From 812d2234640c94a718aabb2b000fa23bb02e5e0d Mon Sep 17 00:00:00 2001 From: joerger Date: Tue, 15 Apr 2025 10:57:31 -0700 Subject: [PATCH 1/7] Supply command for context on hardware key prompt. --- api/utils/keys/hardwarekey/cliprompt.go | 14 +++++--- api/utils/keys/hardwarekey/hardwarekey.go | 2 ++ api/utils/keys/hardwarekeyagent/agent.go | 1 + api/utils/keys/hardwarekeyagent/service.go | 16 ++++++++- .../lib/teleterm/v1/tshd_events_service.pb.go | 34 +++++++++++++++---- .../lib/teleterm/v1/tshd_events_service_pb.ts | 32 +++++++++++++++-- .../lib/teleterm/v1/tshd_events_service.proto | 4 +++ 7 files changed, 88 insertions(+), 15 deletions(-) diff --git a/api/utils/keys/hardwarekey/cliprompt.go b/api/utils/keys/hardwarekey/cliprompt.go index 64c6dfe2cae5e..d9af808b5fc5e 100644 --- a/api/utils/keys/hardwarekey/cliprompt.go +++ b/api/utils/keys/hardwarekey/cliprompt.go @@ -58,18 +58,22 @@ func NewCLIPrompt(w io.Writer, r prompt.StdinReader) *cliPrompt { // AskPIN prompts the user for a PIN. If the requirement is [PINOptional], // the prompt will offer the default PIN as a default value. -func (c *cliPrompt) AskPIN(ctx context.Context, requirement PINPromptRequirement, _ ContextualKeyInfo) (string, error) { - message := "Enter your YubiKey PIV PIN" +func (c *cliPrompt) AskPIN(ctx context.Context, requirement PINPromptRequirement, keyInfo ContextualKeyInfo) (string, error) { + message := fmt.Sprintf("Hardware key PIN is required to continue with command %q\n", keyInfo.Command) + + message += "Enter your YubiKey PIV PIN" if requirement == PINOptional { - message = "Enter your YubiKey PIV PIN [blank to use default PIN]" + message += " [blank to use default PIN]" } + password, err := prompt.Password(ctx, c.writer, c.reader, message) return password, trace.Wrap(err) } // Touch prompts the user to touch the hardware key. -func (c *cliPrompt) Touch(_ context.Context, _ ContextualKeyInfo) error { - _, err := fmt.Fprintln(c.writer, "Tap your YubiKey") +func (c *cliPrompt) Touch(_ context.Context, keyInfo ContextualKeyInfo) error { + message := fmt.Sprintf("Hardware key touch is required to continue with command %q\nTap your YubiKey", keyInfo.Command) + _, err := fmt.Fprintln(c.writer, message) return trace.Wrap(err) } diff --git a/api/utils/keys/hardwarekey/hardwarekey.go b/api/utils/keys/hardwarekey/hardwarekey.go index 92121b233c1fc..6200c68830ceb 100644 --- a/api/utils/keys/hardwarekey/hardwarekey.go +++ b/api/utils/keys/hardwarekey/hardwarekey.go @@ -262,6 +262,8 @@ type ContextualKeyInfo struct { // metadata certificate format, to ensure the agent doesn't provide access to // non teleport client PIV keys. AgentKey bool + // Command is the running command utilizing this key. + Command string } // SignatureAlgorithm is a signature key algorithm option. diff --git a/api/utils/keys/hardwarekeyagent/agent.go b/api/utils/keys/hardwarekeyagent/agent.go index 44b4b06c92e87..4437bc9db14ee 100644 --- a/api/utils/keys/hardwarekeyagent/agent.go +++ b/api/utils/keys/hardwarekeyagent/agent.go @@ -102,6 +102,7 @@ func (s *agentService) Sign(ctx context.Context, req *hardwarekeyagentv1.SignReq Username: req.KeyInfo.Username, ClusterName: req.KeyInfo.ClusterName, AgentKey: true, + Command: req.Command, } var signerOpts crypto.SignerOpts diff --git a/api/utils/keys/hardwarekeyagent/service.go b/api/utils/keys/hardwarekeyagent/service.go index cde5b7b988b75..8c2cd5cfa5d69 100644 --- a/api/utils/keys/hardwarekeyagent/service.go +++ b/api/utils/keys/hardwarekeyagent/service.go @@ -21,8 +21,11 @@ import ( "crypto" "crypto/rsa" "crypto/x509" + "fmt" "io" "log/slog" + "os" + "strings" "github.com/gravitational/trace" @@ -120,6 +123,17 @@ func (s *Service) agentSign(ctx context.Context, ref *hardwarekey.PrivateKeyRef, } } + command, err := os.Executable() + if err != nil { + return nil, trace.Wrap(err) + } + + var commandString string = fmt.Sprintf("%v %v", command, strings.Join(os.Args[:3], " ")) + if len(os.Args) > 3 { + // Abbreviate the command displayed in prompts. + commandString += " ..." + } + req := &hardwarekeyagentv1.SignRequest{ Digest: digest, Hash: hash, @@ -136,7 +150,7 @@ func (s *Service) agentSign(ctx context.Context, ref *hardwarekey.PrivateKeyRef, Username: keyInfo.Username, ClusterName: keyInfo.ClusterName, }, - // TODO: Add command to sign request for prompt context. + Command: commandString, } resp, err := s.agentClient.Sign(ctx, req) diff --git a/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go b/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go index c74ff788e552b..e0505352cf463 100644 --- a/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go +++ b/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go @@ -968,7 +968,9 @@ type PromptHardwareKeyPINRequest struct { state protoimpl.MessageState `protogen:"open.v1"` RootClusterUri string `protobuf:"bytes,1,opt,name=root_cluster_uri,json=rootClusterUri,proto3" json:"root_cluster_uri,omitempty"` // Specifies if a PIN is optional, allowing the user to set it up if left empty. - PinOptional bool `protobuf:"varint,2,opt,name=pin_optional,json=pinOptional,proto3" json:"pin_optional,omitempty"` + PinOptional bool `protobuf:"varint,2,opt,name=pin_optional,json=pinOptional,proto3" json:"pin_optional,omitempty"` + // Command is an optional command string to provide context for the prompt. + Command string `protobuf:"bytes,3,opt,name=command,proto3" json:"command,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1017,6 +1019,13 @@ func (x *PromptHardwareKeyPINRequest) GetPinOptional() bool { return false } +func (x *PromptHardwareKeyPINRequest) GetCommand() string { + if x != nil { + return x.Command + } + return "" +} + // Response for PromptHardwareKeyPIN. type PromptHardwareKeyPINResponse struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -1067,8 +1076,10 @@ func (x *PromptHardwareKeyPINResponse) GetPin() string { type PromptHardwareKeyTouchRequest struct { state protoimpl.MessageState `protogen:"open.v1"` RootClusterUri string `protobuf:"bytes,1,opt,name=root_cluster_uri,json=rootClusterUri,proto3" json:"root_cluster_uri,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + // Command is an optional command string to provide context for the prompt. + Command string `protobuf:"bytes,3,opt,name=command,proto3" json:"command,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PromptHardwareKeyTouchRequest) Reset() { @@ -1108,6 +1119,13 @@ func (x *PromptHardwareKeyTouchRequest) GetRootClusterUri() string { return "" } +func (x *PromptHardwareKeyTouchRequest) GetCommand() string { + if x != nil { + return x.Command + } + return "" +} + // Response for PromptHardwareKeyTouch. type PromptHardwareKeyTouchResponse struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -1630,14 +1648,16 @@ const file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDesc = "" + "\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12!\n" + "\fredirect_url\x18\x04 \x01(\tR\vredirectUrl\"0\n" + "\x11PromptMFAResponse\x12\x1b\n" + - "\ttotp_code\x18\x01 \x01(\tR\btotpCode\"j\n" + + "\ttotp_code\x18\x01 \x01(\tR\btotpCode\"\x84\x01\n" + "\x1bPromptHardwareKeyPINRequest\x12(\n" + "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\x12!\n" + - "\fpin_optional\x18\x02 \x01(\bR\vpinOptional\"0\n" + + "\fpin_optional\x18\x02 \x01(\bR\vpinOptional\x12\x18\n" + + "\acommand\x18\x03 \x01(\tR\acommand\"0\n" + "\x1cPromptHardwareKeyPINResponse\x12\x10\n" + - "\x03pin\x18\x01 \x01(\tR\x03pin\"I\n" + + "\x03pin\x18\x01 \x01(\tR\x03pin\"c\n" + "\x1dPromptHardwareKeyTouchRequest\x12(\n" + - "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\" \n" + + "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\x12\x18\n" + + "\acommand\x18\x03 \x01(\tR\acommand\" \n" + "\x1ePromptHardwareKeyTouchResponse\"M\n" + "!PromptHardwareKeyPINChangeRequest\x12(\n" + "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\"i\n" + diff --git a/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts b/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts index c94fc793af642..bd9cfec3286d9 100644 --- a/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts +++ b/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts @@ -341,6 +341,12 @@ export interface PromptHardwareKeyPINRequest { * @generated from protobuf field: bool pin_optional = 2; */ pinOptional: boolean; + /** + * Command is an optional command string to provide context for the prompt. + * + * @generated from protobuf field: string command = 3; + */ + command: string; } /** * Response for PromptHardwareKeyPIN. @@ -365,6 +371,12 @@ export interface PromptHardwareKeyTouchRequest { * @generated from protobuf field: string root_cluster_uri = 1; */ rootClusterUri: string; + /** + * Command is an optional command string to provide context for the prompt. + * + * @generated from protobuf field: string command = 3; + */ + command: string; } /** * Response for PromptHardwareKeyTouch. @@ -1307,13 +1319,15 @@ class PromptHardwareKeyPINRequest$Type extends MessageType): PromptHardwareKeyPINRequest { const message = globalThis.Object.create((this.messagePrototype!)); message.rootClusterUri = ""; message.pinOptional = false; + message.command = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -1329,6 +1343,9 @@ class PromptHardwareKeyPINRequest$Type extends MessageType { constructor() { super("teleport.lib.teleterm.v1.PromptHardwareKeyTouchRequest", [ - { no: 1, name: "root_cluster_uri", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + { no: 1, name: "root_cluster_uri", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, + { no: 3, name: "command", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): PromptHardwareKeyTouchRequest { const message = globalThis.Object.create((this.messagePrototype!)); message.rootClusterUri = ""; + message.command = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -1426,6 +1448,9 @@ class PromptHardwareKeyTouchRequest$Type extends MessageType Date: Wed, 16 Apr 2025 13:11:18 -0700 Subject: [PATCH 2/7] * Include command in Teleport Connect hardware key prompts, excluding tshd commands * Fix proxy host context passed to Teleport connect hardware key prompts * Only use direct service for `tsh login` to avoid jumping between clients --- api/utils/keys/hardwarekey/cliprompt.go | 23 +++- api/utils/keys/hardwarekeyagent/service.go | 14 +-- .../lib/teleterm/v1/tshd_events_service.pb.go | 94 +++++++++------- .../lib/teleterm/v1/tshd_events_service_pb.ts | 106 ++++++++++-------- lib/teleterm/daemon/hardwarekeyprompt.go | 25 ++++- .../lib/teleterm/v1/tshd_events_service.proto | 24 +++- tool/tsh/common/daemon.go | 2 +- tool/tsh/common/tsh.go | 20 +++- .../ModalsHost/modals/HardwareKeys/AskPin.tsx | 8 +- .../modals/HardwareKeys/ChangePin.tsx | 2 +- .../modals/HardwareKeys/CommonHeader.tsx | 11 +- .../modals/HardwareKeys/OverwriteSlot.tsx | 2 +- .../ModalsHost/modals/HardwareKeys/Touch.tsx | 12 +- .../modals/HardwareKeys/index.story.tsx | 15 ++- 14 files changed, 210 insertions(+), 148 deletions(-) diff --git a/api/utils/keys/hardwarekey/cliprompt.go b/api/utils/keys/hardwarekey/cliprompt.go index d9af808b5fc5e..56526c7f2b247 100644 --- a/api/utils/keys/hardwarekey/cliprompt.go +++ b/api/utils/keys/hardwarekey/cliprompt.go @@ -59,21 +59,32 @@ func NewCLIPrompt(w io.Writer, r prompt.StdinReader) *cliPrompt { // AskPIN prompts the user for a PIN. If the requirement is [PINOptional], // the prompt will offer the default PIN as a default value. func (c *cliPrompt) AskPIN(ctx context.Context, requirement PINPromptRequirement, keyInfo ContextualKeyInfo) (string, error) { - message := fmt.Sprintf("Hardware key PIN is required to continue with command %q\n", keyInfo.Command) + msg := "Enter your YubiKey PIV PIN" - message += "Enter your YubiKey PIV PIN" + // The user may need to set their PIN for the first time during login, + // give them a hint to continue to setting the PIN. if requirement == PINOptional { - message += " [blank to use default PIN]" + msg += " [blank to use default PIN]" } - password, err := prompt.Password(ctx, c.writer, c.reader, message) + // If this is a hardware key agent request with command context info, + // include the command in the prompt. + if keyInfo.Command != "" { + msg = fmt.Sprintf("%v to continue with command %q", msg, keyInfo.Command) + } + + password, err := prompt.Password(ctx, c.writer, c.reader, msg) return password, trace.Wrap(err) } // Touch prompts the user to touch the hardware key. func (c *cliPrompt) Touch(_ context.Context, keyInfo ContextualKeyInfo) error { - message := fmt.Sprintf("Hardware key touch is required to continue with command %q\nTap your YubiKey", keyInfo.Command) - _, err := fmt.Fprintln(c.writer, message) + msg := "Tap your YubiKey" + if keyInfo.Command != "" { + msg = fmt.Sprintf("%v to continue with command %q", msg, keyInfo.Command) + } + + _, err := fmt.Fprintln(c.writer, msg) return trace.Wrap(err) } diff --git a/api/utils/keys/hardwarekeyagent/service.go b/api/utils/keys/hardwarekeyagent/service.go index 8c2cd5cfa5d69..1609c8f2d095c 100644 --- a/api/utils/keys/hardwarekeyagent/service.go +++ b/api/utils/keys/hardwarekeyagent/service.go @@ -123,16 +123,12 @@ func (s *Service) agentSign(ctx context.Context, ref *hardwarekey.PrivateKeyRef, } } - command, err := os.Executable() - if err != nil { - return nil, trace.Wrap(err) - } - - var commandString string = fmt.Sprintf("%v %v", command, strings.Join(os.Args[:3], " ")) - if len(os.Args) > 3 { - // Abbreviate the command displayed in prompts. - commandString += " ..." + // Trim leading path from command for user readability. + command := os.Args[0] + if i := strings.LastIndex(command, "/"); i != -1 { + command = command[i+1:] } + commandString := fmt.Sprintf("%v %v", command, strings.Join(os.Args[1:], " ")) req := &hardwarekeyagentv1.SignRequest{ Digest: digest, diff --git a/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go b/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go index e0505352cf463..8db816235e8ba 100644 --- a/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go +++ b/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go @@ -965,12 +965,13 @@ func (x *PromptMFAResponse) GetTotpCode() string { // Request for PromptHardwareKeyPIN. type PromptHardwareKeyPINRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - RootClusterUri string `protobuf:"bytes,1,opt,name=root_cluster_uri,json=rootClusterUri,proto3" json:"root_cluster_uri,omitempty"` - // Specifies if a PIN is optional, allowing the user to set it up if left empty. + state protoimpl.MessageState `protogen:"open.v1"` + // PinOptional specified if a PIN is optional, allowing the user to set it up if left empty. PinOptional bool `protobuf:"varint,2,opt,name=pin_optional,json=pinOptional,proto3" json:"pin_optional,omitempty"` + // ProxyHost is the proxy hostname of the client key. + ProxyHost string `protobuf:"bytes,3,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` // Command is an optional command string to provide context for the prompt. - Command string `protobuf:"bytes,3,opt,name=command,proto3" json:"command,omitempty"` + Command string `protobuf:"bytes,4,opt,name=command,proto3" json:"command,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1005,18 +1006,18 @@ func (*PromptHardwareKeyPINRequest) Descriptor() ([]byte, []int) { return file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDescGZIP(), []int{15} } -func (x *PromptHardwareKeyPINRequest) GetRootClusterUri() string { +func (x *PromptHardwareKeyPINRequest) GetPinOptional() bool { if x != nil { - return x.RootClusterUri + return x.PinOptional } - return "" + return false } -func (x *PromptHardwareKeyPINRequest) GetPinOptional() bool { +func (x *PromptHardwareKeyPINRequest) GetProxyHost() string { if x != nil { - return x.PinOptional + return x.ProxyHost } - return false + return "" } func (x *PromptHardwareKeyPINRequest) GetCommand() string { @@ -1074,8 +1075,9 @@ func (x *PromptHardwareKeyPINResponse) GetPin() string { // Request for PromptHardwareKeyTouchRequest. type PromptHardwareKeyTouchRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - RootClusterUri string `protobuf:"bytes,1,opt,name=root_cluster_uri,json=rootClusterUri,proto3" json:"root_cluster_uri,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + // ProxyHost is the proxy hostname of the client key. + ProxyHost string `protobuf:"bytes,2,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` // Command is an optional command string to provide context for the prompt. Command string `protobuf:"bytes,3,opt,name=command,proto3" json:"command,omitempty"` unknownFields protoimpl.UnknownFields @@ -1112,9 +1114,9 @@ func (*PromptHardwareKeyTouchRequest) Descriptor() ([]byte, []int) { return file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDescGZIP(), []int{17} } -func (x *PromptHardwareKeyTouchRequest) GetRootClusterUri() string { +func (x *PromptHardwareKeyTouchRequest) GetProxyHost() string { if x != nil { - return x.RootClusterUri + return x.ProxyHost } return "" } @@ -1165,10 +1167,11 @@ func (*PromptHardwareKeyTouchResponse) Descriptor() ([]byte, []int) { // Response for PromptHardwareKeyPINChange. type PromptHardwareKeyPINChangeRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - RootClusterUri string `protobuf:"bytes,1,opt,name=root_cluster_uri,json=rootClusterUri,proto3" json:"root_cluster_uri,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + // ProxyHost is the proxy hostname of the client key. + ProxyHost string `protobuf:"bytes,2,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PromptHardwareKeyPINChangeRequest) Reset() { @@ -1201,9 +1204,9 @@ func (*PromptHardwareKeyPINChangeRequest) Descriptor() ([]byte, []int) { return file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDescGZIP(), []int{19} } -func (x *PromptHardwareKeyPINChangeRequest) GetRootClusterUri() string { +func (x *PromptHardwareKeyPINChangeRequest) GetProxyHost() string { if x != nil { - return x.RootClusterUri + return x.ProxyHost } return "" } @@ -1275,10 +1278,11 @@ func (x *PromptHardwareKeyPINChangeResponse) GetPukChanged() bool { // Request for ConfirmHardwareKeySlotOverwrite. type ConfirmHardwareKeySlotOverwriteRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - RootClusterUri string `protobuf:"bytes,1,opt,name=root_cluster_uri,json=rootClusterUri,proto3" json:"root_cluster_uri,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` // Message to display in the prompt. - Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` + Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` + // ProxyHost is the proxy hostname of the client key. + ProxyHost string `protobuf:"bytes,3,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1313,16 +1317,16 @@ func (*ConfirmHardwareKeySlotOverwriteRequest) Descriptor() ([]byte, []int) { return file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDescGZIP(), []int{21} } -func (x *ConfirmHardwareKeySlotOverwriteRequest) GetRootClusterUri() string { +func (x *ConfirmHardwareKeySlotOverwriteRequest) GetMessage() string { if x != nil { - return x.RootClusterUri + return x.Message } return "" } -func (x *ConfirmHardwareKeySlotOverwriteRequest) GetMessage() string { +func (x *ConfirmHardwareKeySlotOverwriteRequest) GetProxyHost() string { if x != nil { - return x.Message + return x.ProxyHost } return "" } @@ -1648,27 +1652,31 @@ const file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDesc = "" + "\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12!\n" + "\fredirect_url\x18\x04 \x01(\tR\vredirectUrl\"0\n" + "\x11PromptMFAResponse\x12\x1b\n" + - "\ttotp_code\x18\x01 \x01(\tR\btotpCode\"\x84\x01\n" + - "\x1bPromptHardwareKeyPINRequest\x12(\n" + - "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\x12!\n" + - "\fpin_optional\x18\x02 \x01(\bR\vpinOptional\x12\x18\n" + - "\acommand\x18\x03 \x01(\tR\acommand\"0\n" + + "\ttotp_code\x18\x01 \x01(\tR\btotpCode\"\x91\x01\n" + + "\x1bPromptHardwareKeyPINRequest\x12!\n" + + "\fpin_optional\x18\x02 \x01(\bR\vpinOptional\x12\x1d\n" + + "\n" + + "proxy_host\x18\x03 \x01(\tR\tproxyHost\x12\x18\n" + + "\acommand\x18\x04 \x01(\tR\acommandJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"0\n" + "\x1cPromptHardwareKeyPINResponse\x12\x10\n" + - "\x03pin\x18\x01 \x01(\tR\x03pin\"c\n" + - "\x1dPromptHardwareKeyTouchRequest\x12(\n" + - "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\x12\x18\n" + - "\acommand\x18\x03 \x01(\tR\acommand\" \n" + - "\x1ePromptHardwareKeyTouchResponse\"M\n" + - "!PromptHardwareKeyPINChangeRequest\x12(\n" + - "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\"i\n" + + "\x03pin\x18\x01 \x01(\tR\x03pin\"p\n" + + "\x1dPromptHardwareKeyTouchRequest\x12\x1d\n" + + "\n" + + "proxy_host\x18\x02 \x01(\tR\tproxyHost\x12\x18\n" + + "\acommand\x18\x03 \x01(\tR\acommandJ\x04\b\x01\x10\x02R\x10root_cluster_uri\" \n" + + "\x1ePromptHardwareKeyTouchResponse\"Z\n" + + "!PromptHardwareKeyPINChangeRequest\x12\x1d\n" + + "\n" + + "proxy_host\x18\x02 \x01(\tR\tproxyHostJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"i\n" + "\"PromptHardwareKeyPINChangeResponse\x12\x10\n" + "\x03pin\x18\x01 \x01(\tR\x03pin\x12\x10\n" + "\x03puk\x18\x02 \x01(\tR\x03puk\x12\x1f\n" + "\vpuk_changed\x18\x03 \x01(\bR\n" + - "pukChanged\"l\n" + - "&ConfirmHardwareKeySlotOverwriteRequest\x12(\n" + - "\x10root_cluster_uri\x18\x01 \x01(\tR\x0erootClusterUri\x12\x18\n" + - "\amessage\x18\x02 \x01(\tR\amessage\"G\n" + + "pukChanged\"y\n" + + "&ConfirmHardwareKeySlotOverwriteRequest\x12\x18\n" + + "\amessage\x18\x02 \x01(\tR\amessage\x12\x1d\n" + + "\n" + + "proxy_host\x18\x03 \x01(\tR\tproxyHostJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"G\n" + "'ConfirmHardwareKeySlotOverwriteResponse\x12\x1c\n" + "\tconfirmed\x18\x01 \x01(\bR\tconfirmed\"\"\n" + " GetUsageReportingSettingsRequest\"\x8f\x01\n" + diff --git a/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts b/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts index bd9cfec3286d9..6fc199c652b77 100644 --- a/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts +++ b/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts @@ -332,19 +332,21 @@ export interface PromptMFAResponse { */ export interface PromptHardwareKeyPINRequest { /** - * @generated from protobuf field: string root_cluster_uri = 1; - */ - rootClusterUri: string; - /** - * Specifies if a PIN is optional, allowing the user to set it up if left empty. + * PinOptional specified if a PIN is optional, allowing the user to set it up if left empty. * * @generated from protobuf field: bool pin_optional = 2; */ pinOptional: boolean; + /** + * ProxyHost is the proxy hostname of the client key. + * + * @generated from protobuf field: string proxy_host = 3; + */ + proxyHost: string; /** * Command is an optional command string to provide context for the prompt. * - * @generated from protobuf field: string command = 3; + * @generated from protobuf field: string command = 4; */ command: string; } @@ -368,9 +370,11 @@ export interface PromptHardwareKeyPINResponse { */ export interface PromptHardwareKeyTouchRequest { /** - * @generated from protobuf field: string root_cluster_uri = 1; + * ProxyHost is the proxy hostname of the client key. + * + * @generated from protobuf field: string proxy_host = 2; */ - rootClusterUri: string; + proxyHost: string; /** * Command is an optional command string to provide context for the prompt. * @@ -392,9 +396,11 @@ export interface PromptHardwareKeyTouchResponse { */ export interface PromptHardwareKeyPINChangeRequest { /** - * @generated from protobuf field: string root_cluster_uri = 1; + * ProxyHost is the proxy hostname of the client key. + * + * @generated from protobuf field: string proxy_host = 2; */ - rootClusterUri: string; + proxyHost: string; } /** * Response for PromptHardwareKeyPINChange. @@ -428,16 +434,18 @@ export interface PromptHardwareKeyPINChangeResponse { * @generated from protobuf message teleport.lib.teleterm.v1.ConfirmHardwareKeySlotOverwriteRequest */ export interface ConfirmHardwareKeySlotOverwriteRequest { - /** - * @generated from protobuf field: string root_cluster_uri = 1; - */ - rootClusterUri: string; /** * Message to display in the prompt. * * @generated from protobuf field: string message = 2; */ message: string; + /** + * ProxyHost is the proxy hostname of the client key. + * + * @generated from protobuf field: string proxy_host = 3; + */ + proxyHost: string; } /** * Response for ConfirmHardwareKeySlotOverwrite. @@ -1318,15 +1326,15 @@ export const PromptMFAResponse = new PromptMFAResponse$Type(); class PromptHardwareKeyPINRequest$Type extends MessageType { constructor() { super("teleport.lib.teleterm.v1.PromptHardwareKeyPINRequest", [ - { no: 1, name: "root_cluster_uri", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, { no: 2, name: "pin_optional", kind: "scalar", T: 8 /*ScalarType.BOOL*/ }, - { no: 3, name: "command", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + { no: 3, name: "proxy_host", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, + { no: 4, name: "command", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): PromptHardwareKeyPINRequest { const message = globalThis.Object.create((this.messagePrototype!)); - message.rootClusterUri = ""; message.pinOptional = false; + message.proxyHost = ""; message.command = ""; if (value !== undefined) reflectionMergePartial(this, message, value); @@ -1337,13 +1345,13 @@ class PromptHardwareKeyPINRequest$Type extends MessageType { constructor() { super("teleport.lib.teleterm.v1.PromptHardwareKeyTouchRequest", [ - { no: 1, name: "root_cluster_uri", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, + { no: 2, name: "proxy_host", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, { no: 3, name: "command", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): PromptHardwareKeyTouchRequest { const message = globalThis.Object.create((this.messagePrototype!)); - message.rootClusterUri = ""; + message.proxyHost = ""; message.command = ""; if (value !== undefined) reflectionMergePartial(this, message, value); @@ -1445,8 +1453,8 @@ class PromptHardwareKeyTouchRequest$Type extends MessageType { constructor() { super("teleport.lib.teleterm.v1.PromptHardwareKeyPINChangeRequest", [ - { no: 1, name: "root_cluster_uri", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + { no: 2, name: "proxy_host", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): PromptHardwareKeyPINChangeRequest { const message = globalThis.Object.create((this.messagePrototype!)); - message.rootClusterUri = ""; + message.proxyHost = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -1523,8 +1531,8 @@ class PromptHardwareKeyPINChangeRequest$Type extends MessageType { constructor() { super("teleport.lib.teleterm.v1.ConfirmHardwareKeySlotOverwriteRequest", [ - { no: 1, name: "root_cluster_uri", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, - { no: 2, name: "message", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + { no: 2, name: "message", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, + { no: 3, name: "proxy_host", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): ConfirmHardwareKeySlotOverwriteRequest { const message = globalThis.Object.create((this.messagePrototype!)); - message.rootClusterUri = ""; message.message = ""; + message.proxyHost = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -1635,12 +1643,12 @@ class ConfirmHardwareKeySlotOverwriteRequest$Type extends MessageType - Enter your YubiKey PIV PIN. -
+ Enter your YubiKey PIV PIN to continue + {props.req.command != '' + ? ` with command "${props.req.command}"` + : ''} {props.req.pinOptional && 'To change the default PIN, leave the field blank.'} diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx index 97b5b3e25dd4c..1ace2417aded3 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx @@ -77,7 +77,7 @@ export function ChangePin(props: { }} > diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx index fd41eaddaed6f..b14f34bfd8ff7 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx @@ -20,18 +20,11 @@ import { ButtonIcon, H2 } from 'design'; import { DialogHeader } from 'design/Dialog'; import * as icons from 'design/Icon'; -import { RootClusterUri, routing } from 'teleterm/ui/uri'; - -export function CommonHeader(props: { - onCancel(): void; - rootClusterUri: RootClusterUri; -}) { - const rootClusterName = routing.parseClusterName(props.rootClusterUri); - +export function CommonHeader(props: { onCancel(): void; proxyHost: string }) { return (

- Unlock hardware key to access {rootClusterName} + Verify your identity on {props.proxyHost}

diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx index 389b129008056..bfaa98cb0094d 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx @@ -40,10 +40,7 @@ export function Touch(props: { width: '100%', })} > - + - Touch your YubiKey + + Touch your YubiKey to continue + {props.req.command != '' + ? ` with command "${props.req.command}"` + : ''} + diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/index.story.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/index.story.tsx index 34e7418554c3c..becc538877c2d 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/index.story.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/index.story.tsx @@ -37,8 +37,9 @@ export function AskPinOptional() { onSuccess={() => {}} onCancel={() => {}} req={{ - rootClusterUri: rootCluster.uri, + proxyHost: rootCluster.proxyHost, pinOptional: true, + command: '', }} /> ); @@ -50,8 +51,9 @@ export function AskPinRequired() { onSuccess={() => {}} onCancel={() => {}} req={{ - rootClusterUri: rootCluster.uri, + proxyHost: rootCluster.proxyHost, pinOptional: false, + command: '', }} /> ); @@ -62,7 +64,8 @@ export function Touch() { {}} req={{ - rootClusterUri: rootCluster.uri, + proxyHost: rootCluster.proxyHost, + command: '', }} /> ); @@ -73,7 +76,9 @@ export function ChangePin() { {}} onCancel={() => {}} - req={{ rootClusterUri: rootCluster.uri }} + req={{ + proxyHost: rootCluster.proxyHost, + }} /> ); } @@ -84,7 +89,7 @@ export function OverwriteSlot() { onConfirm={() => {}} onCancel={() => {}} req={{ - rootClusterUri: rootCluster.uri, + proxyHost: rootCluster.proxyHost, message: "Would you like to overwrite this slot's private key and certificate?", }} From cad1929747bbe7347f1c329954eba6beca76594e Mon Sep 17 00:00:00 2001 From: joerger Date: Wed, 16 Apr 2025 14:16:56 -0700 Subject: [PATCH 3/7] Add new line before command. --- .../src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx | 10 +++++++--- .../src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx | 9 ++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx index ffb1e83adab25..27e9b2fbda430 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx @@ -65,9 +65,13 @@ export function AskPin(props: { Enter your YubiKey PIV PIN to continue - {props.req.command != '' - ? ` with command "${props.req.command}"` - : ''} + {props.req.command && ' with command:'} +
+ { + props.req.command && + props.req.command /**TODO(Joerger): style text */ + } +
{props.req.pinOptional && 'To change the default PIN, leave the field blank.'} diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx index bfaa98cb0094d..b19bd416bcb43 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx @@ -54,9 +54,12 @@ export function Touch(props: { Touch your YubiKey to continue - {props.req.command != '' - ? ` with command "${props.req.command}"` - : ''} + {props.req.command && ' with command:'} +
+ { + props.req.command && + props.req.command /**TODO(Joerger): style text */ + } From 5303e1111dbc4a01738cc14b2c861114681f35d5 Mon Sep 17 00:00:00 2001 From: joerger Date: Wed, 16 Apr 2025 17:15:36 -0700 Subject: [PATCH 4/7] Fix story. --- .../teleterm/src/ui/ModalsHost/ModalsHost.story.tsx | 6 ++++-- web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.story.tsx b/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.story.tsx index 83e815d7dc87b..bb9b5d7f1a783 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.story.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.story.tsx @@ -34,7 +34,8 @@ export default { const hardwareKeyTouchDialog: DialogHardwareKeyTouch = { kind: 'hardware-key-touch', req: { - rootClusterUri: '/clusters/foo', + proxyHost: 'foo.example.com', + command: '', }, onCancel: () => {}, }; @@ -42,8 +43,9 @@ const hardwareKeyTouchDialog: DialogHardwareKeyTouch = { const hardwareKeyPinDialog: DialogHardwareKeyPin = { kind: 'hardware-key-pin', req: { - rootClusterUri: '/clusters/foo', + proxyHost: 'foo.example.com', pinOptional: false, + command: '', }, onSuccess: () => {}, onCancel: () => {}, diff --git a/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx b/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx index f31667bc325d4..73db06e45aeb4 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx @@ -43,7 +43,8 @@ const clusterConnectDialog: DialogClusterConnect = { const hardwareKeyTouchDialog: DialogHardwareKeyTouch = { kind: 'hardware-key-touch', req: { - rootClusterUri: '/clusters/foo', + proxyHost: 'foo.example.com', + command: '', }, onCancel: () => {}, }; From d4befeec6a6b27e12a5f6f7240e517a73692afa5 Mon Sep 17 00:00:00 2001 From: joerger Date: Thu, 17 Apr 2025 16:17:28 -0700 Subject: [PATCH 5/7] Address comments. --- tool/tsh/common/tsh.go | 4 +++- .../src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx | 12 ++++++------ .../src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx | 12 ++++++------ 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/tool/tsh/common/tsh.go b/tool/tsh/common/tsh.go index 65e42ce534bd5..58998a22b11ee 100644 --- a/tool/tsh/common/tsh.go +++ b/tool/tsh/common/tsh.go @@ -580,7 +580,7 @@ type CLIConf struct { // lookPathOverride overrides return of LookPath(). used in tests. lookPathOverride string - // HardwareKeyAgentServer determines whether `tsh daemon`` will run the hardware key agent server. + // HardwareKeyAgentServer determines whether `tsh daemon` will run the hardware key agent server. HardwareKeyAgentServer bool // disableHardwareKeyAgentClient determines whether the client will attempt to connect // to the hardware key agent. Some commands, like login, are better with the @@ -1913,6 +1913,8 @@ func onLogin(cf *CLIConf, reExecArgs ...string) error { cf.DesiredRoles = "" } + // For login operations, we use the hardware key + // service directly instead of the agent. cf.disableHardwareKeyAgentClient = true if cf.IdentityFileIn != "" { diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx index 27e9b2fbda430..d4c4ff85e199c 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx @@ -65,12 +65,12 @@ export function AskPin(props: { Enter your YubiKey PIV PIN to continue - {props.req.command && ' with command:'} -
- { - props.req.command && - props.req.command /**TODO(Joerger): style text */ - } + {props.req.command && ( + <> + {' with command:'} + 
{props.req.command}
+ + )}
{props.req.pinOptional && 'To change the default PIN, leave the field blank.'} diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx index b19bd416bcb43..7dc6fc376eb44 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx @@ -54,12 +54,12 @@ export function Touch(props: { Touch your YubiKey to continue - {props.req.command && ' with command:'} -
- { - props.req.command && - props.req.command /**TODO(Joerger): style text */ - } + {props.req.command && ( + <> + {' with command:'} + 
{props.req.command}
+ + )} From 375e7e26a43f6769c914d9d83a46a3e6d3ec206c Mon Sep 17 00:00:00 2001 From: joerger Date: Thu, 17 Apr 2025 16:30:07 -0700 Subject: [PATCH 6/7] Trim forward slash for windows. --- api/utils/keys/hardwarekeyagent/service.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/utils/keys/hardwarekeyagent/service.go b/api/utils/keys/hardwarekeyagent/service.go index 1609c8f2d095c..5129c3ae9440c 100644 --- a/api/utils/keys/hardwarekeyagent/service.go +++ b/api/utils/keys/hardwarekeyagent/service.go @@ -123,9 +123,9 @@ func (s *Service) agentSign(ctx context.Context, ref *hardwarekey.PrivateKeyRef, } } - // Trim leading path from command for user readability. + // Trim leading path (/ or \ on windows) from command for user readability. command := os.Args[0] - if i := strings.LastIndex(command, "/"); i != -1 { + if i := strings.LastIndexAny(command, "/\\"); i != -1 { command = command[i+1:] } commandString := fmt.Sprintf("%v %v", command, strings.Join(os.Args[1:], " ")) From a5ef1ad62ca549789e3ce640ee9ec00aec7134b9 Mon Sep 17 00:00:00 2001 From: joerger Date: Fri, 18 Apr 2025 11:01:27 -0700 Subject: [PATCH 7/7] Change proxy_host to proxy_hostname; Update comment. --- .../lib/teleterm/v1/tshd_events_service.pb.go | 60 +++++++------- .../lib/teleterm/v1/tshd_events_service_pb.ts | 80 +++++++++---------- lib/teleterm/daemon/hardwarekeyprompt.go | 16 ++-- .../lib/teleterm/v1/tshd_events_service.proto | 16 ++-- tool/tsh/common/tsh.go | 2 +- .../src/ui/ModalsHost/ModalsHost.story.tsx | 4 +- .../src/ui/ModalsHost/ModalsHost.test.tsx | 2 +- .../ModalsHost/modals/HardwareKeys/AskPin.tsx | 2 +- .../modals/HardwareKeys/ChangePin.tsx | 2 +- .../modals/HardwareKeys/CommonHeader.tsx | 7 +- .../modals/HardwareKeys/OverwriteSlot.tsx | 2 +- .../ModalsHost/modals/HardwareKeys/Touch.tsx | 5 +- .../modals/HardwareKeys/index.story.tsx | 10 +-- 13 files changed, 105 insertions(+), 103 deletions(-) diff --git a/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go b/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go index 8db816235e8ba..9fc37293f2e23 100644 --- a/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go +++ b/gen/proto/go/teleport/lib/teleterm/v1/tshd_events_service.pb.go @@ -968,8 +968,8 @@ type PromptHardwareKeyPINRequest struct { state protoimpl.MessageState `protogen:"open.v1"` // PinOptional specified if a PIN is optional, allowing the user to set it up if left empty. PinOptional bool `protobuf:"varint,2,opt,name=pin_optional,json=pinOptional,proto3" json:"pin_optional,omitempty"` - // ProxyHost is the proxy hostname of the client key. - ProxyHost string `protobuf:"bytes,3,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` + // ProxyHostname is the proxy hostname of the client key. + ProxyHostname string `protobuf:"bytes,3,opt,name=proxy_hostname,json=proxyHostname,proto3" json:"proxy_hostname,omitempty"` // Command is an optional command string to provide context for the prompt. Command string `protobuf:"bytes,4,opt,name=command,proto3" json:"command,omitempty"` unknownFields protoimpl.UnknownFields @@ -1013,9 +1013,9 @@ func (x *PromptHardwareKeyPINRequest) GetPinOptional() bool { return false } -func (x *PromptHardwareKeyPINRequest) GetProxyHost() string { +func (x *PromptHardwareKeyPINRequest) GetProxyHostname() string { if x != nil { - return x.ProxyHost + return x.ProxyHostname } return "" } @@ -1076,8 +1076,8 @@ func (x *PromptHardwareKeyPINResponse) GetPin() string { // Request for PromptHardwareKeyTouchRequest. type PromptHardwareKeyTouchRequest struct { state protoimpl.MessageState `protogen:"open.v1"` - // ProxyHost is the proxy hostname of the client key. - ProxyHost string `protobuf:"bytes,2,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` + // ProxyHostname is the proxy hostname of the client key. + ProxyHostname string `protobuf:"bytes,2,opt,name=proxy_hostname,json=proxyHostname,proto3" json:"proxy_hostname,omitempty"` // Command is an optional command string to provide context for the prompt. Command string `protobuf:"bytes,3,opt,name=command,proto3" json:"command,omitempty"` unknownFields protoimpl.UnknownFields @@ -1114,9 +1114,9 @@ func (*PromptHardwareKeyTouchRequest) Descriptor() ([]byte, []int) { return file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDescGZIP(), []int{17} } -func (x *PromptHardwareKeyTouchRequest) GetProxyHost() string { +func (x *PromptHardwareKeyTouchRequest) GetProxyHostname() string { if x != nil { - return x.ProxyHost + return x.ProxyHostname } return "" } @@ -1168,8 +1168,8 @@ func (*PromptHardwareKeyTouchResponse) Descriptor() ([]byte, []int) { // Response for PromptHardwareKeyPINChange. type PromptHardwareKeyPINChangeRequest struct { state protoimpl.MessageState `protogen:"open.v1"` - // ProxyHost is the proxy hostname of the client key. - ProxyHost string `protobuf:"bytes,2,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` + // ProxyHostname is the proxy hostname of the client key. + ProxyHostname string `protobuf:"bytes,2,opt,name=proxy_hostname,json=proxyHostname,proto3" json:"proxy_hostname,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1204,9 +1204,9 @@ func (*PromptHardwareKeyPINChangeRequest) Descriptor() ([]byte, []int) { return file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDescGZIP(), []int{19} } -func (x *PromptHardwareKeyPINChangeRequest) GetProxyHost() string { +func (x *PromptHardwareKeyPINChangeRequest) GetProxyHostname() string { if x != nil { - return x.ProxyHost + return x.ProxyHostname } return "" } @@ -1281,8 +1281,8 @@ type ConfirmHardwareKeySlotOverwriteRequest struct { state protoimpl.MessageState `protogen:"open.v1"` // Message to display in the prompt. Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` - // ProxyHost is the proxy hostname of the client key. - ProxyHost string `protobuf:"bytes,3,opt,name=proxy_host,json=proxyHost,proto3" json:"proxy_host,omitempty"` + // ProxyHostname is the proxy hostname of the client key. + ProxyHostname string `protobuf:"bytes,3,opt,name=proxy_hostname,json=proxyHostname,proto3" json:"proxy_hostname,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1324,9 +1324,9 @@ func (x *ConfirmHardwareKeySlotOverwriteRequest) GetMessage() string { return "" } -func (x *ConfirmHardwareKeySlotOverwriteRequest) GetProxyHost() string { +func (x *ConfirmHardwareKeySlotOverwriteRequest) GetProxyHostname() string { if x != nil { - return x.ProxyHost + return x.ProxyHostname } return "" } @@ -1652,31 +1652,27 @@ const file_teleport_lib_teleterm_v1_tshd_events_service_proto_rawDesc = "" + "\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12!\n" + "\fredirect_url\x18\x04 \x01(\tR\vredirectUrl\"0\n" + "\x11PromptMFAResponse\x12\x1b\n" + - "\ttotp_code\x18\x01 \x01(\tR\btotpCode\"\x91\x01\n" + + "\ttotp_code\x18\x01 \x01(\tR\btotpCode\"\x99\x01\n" + "\x1bPromptHardwareKeyPINRequest\x12!\n" + - "\fpin_optional\x18\x02 \x01(\bR\vpinOptional\x12\x1d\n" + - "\n" + - "proxy_host\x18\x03 \x01(\tR\tproxyHost\x12\x18\n" + + "\fpin_optional\x18\x02 \x01(\bR\vpinOptional\x12%\n" + + "\x0eproxy_hostname\x18\x03 \x01(\tR\rproxyHostname\x12\x18\n" + "\acommand\x18\x04 \x01(\tR\acommandJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"0\n" + "\x1cPromptHardwareKeyPINResponse\x12\x10\n" + - "\x03pin\x18\x01 \x01(\tR\x03pin\"p\n" + - "\x1dPromptHardwareKeyTouchRequest\x12\x1d\n" + - "\n" + - "proxy_host\x18\x02 \x01(\tR\tproxyHost\x12\x18\n" + + "\x03pin\x18\x01 \x01(\tR\x03pin\"x\n" + + "\x1dPromptHardwareKeyTouchRequest\x12%\n" + + "\x0eproxy_hostname\x18\x02 \x01(\tR\rproxyHostname\x12\x18\n" + "\acommand\x18\x03 \x01(\tR\acommandJ\x04\b\x01\x10\x02R\x10root_cluster_uri\" \n" + - "\x1ePromptHardwareKeyTouchResponse\"Z\n" + - "!PromptHardwareKeyPINChangeRequest\x12\x1d\n" + - "\n" + - "proxy_host\x18\x02 \x01(\tR\tproxyHostJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"i\n" + + "\x1ePromptHardwareKeyTouchResponse\"b\n" + + "!PromptHardwareKeyPINChangeRequest\x12%\n" + + "\x0eproxy_hostname\x18\x02 \x01(\tR\rproxyHostnameJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"i\n" + "\"PromptHardwareKeyPINChangeResponse\x12\x10\n" + "\x03pin\x18\x01 \x01(\tR\x03pin\x12\x10\n" + "\x03puk\x18\x02 \x01(\tR\x03puk\x12\x1f\n" + "\vpuk_changed\x18\x03 \x01(\bR\n" + - "pukChanged\"y\n" + + "pukChanged\"\x81\x01\n" + "&ConfirmHardwareKeySlotOverwriteRequest\x12\x18\n" + - "\amessage\x18\x02 \x01(\tR\amessage\x12\x1d\n" + - "\n" + - "proxy_host\x18\x03 \x01(\tR\tproxyHostJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"G\n" + + "\amessage\x18\x02 \x01(\tR\amessage\x12%\n" + + "\x0eproxy_hostname\x18\x03 \x01(\tR\rproxyHostnameJ\x04\b\x01\x10\x02R\x10root_cluster_uri\"G\n" + "'ConfirmHardwareKeySlotOverwriteResponse\x12\x1c\n" + "\tconfirmed\x18\x01 \x01(\bR\tconfirmed\"\"\n" + " GetUsageReportingSettingsRequest\"\x8f\x01\n" + diff --git a/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts b/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts index 6fc199c652b77..145834a1108db 100644 --- a/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts +++ b/gen/proto/ts/teleport/lib/teleterm/v1/tshd_events_service_pb.ts @@ -338,11 +338,11 @@ export interface PromptHardwareKeyPINRequest { */ pinOptional: boolean; /** - * ProxyHost is the proxy hostname of the client key. + * ProxyHostname is the proxy hostname of the client key. * - * @generated from protobuf field: string proxy_host = 3; + * @generated from protobuf field: string proxy_hostname = 3; */ - proxyHost: string; + proxyHostname: string; /** * Command is an optional command string to provide context for the prompt. * @@ -370,11 +370,11 @@ export interface PromptHardwareKeyPINResponse { */ export interface PromptHardwareKeyTouchRequest { /** - * ProxyHost is the proxy hostname of the client key. + * ProxyHostname is the proxy hostname of the client key. * - * @generated from protobuf field: string proxy_host = 2; + * @generated from protobuf field: string proxy_hostname = 2; */ - proxyHost: string; + proxyHostname: string; /** * Command is an optional command string to provide context for the prompt. * @@ -396,11 +396,11 @@ export interface PromptHardwareKeyTouchResponse { */ export interface PromptHardwareKeyPINChangeRequest { /** - * ProxyHost is the proxy hostname of the client key. + * ProxyHostname is the proxy hostname of the client key. * - * @generated from protobuf field: string proxy_host = 2; + * @generated from protobuf field: string proxy_hostname = 2; */ - proxyHost: string; + proxyHostname: string; } /** * Response for PromptHardwareKeyPINChange. @@ -441,11 +441,11 @@ export interface ConfirmHardwareKeySlotOverwriteRequest { */ message: string; /** - * ProxyHost is the proxy hostname of the client key. + * ProxyHostname is the proxy hostname of the client key. * - * @generated from protobuf field: string proxy_host = 3; + * @generated from protobuf field: string proxy_hostname = 3; */ - proxyHost: string; + proxyHostname: string; } /** * Response for ConfirmHardwareKeySlotOverwrite. @@ -1327,14 +1327,14 @@ class PromptHardwareKeyPINRequest$Type extends MessageType): PromptHardwareKeyPINRequest { const message = globalThis.Object.create((this.messagePrototype!)); message.pinOptional = false; - message.proxyHost = ""; + message.proxyHostname = ""; message.command = ""; if (value !== undefined) reflectionMergePartial(this, message, value); @@ -1348,8 +1348,8 @@ class PromptHardwareKeyPINRequest$Type extends MessageType { constructor() { super("teleport.lib.teleterm.v1.PromptHardwareKeyTouchRequest", [ - { no: 2, name: "proxy_host", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, + { no: 2, name: "proxy_hostname", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, { no: 3, name: "command", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): PromptHardwareKeyTouchRequest { const message = globalThis.Object.create((this.messagePrototype!)); - message.proxyHost = ""; + message.proxyHostname = ""; message.command = ""; if (value !== undefined) reflectionMergePartial(this, message, value); @@ -1453,8 +1453,8 @@ class PromptHardwareKeyTouchRequest$Type extends MessageType { constructor() { super("teleport.lib.teleterm.v1.PromptHardwareKeyPINChangeRequest", [ - { no: 2, name: "proxy_host", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + { no: 2, name: "proxy_hostname", kind: "scalar", T: 9 /*ScalarType.STRING*/ } ]); } create(value?: PartialMessage): PromptHardwareKeyPINChangeRequest { const message = globalThis.Object.create((this.messagePrototype!)); - message.proxyHost = ""; + message.proxyHostname = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -1531,8 +1531,8 @@ class PromptHardwareKeyPINChangeRequest$Type extends MessageType): ConfirmHardwareKeySlotOverwriteRequest { const message = globalThis.Object.create((this.messagePrototype!)); message.message = ""; - message.proxyHost = ""; + message.proxyHostname = ""; if (value !== undefined) reflectionMergePartial(this, message, value); return message; @@ -1646,8 +1646,8 @@ class ConfirmHardwareKeySlotOverwriteRequest$Type extends MessageType {}, @@ -43,7 +43,7 @@ const hardwareKeyTouchDialog: DialogHardwareKeyTouch = { const hardwareKeyPinDialog: DialogHardwareKeyPin = { kind: 'hardware-key-pin', req: { - proxyHost: 'foo.example.com', + proxyHostname: 'foo.example.com', pinOptional: false, command: '', }, diff --git a/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx b/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx index 73db06e45aeb4..7411c0b43b9ad 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/ModalsHost.test.tsx @@ -43,7 +43,7 @@ const clusterConnectDialog: DialogClusterConnect = { const hardwareKeyTouchDialog: DialogHardwareKeyTouch = { kind: 'hardware-key-touch', req: { - proxyHost: 'foo.example.com', + proxyHostname: 'foo.example.com', command: '', }, onCancel: () => {}, diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx index d4c4ff85e199c..6201141307bbc 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/AskPin.tsx @@ -58,7 +58,7 @@ export function AskPin(props: { > diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx index 1ace2417aded3..efd87cb6f9a5e 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/ChangePin.tsx @@ -77,7 +77,7 @@ export function ChangePin(props: { }} > diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx index b14f34bfd8ff7..eabe3e5dec48f 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/CommonHeader.tsx @@ -20,11 +20,14 @@ import { ButtonIcon, H2 } from 'design'; import { DialogHeader } from 'design/Dialog'; import * as icons from 'design/Icon'; -export function CommonHeader(props: { onCancel(): void; proxyHost: string }) { +export function CommonHeader(props: { + onCancel(): void; + proxyHostname: string; +}) { return (

- Verify your identity on {props.proxyHost} + Verify your identity on {props.proxyHostname}

diff --git a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx index 7dc6fc376eb44..c5ccd57db20ee 100644 --- a/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx +++ b/web/packages/teleterm/src/ui/ModalsHost/modals/HardwareKeys/Touch.tsx @@ -40,7 +40,10 @@ export function Touch(props: { width: '100%', })} > - + {}} onCancel={() => {}} req={{ - proxyHost: rootCluster.proxyHost, + proxyHostname: rootCluster.proxyHost, pinOptional: true, command: '', }} @@ -51,7 +51,7 @@ export function AskPinRequired() { onSuccess={() => {}} onCancel={() => {}} req={{ - proxyHost: rootCluster.proxyHost, + proxyHostname: rootCluster.proxyHost, pinOptional: false, command: '', }} @@ -64,7 +64,7 @@ export function Touch() { {}} req={{ - proxyHost: rootCluster.proxyHost, + proxyHostname: rootCluster.proxyHost, command: '', }} /> @@ -77,7 +77,7 @@ export function ChangePin() { onSuccess={() => {}} onCancel={() => {}} req={{ - proxyHost: rootCluster.proxyHost, + proxyHostname: rootCluster.proxyHost, }} /> ); @@ -89,7 +89,7 @@ export function OverwriteSlot() { onConfirm={() => {}} onCancel={() => {}} req={{ - proxyHost: rootCluster.proxyHost, + proxyHostname: rootCluster.proxyHost, message: "Would you like to overwrite this slot's private key and certificate?", }}