3 files changed, 33 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 85fb7c177..ea91ef7a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+20030122
+ - (djm) OpenBSD CVS Sync
+   - marc@cvs.openbsd.org 2003/01/21 18:14:36
+     [ssh-agent.1 ssh-agent.c]
+     Add a -t life option to ssh-agent that set the default lifetime.
+     The default can still be overriden by using -t in ssh-add.
+     OK markus@
+
 20030120
  - (djm) Fix compilation for NetBSD from dtucker@zip.com.au
  - (tim) [progressmeter.c] make compilers without long long happy.
@@ -1040,4 +1048,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2578 2003/01/20 04:20:24 tim Exp $
+$Id: ChangeLog,v 1.2579 2003/01/22 00:47:19 djm Exp $
diff --git a/ssh-agent.1 b/ssh-agent.1
index 0227436c1..98f9dc80d 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.36 2003/01/21 18:14:36 marc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -44,6 +44,7 @@
 .Nm ssh-agent
 .Op Fl a Ar bind_address
 .Op Fl c Li | Fl s
+.Op Fl t Ar life
 .Op Fl d
 .Op Ar command Op Ar args ...
 .Nm ssh-agent
@@ -86,6 +87,14 @@ does not look like it's a csh style of shell.
 Kill the current agent (given by the
 .Ev SSH_AGENT_PID
 environment variable).
+.It Fl t Ar life
+Set a default value for the maximum lifetime of identities added to the agent. 
+The lifetime may be specified in seconds or in a time format specified in
+.Xr sshd 8 .
+A lifetime specified for an identity with
+.Xr ssh-add 1
+overrides this value.
+Without this option the default maximum lifetime is forever.
 .It Fl d
 Debug mode.  When this option is specified
 .Nm
diff --git a/ssh-agent.c b/ssh-agent.c
index cca720ee2..554f8942a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.106 2003/01/21 18:14:36 marc Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -106,6 +106,9 @@ extern char *__progname;
 char *__progname;
 #endif
 
+/* Default lifetime (0 == forever) */
+static int lifetime = 0;
+
 static void
 close_socket(SocketEntry *e)
 {
@@ -468,6 +471,8 @@ process_add_identity(SocketEntry *e, int version)
                         break;
                 }
         }
+        if (lifetime && !death)
+                death = time(NULL) + lifetime;
         if (lookup_identity(k, version) == NULL) {
                 Identity *id = xmalloc(sizeof(Identity));
                 id->key = k;
@@ -930,6 +935,7 @@ usage(void)
         fprintf(stderr, "  -k          Kill the current agent.\n");
         fprintf(stderr, "  -d          Debug mode.\n");
         fprintf(stderr, "  -a socket   Bind agent socket to given name.\n");
+        fprintf(stderr, "  -t life     Default identity lifetime (seconds).\n");
         exit(1);
 }
 
@@ -961,7 +967,7 @@ main(int ac, char **av)
         init_rng();
         seed_rng();
 
-        while ((ch = getopt(ac, av, "cdksa:")) != -1) {
+        while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
                 switch (ch) {
                 case 'c':
                         if (s_flag)
@@ -984,6 +990,12 @@ main(int ac, char **av)
                 case 'a':
                         agentsocket = optarg;
                         break;
+                case 't':
+                        if ((lifetime = convtime(optarg)) == -1) {
+                                fprintf(stderr, "Invalid lifetime\n");
+                                usage();
+                        }
+                        break;
                 default:
                         usage();
                 }