add the ability to turn off forced expiration

- while here, add the ability to set the forced expiration time
2024-06-19 19:55:38 -06:00 · 2024-06-19 19:55:38 -06:00 · 26d804f117
commit 26d804f117
parent e73fa4c016
3 changed files with 39 additions and 22 deletions
--- a/agent.go
+++ b/agent.go
@ -35,9 +35,11 @@ type Traygent struct {
 	rmChan        chan string
 	sigReq        chan ssh.PublicKey
 	sigResp       chan bool
 	force         bool
 	forceDuration int
 }
-func (t *Traygent) log(title, msgFmt string, msg ...any) {
+func (t *Traygent) log(_, msgFmt string, msg ...any) {
 	msgStr := fmt.Sprintf(msgFmt, msg...)
 	log.Println(msgStr)
@ -92,6 +94,7 @@ func (t *Traygent) RemoveLocked() {
 		// Without Round(0) when coming out of S3 suspend the After check below fails
 		// https://github.com/golang/go/issues/36141
 		if k.expireTime != nil {
 			now = now.Round(0)
 			k.expireTime.Round(0)
@ -99,6 +102,7 @@ func (t *Traygent) RemoveLocked() {
 				t.remove(k.signer.PublicKey(), "expired")
 			}
 		}
 	}
 }
 func (t *Traygent) List() ([]*agent.Key, error) {
@ -111,9 +115,15 @@ func (t *Traygent) List() ([]*agent.Key, error) {
 	}
 	for _, k := range t.keys {
 		comment := ""
 		if k.expireTime != nil {
 			comment = fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat))
 		} else {
 			comment = k.comment
 		}
 		pubKeys = append(pubKeys, &agent.Key{
 			Blob:    k.pubKey.Marshal(),
-			Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)),
+			Comment: comment,
 			Format:  k.pubKey.Type(),
 		})
 	}
@ -228,7 +238,7 @@ func (t *Traygent) Add(key agent.AddedKey) error {
 		return err
 	}
-	p := NewPrivKey(signer, key)
+	p := NewPrivKey(signer, key, t.force, t.forceDuration)
 	t.mu.RLock()
 	for _, k := range t.keys {
--- a/main.go
+++ b/main.go
@ -24,6 +24,8 @@ func init() {
 func main() {
 	sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
 	cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
 	force := flag.Bool("f", true, "force expiration of keys")
 	forceDuration := flag.Int("d", 300, "seconds for forced expiration")
 	flag.Parse()
 	os.Remove(*sock)
@ -51,6 +53,8 @@ func main() {
 		rmChan:        make(chan string),
 		sigReq:        make(chan ssh.PublicKey),
 		sigResp:       make(chan bool),
 		force:         *force,
 		forceDuration: *forceDuration,
 	}
 	trayApp := app.NewWithID("com.bolddaemon.traygent")
--- a/privkey.go
+++ b/privkey.go
@ -40,19 +40,22 @@ func (p *privKey) GetComment() string {
 	return p.comment
 }
-func (p *privKey) setExpire(key agent.AddedKey) {
+func (p *privKey) setExpire(key agent.AddedKey, force bool, duration int) {
 	exp := key.LifetimeSecs
-	if exp <= 0 {
+
-		exp = 300
+	if force && exp <= 0 {
 		exp = uint32(duration)
 	}
 	t := time.Now().Add(time.Duration(exp) * time.Second)
 	key.LifetimeSecs = exp
 	p.lifetime = key.LifetimeSecs
 	if exp > 0 {
 		p.expireTime = &t
 	}
 }
-func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
+func NewPrivKey(signer ssh.Signer, key agent.AddedKey, force bool, duration int) privKey {
 	pub := signer.PublicKey()
 	pk := privKey{
 		signer:      signer,
@ -60,7 +63,7 @@ func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
 		pubKey:      pub,
 		fingerPrint: ssh.FingerprintSHA256(pub),
 	}
-	pk.setExpire(key)
+	pk.setExpire(key, force, duration)
 	return pk
 }