* update deps in manifest and lockfile
* fixes and updates to docker and profiles
* lint rust
* fix typo
* resolve clippy lints
* fix typo
* mark risk functions unsafe
* fmt + clean up the last lints#
* verify lockfile up to date
* disable lto since it doesn't work with two rust libs
* merge lock check and lint
* Add missing license header to Rust files
And update Makefile to ensure they are checked
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
Go 1.17 introduces a new utility for passing a pointer to a Go
value into CGo and back. Now that we're on 1.17, we can use this
feature rather than maintaining our own mapping of integer values
to Go structures.
We were attempting to use the desktop name as the server ID,
but in order to publish audit events we must use the HostUUID
of the windows_desktop_service.
Updates #8665
Removes the call for wait for ssh.Session end to check for errors
in web terminal which fixes a regression bug where typing "exit"
in web terminal does not return session end event.
PR #8081 removed the need to check for errors as it correctly
returns exit errors whereas before it returned nil.
Download Rust and Go per-build to ensure that the right version is used
and that builds do not step on each other.
Also rungs cbindgen in quiet mode to suppress the annoying output it
spews for non-public symbols.
The default user verification setting, "preferred", leaves it open for
client-side implementations whether to to perform verification checks.
In theory it sounds reasonable, but in practice it takes a variety of
forms: Chrome will perform PIN checks if a PIN is configured, a
redundant check in face of our existing password checks. Windows goes a
step further and directs user to set a PIN, a further deviation from the
usual security key workflow.
The traditional workflow is achieved by setting user verification to
discouraged, implemented here.
Reference:
- https://chromium.googlesource.com/chromium/src/+/refs/heads/main/content/browser/webauth/uv_preferred.md
* Set user verification to "discouraged" for WebAuthn
* Add user verification to CredentialAssertion proto
* Add authenticator selection to CredentialCreation proto
The race condition detector is being tripped by a concurrent `Write` and
`Close` in the `PipeNetCon` in several integration tests. This is a naive
fix to serialize the write and close operations to resolve the race
condition.
The affected tests were also not handling asynchronous error reporting
correctly (i.e. it's not legal to call `require.XYZ()` from a goroutine
other than the one executing the test function.). This patch introduces
some plumbing to marshal asynchronous errors back into the main test
routine before failing the test.
