TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-18 12:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh/tailssh, tailcfg: add more HoldAndDelegate expansions, document

Browse Source 
Updates #3802

Change-Id: I447f06b49e2a917bffe36881d0634c9195085512
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2022-03-22 17:36:55 -07:00 committed by Brad Fitzpatrick
parent a121b9f263
commit 0861923c21
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ssh/tailssh/tailssh.go
View File

@ -18,6 +18,7 @@ import (
"io/ioutil" "io/ioutil"
"net" "net"
"net/http" "net/http"
"net/url"
"os" "os"
"os/exec" "os/exec"
"os/user" "os/user"
@ -272,18 +273,20 @@ func (ss *sshSession) resolveTerminalAction(action *tailcfg.SSHAction) (*tailcfg
} }
} }
func (ss *sshSession) expandDelegateURL(url string) string { func (ss *sshSession) expandDelegateURL(actionURL string) string {
nm := ss.srv.lb.NetMap() nm := ss.srv.lb.NetMap()
var dstNodeID string var dstNodeID string
if nm != nil { if nm != nil {
dstNodeID = fmt.Sprint(int64(nm.SelfNode.ID)) dstNodeID = fmt.Sprint(int64(nm.SelfNode.ID))
} }
return strings.NewReplacer( return strings.NewReplacer(
"$SRC_NODE_IP", url.QueryEscape(ss.connInfo.src.IP().String()),
"$SRC_NODE_ID", fmt.Sprint(int64(ss.connInfo.node.ID)), "$SRC_NODE_ID", fmt.Sprint(int64(ss.connInfo.node.ID)),
"$DST_NODE_IP", url.QueryEscape(ss.connInfo.dst.IP().String()),
"$DST_NODE_ID", dstNodeID, "$DST_NODE_ID", dstNodeID,
"$SSH_USER", ss.connInfo.sshUser, "$SSH_USER", url.QueryEscape(ss.connInfo.sshUser),
"$LOCAL_USER", ss.localUser.Username, "$LOCAL_USER", url.QueryEscape(ss.localUser.Username),
).Replace(url) ).Replace(actionURL)
} }
// sshSession is an accepted Tailscale SSH session. // sshSession is an accepted Tailscale SSH session.

9
tailcfg/tailcfg.go
View File

@ -1635,6 +1635,15 @@ type SSHAction struct {
// If the long poll breaks before returning a complete HTTP // If the long poll breaks before returning a complete HTTP
// response, it should be re-fetched as long as the SSH // response, it should be re-fetched as long as the SSH
// session is open. // session is open.
//
// The following variables in the URL are expanded by tailscaled:
//
// * $SRC_NODE_IP (URL escaped)
// * $SRC_NODE_ID (Node.ID as int64 string)
// * $DST_NODE_IP (URL escaped)
// * $DST_NODE_ID (Node.ID as int64 string)
// * $SSH_USER (URL escaped, ssh user requested)
// * $LOCAL_USER (URL escaped, local user mapped)
HoldAndDelegate string `json:"holdAndDelegate,omitempty"` HoldAndDelegate string `json:"holdAndDelegate,omitempty"`
// AllowLocalPortForwarding, if true, allows accepted connections // AllowLocalPortForwarding, if true, allows accepted connections