From cffa65012423bbd8609ff2f7725829925c93b50a Mon Sep 17 00:00:00 2001
From: Tin Lai <tin@tinyiu.com>
Date: Fri, 1 Nov 2024 09:57:59 +1000
Subject: [PATCH] only check for ancestor if the session is not a ssh session

Signed-off-by: Tin Lai <tin@tinyiu.com>
---
 cli/agent/systemauth/systemauth.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/cli/agent/systemauth/systemauth.go b/cli/agent/systemauth/systemauth.go
index c8884e2..0f2964e 100644
--- a/cli/agent/systemauth/systemauth.go
+++ b/cli/agent/systemauth/systemauth.go
@@ -56,8 +56,11 @@ func (s *SessionStore) CreateSession(pid int, parentpid int, grandparentpid int,
 func (s *SessionStore) verifySession(ctx sockets.CallingContext, sessionType SessionType) bool {
 	for _, session := range s.Store {
 		if session.sessionType == sessionType {
-			if session.Expires.After(time.Now()) {
-				return true
+			// only check for ancestor if the session is not a ssh session
+			if sessionType == SSHKey || (session.ParentPid == ctx.ParentProcessPid && session.GrandParentPid == ctx.GrandParentProcessPid) {
+				if session.Expires.After(time.Now()) {
+					return true
+				}
 			}
 		}
 	}