_directory); 1729 dump_cfg_string(sChrootDirectory, o->chroot_directory);
1743 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); 1730 dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
diff --git a/servconf.h b/servconf.h
index 5a058a416..3f04b8501 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */ 1/* $OpenBSD: servconf.h,v 1.96 2011/05/11 04:47:06 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -146,7 +146,6 @@ typedef struct {
146 */ 146 */
147 147
148 char *authorized_keys_file; /* File containing public keys */ 148 char *authorized_keys_file; /* File containing public keys */
149 char *authorized_keys_file2;
150 149
151 char *adm_forced_command; 150 char *adm_forced_command;
152 151
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 22:07:34 +0000