backdoor by authorized_keys2 leftovers

Damien Miller djm at mindrot.org
Sat May 14 21:02:21 EST 2011 

On Wed, 11 May 2011, Damien Miller wrote:

> > I also think that being able to specify multiple authorized_keys files
> > is very useful, so I would prefer to just see this as a documented
> > feature.
> 
> Perhaps we should make options.authorized_keys_file an array to let
> people who want to use multiple files do so.

Here's a lightly-tested patch against -current (OpenBSD version, it
will probably need some editing for portable)

Index: auth.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth.c,v
retrieving revision 1.91
diff -u -p -r1.91 auth.c
--- auth.c	29 Nov 2010 23:45:51 -0000	1.91
+++ auth.c	10 May 2011 11:47:16 -0000
@@ -271,12 +271,6 @@ authorized_keys_file(struct passwd *pw)
 }
 
 char *
-authorized_keys_file2(struct passwd *pw)
-{
-	return expand_authorized_keys(options.authorized_keys_file2, pw);
-}
-
-char *
 authorized_principals_file(struct passwd *pw)
 {
 	if (options.authorized_principals_file == NULL)
Index: auth.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth.h,v
retrieving revision 1.67
diff -u -p -r1.67 auth.h
--- auth.h	10 Mar 2011 11:34:25 -0000	1.67
+++ auth.h	10 May 2011 11:47:16 -0000
@@ -146,7 +146,6 @@ char	*get_challenge(Authctxt *);
 int	verify_response(Authctxt *, const char *);
 
 char	*authorized_keys_file(struct passwd *);
-char	*authorized_keys_file2(struct passwd *);
 char	*authorized_principals_file(struct passwd *);
 
 FILE	*auth_openkeyfile(const char *, struct passwd *, int);
Index: auth2-pubkey.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth2-pubkey.c,v
retrieving revision 1.27
diff -u -p -r1.27 auth2-pubkey.c
--- auth2-pubkey.c	20 Nov 2010 05:12:38 -0000	1.27
+++ auth2-pubkey.c	10 May 2011 11:47:16 -0000
@@ -450,13 +450,7 @@ user_key_allowed(struct passwd *pw, Key 
 	file = authorized_keys_file(pw);
 	success = user_key_allowed2(pw, key, file);
 	xfree(file);
-	if (success)
-		return success;
 
-	/* try suffix "2" for backward compat, too */
-	file = authorized_keys_file2(pw);
-	success = user_key_allowed2(pw, key, file);
-	xfree(file);
 	return success;
 }
 
Index: pathnames.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/pathnames.h,v
retrieving revision 1.20
diff -u -p -r1.20 pathnames.h
--- pathnames.h	31 Aug 2010 11:54:45 -0000	1.20
+++ pathnames.h	10 May 2011 11:47:17 -0000
@@ -88,9 +88,6 @@
  */
 #define _PATH_SSH_USER_PERMITTED_KEYS	".ssh/authorized_keys"
 
-/* backward compat for protocol v2 */
-#define _PATH_SSH_USER_PERMITTED_KEYS2	".ssh/authorized_keys2"
-
 /*
  * Per-user and system-wide ssh "rc" files.  These files are executed with
  * /bin/sh before starting the shell or command if they exist.  They will be
Index: servconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.214
diff -u -p -r1.214 servconf.c
--- servconf.c	29 Mar 2011 18:54:17 -0000	1.214
+++ servconf.c	10 May 2011 11:47:17 -0000
@@ -120,7 +120,6 @@ initialize_server_options(ServerOptions 
 	options->client_alive_interval = -1;
 	options->client_alive_count_max = -1;
 	options->authorized_keys_file = NULL;
-	options->authorized_keys_file2 = NULL;
 	options->num_accept_env = 0;
 	options->permit_tun = -1;
 	options->num_permitted_opens = -1;
@@ -250,13 +249,6 @@ fill_default_server_options(ServerOption
 		options->client_alive_interval = 0;
 	if (options->client_alive_count_max == -1)
 		options->client_alive_count_max = 3;
-	if (options->authorized_keys_file2 == NULL) {
-		/* authorized_keys_file2 falls back to authorized_keys_file */
-		if (options->authorized_keys_file != NULL)
-			options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);
-		else
-			options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
-	}
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
 	if (options->permit_tun == -1)
@@ -1207,9 +1199,6 @@ process_server_config_line(ServerOptions
 	case sAuthorizedKeysFile:
 		charptr = &options->authorized_keys_file;
 		goto parse_tilde_filename;
-	case sAuthorizedKeysFile2:
-		charptr = &options->authorized_keys_file2;
-		goto parse_tilde_filename;
 	case sAuthorizedPrincipalsFile:
 		charptr = &options->authorized_principals_file;
  parse_tilde_filename:
@@ -1474,7 +1463,6 @@ copy_set_server_options(ServerOptions *d
 	M_CP_STROPT(trusted_user_ca_keys);
 	M_CP_STROPT(revoked_keys_file);
 	M_CP_STROPT(authorized_keys_file);
-	M_CP_STROPT(authorized_keys_file2);
 	M_CP_STROPT(authorized_principals_file);
 }
 
@@ -1687,7 +1675,6 @@ dump_config(ServerOptions *o)
 	dump_cfg_string(sMacs, o->macs);
 	dump_cfg_string(sBanner, o->banner);
 	dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
-	dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
 	dump_cfg_string(sForceCommand, o->adm_forced_command);
 	dump_cfg_string(sChrootDirectory, o->chroot_directory);
 	dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
Index: servconf.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
retrieving revision 1.95
diff -u -p -r1.95 servconf.h
--- servconf.h	13 Nov 2010 23:27:50 -0000	1.95
+++ servconf.h	10 May 2011 11:47:17 -0000
@@ -146,7 +146,6 @@ typedef struct {
 					 */
 
 	char   *authorized_keys_file;	/* File containing public keys */
-	char   *authorized_keys_file2;
 
 	char   *adm_forced_command;

More information about the openssh-unix-dev mailing list