Add authorized_keys option -a

options-table.c

@@ -977,6 +977,18 @@ const struct options_table_entry options_table[] = {
 	  .scope = OPTIONS_TABLE_SERVER,
 	  .default_str = ""
 	},
+
+	{ .name = "tmate-authorized-keys",
+	  .type = OPTIONS_TABLE_STRING,
+	  .scope = OPTIONS_TABLE_SERVER,
+	  .default_str = ""
+	},
+
+	{ .name = "tmate-set",
+	  .type = OPTIONS_TABLE_STRING,
+	  .scope = OPTIONS_TABLE_SERVER,
+	  .default_str = ""
+	},
 #endif
 
 	{ .name = NULL }

tmate-encoder.c

@@ -238,6 +238,14 @@ void tmate_exec_cmd_args(int argc, const char **argv)
 	append_saved_cmd(&tmate_session, argc, argv);
 }
 
+void tmate_set_val(const char *name, const char *value)
+{
+	char *buf;
+	xasprintf(&buf, "%s=%s", name, value);
+	tmate_exec_cmd_args(3, (const char *[]){"set-option", "tmate-set", buf});
+	free(buf);
+}
+
 void tmate_exec_cmd(struct cmd *cmd)
 {
 	int argc;

tmate-session.c

@@ -129,6 +129,50 @@ void tmate_session_init(struct event_base *base)
 	tmate_write_header();
 }
 
+static void send_authorized_keys()
+{
+	char *path;
+	path = options_get_string(global_options, "tmate-authorized-keys");
+	if (strlen(path) == 0)
+		return;
+
+	path = xstrdup(path);
+	tmate_info("Using %s for access control", path);
+
+	FILE *f;
+	char *line;
+	size_t len;
+
+	if (path[0] == '~' && path[1] == '/') {
+		const char *home = find_home();
+		if (home) {
+			char *new_path;
+			xasprintf(&new_path, "%s%s", home, &path[1]);
+			free(path);
+			path = new_path;
+		}
+	}
+
+	if ((f = fopen(path, "r")) == NULL) {
+		cfg_add_cause("%s: %s", path, strerror(errno));
+		free(path);
+		return;
+	}
+
+	while ((line = fparseln(f, &len, NULL, NULL, 0)) != NULL) {
+		if (len == 0)
+			continue;
+		tmate_set_val("authorized_keys", line);
+		free(line);
+	}
+
+	if (ferror(f))
+		cfg_add_cause("%s: %s", path, strerror(errno));
+
+	fclose(f);
+	free(path);
+}
+
 void tmate_session_start(void)
 {
 	/*
@@ -138,6 +182,7 @@ void tmate_session_start(void)
 	 * - While we are parsing the config file, we need to be able to
 	 *   serialize it, and so we need a worker encoder.
 	 */
+	send_authorized_keys();
 	tmate_write_ready();
 	lookup_and_connect();
 }

tmate.h

@@ -83,6 +83,7 @@ extern void tmate_write_ready(void);
 extern void tmate_sync_layout(void);
 extern void tmate_pty_data(struct window_pane *wp, const char *buf, size_t len);
 extern int tmate_should_replicate_cmd(const struct cmd_entry *cmd);
+extern void tmate_set_val(const char *name, const char *value);
 extern void tmate_exec_cmd_args(int argc, const char **argv);
 extern void tmate_exec_cmd(struct cmd *cmd);
 extern void tmate_failed_cmd(int client_id, const char *cause);

tmux.c

@@ -205,6 +205,7 @@ find_home(void)
 static char *account_key;
 static char *session_name;
 static char *session_name_ro;
+static char *authorized_keys;
 
 void tmate_init_boot_options(void)
 {
@@ -214,14 +215,18 @@ void tmate_init_boot_options(void)
 		tmate_exec_cmd_args(4, (const char *[]){"set-option", "-g", "tmate-session-name", session_name});
 	if (session_name_ro)
 		tmate_exec_cmd_args(4, (const char *[]){"set-option", "-g", "tmate-session-name-ro", session_name_ro});
+	if (authorized_keys)
+		tmate_exec_cmd_args(4, (const char *[]){"set-option", "-g", "tmate-authorized-keys", authorized_keys});
 
 	free(account_key);
 	free(session_name);
 	free(session_name_ro);
+	free(authorized_keys_file);
 
 	account_key = NULL;
 	session_name = NULL;
 	session_name_ro = NULL;
+	authorized_keys = NULL;
 }
 #endif
 
@@ -255,7 +260,7 @@ main(int argc, char **argv)
 #endif
 
 	label = path = NULL;
-	while ((opt = getopt(argc, argv, "2c:CdFf:lL:qS:uUVvk:n:r:")) != -1) {
+	while ((opt = getopt(argc, argv, "2c:CdFf:lL:qS:uUVvk:n:r:a:")) != -1) {
 		switch (opt) {
 		case '2':
 			flags |= CLIENT_256COLOURS;
@@ -309,6 +314,9 @@ main(int argc, char **argv)
 		case 'r':
 			session_name_ro = xstrdup(optarg);
 			break;
+		case 'a':
+			authorized_keys = xstrdup(optarg);
+			break;
 		default:
 			usage();
 		}