From fb39b61a43f750af422eecd48abe172dbd62e30d Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Mon, 7 Jun 2021 14:29:50 +0100
Subject: [PATCH] config, ssh: check that authorized_keys{,_include} is not
 recursive

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 src/config.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/config.rs b/src/config.rs
index b8d9d578..53c2b04b 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -180,6 +180,13 @@ impl ServerConfigSpec {
     let authorized_keys_include = authorized_keys_include.unwrap_or_else(
       || format!("{}.static", authorized_keys)
     );
+    if authorized_keys == authorized_keys_include {
+      throw!(anyhow!(
+        "ssh authorized_keys and authorized_keys_include are equal {:?} \
+         which would imply including a file in itself",
+        &authorized_keys
+      ));
+    }
 
     let ssh_proxy_uid = match ssh_proxy_user {
       None => Uid::current(),
-- 
2.30.2