Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add teleport networking subprocess for port/agent/x11 forwarding #43756

Merged
merged 45 commits into from
Aug 13, 2024
Merged

Add teleport networking subprocess for port/agent/x11 forwarding #43756

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
3d116e4
Add networking subprocess for port and agent forwarding.
Joerger Jul 1, 2024
76c331c
Remove extraneous x11 forwarding logic.
Joerger Jul 4, 2024
6bd7c63
Add x11 forwarding to the networking subprocess.
Joerger Jul 9, 2024
21dbf64
Fix lint.
Joerger Jul 4, 2024
925a7d8
Try create host user before starting networking process.
Joerger Jul 4, 2024
f790249
Resolve comments
Joerger Jul 9, 2024
e131358
Fix networking process memory leak.
Joerger Jul 9, 2024
511133c
Run networking subprocess as root but change to user login after PAM …
Joerger Jul 8, 2024
1d34096
Update agent forwarding socket dir permissions.
Joerger Jul 9, 2024
d6fb100
Handle networking requests synchronously to maintain the current PAM …
Joerger Jul 10, 2024
e3c2128
Use user environment in networking process.
Joerger Jul 10, 2024
094fdd4
Fix issue with PAM thread state being locked to the main goroutine; C…
Joerger Jul 10, 2024
58d26c0
Selectively handle some networking requests in goroutines.
Joerger Jul 17, 2024
89109b4
Address comments.
Joerger Jul 19, 2024
0a20743
Use an interrupt signal to trigger graceful exit in the networking su…
Joerger Jul 22, 2024
d668f36
Cleanup unix sockets from the child namespace.
Joerger Jul 22, 2024
64fc36f
Address comments.
Joerger Jul 22, 2024
ade668f
Remove extraneous network forwarding socket validation.
Joerger Jul 22, 2024
c566849
Fix tests and lint.
Joerger Jul 22, 2024
f37cbde
Re-add networking process done channel to avoid deadlocks on reading …
Joerger Jul 23, 2024
b87eafe
Remove broken test.
Joerger Jul 23, 2024
4353c83
Address comments.
Joerger Jul 25, 2024
63e3987
Cleanup; remove unused child error file.
Joerger Jul 25, 2024
811bb15
- Explicility list file paths to clean up at the end of the networkin…
Joerger Jul 26, 2024
8f4fa23
Cleanup.
Joerger Jul 26, 2024
6b6fafe
Make request socket a stream.
Joerger Jul 26, 2024
6d182e2
Remove extraneious Chmod.
Joerger Jul 26, 2024
f5a0e98
Send request level error to request conn.
Joerger Jul 26, 2024
a2304bd
Don't unlink unix sockets from the parent process.
Joerger Jul 26, 2024
3c64d83
Read full error message from stream.
Joerger Jul 26, 2024
b468386
Remove remaining logs in child process.
Joerger Jul 26, 2024
94bc8bf
Merge branch 'master' into joerger/teleport-networking-subprocess
Joerger Jul 26, 2024
d58d4ed
Fix typos.
Joerger Jul 26, 2024
1342f29
web: support SAML resource deletion in unified resources view (#44311)
flyinghermit Jul 26, 2024
53044e6
Add networking process tests to replace old tests.
Joerger Jul 27, 2024
d697c84
Don't close remote file descriptor before the child process has a cha…
Joerger Jul 27, 2024
af10336
Fix lint; skip broken test.
Joerger Jul 27, 2024
34167b4
Disable broken test and restore older test to cover for it.
Joerger Jul 27, 2024
db60076
Remove unused agent forwarding test.
Joerger Jul 27, 2024
8cb9ec4
Merge branch 'master' into joerger/teleport-networking-subprocess
Joerger Aug 12, 2024
87e7ae4
Fix lint, replace broken test.
Joerger Aug 12, 2024
9070a43
Fix old test that used testify/require in goroutine.
Joerger Aug 13, 2024
09433f1
Close request context immediately to avoid deadlock (extended timeout…
Joerger Aug 13, 2024
f23c2e3
Merge branch 'master' into joerger/teleport-networking-subprocess
Joerger Aug 13, 2024
fd8dc1e
Merge branch 'master' into joerger/teleport-networking-subprocess
Joerger Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions constants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -839,13 +839,10 @@ const (
// command execution (exec and shells).
ExecSubCommand = "exec"

// LocalForwardSubCommand is the sub-command Teleport uses to re-exec itself
// for local port forwarding.
LocalForwardSubCommand = "forwardv2"

// RemoteForwardSubCommand is the sub-command Teleport uses to re-exec itself
// for remote port forwarding.
RemoteForwardSubCommand = "remoteforward"
// NetworkingSubCommand is the sub-command Teleport uses to re-exec itself
// for networking operations. e.g. local/remote port forwarding, agent forwarding,
// or x11 forwarding.
NetworkingSubCommand = "networking"

// CheckHomeDirSubCommand is the sub-command Teleport uses to re-exec itself
// to check if the user's home directory exists.
Expand Down
85 changes: 0 additions & 85 deletions integration/agent_forwarding_test.go
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions integration/helpers/helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ func ExternalSSHCommand(o CommandOptions) (*exec.Cmd, error) {

// CreateAgent creates a SSH agent with the passed in key ring that can be used
// in tests. This is useful so tests don't clobber your system agent.
func CreateAgent(me *user.User, keyRing *client.KeyRing) (*teleagent.AgentServer, string, string, error) {
func CreateAgent(keyRing *client.KeyRing) (*teleagent.AgentServer, string, string, error) {
// create a path to the unix socket
sockDirName := "int-test"
sockName := "agent.sock"
Expand All @@ -165,7 +165,7 @@ func CreateAgent(me *user.User, keyRing *client.KeyRing) (*teleagent.AgentServer
})

// start the SSH agent
err = teleAgent.ListenUnixSocket(sockDirName, sockName, me)
err = teleAgent.ListenUnixSocket(sockDirName, sockName, nil)
if err != nil {
return nil, "", "", trace.Wrap(err)
}
Expand Down
8 changes: 4 additions & 4 deletions integration/integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4535,7 +4535,7 @@ func testExternalClient(t *testing.T, suite *integrationTestSuite) {
require.NoError(t, err)

// Start (and defer close) a agent that runs during this integration test.
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(&creds.KeyRing)
require.NoError(t, err)
defer helpers.CloseAgent(teleAgent, socketDirPath)

Expand Down Expand Up @@ -4631,7 +4631,7 @@ func testControlMaster(t *testing.T, suite *integrationTestSuite) {
require.NoError(t, err)

// Start (and defer close) a agent that runs during this integration test.
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(&creds.KeyRing)
require.NoError(t, err)
defer helpers.CloseAgent(teleAgent, socketDirPath)

Expand Down Expand Up @@ -4728,7 +4728,7 @@ func testX11Forwarding(t *testing.T, suite *integrationTestSuite) {
require.NoError(t, err)

// Start an agent that runs during this integration test.
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(suite.Me, &creds.KeyRing)
teleAgent, socketDirPath, socketPath, err := helpers.CreateAgent(&creds.KeyRing)
require.NoError(t, err)
t.Cleanup(func() { helpers.CloseAgent(teleAgent, socketDirPath) })

Expand All @@ -4746,7 +4746,7 @@ func testX11Forwarding(t *testing.T, suite *integrationTestSuite) {
}

// Create and run an exec command twice. When ControlPath is set, this will cause
// re-use of the connection and creation of two sessions within the connection.
// re-use of the connection and creation of two sessions within the connection.
for i := 0; i < 2; i++ {
execCmd, err := helpers.ExternalSSHCommand(helpers.CommandOptions{
ForcePTY: true,
Expand Down
3 changes: 2 additions & 1 deletion lib/client/x11_session.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
tracessh "github.com/gravitational/teleport/api/observability/tracing/ssh"
"github.com/gravitational/teleport/lib/sshutils"
"github.com/gravitational/teleport/lib/sshutils/x11"
"github.com/gravitational/teleport/lib/utils"
)

// handleX11Forwarding handles X11 channel requests for the given server session.
Expand Down Expand Up @@ -198,7 +199,7 @@ func (ns *NodeSession) serveX11Channels(ctx context.Context, sess *tracessh.Sess
}
}()

if err := x11.Forward(ctx, xconn, xchan); err != nil {
if err := utils.ProxyConn(ctx, xconn, xchan); err != nil {
log.WithError(err).Debug("Encountered error during X11 forwarding")
}
})
Expand Down
Loading
Loading