self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 09:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/tool
History
Noah Stride 60a325aa7c
Device Trust: tsh privilege elevation for TPM enrollment (#27833) 
* Start fleshing out UAC elevation

* Use `runas` and ShellExecuteW to open a child process with elevated privileges

* Add tsh command to re-execute

* Add method to be called in the elevated child process

* Ugly, but working, credential activation in UAC dialogued child

* Add TODO

* Add some further notes/explanation on windows.ShellExecute

* Change error message to match function name

Co-authored-by: Alan Parra <alan.parra@goteleport.com>

* Improve comment

Co-authored-by: Alan Parra <alan.parra@goteleport.com>

* Use `trace.BadParameter` instead of `Errorf`

Co-authored-by: Alan Parra <alan.parra@goteleport.com>

* Use `tpm-activate-credential` instead of `activate-credential`

Co-authored-by: Alan Parra <alan.parra@goteleport.com>

* Remove spurious newline

Co-authored-by: Alan Parra <alan.parra@goteleport.com>

* Move towards more production ready elevated process

* Add stubs for darwin/other

* Use path in state dir for cred activation results

* Fix stub return values

* Fix test missing context.Context pass

* Add additional message when cred activation completes

* Use ShellExecuteExW to get handle to process to wait on

* Improve comment in windowsexec

* Minor stylistic changes from review

Co-authored-by: Alan Parra <alan.parra@goteleport.com>

* Minor adjustments to error handling and logging

* Use `windows` over `syscall`

* Leverage `mkwinsyscall`'s error handling

* Missing param in test

* Always show error, not just when `-d` is provided

* Remove unnecessary trace.Wrap(err)

* Restore cf.Debug check

* Explicitly ignore return values from `FPrintln`

Co-authored-by: Alan Parra <alan.parra@goteleport.com>

* Simplify code

* Add null check to `info.hProcess`

* Minor format changes from review

Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>

---------

Co-authored-by: Alan Parra <alan.parra@goteleport.com>
Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com>
2023-06-16 17:35:03 +00:00
..
common Fix cluster alerts timeout (#25261) 2023-04-27 22:12:14 +00:00
tbot Machine ID stability: separate bot identity and impersonated identity renewal (#24267) 2023-06-06 10:53:25 +00:00
tctl Add Machine ID tip when tctl auth sign is used (#27804) 2023-06-16 10:39:50 +00:00
teleport Ensure SSH_SESSION_WEBPROXY_ADDR is set for all sessions (#27842) 2023-06-14 19:47:32 +00:00
tsh Device Trust: tsh privilege elevation for TPM enrollment (#27833) 2023-06-16 17:35:03 +00:00