Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read user environment when creating child session #1020

Merged
merged 1 commit into from
May 27, 2017
Merged

Read user environment when creating child session #1020

merged 1 commit into from
May 27, 2017

Conversation

russjones
Copy link
Contributor

Purpose

As covered in #1014, at the moment a new Teleport session only gives you a limited number of environment variables. This PR adds support for reading in of a ~./tsh/environment that contains environment variables that will be loaded before the shell is executed.

Implementation

  • Added a --permit-user-env CLI flag for teleport.
  • Added a permit_user_env field under ssh_service for Teleport file configuration.
  • If either of the above are set, ~/.tsh/environment is read when creating a new child session. Variables in this file are not expanded and lines that start with # or are empty are ignored.

Related Issue

Fixes #1014

@russjones russjones requested review from klizhentas and kontsevoy May 26, 2017 23:21
klizhentas
klizhentas reviewed May 26, 2017
View reviewed changes
lib/srv/exec.go Outdated
// readEnvironmentFile will read environment variables from a passed in location.
// Lines that start with "#" or empty lines are ignored. Assignments are in the
// form name=value and no variable expansion occurs.
func readEnvironmentFile(filename string) ([]string, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would move this to utils

klizhentas
klizhentas reviewed May 26, 2017
View reviewed changes
lib/srv/exec.go Outdated
func readEnvironmentFile(filename string) ([]string, error) {
file, err := os.Open(filename)
if err != nil {
return nil, trace.Wrap(err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trace.ConvertSystemError

klizhentas
klizhentas reviewed May 26, 2017
View reviewed changes
lib/srv/exec.go Outdated
// follow the lead of OpenSSH and don't allow more than 1,000 environment variables
// https://github.com/openssh/openssh-portable/blob/master/session.c#L873-L874
lineno = lineno + 1
if lineno > 1000 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move to constant

klizhentas
klizhentas reviewed May 26, 2017
View reviewed changes
lib/config/configuration.go
@@ -81,6 +81,9 @@ type CommandLineFlags struct {
GopsAddr string
// DiagnosticAddr is listen address for diagnostic endpoint
DiagnosticAddr string
// PermitUserEnvironment enables reading of ~/.tsh/environment
// when creating a new session.
PermitUserEnvironment bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would not make this a boolean flag, rather than a list with files to read with default to .tsh/environment so folks can actually set to something else if they want, e.g. will close the issue #1011

klizhentas
klizhentas reviewed May 26, 2017
View reviewed changes
tool/teleport/common/teleport.go
@@ -105,6 +105,8 @@ func Run(cmdlineArgs []string, testRun bool) (executedCommand string, conf *serv
"Specify gops addr to listen on").Hidden().StringVar(&ccf.GopsAddr)
start.Flag("diag-addr",
"Start diangonstic endpoint on this address").Hidden().StringVar(&ccf.DiagnosticAddr)
start.Flag("permit-user-env",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would make this a flag that accepts values with paths to read, defaulting to ~/.tsh/environment

@russjones russjones force-pushed the rjones/tsh-environment branch from ad0b82e to 397fbcd Compare May 27, 2017 00:02
klizhentas
klizhentas reviewed May 27, 2017
View reviewed changes
lib/srv/exec.go Outdated
// if the server allows reading in of ~/.tsh/environment read it in
// and pass environment variables along to new session
if ctx.srv.PermitUserEnvironment() {
filename := osUser.HomeDir + "/.tsh/environment"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

filepath.Join() instead of +

@russjones russjones force-pushed the rjones/tsh-environment branch from 397fbcd to e0ee27b Compare May 27, 2017 00:04
@russjones
Added support for allowing the reading of a users environment when
78ee5d0 
creating a new child session from ~/.tsh/environment.
@russjones russjones force-pushed the rjones/tsh-environment branch from e0ee27b to 78ee5d0 Compare May 27, 2017 00:07
@russjones russjones merged commit e8514f8 into master May 27, 2017
@russjones russjones deleted the rjones/tsh-environment branch May 27, 2017 00:14
@russjones russjones mentioned this pull request May 27, 2017
Closed
@russjones russjones mentioned this pull request Aug 3, 2017
Open
@russjones russjones mentioned this pull request Mar 17, 2021
Open
@zmb3 zmb3 mentioned this pull request Jan 14, 2022
Open
hatched pushed a commit that referenced this pull request Feb 1, 2023
@ravicious
[v10] Add c- prefix to the OS field of the feedback form (#1009) (#…
b964858 
…1020)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klizhentas klizhentas klizhentas approved these changes

@kontsevoy kontsevoy Awaiting requested review from kontsevoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@russjones @klizhentas