diff options
author | Nicolas Viennot <nicolas@viennot.biz> | 2019-11-04 16:43:59 -0500 |
---|---|---|
committer | Nicolas Viennot <nicolas@viennot.biz> | 2019-11-05 20:30:11 -0500 |
commit | 19341bc5444e7954da23ac06ac799c0fd80a160e (patch) | |
tree | 45c596f151049ee549c99c3cc996aa2d9b1cfd16 | |
parent | c78198dc59f49e4998f36e31d289b7dd5450178f (diff) |
Add authorized_keys option -a
-rw-r--r-- | options-table.c | 12 | ||||
-rw-r--r-- | tmate-encoder.c | 8 | ||||
-rw-r--r-- | tmate-session.c | 45 | ||||
-rw-r--r-- | tmate.h | 1 | ||||
-rw-r--r-- | tmux.c | 10 |
5 files changed, 75 insertions, 1 deletions
diff --git a/options-table.c b/options-table.c index 617ba05e..dd9f696e 100644 --- a/options-table.c +++ b/options-table.c @@ -977,6 +977,18 @@ const struct options_table_entry options_table[] = { .scope = OPTIONS_TABLE_SERVER, .default_str = "" }, + + { .name = "tmate-authorized-keys", + .type = OPTIONS_TABLE_STRING, + .scope = OPTIONS_TABLE_SERVER, + .default_str = "" + }, + + { .name = "tmate-set", + .type = OPTIONS_TABLE_STRING, + .scope = OPTIONS_TABLE_SERVER, + .default_str = "" + }, #endif { .name = NULL } diff --git a/tmate-encoder.c b/tmate-encoder.c index c15d8921..0040a3bf 100644 --- a/tmate-encoder.c +++ b/tmate-encoder.c @@ -238,6 +238,14 @@ void tmate_exec_cmd_args(int argc, const char **argv) append_saved_cmd(&tmate_session, argc, argv); } +void tmate_set_val(const char *name, const char *value) +{ + char *buf; + xasprintf(&buf, "%s=%s", name, value); + tmate_exec_cmd_args(3, (const char *[]){"set-option", "tmate-set", buf}); + free(buf); +} + void tmate_exec_cmd(struct cmd *cmd) { int argc; diff --git a/tmate-session.c b/tmate-session.c index 5ab13511..e3eb0c19 100644 --- a/tmate-session.c +++ b/tmate-session.c @@ -129,6 +129,50 @@ void tmate_session_init(struct event_base *base) tmate_write_header(); } +static void send_authorized_keys() +{ + char *path; + path = options_get_string(global_options, "tmate-authorized-keys"); + if (strlen(path) == 0) + return; + + path = xstrdup(path); + tmate_info("Using %s for access control", path); + + FILE *f; + char *line; + size_t len; + + if (path[0] == '~' && path[1] == '/') { + const char *home = find_home(); + if (home) { + char *new_path; + xasprintf(&new_path, "%s%s", home, &path[1]); + free(path); + path = new_path; + } + } + + if ((f = fopen(path, "r")) == NULL) { + cfg_add_cause("%s: %s", path, strerror(errno)); + free(path); + return; + } + + while ((line = fparseln(f, &len, NULL, NULL, 0)) != NULL) { + if (len == 0) + continue; + tmate_set_val("authorized_keys", line); + free(line); + } + + if (ferror(f)) + cfg_add_cause("%s: %s", path, strerror(errno)); + + fclose(f); + free(path); +} + void tmate_session_start(void) { /* @@ -138,6 +182,7 @@ void tmate_session_start(void) * - While we are parsing the config file, we need to be able to * serialize it, and so we need a worker encoder. */ + send_authorized_keys(); tmate_write_ready(); lookup_and_connect(); } @@ -83,6 +83,7 @@ extern void tmate_write_ready(void); extern void tmate_sync_layout(void); extern void tmate_pty_data(struct window_pane *wp, const char *buf, size_t len); extern int tmate_should_replicate_cmd(const struct cmd_entry *cmd); +extern void tmate_set_val(const char *name, const char *value); extern void tmate_exec_cmd_args(int argc, const char **argv); extern void tmate_exec_cmd(struct cmd *cmd); extern void tmate_failed_cmd(int client_id, const char *cause); @@ -205,6 +205,7 @@ find_home(void) static char *account_key; static char *session_name; static char *session_name_ro; +static char *authorized_keys; void tmate_init_boot_options(void) { @@ -214,14 +215,18 @@ void tmate_init_boot_options(void) tmate_exec_cmd_args(4, (const char *[]){"set-option", "-g", "tmate-session-name", session_name}); if (session_name_ro) tmate_exec_cmd_args(4, (const char *[]){"set-option", "-g", "tmate-session-name-ro", session_name_ro}); + if (authorized_keys) + tmate_exec_cmd_args(4, (const char *[]){"set-option", "-g", "tmate-authorized-keys", authorized_keys}); free(account_key); free(session_name); free(session_name_ro); + free(authorized_keys_file); account_key = NULL; session_name = NULL; session_name_ro = NULL; + authorized_keys = NULL; } #endif @@ -255,7 +260,7 @@ main(int argc, char **argv) #endif label = path = NULL; - while ((opt = getopt(argc, argv, "2c:CdFf:lL:qS:uUVvk:n:r:")) != -1) { + while ((opt = getopt(argc, argv, "2c:CdFf:lL:qS:uUVvk:n:r:a:")) != -1) { switch (opt) { case '2': flags |= CLIENT_256COLOURS; @@ -309,6 +314,9 @@ main(int argc, char **argv) case 'r': session_name_ro = xstrdup(optarg); break; + case 'a': + authorized_keys = xstrdup(optarg); + break; default: usage(); } |