Feature - allow passing environment variables, user-name and password

[asegu]

Changes made to satisfy a personal use-case:

Running GoTTY with "-c user:pass login -p %u" (+ config file for TLS), and accessing GoTTY via a url similar to https://example.com/?env=GOTTY=present&env=TMUXname=asession

This, in combination with some edits in .bashrc allows me to login to a TMUX session named on the URL.
Reasoning about login: extra layer of security - don't allow brute force of real password via GoTTY / don't put real password in config, but also skip retyping the user-name.

Note: feature added to 1.0 release as had started looking at code before it was branched off, started looking at how to implement this with the current master branch, but my build environment is not working for this branch at the moment (go objecting to use of "*http.Server ServeTLS(...)" for no good reason I can see)

[yudai]

Thank you for the PR.
Does the --permit-arguments + some scripting satisfy your use case? You can use a URL with parameters like http://localhost:8080/?arg=asession&arg=whatever. And your script can get those parameter and set some context such as env variables, then you can exec login.

Note: feature added to 1.0 release as had started looking at code before it was branched off, started looking at how to implement this with the current master branch, but my build environment is not working for this branch at the moment (go objecting to use of "*http.Server ServeTLS(...)" for no good reason I can see)

You need go1.9, which newly introduced ServeTLS().

[asegu]

I tried, and yes, I could fulfill my needs by passing arguments to a script which prepares the needed environment variable.

I have to say, I still find the ability to pass in environment variables elegant:

• there's no secondary script
• The Variable=Value format allows direct access to variables without extra parsing

It is tending (if also combining the set uid/gid aspect of #167) to bring it such that you can control all elements of the program started by GoTTY.

[yudai]

@asegu Thanks for the reply.
I think that letting clients set environment variables directly is unacceptable for security reason. Environment variables are used for many purposes so if a client give an unexpected variable for the user of GoTTY, it can be a volubility. Just like GoTTY accepts a basic auth credentials by an environment variable, other applications can have sensitive environment variables as well (as for login, clients do anything on their session, so the impact is minimum).
At least, we need a white list of variable names that clients can overwrite.

Wondering if named args can be useful, like:

Run gotty with gotty some-command --mode {{mode}} some-sub-command {{target}} , then you can give http://localhost:8080/?mode=m0&target=t0.

When you want to set env variables, you may run gotty like below?

gotty env tmux={{tmux}} login