mirror of
https://github.com/tailscale/tailscale.git
synced 2025-04-16 03:31:39 +00:00
ssh/tailssh, tailcfg: add more HoldAndDelegate expansions, document
Updates #3802 Change-Id: I447f06b49e2a917bffe36881d0634c9195085512 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
a121b9f263
commit
0861923c21
@ -18,6 +18,7 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"os/user"
|
"os/user"
|
||||||
@ -272,18 +273,20 @@ func (ss *sshSession) resolveTerminalAction(action *tailcfg.SSHAction) (*tailcfg
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ss *sshSession) expandDelegateURL(url string) string {
|
func (ss *sshSession) expandDelegateURL(actionURL string) string {
|
||||||
nm := ss.srv.lb.NetMap()
|
nm := ss.srv.lb.NetMap()
|
||||||
var dstNodeID string
|
var dstNodeID string
|
||||||
if nm != nil {
|
if nm != nil {
|
||||||
dstNodeID = fmt.Sprint(int64(nm.SelfNode.ID))
|
dstNodeID = fmt.Sprint(int64(nm.SelfNode.ID))
|
||||||
}
|
}
|
||||||
return strings.NewReplacer(
|
return strings.NewReplacer(
|
||||||
|
"$SRC_NODE_IP", url.QueryEscape(ss.connInfo.src.IP().String()),
|
||||||
"$SRC_NODE_ID", fmt.Sprint(int64(ss.connInfo.node.ID)),
|
"$SRC_NODE_ID", fmt.Sprint(int64(ss.connInfo.node.ID)),
|
||||||
|
"$DST_NODE_IP", url.QueryEscape(ss.connInfo.dst.IP().String()),
|
||||||
"$DST_NODE_ID", dstNodeID,
|
"$DST_NODE_ID", dstNodeID,
|
||||||
"$SSH_USER", ss.connInfo.sshUser,
|
"$SSH_USER", url.QueryEscape(ss.connInfo.sshUser),
|
||||||
"$LOCAL_USER", ss.localUser.Username,
|
"$LOCAL_USER", url.QueryEscape(ss.localUser.Username),
|
||||||
).Replace(url)
|
).Replace(actionURL)
|
||||||
}
|
}
|
||||||
|
|
||||||
// sshSession is an accepted Tailscale SSH session.
|
// sshSession is an accepted Tailscale SSH session.
|
||||||
|
@ -1635,6 +1635,15 @@ type SSHAction struct {
|
|||||||
// If the long poll breaks before returning a complete HTTP
|
// If the long poll breaks before returning a complete HTTP
|
||||||
// response, it should be re-fetched as long as the SSH
|
// response, it should be re-fetched as long as the SSH
|
||||||
// session is open.
|
// session is open.
|
||||||
|
//
|
||||||
|
// The following variables in the URL are expanded by tailscaled:
|
||||||
|
//
|
||||||
|
// * $SRC_NODE_IP (URL escaped)
|
||||||
|
// * $SRC_NODE_ID (Node.ID as int64 string)
|
||||||
|
// * $DST_NODE_IP (URL escaped)
|
||||||
|
// * $DST_NODE_ID (Node.ID as int64 string)
|
||||||
|
// * $SSH_USER (URL escaped, ssh user requested)
|
||||||
|
// * $LOCAL_USER (URL escaped, local user mapped)
|
||||||
HoldAndDelegate string `json:"holdAndDelegate,omitempty"`
|
HoldAndDelegate string `json:"holdAndDelegate,omitempty"`
|
||||||
|
|
||||||
// AllowLocalPortForwarding, if true, allows accepted connections
|
// AllowLocalPortForwarding, if true, allows accepted connections
|
||||||
|
Loading…
x
Reference in New Issue
Block a user