From a039b043de3a5bfbd8cef5e08dbfe158c44756e7 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Fri, 6 Jan 2012 18:13:42 +0000
Subject: Added some basic validation of authorized keys

---
 openssh-model.lua | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/openssh-model.lua b/openssh-model.lua
index 6c44d34..940ac97 100644
--- a/openssh-model.lua
+++ b/openssh-model.lua
@@ -282,14 +282,19 @@ function create_auth(authstr)
 			lines[#lines+1] = line
 		end
 	end
-	-- not sure how to validate the cert
-	-- try to handle certs that wrap lines and multiple certs in the entry
 	local certs = {}
-	for line in string.gmatch(format.dostounix(authstr.value.cert.value), "([^\n]*)\n?") do
-		if string.match(line, "^%s*ssh") then
-			certs[#certs+1] = line
-		else
-			certs[#certs] = certs[#certs] .. line
+	-- not sure how to validate the cert
+	if not string.match(authstr.value.cert.value, "^%s*ssh") then
+		authstr.value.cert.errtxt = "Invalid format - must start with 'ssh-...'"
+		success = false
+	else
+		-- try to handle certs that wrap lines and multiple certs in the entry
+		for line in string.gmatch(format.dostounix(authstr.value.cert.value), "([^\n]*)\n?") do
+			if string.match(line, "^%s*ssh") then
+				certs[#certs+1] = line
+			elseif #certs > 0 then
+				certs[#certs] = certs[#certs] .. line
+			end
 		end
 	end
 	for i,cert in ipairs(certs) do
-- 
cgit v1.2.3