Add Option for Delegation to Any User

cmd/ro/main.go

@@ -23,6 +23,8 @@ var owners, lefters, righters, inPath, labels, outPath, outEnv string
 
 var uses, minUsers int
 
+var anyUser bool
+
 var duration, users string
 
 var pollInterval time.Duration
@@ -52,6 +54,7 @@ func registerFlags() {
 	flag.StringVar(&users, "users", "", "comma separated user list")
 	flag.IntVar(&uses, "uses", 0, "number of delegated key uses")
 	flag.IntVar(&minUsers, "minUsers", 2, "minimum number of delegations")
+	flag.BoolVar(&anyUser, "anyUser", false, "whether any user can decrypt")
 	flag.StringVar(&duration, "time", "0h", "duration of delegated key uses")
 	flag.StringVar(&lefters, "left", "", "comma separated left owners")
 	flag.StringVar(&righters, "right", "", "comma separated right owners")
@@ -110,6 +113,7 @@ func runDelegate() {
 		Time:     duration,
 		Users:    processCSL(users),
 		Labels:   processCSL(labels),
+		AnyUser:  anyUser,
 	}
 	resp, err := roServer.Delegate(req)
 	processError(err)

core/core.go

@@ -50,11 +50,12 @@ type DelegateRequest struct {
 	Name     string
 	Password string
 
-	Uses   int
-	Time   string
-	Slot   string
-	Users  []string
-	Labels []string
+	Uses    int
+	Time    string
+	Slot    string
+	Users   []string
+	Labels  []string
+	AnyUser bool
 }
 
 type CreateUserRequest struct {
@@ -216,6 +217,26 @@ func validateName(name, password string) error {
 	return nil
 }
 
+// createCacheUsageFromDelegateRequest converts a DelegateRequest to a cache.Usage object.
+func createCacheUsageFromDelegateRequest(s *DelegateRequest) (*keycache.Usage, error) {
+	var u keycache.Usage
+	u.Uses = s.Uses
+	u.AnyUser = s.AnyUser
+	// copy splices
+	u.Labels = make([]string, len(s.Labels))
+	u.Users = make([]string, len(s.Users))
+	copy(u.Labels, s.Labels)
+	copy(u.Users, s.Users)
+	// compute exipiration
+	duration, err := time.ParseDuration(s.Time)
+	if err != nil {
+		return &u, err
+	}
+	u.Expiry = time.Now().Add(duration)
+	fmt.Printf("%#v\n", u)
+	return &u, nil
+}
+
 // Init reads the records from disk from a given path
 func Init(path, hcKey, hcRoom, hcHost, roHost string) error {
 	var err error
@@ -381,9 +402,9 @@ func Delegate(jsonIn []byte) ([]byte, error) {
 			return jsonStatusError(err)
 		}
 	}
+
 	// Find password record for user and verify that their password
 	// matches. If not found then add a new entry for this user.
-
 	pr, found := records.GetRecord(s.Name)
 	if found {
 		if err = pr.ValidatePassword(s.Password); err != nil {
@@ -396,7 +417,11 @@ func Delegate(jsonIn []byte) ([]byte, error) {
 	}
 
 	// add signed-in record to active set
-	if err = cache.AddKeyFromRecord(pr, s.Name, s.Password, s.Users, s.Labels, s.Uses, s.Slot, s.Time); err != nil {
+	u, err := createCacheUsageFromDelegateRequest(&s)
+	if err != nil {
+		return jsonStatusError(err)
+	}
+	if err = cache.AddKeyFromRecord(pr, s.Name, s.Password, s.Slot, u); err != nil {
 		return jsonStatusError(err)
 	}