Add principals regexp

Signed-off-by: Peter Verraedt <peter.verraedt@kuleuven.be>

Author: peterverraedt

models/asymkey/ssh_key_authorized_keys.go

@@ -10,6 +10,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"sync"
 
@@ -50,12 +51,18 @@ func WriteAuthorizedStringForValidKey(key *PublicKey, w io.Writer) error {
 	return err
 }
 
+var principalRegexp = regexp.MustCompile(`^[^\n\r]+$`)
+
 func writeAuthorizedStringForKey(key *PublicKey, w io.Writer) (keyValid bool, err error) {
 	const tpl = AuthorizedStringCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict %s` + "\n"
 
 	var sshKey string
 
 	if key.Type == KeyTypePrincipal {
+		if matched := principalRegexp.MatchString(key.Content); !matched {
+			return false, fmt.Errorf("does not match %s", principalRegexp.String())
+		}
+
 		sshKey = fmt.Sprintf("%s # user-%d", key.Content, key.OwnerID)
 	} else {
 		pubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(key.Content))