[MERGE] NotATerminal considered harmful

Jelmer Vernooij jelmer at samba.org
Fri Apr 3 14:21:42 BST 2009 

Vincent Ladeuil wrote:
> Keeping the first cover letter as it still applies.
>   
>>>>>> "vila" == Vincent Ladeuil <v.ladeuil+lp at free.fr> writes:
>>>>>>             
>
>     vila> We need to query the user name to fix
>     vila> https://bugs.launchpad.net/bzr/+bug/256612.
>
>     vila> Jelmer is working on implementing ui.get_username() and while
>     vila> discussing his patch we came to the conclusion that a bit of
>     vila> refactoring was needed at the CLIUIFactory level.
>
>     vila> Currently, CLIUIFactory mandates that stdin is a tty and raise
>     vila> NotATerminal otherwise.
>
>     vila> But it does so only when trying to get a password, not when
>     vila> asking for a 'y/n' boolean.
>
>     vila> It also doesn't care about the terminal encoding *except* when
>     vila> querying for the password. It doesn't care about the terminal
>     vila> encoding to encode the queried password either (but I don't
>     vila> address that here).
>
>     vila> Checking the terminal and encoding the prompt sounds logically
>     vila> like prompt() responsibility so I did that first.
>
>     vila> Some tests began to fail then because they expected to be able to
>     vila> query for booleans even when stdin was redirected.
>
>     vila> At that point I realized that redirecting stdin was more useful
>     vila> than requiring the use of a real terminal (even for password
>     vila> handling)
>
>     vila> So unless somebody can show me a security problem doing so, I'd
>     vila> like to get rid of that constraint since it isn't implemented for
>     vila> all cases (the alternative is to fix the offending tests, err,
>     vila> test (blackbox test break-lock).)
>
>     vila> The attached patch does:
>
>     vila> - delete the NotATerminal exception,
>
>     vila> - factors out the terminal encoding handling in prompt()
>
>     vila> - simplify get_non_echoed_password() which is CLIUIFactory
>     vila>   specific,
>
>     vila> - clean up some duplications.
>
>     vila> I checked bzr-gtk and qbzr and they are not impacted by these
>     vila> changes so I don't think I need the deprecation dance for
>     vila> NotATerminal, get_prompt and get_non_echoed_password.
>
> Yet, this patch didn't allow bzr to reliably query a password if run
> with no terminal.
>
> The attached one does.
>
> I couldn't find a way to reliably simulate running without a terminal
> while running from a terminal while still making getpass.gepass believes
> it was running without a terminal (simulating isatty() is not enough
> since getpass() then uses termios tricks and 2.5 and 2.6 do that
> differently...) and I thought it wasn't really worth the effort because,
> in the end, people running bzr with no controlling terminals are
> unlikely to do so with branches requiring authentication, and if they
> do, they'll get a authentication error anyway (giving them a
> NotATerminal traceback is just hiding the real cause).
>   
bb:approve

Cheers,

Jelmer

More information about the bazaar mailing list