add the ability to turn off forced expiration
- while here, add the ability to set the forced expiration time
This commit is contained in:
parent
e73fa4c016
commit
26d804f117
16
agent.go
16
agent.go
@ -35,9 +35,11 @@ type Traygent struct {
|
||||
rmChan chan string
|
||||
sigReq chan ssh.PublicKey
|
||||
sigResp chan bool
|
||||
force bool
|
||||
forceDuration int
|
||||
}
|
||||
|
||||
func (t *Traygent) log(title, msgFmt string, msg ...any) {
|
||||
func (t *Traygent) log(_, msgFmt string, msg ...any) {
|
||||
msgStr := fmt.Sprintf(msgFmt, msg...)
|
||||
|
||||
log.Println(msgStr)
|
||||
@ -92,6 +94,7 @@ func (t *Traygent) RemoveLocked() {
|
||||
|
||||
// Without Round(0) when coming out of S3 suspend the After check below fails
|
||||
// https://github.com/golang/go/issues/36141
|
||||
if k.expireTime != nil {
|
||||
now = now.Round(0)
|
||||
k.expireTime.Round(0)
|
||||
|
||||
@ -99,6 +102,7 @@ func (t *Traygent) RemoveLocked() {
|
||||
t.remove(k.signer.PublicKey(), "expired")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (t *Traygent) List() ([]*agent.Key, error) {
|
||||
@ -111,9 +115,15 @@ func (t *Traygent) List() ([]*agent.Key, error) {
|
||||
}
|
||||
|
||||
for _, k := range t.keys {
|
||||
comment := ""
|
||||
if k.expireTime != nil {
|
||||
comment = fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat))
|
||||
} else {
|
||||
comment = k.comment
|
||||
}
|
||||
pubKeys = append(pubKeys, &agent.Key{
|
||||
Blob: k.pubKey.Marshal(),
|
||||
Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)),
|
||||
Comment: comment,
|
||||
Format: k.pubKey.Type(),
|
||||
})
|
||||
}
|
||||
@ -228,7 +238,7 @@ func (t *Traygent) Add(key agent.AddedKey) error {
|
||||
return err
|
||||
}
|
||||
|
||||
p := NewPrivKey(signer, key)
|
||||
p := NewPrivKey(signer, key, t.force, t.forceDuration)
|
||||
|
||||
t.mu.RLock()
|
||||
for _, k := range t.keys {
|
||||
|
4
main.go
4
main.go
@ -24,6 +24,8 @@ func init() {
|
||||
func main() {
|
||||
sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
|
||||
cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
|
||||
force := flag.Bool("f", true, "force expiration of keys")
|
||||
forceDuration := flag.Int("d", 300, "seconds for forced expiration")
|
||||
flag.Parse()
|
||||
|
||||
os.Remove(*sock)
|
||||
@ -51,6 +53,8 @@ func main() {
|
||||
rmChan: make(chan string),
|
||||
sigReq: make(chan ssh.PublicKey),
|
||||
sigResp: make(chan bool),
|
||||
force: *force,
|
||||
forceDuration: *forceDuration,
|
||||
}
|
||||
|
||||
trayApp := app.NewWithID("com.bolddaemon.traygent")
|
||||
|
13
privkey.go
13
privkey.go
@ -40,19 +40,22 @@ func (p *privKey) GetComment() string {
|
||||
return p.comment
|
||||
}
|
||||
|
||||
func (p *privKey) setExpire(key agent.AddedKey) {
|
||||
func (p *privKey) setExpire(key agent.AddedKey, force bool, duration int) {
|
||||
exp := key.LifetimeSecs
|
||||
if exp <= 0 {
|
||||
exp = 300
|
||||
|
||||
if force && exp <= 0 {
|
||||
exp = uint32(duration)
|
||||
}
|
||||
|
||||
t := time.Now().Add(time.Duration(exp) * time.Second)
|
||||
key.LifetimeSecs = exp
|
||||
p.lifetime = key.LifetimeSecs
|
||||
if exp > 0 {
|
||||
p.expireTime = &t
|
||||
}
|
||||
}
|
||||
|
||||
func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
|
||||
func NewPrivKey(signer ssh.Signer, key agent.AddedKey, force bool, duration int) privKey {
|
||||
pub := signer.PublicKey()
|
||||
pk := privKey{
|
||||
signer: signer,
|
||||
@ -60,7 +63,7 @@ func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
|
||||
pubKey: pub,
|
||||
fingerPrint: ssh.FingerprintSHA256(pub),
|
||||
}
|
||||
pk.setExpire(key)
|
||||
pk.setExpire(key, force, duration)
|
||||
|
||||
return pk
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user