Set REMCTL_EXPIRES when running commands

The remctld server now sets the REMOTE_EXPIRES environment variable to
the time (in seconds since UNIX epoch) when the authenticated session
used to run a command will expire.  This will generally be the
expiration time of the Kerberos ticket used to authenticate to the
server.

3 files changed, 12 insertions, 2 deletions

diff --git a/server/generic.c b/server/generic.c
index 74134b5..cc0f0e3 100644
--- a/server/generic.c
+++ b/server/generic.c
@@ -19,6 +19,8 @@
 #include <portable/system.h>
 #include <portable/uio.h>
 
+#include <time.h>
+
 #include <server/internal.h>
 #include <util/messages.h>
 #include <util/protocol.h>
@@ -45,7 +47,7 @@ server_new_client(int fd, gss_cred_id_t creds)
     gss_OID doid;
     OM_uint32 major = 0;
     OM_uint32 minor = 0;
-    OM_uint32 acc_minor;
+    OM_uint32 acc_minor, time_rec;
     int flags, status;
     static const OM_uint32 req_gss_flags
         = (GSS_C_MUTUAL_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG);
@@ -116,7 +118,7 @@ server_new_client(int fd, gss_cred_id_t creds)
               (unsigned long) recv_tok.length);
         major = gss_accept_sec_context(&acc_minor, &client->context, creds,
                     &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &name, &doid,
-                    &send_tok, &client->flags, NULL, NULL);
+                    &send_tok, &client->flags, &time_rec, NULL);
         free(recv_tok.value);
 
         /* Send back a token if we need to. */
@@ -160,6 +162,7 @@ server_new_client(int fd, gss_cred_id_t creds)
     }
     gss_release_name(&minor, &name);
     client->user = xstrndup(name_buf.value, name_buf.length);
+    client->expires = time(NULL) + time_rec;
     gss_release_buffer(&minor, &name_buf);
     return client;
 
diff --git a/server/internal.h b/server/internal.h
index 622fc8d..49741bc 100644
--- a/server/internal.h
+++ b/server/internal.h
@@ -52,6 +52,7 @@ struct client {
     gss_ctx_id_t context;       /* GSS-API context. */
     char *user;                 /* Name of the client as a string. */
     OM_uint32 flags;            /* Connection flags. */
+    time_t expires;             /* Expiration time of GSS-API session. */
     bool keepalive;             /* Whether keep-alive was set. */
     bool fatal;                 /* Whether a fatal error has occurred. */
 };
diff --git a/server/process.c b/server/process.c
index 4a96b17..c1b68f5 100644
--- a/server/process.c
+++ b/server/process.c
@@ -27,6 +27,7 @@
 #include <util/macros.h>
 #include <util/messages.h>
 #include <util/protocol.h>
+#include <util/xmalloc.h>
 
 /*
  * We would like to use event_base_loopbreak and event_base_got_break, but the
@@ -226,6 +227,7 @@ start(evutil_socket_t junk UNUSED, short what UNUSED, void *data)
     socket_type stderr_fds[2]   = { INVALID_SOCKET, INVALID_SOCKET };
     socket_type fd;
     struct sigaction sa;
+    char *expires;
 
     /*
      * Socket pairs are used for communication with the child process that
@@ -335,6 +337,10 @@ start(evutil_socket_t junk UNUSED, short what UNUSED, void *data)
                 sysdie("cannot set REMOTE_HOST in environment");
         if (setenv("REMCTL_COMMAND", process->command, 1) < 0)
             sysdie("cannot set REMCTL_COMMAND in environment");
+        xasprintf(&expires, "%lu", (unsigned long) client->expires);
+        if (setenv("REMOTE_EXPIRES", expires, 1) < 0)
+            sysdie("cannot set REMOTE_EXPIRES in environment");
+        free(expires);
 
         /* Drop privileges if requested. */
         if (process->rule->user != NULL && process->rule->uid > 0) {