diff --git a/ChangeLog b/ChangeLog index 85fb7c177..ea91ef7a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +20030122 + - (djm) OpenBSD CVS Sync + - marc@cvs.openbsd.org 2003/01/21 18:14:36 + [ssh-agent.1 ssh-agent.c] + Add a -t life option to ssh-agent that set the default lifetime. + The default can still be overriden by using -t in ssh-add. + OK markus@ + 20030120 - (djm) Fix compilation for NetBSD from dtucker@zip.com.au - (tim) [progressmeter.c] make compilers without long long happy. @@ -1040,4 +1048,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2578 2003/01/20 04:20:24 tim Exp $ +$Id: ChangeLog,v 1.2579 2003/01/22 00:47:19 djm Exp $ diff --git a/ssh-agent.1 b/ssh-agent.1 index 0227436c1..98f9dc80d 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.36 2003/01/21 18:14:36 marc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -44,6 +44,7 @@ .Nm ssh-agent .Op Fl a Ar bind_address .Op Fl c Li | Fl s +.Op Fl t Ar life .Op Fl d .Op Ar command Op Ar args ... .Nm ssh-agent @@ -86,6 +87,14 @@ does not look like it's a csh style of shell. Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). +.It Fl t Ar life +Set a default value for the maximum lifetime of identities added to the agent. +The lifetime may be specified in seconds or in a time format specified in +.Xr sshd 8 . +A lifetime specified for an identity with +.Xr ssh-add 1 +overrides this value. +Without this option the default maximum lifetime is forever. .It Fl d Debug mode. When this option is specified .Nm diff --git a/ssh-agent.c b/ssh-agent.c index cca720ee2..554f8942a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.106 2003/01/21 18:14:36 marc Exp $"); #include #include @@ -106,6 +106,9 @@ extern char *__progname; char *__progname; #endif +/* Default lifetime (0 == forever) */ +static int lifetime = 0; + static void close_socket(SocketEntry *e) { @@ -468,6 +471,8 @@ process_add_identity(SocketEntry *e, int version) break; } } + if (lifetime && !death) + death = time(NULL) + lifetime; if (lookup_identity(k, version) == NULL) { Identity *id = xmalloc(sizeof(Identity)); id->key = k; @@ -930,6 +935,7 @@ usage(void) fprintf(stderr, " -k Kill the current agent.\n"); fprintf(stderr, " -d Debug mode.\n"); fprintf(stderr, " -a socket Bind agent socket to given name.\n"); + fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); exit(1); } @@ -961,7 +967,7 @@ main(int ac, char **av) init_rng(); seed_rng(); - while ((ch = getopt(ac, av, "cdksa:")) != -1) { + while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { switch (ch) { case 'c': if (s_flag) @@ -984,6 +990,12 @@ main(int ac, char **av) case 'a': agentsocket = optarg; break; + case 't': + if ((lifetime = convtime(optarg)) == -1) { + fprintf(stderr, "Invalid lifetime\n"); + usage(); + } + break; default: usage(); }