Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 10.3.15 #23849

Merged
merged 3 commits into from
Apr 3, 2023
Merged

Release 10.3.15 #23849

merged 3 commits into from
Apr 3, 2023

Conversation

r0mant
Copy link
Collaborator

@r0mant r0mant commented Mar 30, 2023

Includes security fixes from the private release.

@r0mant r0mant enabled auto-merge March 30, 2023 17:10
@r0mant r0mant mentioned this pull request Mar 30, 2023
Merged
@r0mant r0mant disabled auto-merge March 30, 2023 20:01
alexfornuto
alexfornuto reviewed Mar 31, 2023
View reviewed changes
rosstimothy and others added 2 commits April 3, 2023 08:09
@rosstimothy @r0mant
Prevent tunneling if the os login doesn't exist
b21f0f9 
A user.Lookup was added to srv.RunForward to prevent dialing
and forwarding any data if the os login is not found. The check
alone only terminates the direct-tcpip ssh channel and not the
underlying ssh connection.

In order for the parent process to determine if the ssh connection
should be terminated it needs to know why the child exited. That was
not possible by looking at the exit code and any data written to
standard error of the child process was forwarded to standard error
on the parent; which was used to simply log the error and move on.
To pass more detailed errors to the parent, the child process spawned
by srv.RunForward now json marshals the trace.Error to standard
error which is then decoded by the parent process. If the parent
detects the error was due to a missing user it terminates the ssh
connection.

tsh ssh -N was also modified to terminate if the command context
of tsh OR the ssh connection to the node is closes. Prior, it
only terminated if the user cancelled the process by blocking on
ctx.Done(). While this was necessary to end session if the os
login does not exit, it also forces tsh to exit if the node
goes offline.

Note: This does not include any propagation of error messages to the user,
so there won't be any indication from tsh about why the connection was closed.
The session also will not be terminated until the first attempt to forward data and
NOT when the session is created due to the way -N is implemented.

Fixes #217
@tigrato @r0mant
Prevent unauthorized access to kube clusters by upserting kube_servers (
2b0431d 
#470)

This PR changes the behavior of the kubernetes_service when validating access
to kubernetes clusters. Previously, the kubernetes_service would use the first
kubernetes cluster it found in the Auth server backend to validate access. This was
problematic because if the first kubernetes cluster was upserted with a
the same name as a kubernetes cluster the user was trying to access but
with different labels, the user would be able to access the cluster even
though they shouldn't be able to.

This PR changes the behavior of the kubernetes_service to use the
in memory kubernetes cluster representation used for heartbeats
instead of relying on the information received from the auth server. This would
block the user from accessing the cluster if the cluster was upserted
with a different set of labels since the kubernetes_service would not
have the updated labels in memory and would deny access.

Fixes #469
@r0mant r0mant force-pushed the roman/v10/sec0323 branch from 07d02e1 to 6e096a2 Compare April 3, 2023 15:11
@r0mant r0mant force-pushed the roman/v10/sec0323 branch from 6e096a2 to ff154a7 Compare April 3, 2023 15:12
@r0mant r0mant enabled auto-merge April 3, 2023 15:13
@r0mant r0mant added this pull request to the merge queue Apr 3, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Apr 3, 2023
@r0mant r0mant added this pull request to the merge queue Apr 3, 2023
Merged via the queue into branch/v10 with commit 76f10bc Apr 3, 2023
@r0mant r0mant deleted the roman/v10/sec0323 branch April 3, 2023 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexfornuto alexfornuto alexfornuto left review comments

@ravicious ravicious ravicious approved these changes

@russjones russjones russjones approved these changes

@Joerger Joerger Awaiting requested review from Joerger

@ptgott ptgott Awaiting requested review from ptgott

@xinding33 xinding33 Awaiting requested review from xinding33

@zmb3 zmb3 Awaiting requested review from zmb3

Assignees
No one assigned
Labels
backport helm kubernetes-access size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@r0mant @ravicious @alexfornuto @russjones @rosstimothy @tigrato