Patch to allow glob patterns as authorized keys file names
Maurice Bos
m-ou.se at m-ou.se
Fri Aug 31 08:26:28 EST 2012
Hello,
The patch below allows one to configure not only files like
"%h/.ssh/authorized_keys" to be used, but also patterns like
"%h/.ssh/authorized_keys.d/*".
This can be quite useful if somebody or something has to manage an
above average number of keys, like when running a git server that
determines the user based on the ssh key. (Like what they do at
github.com, and what Gitolite does.)
Kind regards,
-Maurice Bos-
Author: Maurice Bos <m-ou.se at m-ou.se>
Date: Thu Aug 30 15:14:49 2012 +0200
Allow glob patterns in authorized keys file names.
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -454,9 +454,16 @@ user_key_allowed(struct passwd *pw, Key *key)
return success;
for (i = 0; !success && i < options.num_authkeys_files; i++) {
+ int j;
+ glob_t glob_result;
file = expand_authorized_keys(
options.authorized_keys_files[i], pw);
- success = user_key_allowed2(pw, key, file);
+ glob(file, GLOB_NOCHECK, NULL, &glob_result);
+ for (j = 0; !success && j < glob_result.gl_pathc; j++) {
+ char *f = glob_result.gl_pathv[j];
+ success = user_key_allowed2(pw, key, f);
+ }
+ globfree(&glob_result);
xfree(file);
}
More information about the openssh-unix-dev
mailing list