OpenBSD CVS Sync

   - djm@cvs.openbsd.org 2011/05/23 03:30:07
     [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
     allow AuthorizedKeysFile to specify multiple files, separated by spaces.
     Bring back authorized_keys2 as a default search path (to avoid breaking
     existing users of this file), but override this in sshd_config so it will
     be no longer used on fresh installs. Maybe in 2015 we can remove it
     entierly :)

     feedback and ok markus@ dtucker@

1 files changed, 5 insertions, 3 deletions

diff --git a/servconf.h b/servconf.h
index 953ef865..31e621bd 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.97 2011/05/20 03:25:45 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.98 2011/05/23 03:30:07 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -27,6 +27,7 @@
 #define MAX_HOSTCERTS		256	/* Max # host certificates. */
 #define MAX_ACCEPT_ENV		256	/* Max # of env vars. */
 #define MAX_MATCH_GROUPS	256	/* Max # of groups for Match. */
+#define MAX_AUTHKEYS_FILES	256	/* Max # of authorized_keys files. */
 
 /* permit_root_login */
 #define	PERMIT_NOT_SET		-1
@@ -145,7 +146,8 @@ typedef struct {
 					 * disconnect the session
 					 */
 
-	char   *authorized_keys_file;	/* File containing public keys */
+	u_int num_authkeys_files;	/* Files containing public keys */
+	char   *authorized_keys_files[MAX_AUTHKEYS_FILES];
 
 	char   *adm_forced_command;
 
@@ -171,8 +173,8 @@ typedef struct {
 		M_CP_STROPT(banner); \
 		M_CP_STROPT(trusted_user_ca_keys); \
 		M_CP_STROPT(revoked_keys_file); \
-		M_CP_STROPT(authorized_keys_file); \
 		M_CP_STROPT(authorized_principals_file); \
+		M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
 	} while (0)
 
 void	 initialize_server_options(ServerOptions *);