ssh/tailssh: allow recorders to be configured on the first or final action

Currently we only send down recorders in first action, allow the final action to replace them but not to drop them. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit d92047cc303cd7ccd94e8b0aa1f54d06a8a048ca)
2026-05-08 13:46:46 +02:00 · 2023-03-21 16:30:26 -07:00 · 2023-03-21 16:30:26 -07:00 · 40091d0261
commit 40091d0261
parent d216363bc5
1 changed files with 16 additions and 4 deletions
--- a/ssh/tailssh/tailssh.go
+++ b/ssh/tailssh/tailssh.go
@ -1118,11 +1118,22 @@ func (ss *sshSession) run() {
 	return
 }

+// recorders returns the list of recorders to use for this session.
+// If the final action has a non-empty list of recorders, that list is
+// returned. Otherwise, the list of recorders from the initial action
+// is returned.
+func (ss *sshSession) recorders() []netip.AddrPort {
+	if len(ss.conn.finalAction.Recorders) > 0 {
+		return ss.conn.finalAction.Recorders
+	}
+	return ss.conn.action0.Recorders
+}
+
 func (ss *sshSession) shouldRecord() bool {
 	// for now only record pty sessions
 	// TODO(bradfitz,maisem): support recording non-pty stuff too.
 	_, _, isPtyReq := ss.Pty()
-	return isPtyReq && len(ss.conn.finalAction.Recorders) > 0
+	return isPtyReq && len(ss.recorders()) > 0
 }

 type sshConnInfo struct {
@ -1306,11 +1317,12 @@ func randBytes(n int) []byte {

 // startNewRecording starts a new SSH session recording.
 func (ss *sshSession) startNewRecording() (_ *recording, err error) {
-	if len(ss.conn.finalAction.Recorders) == 0 {
+	recorders := ss.recorders()
+	if len(recorders) == 0 {
 		return nil, errors.New("no recorders configured")
 	}
-	recorder := ss.conn.finalAction.Recorders[0]
-	if len(ss.conn.finalAction.Recorders) > 1 {
+	recorder := recorders[0]
+	if len(recorders) > 1 {
 		ss.logf("warning: multiple recorders configured, using first one: %v", recorder)
 	}