From 4e86857313f3acb370393aacbbbd4d47cba105c5 Mon Sep 17 00:00:00 2001 From: Charlotte Brandhorst-Satzkorn Date: Sat, 6 May 2023 10:27:10 -0700 Subject: [PATCH] ssh/tailssh: add ssh session recording failed event type This change introduces a SSHSessionRecordingFailed event type that is used when a session recording fails to start or fails during a session, and the on failure indicates that it should fail open. Updates tailscale/corp#9967 Signed-off-by: Charlotte Brandhorst-Satzkorn --- ssh/tailssh/tailssh.go | 13 +++++++++++-- tailcfg/tailcfg.go | 18 ++++++++++++++++-- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/ssh/tailssh/tailssh.go b/ssh/tailssh/tailssh.go index 18a2f5a7a..0f6f1b783 100644 --- a/ssh/tailssh/tailssh.go +++ b/ssh/tailssh/tailssh.go @@ -1607,7 +1607,11 @@ func (ss *sshSession) startNewRecording() (_ *recording, err error) { rec.out, attempts, errChan, err = ss.connectToRecorder(ctx, recorders) if err != nil { if onFailure != nil && onFailure.NotifyURL != "" && len(attempts) > 0 { - ss.notifyControl(ctx, nodeKey, tailcfg.SSHSessionRecordingRejected, attempts, onFailure.NotifyURL) + eventType := tailcfg.SSHSessionRecordingFailed + if onFailure.RejectSessionWithMessage != "" { + eventType = tailcfg.SSHSessionRecordingRejected + } + ss.notifyControl(ctx, nodeKey, eventType, attempts, onFailure.NotifyURL) } if onFailure != nil && onFailure.RejectSessionWithMessage != "" { @@ -1630,7 +1634,12 @@ func (ss *sshSession) startNewRecording() (_ *recording, err error) { lastAttempt := attempts[len(attempts)-1] lastAttempt.FailureMessage = err.Error() - ss.notifyControl(ctx, nodeKey, tailcfg.SSHSessionRecordingTerminated, attempts, onFailure.NotifyURL) + eventType := tailcfg.SSHSessionRecordingFailed + if onFailure.TerminateSessionWithMessage != "" { + eventType = tailcfg.SSHSessionRecordingTerminated + } + + ss.notifyControl(ctx, nodeKey, eventType, attempts, onFailure.NotifyURL) } if onFailure != nil && onFailure.TerminateSessionWithMessage != "" { ss.logf("recording: error uploading recording (closing session): %v", err) diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go index d9a38eda0..7787ba407 100644 --- a/tailcfg/tailcfg.go +++ b/tailcfg/tailcfg.go @@ -2110,9 +2110,23 @@ type SSHEventNotifyRequest struct { type SSHEventType int const ( - UnspecifiedSSHEventType SSHEventType = 0 - SSHSessionRecordingRejected SSHEventType = 1 + UnspecifiedSSHEventType SSHEventType = 0 + // SSHSessionRecordingRejected is the event that + // defines when a SSH session cannot be started + // because no recorder is available for session + // recording, and the SSHRecorderFailureAction + // RejectSessionWithMessage is not empty. + SSHSessionRecordingRejected SSHEventType = 1 + // SSHSessionRecordingTerminated is the event that + // defines when session recording has failed + // during the session and the SSHRecorderFailureAction + // TerminateSessionWithMessage is not empty. SSHSessionRecordingTerminated SSHEventType = 2 + // SSHSessionRecordingFailed is the event that + // defines when session recording is unavailable and + // the SSHRecorderFailureAction RejectSessionWithMessage + // or TerminateSessionWithMessage is empty. + SSHSessionRecordingFailed SSHEventType = 3 ) // SSHRecordingAttempt is a single attempt to start a recording.