add the ability to turn off forced expiration
- while here, add the ability to set the forced expiration time
This commit is contained in:
parent
e73fa4c016
commit
26d804f117
32
agent.go
32
agent.go
@ -31,13 +31,15 @@ type Traygent struct {
|
|||||||
passphrase []byte
|
passphrase []byte
|
||||||
locked bool
|
locked bool
|
||||||
|
|
||||||
addChan chan ssh.PublicKey
|
addChan chan ssh.PublicKey
|
||||||
rmChan chan string
|
rmChan chan string
|
||||||
sigReq chan ssh.PublicKey
|
sigReq chan ssh.PublicKey
|
||||||
sigResp chan bool
|
sigResp chan bool
|
||||||
|
force bool
|
||||||
|
forceDuration int
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *Traygent) log(title, msgFmt string, msg ...any) {
|
func (t *Traygent) log(_, msgFmt string, msg ...any) {
|
||||||
msgStr := fmt.Sprintf(msgFmt, msg...)
|
msgStr := fmt.Sprintf(msgFmt, msg...)
|
||||||
|
|
||||||
log.Println(msgStr)
|
log.Println(msgStr)
|
||||||
@ -92,11 +94,13 @@ func (t *Traygent) RemoveLocked() {
|
|||||||
|
|
||||||
// Without Round(0) when coming out of S3 suspend the After check below fails
|
// Without Round(0) when coming out of S3 suspend the After check below fails
|
||||||
// https://github.com/golang/go/issues/36141
|
// https://github.com/golang/go/issues/36141
|
||||||
now = now.Round(0)
|
if k.expireTime != nil {
|
||||||
k.expireTime.Round(0)
|
now = now.Round(0)
|
||||||
|
k.expireTime.Round(0)
|
||||||
|
|
||||||
if k.expireTime != nil && now.After(*k.expireTime) {
|
if k.expireTime != nil && now.After(*k.expireTime) {
|
||||||
t.remove(k.signer.PublicKey(), "expired")
|
t.remove(k.signer.PublicKey(), "expired")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -111,9 +115,15 @@ func (t *Traygent) List() ([]*agent.Key, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
for _, k := range t.keys {
|
for _, k := range t.keys {
|
||||||
|
comment := ""
|
||||||
|
if k.expireTime != nil {
|
||||||
|
comment = fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat))
|
||||||
|
} else {
|
||||||
|
comment = k.comment
|
||||||
|
}
|
||||||
pubKeys = append(pubKeys, &agent.Key{
|
pubKeys = append(pubKeys, &agent.Key{
|
||||||
Blob: k.pubKey.Marshal(),
|
Blob: k.pubKey.Marshal(),
|
||||||
Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)),
|
Comment: comment,
|
||||||
Format: k.pubKey.Type(),
|
Format: k.pubKey.Type(),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -228,7 +238,7 @@ func (t *Traygent) Add(key agent.AddedKey) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
p := NewPrivKey(signer, key)
|
p := NewPrivKey(signer, key, t.force, t.forceDuration)
|
||||||
|
|
||||||
t.mu.RLock()
|
t.mu.RLock()
|
||||||
for _, k := range t.keys {
|
for _, k := range t.keys {
|
||||||
|
14
main.go
14
main.go
@ -24,6 +24,8 @@ func init() {
|
|||||||
func main() {
|
func main() {
|
||||||
sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
|
sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
|
||||||
cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
|
cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
|
||||||
|
force := flag.Bool("f", true, "force expiration of keys")
|
||||||
|
forceDuration := flag.Int("d", 300, "seconds for forced expiration")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
os.Remove(*sock)
|
os.Remove(*sock)
|
||||||
@ -46,11 +48,13 @@ func main() {
|
|||||||
|
|
||||||
cmds := LoadCommands(*cmdList)
|
cmds := LoadCommands(*cmdList)
|
||||||
tagent := Traygent{
|
tagent := Traygent{
|
||||||
listener: l,
|
listener: l,
|
||||||
addChan: make(chan ssh.PublicKey),
|
addChan: make(chan ssh.PublicKey),
|
||||||
rmChan: make(chan string),
|
rmChan: make(chan string),
|
||||||
sigReq: make(chan ssh.PublicKey),
|
sigReq: make(chan ssh.PublicKey),
|
||||||
sigResp: make(chan bool),
|
sigResp: make(chan bool),
|
||||||
|
force: *force,
|
||||||
|
forceDuration: *forceDuration,
|
||||||
}
|
}
|
||||||
|
|
||||||
trayApp := app.NewWithID("com.bolddaemon.traygent")
|
trayApp := app.NewWithID("com.bolddaemon.traygent")
|
||||||
|
15
privkey.go
15
privkey.go
@ -40,19 +40,22 @@ func (p *privKey) GetComment() string {
|
|||||||
return p.comment
|
return p.comment
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *privKey) setExpire(key agent.AddedKey) {
|
func (p *privKey) setExpire(key agent.AddedKey, force bool, duration int) {
|
||||||
exp := key.LifetimeSecs
|
exp := key.LifetimeSecs
|
||||||
if exp <= 0 {
|
|
||||||
exp = 300
|
if force && exp <= 0 {
|
||||||
|
exp = uint32(duration)
|
||||||
}
|
}
|
||||||
|
|
||||||
t := time.Now().Add(time.Duration(exp) * time.Second)
|
t := time.Now().Add(time.Duration(exp) * time.Second)
|
||||||
key.LifetimeSecs = exp
|
key.LifetimeSecs = exp
|
||||||
p.lifetime = key.LifetimeSecs
|
p.lifetime = key.LifetimeSecs
|
||||||
p.expireTime = &t
|
if exp > 0 {
|
||||||
|
p.expireTime = &t
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
|
func NewPrivKey(signer ssh.Signer, key agent.AddedKey, force bool, duration int) privKey {
|
||||||
pub := signer.PublicKey()
|
pub := signer.PublicKey()
|
||||||
pk := privKey{
|
pk := privKey{
|
||||||
signer: signer,
|
signer: signer,
|
||||||
@ -60,7 +63,7 @@ func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
|
|||||||
pubKey: pub,
|
pubKey: pub,
|
||||||
fingerPrint: ssh.FingerprintSHA256(pub),
|
fingerPrint: ssh.FingerprintSHA256(pub),
|
||||||
}
|
}
|
||||||
pk.setExpire(key)
|
pk.setExpire(key, force, duration)
|
||||||
|
|
||||||
return pk
|
return pk
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user