diff options
author | Ted Trask <ttrask01@yahoo.com> | 2012-01-06 18:13:42 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2012-01-06 18:13:42 +0000 |
commit | a039b043de3a5bfbd8cef5e08dbfe158c44756e7 (patch) | |
tree | 5708fb8823576bf6bd66fd8dc6bb731631526d9f | |
parent | 520a37b098656d3c2b1910085be02248321fb250 (diff) | |
download | acf-openssh-a039b043de3a5bfbd8cef5e08dbfe158c44756e7.tar.bz2 acf-openssh-a039b043de3a5bfbd8cef5e08dbfe158c44756e7.tar.xz |
Added some basic validation of authorized keys
-rw-r--r-- | openssh-model.lua | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/openssh-model.lua b/openssh-model.lua index 6c44d34..940ac97 100644 --- a/openssh-model.lua +++ b/openssh-model.lua @@ -282,14 +282,19 @@ function create_auth(authstr) lines[#lines+1] = line end end - -- not sure how to validate the cert - -- try to handle certs that wrap lines and multiple certs in the entry local certs = {} - for line in string.gmatch(format.dostounix(authstr.value.cert.value), "([^\n]*)\n?") do - if string.match(line, "^%s*ssh") then - certs[#certs+1] = line - else - certs[#certs] = certs[#certs] .. line + -- not sure how to validate the cert + if not string.match(authstr.value.cert.value, "^%s*ssh") then + authstr.value.cert.errtxt = "Invalid format - must start with 'ssh-...'" + success = false + else + -- try to handle certs that wrap lines and multiple certs in the entry + for line in string.gmatch(format.dostounix(authstr.value.cert.value), "([^\n]*)\n?") do + if string.match(line, "^%s*ssh") then + certs[#certs+1] = line + elseif #certs > 0 then + certs[#certs] = certs[#certs] .. line + end end end for i,cert in ipairs(certs) do |