add the ability to turn off forced expiration

- while here, add the ability to set the forced expiration time
This commit is contained in:
Aaron Bieber 2024-06-19 19:55:38 -06:00
parent e73fa4c016
commit 26d804f117
No known key found for this signature in database
3 changed files with 39 additions and 22 deletions

View File

@ -31,13 +31,15 @@ type Traygent struct {
passphrase []byte passphrase []byte
locked bool locked bool
addChan chan ssh.PublicKey addChan chan ssh.PublicKey
rmChan chan string rmChan chan string
sigReq chan ssh.PublicKey sigReq chan ssh.PublicKey
sigResp chan bool sigResp chan bool
force bool
forceDuration int
} }
func (t *Traygent) log(title, msgFmt string, msg ...any) { func (t *Traygent) log(_, msgFmt string, msg ...any) {
msgStr := fmt.Sprintf(msgFmt, msg...) msgStr := fmt.Sprintf(msgFmt, msg...)
log.Println(msgStr) log.Println(msgStr)
@ -92,11 +94,13 @@ func (t *Traygent) RemoveLocked() {
// Without Round(0) when coming out of S3 suspend the After check below fails // Without Round(0) when coming out of S3 suspend the After check below fails
// https://github.com/golang/go/issues/36141 // https://github.com/golang/go/issues/36141
now = now.Round(0) if k.expireTime != nil {
k.expireTime.Round(0) now = now.Round(0)
k.expireTime.Round(0)
if k.expireTime != nil && now.After(*k.expireTime) { if k.expireTime != nil && now.After(*k.expireTime) {
t.remove(k.signer.PublicKey(), "expired") t.remove(k.signer.PublicKey(), "expired")
}
} }
} }
} }
@ -111,9 +115,15 @@ func (t *Traygent) List() ([]*agent.Key, error) {
} }
for _, k := range t.keys { for _, k := range t.keys {
comment := ""
if k.expireTime != nil {
comment = fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat))
} else {
comment = k.comment
}
pubKeys = append(pubKeys, &agent.Key{ pubKeys = append(pubKeys, &agent.Key{
Blob: k.pubKey.Marshal(), Blob: k.pubKey.Marshal(),
Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)), Comment: comment,
Format: k.pubKey.Type(), Format: k.pubKey.Type(),
}) })
} }
@ -228,7 +238,7 @@ func (t *Traygent) Add(key agent.AddedKey) error {
return err return err
} }
p := NewPrivKey(signer, key) p := NewPrivKey(signer, key, t.force, t.forceDuration)
t.mu.RLock() t.mu.RLock()
for _, k := range t.keys { for _, k := range t.keys {

14
main.go
View File

@ -24,6 +24,8 @@ func init() {
func main() { func main() {
sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create") sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute") cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
force := flag.Bool("f", true, "force expiration of keys")
forceDuration := flag.Int("d", 300, "seconds for forced expiration")
flag.Parse() flag.Parse()
os.Remove(*sock) os.Remove(*sock)
@ -46,11 +48,13 @@ func main() {
cmds := LoadCommands(*cmdList) cmds := LoadCommands(*cmdList)
tagent := Traygent{ tagent := Traygent{
listener: l, listener: l,
addChan: make(chan ssh.PublicKey), addChan: make(chan ssh.PublicKey),
rmChan: make(chan string), rmChan: make(chan string),
sigReq: make(chan ssh.PublicKey), sigReq: make(chan ssh.PublicKey),
sigResp: make(chan bool), sigResp: make(chan bool),
force: *force,
forceDuration: *forceDuration,
} }
trayApp := app.NewWithID("com.bolddaemon.traygent") trayApp := app.NewWithID("com.bolddaemon.traygent")

View File

@ -40,19 +40,22 @@ func (p *privKey) GetComment() string {
return p.comment return p.comment
} }
func (p *privKey) setExpire(key agent.AddedKey) { func (p *privKey) setExpire(key agent.AddedKey, force bool, duration int) {
exp := key.LifetimeSecs exp := key.LifetimeSecs
if exp <= 0 {
exp = 300 if force && exp <= 0 {
exp = uint32(duration)
} }
t := time.Now().Add(time.Duration(exp) * time.Second) t := time.Now().Add(time.Duration(exp) * time.Second)
key.LifetimeSecs = exp key.LifetimeSecs = exp
p.lifetime = key.LifetimeSecs p.lifetime = key.LifetimeSecs
p.expireTime = &t if exp > 0 {
p.expireTime = &t
}
} }
func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey { func NewPrivKey(signer ssh.Signer, key agent.AddedKey, force bool, duration int) privKey {
pub := signer.PublicKey() pub := signer.PublicKey()
pk := privKey{ pk := privKey{
signer: signer, signer: signer,
@ -60,7 +63,7 @@ func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
pubKey: pub, pubKey: pub,
fingerPrint: ssh.FingerprintSHA256(pub), fingerPrint: ssh.FingerprintSHA256(pub),
} }
pk.setExpire(key) pk.setExpire(key, force, duration)
return pk return pk
} }