translation/Protocol: add packet NO_HOME_AUTHORIZED_KEYS

CM4all · Nov 27, 2023 · da9d962 · da9d962
1 parent 668a557
commit da9d962
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 0 deletions.
diff --git a/src/translation/Parser.cxx b/src/translation/Parser.cxx
@@ -3997,6 +3997,20 @@ TranslateParser::HandleRegularPacket(TranslationCommand command,
 	case TranslationCommand::MAPPED_UID_GID:
 		HandleMappedUidGid(payload);
 		return;
+
+	case TranslationCommand::NO_HOME_AUTHORIZED_KEYS:
+#if TRANSLATION_ENABLE_LOGIN
+		if (!payload.empty())
+			throw std::runtime_error("malformed NO_HOME_AUTHORIZED_KEYS packet");
+
+		if (response.no_home_authorized_keys)
+			throw std::runtime_error("misplaced NO_HOME_AUTHORIZED_KEYS packet");
+
+		response.no_home_authorized_keys = true;
+		return;
+#else
+		break;
+#endif
 	}
 
 	throw FmtRuntimeError("unknown translation packet: {}", (unsigned)command);

diff --git a/src/translation/Protocol.hxx b/src/translation/Protocol.hxx
@@ -1221,6 +1221,11 @@ enum class TranslationCommand : uint16_t {
 	 * payload must be a 32-bit integer.
 	 */
 	MAPPED_UID_GID = 254,
+
+	/**
+	 * If present, then ~/.ssh/authorized_keys is not used.
+	 */
+	NO_HOME_AUTHORIZED_KEYS = 255,
 };
 
 struct TranslationHeader {

diff --git a/src/translation/Response.cxx b/src/translation/Response.cxx
@@ -167,6 +167,9 @@ TranslateResponse::Clear() noexcept
 	auto_gzipped = false;
 	auto_brotli_path = false;
 #endif
+#if TRANSLATION_ENABLE_LOGIN
+	no_home_authorized_keys = false;
+#endif
 #if TRANSLATION_ENABLE_SESSION
 	realm_from_auth_base = false;
 
@@ -420,6 +423,9 @@ TranslateResponse::CopyFrom(AllocatorPtr alloc, const TranslateResponse &src) no
 	auto_gzipped = src.auto_gzipped;
 	auto_brotli_path = src.auto_brotli_path;
 #endif
+#if TRANSLATION_ENABLE_LOGIN
+	no_home_authorized_keys = src.no_home_authorized_keys;
+#endif
 #if TRANSLATION_ENABLE_SESSION
 	realm_from_auth_base = src.realm_from_auth_base;
 	session = {};

diff --git a/src/translation/Response.hxx b/src/translation/Response.hxx
@@ -458,6 +458,10 @@ struct TranslateResponse {
 	bool auto_brotli_path;
 #endif
 
+#if TRANSLATION_ENABLE_LOGIN
+	bool no_home_authorized_keys;
+#endif
+
 	TranslateResponse() noexcept = default;
 	TranslateResponse(TranslateResponse &&) = default;
 	TranslateResponse &operator=(TranslateResponse &&) = default;

diff --git a/src/translation/server/Response.hxx b/src/translation/server/Response.hxx
@@ -1626,6 +1626,10 @@ public:
 				    payload...);
 	}
 
+	auto &NoHomeAuthorizedKeys() noexcept {
+		return Packet(TranslationCommand::NO_HOME_AUTHORIZED_KEYS);
+	}
+
 	auto &MaxAge(uint32_t seconds) noexcept {
 		return PacketT(TranslationCommand::MAX_AGE, seconds);
 	}