From: "Ludovic Courtès" <ludo@gnu.org>
To: Vivien Kraus <vivien@planete-kraus.eu>
Cc: 51487@debbugs.gnu.org
Subject: bug#51487: The openssh service does not allow multiple authorized key files per user
Date: Mon, 15 Nov 2021 15:42:28 +0100 [thread overview]
Message-ID: <874k8d5vl7.fsf@gnu.org> (raw)
In-Reply-To: <87lf1zc1lg.fsf@planete-kraus.eu> (Vivien Kraus's message of "Sun, 07 Nov 2021 18:29:30 +0100")
Hi,
Vivien Kraus <vivien@planete-kraus.eu> skribis:
> (define (extend-openssh-authorized-keys config keys)
> "Extend CONFIG with the extra authorized keys listed in KEYS."
> - (openssh-configuration
> - (inherit config)
> - (authorized-keys
> - (append (openssh-authorized-keys config) keys))))
> + (let generate-keys
> + ((user-keys
> + (append (openssh-authorized-keys config) keys))
> + ;; The by-user vhash indexes a list of list of keys for each user, the
> + ;; list of list is not concatenated eagerly to avoid quadratic
> + ;; complexity.
> + (by-user (alist->vhash '())))
> + (match user-keys
> + (()
> + (openssh-configuration
> + (inherit config)
> + (authorized-keys
> + (vhash-fold
> + (lambda (user keys other-users)
> + `((,user ,@(apply append (reverse keys))) ,@other-users))
> + '() by-user))))
> + (((user keys ...) other-user-keys ...)
> + (let ((existing
> + (match (vhash-assoc user by-user)
> + ((_ . keys) keys)
> + (#f '()))))
> + (generate-keys
> + other-user-keys
> + (vhash-cons user `(,keys ,@existing) by-user)))))))
I find it a bit hard to read. What I had in mind is along these lines:
(match (openssh-authorized-keys config)
(((users _ ...) ...)
;; Build a user/key-list mapping.
(let ((user-keys (fold (lambda (spec table)
(match spec
((user keys ...)
(vhash-cons user keys table))))
vlist-null
(openssh-authorized-keys config))))
;; Coalesce the key lists associated with each user.
(map (lambda (user)
(concatenate (vhash-fold* cons '() user user-keys)))
users))))
WDYT?
Thanks,
Ludo’.
next prev parent reply other threads:[~2021-11-15 14:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-29 16:15 bug#51487: The openssh service does not allow multiple authorized key files per user Vivien Kraus via Bug reports for GNU Guix
[not found] ` <handler.51487.B.16355241781380.ack@debbugs.gnu.org>
2021-10-29 16:39 ` bug#51487: Acknowledgement (The openssh service does not allow multiple authorized key files per user) Vivien Kraus via Bug reports for GNU Guix
2021-10-29 16:45 ` Vivien Kraus via Bug reports for GNU Guix
2021-10-29 16:51 ` Vivien Kraus via Bug reports for GNU Guix
2021-10-29 21:22 ` Vivien Kraus via Bug reports for GNU Guix
2021-10-29 21:26 ` Vivien Kraus via Bug reports for GNU Guix
2021-11-07 15:04 ` bug#51487: The openssh service does not allow multiple authorized key files per user Ludovic Courtès
2021-11-07 17:29 ` Vivien Kraus via Bug reports for GNU Guix
2021-11-15 14:42 ` Ludovic Courtès [this message]
2021-11-15 15:31 ` Vivien Kraus via Bug reports for GNU Guix
2021-11-16 9:03 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874k8d5vl7.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=51487@debbugs.gnu.org \
--cc=vivien@planete-kraus.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.