[v6.2] Clear terminal when session ends (#9328)

This change clears the screen when an ssh session ends (only in FIPS mode). Note: This doesn't currently do anything in `tsh` on Windows since BoringCrypto isn't supported, but once it is supported, the behavior will match Unix and web.
gravitational · Dec 16, 2021 · 1aff7f0 · 1aff7f0
1 parent afce79e
commit 1aff7f0
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/lib/client/session.go b/lib/client/session.go
@@ -70,6 +70,10 @@ type NodeSession struct {
 	closer                *utils.CloseBroadcaster
 	enableEscapeSequences bool
 
+	// closeWait is used to wait for cleanup-related goroutines created by
+	// this session to close.
+	closeWait *sync.WaitGroup
+
 	// mu serialises access to `exitMsg`
 	mu      sync.Mutex
 	exitMsg string
@@ -122,6 +126,7 @@ func newSession(client *NodeClient,
 		stderr:                stderr,
 		namespace:             client.Namespace,
 		closer:                utils.NewCloseBroadcaster(),
+		closeWait:             &sync.WaitGroup{},
 		enableEscapeSequences: enableEscapeSequences,
 	}
 	// if we're joining an existing session, we need to assume that session's
@@ -154,6 +159,24 @@ func newSession(client *NodeClient,
 		ns.id = session.ID(sid)
 	}
 	ns.env[sshutils.SessionEnvVar] = string(ns.id)
+
+	// Close the Terminal when finished.
+	ns.closeWait.Add(1)
+	go func() {
+		defer ns.closeWait.Done()
+
+		<-ns.closer.C
+		if isFIPS() {
+			// \x1b[3J - clears scrollback (it is needed at least for the Mac terminal) -
+			// https://newbedev.com/how-do-i-reset-the-scrollback-in-the-terminal-via-a-shell-command
+			// \x1b\x63 - clears current screen - same as '\0033\0143' from https://superuser.com/a/123007
+			const resetPattern = "\x1b[3J\x1b\x63\n"
+			if _, err := ns.stdout.Write([]byte(resetPattern)); err != nil {
+				log.Warnf("Failed to clear screen: %v.", err)
+			}
+		}
+	}()
+
 	return ns, nil
 }
 
@@ -279,6 +302,7 @@ func (ns *NodeSession) interactiveSession(callback interactiveCallback) error {
 	}
 	// wait for the session to end
 	<-ns.closer.C
+	ns.closeWait.Wait()
 	return nil
 }
 
@@ -622,5 +646,8 @@ func (ns *NodeSession) Close() error {
 	if ns.closer != nil {
 		ns.closer.Close()
 	}
+	if ns.closeWait != nil {
+		ns.closeWait.Wait()
+	}
 	return nil
 }
diff --git a/lib/modules/modules.go b/lib/modules/modules.go
@@ -19,7 +19,9 @@ limitations under the License.
 package modules
 
 import (
+	"crypto/sha256"
 	"fmt"
+	"reflect"
 	"runtime"
 	"sync"
 
@@ -118,7 +120,11 @@ func (p *defaultModules) Features() Features {
 
 // IsBoringBinary checks if the binary was compiled with BoringCrypto.
 func (p *defaultModules) IsBoringBinary() bool {
-	return false
+	// Check the package name for one of the boring primitives, if the package
+	// path is from BoringCrypto, we know this binary was compiled against the
+	// dev.boringcrypto branch of Go.
+	hash := sha256.New()
+	return reflect.TypeOf(hash).Elem().PkgPath() == "crypto/internal/boring"
 }
 
 var (