ssh/tailssh: allow recorders to be configured on the first or final action

Currently we only send down recorders in first action, allow the final action to replace them but not to drop them. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-02-19 19:38:40 +00:00 · 2023-03-21 16:30:26 -07:00 · 2023-03-21 16:30:26 -07:00 · d92047cc30
commit d92047cc30
parent 7a97e64ef0
1 changed files with 16 additions and 4 deletions
--- a/ssh/tailssh/tailssh.go
+++ b/ssh/tailssh/tailssh.go
@ -1118,11 +1118,22 @@ func (ss *sshSession) run() {
 	return
 }

+// recorders returns the list of recorders to use for this session.
+// If the final action has a non-empty list of recorders, that list is
+// returned. Otherwise, the list of recorders from the initial action
+// is returned.
+func (ss *sshSession) recorders() []netip.AddrPort {
+	if len(ss.conn.finalAction.Recorders) > 0 {
+		return ss.conn.finalAction.Recorders
+	}
+	return ss.conn.action0.Recorders
+}
+
 func (ss *sshSession) shouldRecord() bool {
 	// for now only record pty sessions
 	// TODO(bradfitz,maisem): support recording non-pty stuff too.
 	_, _, isPtyReq := ss.Pty()
-	return isPtyReq && len(ss.conn.finalAction.Recorders) > 0
+	return isPtyReq && len(ss.recorders()) > 0
 }

 type sshConnInfo struct {
@ -1306,11 +1317,12 @@ func randBytes(n int) []byte {

 // startNewRecording starts a new SSH session recording.
 func (ss *sshSession) startNewRecording() (_ *recording, err error) {
-	if len(ss.conn.finalAction.Recorders) == 0 {
+	recorders := ss.recorders()
+	if len(recorders) == 0 {
 		return nil, errors.New("no recorders configured")
 	}
-	recorder := ss.conn.finalAction.Recorders[0]
-	if len(ss.conn.finalAction.Recorders) > 1 {
+	recorder := recorders[0]
+	if len(recorders) > 1 {
 		ss.logf("warning: multiple recorders configured, using first one: %v", recorder)
 	}