Merge pull request #88 from smlx/cleanup-connections

Clean up connections
smlx · Dec 16, 2021 · a9ed224 · a9ed224
2 parents 6b582f4 + c7884a8
commit a9ed224
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/cmd/piv-agent/serve.go b/cmd/piv-agent/serve.go
@@ -50,6 +50,7 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error {
 	log.Info("startup", zap.String("version", version),
 		zap.String("build date", date))
 	p := piv.New(log)
+	defer p.CloseAll()
 	// use FDs passed via socket activation
 	ls, err := sockets.Get(validAgents)
 	if err != nil {
@@ -72,6 +73,11 @@ func (cmd *ServeCmd) Run(log *zap.Logger) error {
 			s := server.NewSSH(log)
 			a := ssh.NewAgent(p, log, cmd.LoadKeyfile)
 			err := s.Serve(ctx, a, ls[cmd.AgentTypes["ssh"]], idle, cmd.IdleTimeout)
+			if err != nil {
+				log.Debug("exiting SSH server", zap.Error(err))
+			} else {
+				log.Debug("exiting SSH server successfully")
+			}
 			cancel()
 			return err
 		})

diff --git a/internal/keyservice/piv/keyservice.go b/internal/keyservice/piv/keyservice.go
@@ -138,3 +138,14 @@ func (p *KeyService) GetDecrypter(keygrip []byte) (crypto.Decrypter, error) {
 	}
 	return &ECDHKey{ecdsa: ecdsaPrivKey}, nil
 }
+
+// CloseAll closes all security keys without checking for errors.
+// This should be called to clean up connections to `pcscd`.
+func (p *KeyService) CloseAll() {
+	p.log.Debug("closing security keys", zap.Int("count", len(p.securityKeys)))
+	for _, k := range p.securityKeys {
+		if err := k.Close(); err != nil {
+			p.log.Debug("couldn't close key", zap.Error(err))
+		}
+	}
+}