Add principals regular expression

Signed-off-by: Peter Verraedt <peter.verraedt@kuleuven.be>

Author: peterverraedt

models/asymkey/ssh_key_authorized_keys.go

@@ -10,6 +10,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"sync"
 
@@ -50,13 +51,28 @@ func WriteAuthorizedStringForValidKey(key *PublicKey, w io.Writer) error {
 	return err
 }
 
+// principalRegexp expresses whether a principal is considered valid.
+// This reverse engineers how sshd parses the authorized keys file,
+// see e.g. https://github.com/openssh/openssh-portable/blob/32deb00b38b4ee2b3302f261ea1e68c04e020a08/auth2-pubkeyfile.c#L221-L256
+// Any newline or # comment will be stripped when parsing, so don't allow
+// those. Also, if any space or tab is present in the principal, the part
+// proceeding this would be parsed as an option, so just avoid any whitespace
+// altogether.
+var principalRegexp = regexp.MustCompile(`^[^\s#]+$`)
+
 func writeAuthorizedStringForKey(key *PublicKey, w io.Writer) (keyValid bool, err error) {
 	const tpl = AuthorizedStringCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict %s` + "\n"
 
 	var sshKey string
 
 	if key.Type == KeyTypePrincipal {
-		sshKey = fmt.Sprintf("%s # user-%d", key.Content, key.OwnerID)
+		principal := strings.TrimSpace(key.Content)
+
+		if matched := principalRegexp.MatchString(principal); !matched {
+			return false, fmt.Errorf("does not match %s", principalRegexp.String())
+		}
+
+		sshKey = fmt.Sprintf("%s # user-%d", principal, key.OwnerID)
 	} else {
 		pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key.Content))
 		if err != nil {