Added some basic validation of authorized keys

1 files changed, 12 insertions, 7 deletions

diff --git a/openssh-model.lua b/openssh-model.lua
index 6c44d34..940ac97 100644
--- a/openssh-model.lua
+++ b/openssh-model.lua
@@ -282,14 +282,19 @@ function create_auth(authstr)
 			lines[#lines+1] = line
 		end
 	end
-	-- not sure how to validate the cert
-	-- try to handle certs that wrap lines and multiple certs in the entry
 	local certs = {}
-	for line in string.gmatch(format.dostounix(authstr.value.cert.value), "([^\n]*)\n?") do
-		if string.match(line, "^%s*ssh") then
-			certs[#certs+1] = line
-		else
-			certs[#certs] = certs[#certs] .. line
+	-- not sure how to validate the cert
+	if not string.match(authstr.value.cert.value, "^%s*ssh") then
+		authstr.value.cert.errtxt = "Invalid format - must start with 'ssh-...'"
+		success = false
+	else
+		-- try to handle certs that wrap lines and multiple certs in the entry
+		for line in string.gmatch(format.dostounix(authstr.value.cert.value), "([^\n]*)\n?") do
+			if string.match(line, "^%s*ssh") then
+				certs[#certs+1] = line
+			elseif #certs > 0 then
+				certs[#certs] = certs[#certs] .. line
+			end
 		end
 	end
 	for i,cert in ipairs(certs) do