> static int run_credential_helper(struct credential *c,
> @@ -342,6 +353,12 @@ void credential_fill(struct credential *c)
>
> for (i = 0; i < c->helpers.nr; i++) {
> credential_do(c, c->helpers.items[i].string, "get");
> + if (c->password_expiry_utc < time(NULL)) {
> + /* Discard expired password */
> + FREE_AND_NULL(c->password);
> + /* Reset expiry to maintain consistency */
> + c->password_expiry_utc = TIME_MAX;
> + }
> if (c->username && c->password)
> return;
> if (c->quit)
Thanks for clarifying this block!
Overall, this patch is additive and shouldn't cause any
regressions for current users of credential/credential-helper
so I'm all for adding an expiry attribute to alleviate the
use case pains you described above.
Reviewed-by: Calvin Wan <calvinwan@xxxxxxxxxx>
