ssh/tailssh, tailcfg: add more HoldAndDelegate expansions, document

Updates #3802

Change-Id: I447f06b49e2a917bffe36881d0634c9195085512
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

ssh/tailssh/tailssh.go

@@ -18,6 +18,7 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
 	"os/user"
@@ -272,18 +273,20 @@ func (ss *sshSession) resolveTerminalAction(action *tailcfg.SSHAction) (*tailcfg
 	}
 }
 
-func (ss *sshSession) expandDelegateURL(url string) string {
+func (ss *sshSession) expandDelegateURL(actionURL string) string {
 	nm := ss.srv.lb.NetMap()
 	var dstNodeID string
 	if nm != nil {
 		dstNodeID = fmt.Sprint(int64(nm.SelfNode.ID))
 	}
 	return strings.NewReplacer(
+		"$SRC_NODE_IP", url.QueryEscape(ss.connInfo.src.IP().String()),
 		"$SRC_NODE_ID", fmt.Sprint(int64(ss.connInfo.node.ID)),
+		"$DST_NODE_IP", url.QueryEscape(ss.connInfo.dst.IP().String()),
 		"$DST_NODE_ID", dstNodeID,
-		"$SSH_USER", ss.connInfo.sshUser,
+		"$SSH_USER", url.QueryEscape(ss.connInfo.sshUser),
-		"$LOCAL_USER", ss.localUser.Username,
+		"$LOCAL_USER", url.QueryEscape(ss.localUser.Username),
-	).Replace(url)
+	).Replace(actionURL)
 }
 
 // sshSession is an accepted Tailscale SSH session.

tailcfg/tailcfg.go

@@ -1635,6 +1635,15 @@ type SSHAction struct {
 	// If the long poll breaks before returning a complete HTTP
 	// response, it should be re-fetched as long as the SSH
 	// session is open.
+	//
+	// The following variables in the URL are expanded by tailscaled:
+	//
+	//   * $SRC_NODE_IP (URL escaped)
+	//   * $SRC_NODE_ID (Node.ID as int64 string)
+	//   * $DST_NODE_IP (URL escaped)
+	//   * $DST_NODE_ID (Node.ID as int64 string)
+	//   * $SSH_USER (URL escaped, ssh user requested)
+	//   * $LOCAL_USER (URL escaped, local user mapped)
 	HoldAndDelegate string `json:"holdAndDelegate,omitempty"`
 
 	// AllowLocalPortForwarding, if true, allows accepted connections