From 49ee2cbe29463251d49fff4216a2f8e000411b58 Mon Sep 17 00:00:00 2001
From: Tin Lai <tin@tinyiu.com>
Date: Mon, 28 Oct 2024 13:41:05 +1000
Subject: [PATCH 1/2] remove checking for parent process

Signed-off-by: Tin Lai <tin@tinyiu.com>
---
 cli/agent/systemauth/systemauth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cli/agent/systemauth/systemauth.go b/cli/agent/systemauth/systemauth.go
index eb0c868..c8884e2 100644
--- a/cli/agent/systemauth/systemauth.go
+++ b/cli/agent/systemauth/systemauth.go
@@ -55,7 +55,7 @@ func (s *SessionStore) CreateSession(pid int, parentpid int, grandparentpid int,
 
 func (s *SessionStore) verifySession(ctx sockets.CallingContext, sessionType SessionType) bool {
 	for _, session := range s.Store {
-		if session.ParentPid == ctx.ParentProcessPid && session.GrandParentPid == ctx.GrandParentProcessPid && session.sessionType == sessionType {
+		if session.sessionType == sessionType {
 			if session.Expires.After(time.Now()) {
 				return true
 			}

From cffa65012423bbd8609ff2f7725829925c93b50a Mon Sep 17 00:00:00 2001
From: Tin Lai <tin@tinyiu.com>
Date: Fri, 1 Nov 2024 09:57:59 +1000
Subject: [PATCH 2/2] only check for ancestor if the session is not a ssh
 session

Signed-off-by: Tin Lai <tin@tinyiu.com>
---
 cli/agent/systemauth/systemauth.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/cli/agent/systemauth/systemauth.go b/cli/agent/systemauth/systemauth.go
index c8884e2..0f2964e 100644
--- a/cli/agent/systemauth/systemauth.go
+++ b/cli/agent/systemauth/systemauth.go
@@ -56,8 +56,11 @@ func (s *SessionStore) CreateSession(pid int, parentpid int, grandparentpid int,
 func (s *SessionStore) verifySession(ctx sockets.CallingContext, sessionType SessionType) bool {
 	for _, session := range s.Store {
 		if session.sessionType == sessionType {
-			if session.Expires.After(time.Now()) {
-				return true
+			// only check for ancestor if the session is not a ssh session
+			if sessionType == SSHKey || (session.ParentPid == ctx.ParentProcessPid && session.GrandParentPid == ctx.GrandParentProcessPid) {
+				if session.Expires.After(time.Now()) {
+					return true
+				}
 			}
 		}
 	}