From 3956dc587ba1eb6ef6e9747bfed0586bc09ac58e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?=
 <stephane.lesimple+bastion@ovhcloud.com>
Date: Wed, 6 Apr 2022 14:07:40 +0000
Subject: [PATCH] fix: ttyrec cmdline: don't add --warn-before-* when no
 --idle-*-timeout is specified

---
 lib/perl/OVH/Bastion.pm | 31 ++++++++++++++++++++-----------
 tests/unit/run.pl       |  8 +++-----
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm
index 7e07eae..29b80f1 100644
--- a/lib/perl/OVH/Bastion.pm
+++ b/lib/perl/OVH/Bastion.pm
@@ -1069,15 +1069,11 @@ sub build_ttyrec_cmdline_part1of2 {
     );
     if ($fnret && $fnret->value =~ /yes/) {
         osh_debug("Account is immune to idle, not adding ttyrec commandline parameters");
+        return R('OK', value => {saveFile => $saveFile, cmd => \@ttyrec, idleIgnore => 1});
     }
     else {
-        my $warnBeforeLockSeconds = OVH::Bastion::config('warnBeforeLockSeconds')->value;
-        my $warnBeforeKillSeconds = OVH::Bastion::config('warnBeforeKillSeconds')->value;
-        push @ttyrec, '--warn-before-lock', $warnBeforeLockSeconds if $warnBeforeLockSeconds;
-        push @ttyrec, '--warn-before-kill', $warnBeforeKillSeconds if $warnBeforeKillSeconds;
+        return R('OK', value => {saveFile => $saveFile, cmd => \@ttyrec, idleIgnore => 0});
     }
-
-    return R('OK', value => {saveFile => $saveFile, cmd => \@ttyrec});
 }
 
 # call this after build_ttyrec_cmdline_part1of2, don't forget to
@@ -1096,12 +1092,25 @@ sub build_ttyrec_cmdline_part2of2 {
 
     my @cmd = @{$input->{'cmd'}};
 
-    my $idleLockTimeout = $params{'idleLockTimeout'};
-    my $idleKillTimeout = $params{'idleKillTimeout'};
+    # if account is immune to idle, don't add these params to ttyrec cmdline
+    if (!$input->{'idleIgnore'}) {
+        my $idleLockTimeout = $params{'idleLockTimeout'};
+        if ($idleLockTimeout) {
+            push @cmd, '-t', $idleLockTimeout;
+            push @cmd, '-s', "To unlock, use '--osh unlock' from another console";
 
-    push @cmd, '-k', $idleKillTimeout                                     if $idleKillTimeout;
-    push @cmd, '-t', $idleLockTimeout                                     if $idleLockTimeout;
-    push @cmd, '-s', "To unlock, use '--osh unlock' from another console" if $idleLockTimeout;
+            my $warnBeforeLockSeconds = OVH::Bastion::config('warnBeforeLockSeconds')->value;
+            push @cmd, '--warn-before-lock', $warnBeforeLockSeconds if $warnBeforeLockSeconds;
+        }
+
+        my $idleKillTimeout = $params{'idleKillTimeout'};
+        if ($idleKillTimeout) {
+            push @cmd, '-k', $idleKillTimeout;
+
+            my $warnBeforeKillSeconds = OVH::Bastion::config('warnBeforeKillSeconds')->value;
+            push @cmd, '--warn-before-kill', $warnBeforeKillSeconds if $warnBeforeKillSeconds;
+        }
+    }
 
     my $ttyrecAdditionalParameters = OVH::Bastion::config('ttyrecAdditionalParameters')->value;
     push @cmd, @$ttyrecAdditionalParameters if @$ttyrecAdditionalParameters;
diff --git a/tests/unit/run.pl b/tests/unit/run.pl
index bd061d7..a09c8d2 100755
--- a/tests/unit/run.pl
+++ b/tests/unit/run.pl
@@ -89,8 +89,6 @@ cmp_deeply(
         $fnret->value->{'saveFile'},
         '-F',
         '/home/randomuser/ttyrec/127.0.0.1/%Y-%m-%d.%H-%M-%S.#usec#.cafed00dcafe.bastionuser.randomuser.127.0.0.1.7979.ttyrec',
-        '-k',
-        29,
         '-t',
         17,
         '-s',
@@ -147,12 +145,12 @@ cmp_deeply(
         $fnret->value->{'saveFile'},
         '-F',
         '/home/randomuser/ttyrec/127.0.0.1/%Y-%m-%d.%H-%M-%S.#usec#.cafed00dcafe.bastionuser.randomuser.127.0.0.1.7979.ttyrec',
-        '-k',
-        88,
         '-t',
         99,
         '-s',
-        "To unlock, use '--osh unlock' from another console"
+        "To unlock, use '--osh unlock' from another console",
+        '-k',
+        88,
     ],
     "build_ttyrec_cmdline_part2of2 cmd"
 );