diff --git a/client.py b/client.py index b9555f1..8946a69 100644 --- a/client.py +++ b/client.py @@ -1,25 +1,10 @@ import struct, socket, select, errno, re, signal import compat.ssubprocess as ssubprocess -import helpers, ssnet, ssh +import helpers, ssnet, ssh, ssyslog from ssnet import SockWrapper, Handler, Proxy, Mux, MuxWrapper from helpers import * -_loggerp = None -def start_syslog(): - global _loggerp - _loggerp = ssubprocess.Popen(['logger', - '-p', 'daemon.info', - '-t', 'sshuttle'], stdin=ssubprocess.PIPE) - - -def stderr_to_syslog(): - sys.stdout.flush() - sys.stderr.flush() - os.dup2(_loggerp.stdin.fileno(), 1) - os.dup2(_loggerp.stdin.fileno(), 2) - - def got_signal(signum, frame): log('exiting on signal %d\n' % signum) sys.exit(1) @@ -77,10 +62,10 @@ def daemonize(): si = open('/dev/null', 'r+') os.dup2(si.fileno(), 0) + os.dup2(si.fileno(), 1) si.close() - stderr_to_syslog() - log('daemonizing (%s).\n' % _pidname) + ssyslog.stderr_to_syslog() def daemon_cleanup(): @@ -118,6 +103,8 @@ class FirewallClient: argvbase = ([sys.argv[0]] + ['-v'] * (helpers.verbose or 0) + ['--firewall', str(port)]) + if ssyslog._p: + argvbase += ['--syslog'] argv_tries = [ ['sudo', '-p', '[local sudo] Password: '] + argvbase, ['su', '-c', ' '.join(argvbase)], @@ -197,7 +184,7 @@ def _main(listener, fw, ssh_cmd, remotename, python, seed_hosts, auto_nets, try: (serverproc, serversock) = ssh.connect(ssh_cmd, remotename, python, - stderr=_loggerp.stdin) + stderr=ssyslog._p and ssyslog._p.stdin) except socket.error, e: if e.errno == errno.EPIPE: raise Fatal("failed to establish ssh session") @@ -219,8 +206,10 @@ def _main(listener, fw, ssh_cmd, remotename, python, seed_hosts, auto_nets, debug1('connected.\n') if daemon: daemonize() + log('daemonizing (%s).\n' % _pidname) elif syslog: - stderr_to_syslog() + debug1('switching to syslog.\n') + ssyslog.stderr_to_syslog() def onroutes(routestr): if auto_nets: @@ -279,7 +268,7 @@ def _main(listener, fw, ssh_cmd, remotename, python, seed_hosts, auto_nets, def main(listenip, ssh_cmd, remotename, python, seed_hosts, auto_nets, subnets_include, subnets_exclude, syslog, daemon, pidfile): if syslog: - start_syslog() + ssyslog.start_syslog() if daemon: try: check_daemon(pidfile) diff --git a/firewall.py b/firewall.py index 36ba768..044ac52 100644 --- a/firewall.py +++ b/firewall.py @@ -1,6 +1,6 @@ import re, errno import compat.ssubprocess as ssubprocess -import helpers +import helpers, ssyslog from helpers import * @@ -216,7 +216,7 @@ def restore_etc_hosts(port): # exit. In case that fails, it's not the end of the world; future runs will # supercede it in the transproxy list, at least, so the leftover rules # are hopefully harmless. -def main(port): +def main(port, syslog): assert(port > 0) assert(port <= 65535) @@ -235,6 +235,10 @@ def main(port): # can read from it. os.dup2(1, 0) + if syslog: + ssyslog.start_syslog() + ssyslog.stderr_to_syslog() + debug1('firewall manager ready.\n') sys.stdout.write('READY\n') sys.stdout.flush() diff --git a/main.py b/main.py index 1c96340..04495e1 100755 --- a/main.py +++ b/main.py @@ -82,7 +82,7 @@ try: elif opt.firewall: if len(extra) != 1: o.fatal('exactly one argument expected') - sys.exit(firewall.main(int(extra[0]))) + sys.exit(firewall.main(int(extra[0]), opt.syslog)) elif opt.hostwatch: sys.exit(hostwatch.hw_main(extra)) else: diff --git a/ssyslog.py b/ssyslog.py new file mode 100644 index 0000000..9958c9d --- /dev/null +++ b/ssyslog.py @@ -0,0 +1,16 @@ +import sys, os +from compat import ssubprocess + + +_p = None +def start_syslog(): + global _p + _p = ssubprocess.Popen(['logger', + '-p', 'daemon.info', + '-t', 'sshuttle'], stdin=ssubprocess.PIPE) + + +def stderr_to_syslog(): + sys.stdout.flush() + sys.stderr.flush() + os.dup2(_p.stdin.fileno(), 2)