add the ability to turn off forced expiration

- while here, add the ability to set the forced expiration time
2024-06-19 19:55:38 -06:00 · 2024-06-19 19:55:38 -06:00 · 26d804f117
commit 26d804f117
parent e73fa4c016
3 changed files with 39 additions and 22 deletions
--- a/agent.go
+++ b/agent.go
@ -31,13 +31,15 @@ type Traygent struct {
 	passphrase []byte
 	locked     bool

-	addChan chan ssh.PublicKey
-	rmChan  chan string
-	sigReq  chan ssh.PublicKey
-	sigResp chan bool
+	addChan       chan ssh.PublicKey
+	rmChan        chan string
+	sigReq        chan ssh.PublicKey
+	sigResp       chan bool
+	force         bool
+	forceDuration int
 }

-func (t *Traygent) log(title, msgFmt string, msg ...any) {
+func (t *Traygent) log(_, msgFmt string, msg ...any) {
 	msgStr := fmt.Sprintf(msgFmt, msg...)

 	log.Println(msgStr)
@ -92,11 +94,13 @@ func (t *Traygent) RemoveLocked() {

 		// Without Round(0) when coming out of S3 suspend the After check below fails
 		// https://github.com/golang/go/issues/36141
-		now = now.Round(0)
-		k.expireTime.Round(0)
+		if k.expireTime != nil {
+			now = now.Round(0)
+			k.expireTime.Round(0)

-		if k.expireTime != nil && now.After(*k.expireTime) {
-			t.remove(k.signer.PublicKey(), "expired")
+			if k.expireTime != nil && now.After(*k.expireTime) {
+				t.remove(k.signer.PublicKey(), "expired")
+			}
 		}
 	}
 }
@ -111,9 +115,15 @@ func (t *Traygent) List() ([]*agent.Key, error) {
 	}

 	for _, k := range t.keys {
+		comment := ""
+		if k.expireTime != nil {
+			comment = fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat))
+		} else {
+			comment = k.comment
+		}
 		pubKeys = append(pubKeys, &agent.Key{
 			Blob:    k.pubKey.Marshal(),
-			Comment: fmt.Sprintf("%s [%s]", k.comment, k.expireTime.Format(expFormat)),
+			Comment: comment,
 			Format:  k.pubKey.Type(),
 		})
 	}
@ -228,7 +238,7 @@ func (t *Traygent) Add(key agent.AddedKey) error {
 		return err
 	}

-	p := NewPrivKey(signer, key)
+	p := NewPrivKey(signer, key, t.force, t.forceDuration)

 	t.mu.RLock()
 	for _, k := range t.keys {
--- a/main.go
+++ b/main.go
@ -24,6 +24,8 @@ func init() {
 func main() {
 	sock := flag.String("s", path.Join(os.Getenv("HOME"), ".traygent"), "Socket path to create")
 	cmdList := flag.String("c", "/etc/traygent.json", "List of commands to execute")
+	force := flag.Bool("f", true, "force expiration of keys")
+	forceDuration := flag.Int("d", 300, "seconds for forced expiration")
 	flag.Parse()

 	os.Remove(*sock)
@ -46,11 +48,13 @@ func main() {

 	cmds := LoadCommands(*cmdList)
 	tagent := Traygent{
-		listener: l,
-		addChan:  make(chan ssh.PublicKey),
-		rmChan:   make(chan string),
-		sigReq:   make(chan ssh.PublicKey),
-		sigResp:  make(chan bool),
+		listener:      l,
+		addChan:       make(chan ssh.PublicKey),
+		rmChan:        make(chan string),
+		sigReq:        make(chan ssh.PublicKey),
+		sigResp:       make(chan bool),
+		force:         *force,
+		forceDuration: *forceDuration,
 	}

 	trayApp := app.NewWithID("com.bolddaemon.traygent")
--- a/privkey.go
+++ b/privkey.go
@ -40,19 +40,22 @@ func (p *privKey) GetComment() string {
 	return p.comment
 }

-func (p *privKey) setExpire(key agent.AddedKey) {
+func (p *privKey) setExpire(key agent.AddedKey, force bool, duration int) {
 	exp := key.LifetimeSecs
-	if exp <= 0 {
-		exp = 300
+
+	if force && exp <= 0 {
+		exp = uint32(duration)
 	}

 	t := time.Now().Add(time.Duration(exp) * time.Second)
 	key.LifetimeSecs = exp
 	p.lifetime = key.LifetimeSecs
-	p.expireTime = &t
+	if exp > 0 {
+		p.expireTime = &t
+	}
 }

-func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
+func NewPrivKey(signer ssh.Signer, key agent.AddedKey, force bool, duration int) privKey {
 	pub := signer.PublicKey()
 	pk := privKey{
 		signer:      signer,
@ -60,7 +63,7 @@ func NewPrivKey(signer ssh.Signer, key agent.AddedKey) privKey {
 		pubKey:      pub,
 		fingerPrint: ssh.FingerprintSHA256(pub),
 	}
-	pk.setExpire(key)
+	pk.setExpire(key, force, duration)

 	return pk
 }