extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2025-04-10 18:48:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: Updates sudoers config according to executable

Browse Source 
- Sudoers config has not been working since the firewall command was updated in 32fceefa.
- This is to update the command for sudoers to keep it similar to what the client executes.
This commit is contained in:
Vighnesh Pathrikar 2025-04-05 02:17:57 +05:30 committed by GitHub
parent e2624f533f
commit 934fac9d6c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
sshuttle/sudoers.py
View File

@ -5,7 +5,15 @@ from uuid import uuid4
def build_config(user_name):
template = '''
"""Generates a sudoers configuration to allow passwordless execution of sshuttle."""
argv0 = os.path.abspath(sys.argv[0])
is_python_script = argv0.endswith('.py')
executable = f"{sys.executable} {argv0}" if is_python_script else argv0
dist_packages = os.path.dirname(os.path.abspath(__file__))
cmd_alias = f"SSHUTTLE{uuid4().hex[-3:].upper()}"
template = f"""
# WARNING: If you intend to restrict a user to only running the
# sshuttle command as root, THIS CONFIGURATION IS INSECURE.
# When a user can run sshuttle as root (with or without a password),
@ -16,27 +24,18 @@ def build_config(user_name):
# sshuttle without needing to enter a sudo password. To use this
# configuration, run 'visudo /etc/sudoers.d/sshuttle_auto' as root and
# paste this text into the editor that it opens. If you want to give
# multiple users these privileges, you may wish to use use different
# multiple users these privileges, you may wish to use different
# filenames for each one (i.e., /etc/sudoers.d/sshuttle_auto_john).
# This configuration was initially generated by the
# 'sshuttle --sudoers-no-modify' command.
Cmnd_Alias %(ca)s = /usr/bin/env PYTHONPATH=%(dist_packages)s %(py)s %(path)s *
Cmnd_Alias {cmd_alias} = /usr/bin/env PYTHONPATH={dist_packages} {executable} *
%(user_name)s ALL=NOPASSWD: %(ca)s
'''
{user_name} ALL=NOPASSWD: {cmd_alias}
"""
content = template % {
# randomize command alias to avoid collisions
'ca': 'SSHUTTLE%(num)s' % {'num': uuid4().hex[-3:].upper()},
'dist_packages': os.path.dirname(os.path.abspath(__file__))[:-9],
'py': sys.executable,
'path': sys.argv[0],
'user_name': user_name,
}
return content
return template
def sudoers(user_name=None):