New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accept SSH environment variable passing #1173
Conversation
log.err() might be a bit noisy in some situations; this distinguishes between "refused a particular name" and "something went wrong".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi Colin,
This is a great feature, and it's great to see it happening! I noted a few things in the review comments below. You'll need to fix the incompatible interface change and add the missing test coverage before we can land. I'll add that I'm not too familiar with Conch myself, so I'm mostly looking at this from a general Twisted background and might miss Conch-specific stuff.
The ticket mentions implementing OpenSSH's environment filtering behavior. It seems like Conch's default server should do this, though if you prefer to file a follow-up ticket for that it's fine.
Thanks for contributing to Twisted!
Regarding the behaviour of Conch's default server: OpenSSH's default behaviour is to reject all environment variables, and the only default server that I know of that Conch ships is Note that the cited behaviour of OpenSSH in accepting |
FWIW I’d love it if Conch’s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry to have a secondary review that piles on more feedback, but there are a couple of public-interface concerns here which I would really like to see addressed before landing. Thanks again for doing this, this is a hugely useful feature for conch!
When you have addressed feedback, feel free to @ me here, and I'll do my best to re-review promptly to get this integrated.
src/twisted/conch/ssh/session.py
Outdated
@return: A true value if the request to pass this environment | ||
variable was accepted, otherwise a false value. | ||
""" | ||
if not self.sessionSetEnv: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like a good candidate for the "active nothing" pattern, where it's never None
but sometimes it's a specialized no-op implementation that refuses all variables? This pushes some of the conditional logic below into the stub implementation, making it less complex.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer not to do this in this case, because that loses the distinction for logging purposes between "can't set environment variables because doing that isn't implemented" and "can't set environment variables because the implementation said no", which seems to me to be likely to be useful. (Or, if I were to preserve the extra logging, as far as I can see it would make no difference to the complexity of the conditional logic below it: it still needs to cope with the three cases of OK, explicitly-forbidden, and error.)
ValueError is a bit too generic.
@glyph Thanks for the review. I think I've addressed all your comments in one way or another; please re-review? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, all the review feedback has been addressed. I will go ahead and merge (the test failure is a recurring Azure issue unrelated to these changes). Thank you very much!
Contributor Checklist: