TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-26 02:29:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh/tailssh: fall back to using su when no TTY available on Linux

Browse Source 
This allows pam authentication to run, triggering automation
like pam_mkhomedir.

Updates tailscale/corp#11854

Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
Percy Wegmann
2024-04-29 09:49:33 -05:00
parent 843afe7c53
commit 2cc47f441c
4 changed files with 273 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
ssh/tailssh/testcontainers/Dockerfile
View File

@@ -3,16 +3,34 @@ FROM ${BASE}
RUN groupadd -g 10000 groupone
RUN groupadd -g 10001 grouptwo
RUN useradd -g 10000 -G 10001 -u 10002 -m testuser
# Note - we do not create the user's home directory, pam_mkhomedir will do that
# for us, and we want to test that PAM gets triggered by Tailscale SSH.
RUN useradd -g 10000 -G 10001 -u 10002 testuser
RUN echo "Set up pam_mkhomedir."
RUN sed -i -e 's/Default: no/Default: yes/g' /usr/share/pam-configs/mkhomedir || echo "might not be ubuntu"
RUN cat /usr/share/pam-configs/mkhomedir || echo "might not be ubuntu"
RUN pam-auth-update --enable mkhomedir || echo "might not be ubuntu"
RUN authconfig --enablemkhomedir --update || echo "might not be fedora"
COPY . .
# First run tests normally.
RUN TAILSCALED_PATH=`pwd`tailscaled ./tailssh.test -test.run TestIntegration
RUN echo "First run tests normally."
RUN TAILSCALED_PATH=`pwd`tailscaled ./tailssh.test -test.run TestIntegration TestDoDropPrivileges
# Then remove the login command and make sure tests still pass.
RUN rm `which login`
RUN TAILSCALED_PATH=`pwd`tailscaled ./tailssh.test -test.run TestIntegration
# Then run tests as non-root user testuser.
RUN echo "Then run tests as non-root user testuser and make sure tests still pass."
RUN chown testuser:groupone /tmp/tailscalessh.log
RUN TAILSCALED_PATH=`pwd`tailscaled su -m testuser -c "./tailssh.test -test.run TestIntegration"
RUN TAILSCALED_PATH=`pwd`tailscaled su -m testuser -c "./tailssh.test -test.run TestIntegration TestDoDropPrivileges"
RUN echo "Then remove the login command and make sure tests still pass."
RUN chown root:root /tmp/tailscalessh.log
RUN rm `which login`
RUN rm -Rf /home/testuser
RUN TAILSCALED_PATH=`pwd`tailscaled ./tailssh.test -test.run TestIntegration TestDoDropPrivileges
RUN echo "Then remove the su command and make sure tests still pass."
RUN ls -l /tmp/sftptest.dat
RUN chown root:root /tmp/tailscalessh.log
RUN rm `which su`
RUN rm -Rf /home/testuser
RUN TAILSCALED_PATH=`pwd`tailscaled ./tailssh.test -test.run TestIntegration TestDoDropPrivileges