Skip to content

Commit

Permalink
SSH Session fixes (#11717)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Joerger
Joerger authored Apr 28, 2022
1 parent 01929c8 commit 2292be1
Show file tree
Hide file tree
Showing 13 changed files with 1,221 additions and 1,122 deletions.
1 change: 1 addition & 0 deletions lib/auth/permissions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,7 @@ func GetCheckerForBuiltinRole(clusterName string, recConfig types.SessionRecordi
Rules: []types.Rule{
types.NewRule(types.KindNode, services.RW()),
types.NewRule(types.KindSSHSession, services.RW()),
types.NewRule(types.KindSession, services.RO()),
types.NewRule(types.KindEvent, services.RW()),
types.NewRule(types.KindProxy, services.RO()),
types.NewRule(types.KindCertAuthority, services.ReadNoSecrets()),
Expand Down
16 changes: 10 additions & 6 deletions lib/kube/proxy/sess.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ import (
utilexec "k8s.io/client-go/util/exec"
)

const sessionRecorderID = "session-recorder"

const PresenceVerifyInterval = time.Second * 15
const PresenceMaxDifference = time.Minute

Expand Down Expand Up @@ -465,6 +467,12 @@ func (s *session) launch() error {
s.io.OnWriteError = func(idString string, err error) {
s.mu.Lock()
defer s.mu.Unlock()

if idString == sessionRecorderID {
s.log.Error("Failed to write to session recorder, closing session.")
s.Close()
}

s.log.Errorf("Encountered error: %v with party %v. Disconnecting them from the session.", err, idString)
id, _ := uuid.Parse(idString)
if s.parties[id] != nil {
Expand Down Expand Up @@ -656,7 +664,7 @@ func (s *session) lockedSetupLaunch(request *remoteCommandRequest, q url.Values,
return nil, trace.Wrap(err)
}

s.io.AddWriter("recorder", recorder)
s.io.AddWriter(sessionRecorderID, recorder)
} else if !s.sess.noAuditEvents {
s.emitter = s.forwarder.cfg.StreamEmitter
}
Expand Down Expand Up @@ -952,11 +960,7 @@ func (s *session) join(p *party) error {

func (s *session) BroadcastMessage(format string, args ...interface{}) {
if s.accessEvaluator.IsModerated() && s.tty {
err := s.io.BroadcastMessage(fmt.Sprintf(format, args...))

if err != nil {
s.log.Debugf("Failed to broadcast message: %v", err)
}
s.io.BroadcastMessage(fmt.Sprintf(format, args...))
}
}

Expand Down
4 changes: 2 additions & 2 deletions lib/srv/ctx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -507,8 +507,8 @@ func (c *ServerContext) CreateOrJoinSession(reg *SessionRegistry) error {
}

findSession := func() (*session, bool) {
reg.mu.Lock()
defer reg.mu.Unlock()
reg.sessionsMux.Lock()
defer reg.sessionsMux.Unlock()
return reg.findSessionLocked(rsession.ID(ssid))
}

Expand Down
Loading

0 comments on commit 2292be1

Please sign in to comment.