ssh/tailssh, tailcfg: add more HoldAndDelegate expansions, document

Updates #3802

Change-Id: I447f06b49e2a917bffe36881d0634c9195085512
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2022-03-22 17:36:55 -07:00 committed by Brad Fitzpatrick
parent a121b9f263
commit 0861923c21
2 changed files with 16 additions and 4 deletions

View File

@ -18,6 +18,7 @@
"io/ioutil"
"net"
"net/http"
"net/url"
"os"
"os/exec"
"os/user"
@ -272,18 +273,20 @@ func (ss *sshSession) resolveTerminalAction(action *tailcfg.SSHAction) (*tailcfg
}
}
func (ss *sshSession) expandDelegateURL(url string) string {
func (ss *sshSession) expandDelegateURL(actionURL string) string {
nm := ss.srv.lb.NetMap()
var dstNodeID string
if nm != nil {
dstNodeID = fmt.Sprint(int64(nm.SelfNode.ID))
}
return strings.NewReplacer(
"$SRC_NODE_IP", url.QueryEscape(ss.connInfo.src.IP().String()),
"$SRC_NODE_ID", fmt.Sprint(int64(ss.connInfo.node.ID)),
"$DST_NODE_IP", url.QueryEscape(ss.connInfo.dst.IP().String()),
"$DST_NODE_ID", dstNodeID,
"$SSH_USER", ss.connInfo.sshUser,
"$LOCAL_USER", ss.localUser.Username,
).Replace(url)
"$SSH_USER", url.QueryEscape(ss.connInfo.sshUser),
"$LOCAL_USER", url.QueryEscape(ss.localUser.Username),
).Replace(actionURL)
}
// sshSession is an accepted Tailscale SSH session.

View File

@ -1635,6 +1635,15 @@ type SSHAction struct {
// If the long poll breaks before returning a complete HTTP
// response, it should be re-fetched as long as the SSH
// session is open.
//
// The following variables in the URL are expanded by tailscaled:
//
// * $SRC_NODE_IP (URL escaped)
// * $SRC_NODE_ID (Node.ID as int64 string)
// * $DST_NODE_IP (URL escaped)
// * $DST_NODE_ID (Node.ID as int64 string)
// * $SSH_USER (URL escaped, ssh user requested)
// * $LOCAL_USER (URL escaped, local user mapped)
HoldAndDelegate string `json:"holdAndDelegate,omitempty"`
// AllowLocalPortForwarding, if true, allows accepted connections