Google Git
Sign in
coral / mdt / 6a22664c655438f3effeab16f333f6095060ca92^! / .
commit6a22664c655438f3effeab16f333f6095060ca92[log] [tgz]
authorJune Tate-Gans <jtgans@google.com>Thu Mar 14 14:08:59 2019 -0700
committerJune Tate-Gans <jtgans@google.com>Thu Mar 14 14:24:22 2019 -0700
tree93cc92ecf4de6202caa117aef83c76a4044f2504
parent085760350accbcd69b7b8dbb20199ad043e473de [diff]
environment: Add in preliminary support for a whitelisted env

This provides initial support for a whitelisted environment using globbing
similar to the way ssh is configured.

Change-Id: I2d5a70f5fa42522509abd1dd45ac9ec7a1fc17ff

diff --git a/mdt/config.py b/mdt/config.py
index 1f1985e..7678c8d 100644
--- a/mdt/config.py
+++ b/mdt/config.py

@@ -25,6 +25,7 @@
 DEFAULT_USERNAME = "mendel"
 DEFAULT_PASSWORD = "mendel"
 DEFAULT_DISABLE_PASSWD_AUTH = "true"
+DEFAULT_ENV_WHITELIST = "TERM LANG LC_*"
 
 
 class Config:
@@ -70,6 +71,11 @@
             return self.getAttribute("password", DEFAULT_PASSWORD)
         self.setAttribute("password", password)
 
+    def envWhitelist(self, whitelist=None):
+        if not whitelist:
+            return self.getAttribute("env-whitelist", DEFAULT_ENV_WHITELIST)
+        self.setAttribute("env-whitelist", whitelist)
+
     def shouldDisablePasswordAuth(self, disablePasswdAuth=None):
         if disablePasswdAuth == None:
             return self.getAttribute("disable-password-auth",

diff --git a/mdt/sshclient.py b/mdt/sshclient.py
index 90c516b..f12ca77 100644
--- a/mdt/sshclient.py
+++ b/mdt/sshclient.py

@@ -19,6 +19,7 @@
 import os
 import socket
 import time
+import fnmatch
 
 import paramiko
 from paramiko.ssh_exception import AuthenticationException, SSHException
@@ -55,6 +56,7 @@
 
         self.username = self.config.username()
         self.password = self.config.password()
+        self.envWhitelist = self.config.envWhitelist()
 
         if not self.maybeGenerateSshKeys():
             return False
@@ -158,8 +160,17 @@
 
         return True
 
+    def _generateEnvironment(self):
+        environment = {}
+        for pattern in self.envWhitelist.split(' '):
+            for name, value in os.environ.keys():
+                if fnmatch.fnmatch(name, pattern):
+                    environment[name] = value
+        return environment
+
     def openShell(self):
         term = os.getenv("TERM", default="vt100")
+        env = self._generateEnvironment()
         width, height = os.get_terminal_size()
 
         if self._shouldPushKey():
@@ -173,6 +184,9 @@
             allow_agent=False,
             look_for_keys=False,
             compress=True)
+
+        # FIXME(jtgans): Add environment support once all major distributions we
+        # support have added in Paramiko v2.1.x or newer.
         return self.client.invoke_shell(term=term, width=width, height=height)
 
     def shellExec(self, cmd, allocPty=False):