add the ability to turn off forced expiration

- while here, add the ability to set the forced expiration time
This commit is contained in:
Aaron Bieber 2024-06-19 19:55:38 -06:00
parent e73fa4c016
commit 26d804f117
No known key found for this signature in database
3 changed files with 39 additions and 22 deletions

View File

@ -31,13 +31,15 @@ type Traygent struct {
passphrase []byte
locked bool
addChan chan ssh.PublicKey
rmChan chan string
sigReq chan ssh.PublicKey
sigResp chan bool
addChan chan ssh.PublicKey
rmChan chan string
sigReq chan ssh.PublicKey
sigResp chan bool
force bool
forceDuration int
}
func (t *Traygent) log(title, msgFmt string, msg ...any) {
func (t *Traygent) log(_, msgFmt string, msg ...any) {
msgStr := fmt.Sprintf(msgFmt, msg...)
log.Println(msgStr)
@ -92,11 +94,13 @@ func (t *Traygent) RemoveLocked() {
// Without Round(0) when coming out of S3 suspend the After check below fails
// https://github.com/golang/go/issues/36141
now = now.Round(0)
k.expireTime.Round(0)
if k.expireTime != nil {
now = now.Round(0)
k.expireTime.Round(0)
if k.expireTime != nil && now.After(*k.expireTime) {
t.remove(k.signer.PublicKey(), "expired")
if k.expireTime != nil && now.After(*k.expireTime) {
t.remove(k.signer.PublicKey(), "expired")
}
}
}
}
@ -111,9 +115,15 @@ func (t *Traygent) List() ([]*agent.Key, error) {
}
for _, k := range t.keys {
comment := ""
if k.expireTime != nil {
comment = fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat))
} else {
comment = k.comment
}
pubKeys = append(pubKeys, &agent.Key{
Blob: k.pubKey.Marshal(),
Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)),
Comment: comment,
Format: k.pubKey.Type(),
})
}
@ -228,7 +238,7 @@ func (t *Traygent) Add(key agent.AddedKey) error {
return err
}
p := NewPrivKey(signer, key)
p := NewPrivKey(signer, key, t.force, t.forceDuration)
t.mu.RLock()
for _, k := range t.keys {

14
main.go
View File

@ -24,6 +24,8 @@ func init() {
func main() {
sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
force := flag.Bool("f", true, "force expiration of keys")
forceDuration := flag.Int("d", 300, "seconds for forced expiration")
flag.Parse()
os.Remove(*sock)
@ -46,11 +48,13 @@ func main() {
cmds := LoadCommands(*cmdList)
tagent := Traygent{
listener: l,
addChan: make(chan ssh.PublicKey),
rmChan: make(chan string),
sigReq: make(chan ssh.PublicKey),
sigResp: make(chan bool),
listener: l,
addChan: make(chan ssh.PublicKey),
rmChan: make(chan string),
sigReq: make(chan ssh.PublicKey),
sigResp: make(chan bool),
force: *force,
forceDuration: *forceDuration,
}
trayApp := app.NewWithID("com.bolddaemon.traygent")

View File

@ -40,19 +40,22 @@ func (p *privKey) GetComment() string {
return p.comment
}
func (p *privKey) setExpire(key agent.AddedKey) {
func (p *privKey) setExpire(key agent.AddedKey, force bool, duration int) {
exp := key.LifetimeSecs
if exp <= 0 {
exp = 300
if force && exp <= 0 {
exp = uint32(duration)
}
t := time.Now().Add(time.Duration(exp) * time.Second)
key.LifetimeSecs = exp
p.lifetime = key.LifetimeSecs
p.expireTime = &t
if exp > 0 {
p.expireTime = &t
}
}
func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
func NewPrivKey(signer ssh.Signer, key agent.AddedKey, force bool, duration int) privKey {
pub := signer.PublicKey()
pk := privKey{
signer: signer,
@ -60,7 +63,7 @@ func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
pubKey: pub,
fingerPrint: ssh.FingerprintSHA256(pub),
}
pk.setExpire(key)
pk.setExpire(key, force, duration)
return pk
}