Add hostlogin to proxy config for windows desktop (#12775)

* add hostlogin to proxy config for windows * Set ProxyClient's HostLogin to the Windows username Also convert a few TLS handshakes to a context-aware version for better timeout/cancelation behavior. Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com> Co-authored-by: Zac Bergquist <zmb3@users.noreply.github.com>
2024-10-21 01:34:01 +00:00 · 2022-05-20 03:34:11 -06:00 · 2022-05-20 03:34:11 -06:00 · 7564a5c4f3
parent 5ec15cbbb9
commit 7564a5c4f3
3 changed files with 11 additions and 5 deletions
--- a/lib/auth/middleware.go
+++ b/lib/auth/middleware.go
@ -598,7 +598,7 @@ func (a *Middleware) WrapContextWithUser(ctx context.Context, conn *tls.Conn) (c
 	// Perform the handshake if it hasn't been already. Before the handshake we
 	// won't have client certs available.
 	if !conn.ConnectionState().HandshakeComplete {
-		if err := conn.Handshake(); err != nil {
+		if err := conn.HandshakeContext(ctx); err != nil {
 			return nil, trace.ConvertSystemError(err)
 		}
 	}
--- a/lib/utils/tlsdial.go
+++ b/lib/utils/tlsdial.go
@ -47,7 +47,7 @@ func TLSDial(ctx context.Context, dial DialWithContextFunc, network, addr string
 	conn := tls.Client(plainConn, tlsConfig)
 	errC := make(chan error, 1)
 	go func() {
-		err := conn.Handshake()
+		err := conn.HandshakeContext(ctx)
 		errC <- err
 	}()

--- a/lib/web/desktop.go
+++ b/lib/web/desktop.go
@ -138,7 +138,7 @@ func (h *Handler) createDesktopConnection(
 		WriteBufferSize: 1024,
 	}

-	pc, err := proxyClient(r.Context(), ctx, h.ProxyHostPort())
+	pc, err := proxyClient(r.Context(), ctx, h.ProxyHostPort(), username)
 	if err != nil {
 		return trace.Wrap(err)
 	}
@ -164,7 +164,7 @@ func (h *Handler) createDesktopConnection(
 	}
 	serviceConnTLS := tls.Client(serviceConn, tlsConfig)

-	if err := serviceConnTLS.Handshake(); err != nil {
+	if err := serviceConnTLS.HandshakeContext(r.Context()); err != nil {
 		return trace.NewAggregate(err, sendTDPError(ws, err))
 	}
 	log.Debug("Connected to windows_desktop_service")
@ -185,11 +185,17 @@ func (h *Handler) createDesktopConnection(
 	return nil
 }

-func proxyClient(ctx context.Context, sessCtx *SessionContext, addr string) (*client.ProxyClient, error) {
+func proxyClient(ctx context.Context, sessCtx *SessionContext, addr, windowsUser string) (*client.ProxyClient, error) {
 	cfg, err := makeTeleportClientConfig(ctx, sessCtx)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
+
+	// Set HostLogin to avoid the default behavior of looking up the
+	// Unix user Teleport is running as (which doesn't work in containerized
+	// environments where we're running as an arbitrary UID)
+	cfg.HostLogin = windowsUser
+
 	if err := cfg.ParseProxyHost(addr); err != nil {
 		return nil, trace.Wrap(err)
 	}