add the ability to turn off forced expiration

- while here, add the ability to set the forced expiration time
This commit is contained in:
Aaron Bieber 2024-06-19 19:55:38 -06:00
parent e73fa4c016
commit 26d804f117
No known key found for this signature in database
3 changed files with 39 additions and 22 deletions

View File

@ -35,9 +35,11 @@ type Traygent struct {
rmChan chan string
sigReq chan ssh.PublicKey
sigResp chan bool
force bool
forceDuration int
}
func (t *Traygent) log(title, msgFmt string, msg ...any) {
func (t *Traygent) log(_, msgFmt string, msg ...any) {
msgStr := fmt.Sprintf(msgFmt, msg...)
log.Println(msgStr)
@ -92,6 +94,7 @@ func (t *Traygent) RemoveLocked() {
// Without Round(0) when coming out of S3 suspend the After check below fails
// https://github.com/golang/go/issues/36141
if k.expireTime != nil {
now = now.Round(0)
k.expireTime.Round(0)
@ -99,6 +102,7 @@ func (t *Traygent) RemoveLocked() {
t.remove(k.signer.PublicKey(), "expired")
}
}
}
}
func (t *Traygent) List() ([]*agent.Key, error) {
@ -111,9 +115,15 @@ func (t *Traygent) List() ([]*agent.Key, error) {
}
for _, k := range t.keys {
comment := ""
if k.expireTime != nil {
comment = fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat))
} else {
comment = k.comment
}
pubKeys = append(pubKeys, &agent.Key{
Blob: k.pubKey.Marshal(),
Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)),
Comment: comment,
Format: k.pubKey.Type(),
})
}
@ -228,7 +238,7 @@ func (t *Traygent) Add(key agent.AddedKey) error {
return err
}
p := NewPrivKey(signer, key)
p := NewPrivKey(signer, key, t.force, t.forceDuration)
t.mu.RLock()
for _, k := range t.keys {

View File

@ -24,6 +24,8 @@ func init() {
func main() {
sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
force := flag.Bool("f", true, "force expiration of keys")
forceDuration := flag.Int("d", 300, "seconds for forced expiration")
flag.Parse()
os.Remove(*sock)
@ -51,6 +53,8 @@ func main() {
rmChan: make(chan string),
sigReq: make(chan ssh.PublicKey),
sigResp: make(chan bool),
force: *force,
forceDuration: *forceDuration,
}
trayApp := app.NewWithID("com.bolddaemon.traygent")

View File

@ -40,19 +40,22 @@ func (p *privKey) GetComment() string {
return p.comment
}
func (p *privKey) setExpire(key agent.AddedKey) {
func (p *privKey) setExpire(key agent.AddedKey, force bool, duration int) {
exp := key.LifetimeSecs
if exp <= 0 {
exp = 300
if force && exp <= 0 {
exp = uint32(duration)
}
t := time.Now().Add(time.Duration(exp) * time.Second)
key.LifetimeSecs = exp
p.lifetime = key.LifetimeSecs
if exp > 0 {
p.expireTime = &t
}
}
func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
func NewPrivKey(signer ssh.Signer, key agent.AddedKey, force bool, duration int) privKey {
pub := signer.PublicKey()
pk := privKey{
signer: signer,
@ -60,7 +63,7 @@ func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
pubKey: pub,
fingerPrint: ssh.FingerprintSHA256(pub),
}
pk.setExpire(key)
pk.setExpire(key, force, duration)
return pk
}