From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Mon, 7 Jun 2021 13:29:50 +0000 (+0100)
Subject: config, ssh: check that authorized_keys{,_include} is not recursive
X-Git-Tag: otter-0.7.0~49
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=fb39b61a43f750af422eecd48abe172dbd62e30d;p=otter.git

config, ssh: check that authorized_keys{,_include} is not recursive

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/src/config.rs b/src/config.rs
index b8d9d578..53c2b04b 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -180,6 +180,13 @@ impl ServerConfigSpec {
     let authorized_keys_include = authorized_keys_include.unwrap_or_else(
       || format!("{}.static", authorized_keys)
     );
+    if authorized_keys == authorized_keys_include {
+      throw!(anyhow!(
+        "ssh authorized_keys and authorized_keys_include are equal {:?} \
+         which would imply including a file in itself",
+        &authorized_keys
+      ));
+    }
 
     let ssh_proxy_uid = match ssh_proxy_user {
       None => Uid::current(),