WIP

Signed-off-by: Percy Wegmann <percy@tailscale.com>

ssh/tailssh/incubator.go

@@ -156,22 +156,6 @@ func (stdRWC) Close() error {
 }
 
 type incubatorArgs struct {
-<<<<<<< HEAD
-	uid          int
-	gid          int
-	groups       string
-	localUser    string
-	remoteUser   string
-	remoteIP     string
-	ttyName      string
-	hasTTY       bool
-	cmdName      string
-	isSFTP       bool
-	isShell      bool
-	loginCmdPath string
-	cmdArgs      []string
-	debugTest    bool
-=======
 	uid        int
 	gid        int
 	groups     string
@@ -184,11 +168,7 @@ type incubatorArgs struct {
 	isSFTP     bool
 	isShell    bool
 	cmdArgs    []string
-	env        []string
-	stdin      io.ReadCloser
-	stdout     io.WriteCloser
-	stderr     io.WriteCloser
->>>>>>> 1993c8fb0 (WIP)
+	debugTest  bool
 }
 
 func parseIncubatorArgs(args []string) (a incubatorArgs) {
@@ -204,11 +184,7 @@ func parseIncubatorArgs(args []string) (a incubatorArgs) {
 	flags.StringVar(&a.cmdName, "cmd", "", "the cmd to launch (ignored in sftp mode)")
 	flags.BoolVar(&a.isShell, "shell", false, "is launching a shell (with no cmds)")
 	flags.BoolVar(&a.isSFTP, "sftp", false, "run sftp server (cmd is ignored)")
-<<<<<<< HEAD
-	flags.StringVar(&a.loginCmdPath, "login-cmd", "", "the path to `login` cmd")
 	flags.BoolVar(&a.debugTest, "debug-test", false, "should debug in test mode")
-=======
->>>>>>> 1993c8fb0 (WIP)
 	flags.Parse(args)
 	a.cmdArgs = flags.Args()
 	return a
@@ -221,10 +197,6 @@ func parseIncubatorArgs(args []string) (a incubatorArgs) {
 //
 // Tailscaled launches the incubator as the same user as it was launched as.
 func beIncubator(args []string) error {
-	return doBeIncubator(args, os.Environ(), os.Stdin, os.Stdout, os.Stderr)
-}
-
-func doBeIncubator(args []string, env []string, stdin io.ReadCloser, stdout, stderr io.WriteCloser) error {
 	// To defend against issues like https://golang.org/issue/1435,
 	// defensively lock our current goroutine's thread to the current
 	// system thread before we start making any UID/GID/group changes.
@@ -235,6 +207,11 @@ func doBeIncubator(args []string, env []string, stdin io.ReadCloser, stdout, std
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
 
+	ia := parseIncubatorArgs(args)
+	if ia.isSFTP && ia.isShell {
+		return fmt.Errorf("--sftp and --shell are mutually exclusive")
+	}
+
 	logf := logger.Discard
 	if debugIncubator {
 		// We don't own stdout or stderr, so the only place we can log is syslog.
@@ -253,15 +230,6 @@ func doBeIncubator(args []string, env []string, stdin io.ReadCloser, stdout, std
 		}
 	}
 
-	ia := parseIncubatorArgs(args)
-	ia.env = env
-	ia.stdin = stdin
-	ia.stdout = stdout
-	ia.stderr = stderr
-	if ia.isSFTP && ia.isShell {
-		return fmt.Errorf("--sftp and --shell are mutually exclusive")
-	}
-
 	if ia.isSFTP {
 		return handleFTP(logf)
 	}
@@ -357,7 +325,7 @@ func tryLoginCmd(logf logger.Logf, ia incubatorArgs) (bool, error) {
 		loginArgs := ia.loginArgs(loginCmdPath)
 		logf("logging in with %s %+v", loginCmdPath, loginArgs)
 		// replace the running process
-		return true, unix.Exec(loginCmdPath, loginArgs, ia.env)
+		return true, unix.Exec(loginCmdPath, loginArgs, os.Environ())
 	}
 
 	return false, nil
@@ -427,7 +395,7 @@ func tryLoginWithSU(logf logger.Logf, ia incubatorArgs) (bool, error) {
 	}
 
 	logf("logging in with %s %+v", su, loginArgs)
-	return true, unix.Exec(su, loginArgs, ia.env)
+	return true, unix.Exec(su, loginArgs, os.Environ())
 }
 
 // handleFTP serves FTP connections.
@@ -465,10 +433,10 @@ func handleDropPrivileges(logf logger.Logf, ia incubatorArgs) error {
 
 	logf("running %s %+v", ia.cmdName, ia.cmdArgs)
 	cmd := exec.Command(ia.cmdName, ia.cmdArgs...)
-	cmd.Stdin = ia.stdin
-	cmd.Stdout = ia.stdout
-	cmd.Stderr = ia.stderr
-	cmd.Env = ia.env
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	cmd.Env = os.Environ()
 
 	if ia.hasTTY {
 		// If we were launched with a tty then we should