config, ssh: check that authorized_keys{,_include} is not recursive

author Ian Jackson <ijackson@chiark.greenend.org.uk>

Mon, 7 Jun 2021 13:29:50 +0000 (14:29 +0100)

committer Ian Jackson <ijackson@chiark.greenend.org.uk>

Mon, 7 Jun 2021 13:30:04 +0000 (14:30 +0100)
author Ian Jackson <ijackson@chiark.greenend.org.uk>
Mon, 7 Jun 2021 13:29:50 +0000 (14:29 +0100)
committer Ian Jackson <ijackson@chiark.greenend.org.uk>
Mon, 7 Jun 2021 13:30:04 +0000 (14:30 +0100)
diff --git a/src/config.rs b/src/config.rs

index b8d9d57864a547e8c236fa0036a90f27c6efe69e..53c2b04bb47d607a5e35a696a085bd3851249f77 100644 (file)
--- a/src/config.rs
+++ b/src/config.rs
@@ -180,6 +180,13 @@ impl ServerConfigSpec {
      let authorized_keys_include = authorized_keys_include.unwrap_or_else(
        || format!("{}.static", authorized_keys)
      );
+    if authorized_keys == authorized_keys_include {
+      throw!(anyhow!(
+        "ssh authorized_keys and authorized_keys_include are equal {:?} \
+         which would imply including a file in itself",
+        &authorized_keys
+      ));
+    }
  
      let ssh_proxy_uid = match ssh_proxy_user {
        None => Uid::current(),
author	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Mon, 7 Jun 2021 13:29:50 +0000 (14:29 +0100)
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Mon, 7 Jun 2021 13:30:04 +0000 (14:30 +0100)