Make password prompting more clear.

Based on suggestions by Jason Grossman and Ed Maste on the mailing list. We now add a [local su] prefix to the 'su' password prompt (by cheating and printing it before calling su), and we replace the 'sudo' password prompt with '[local sudo] Password: ' (by using the little-known and hopefully-portable -p option). We no longer call sudo or su if the uid is already 0; otherwise the prefix on the 'su' prompt would look weird, since su wouldn't ask for a password in that case. We don't add a prefix to the ssh password prompt, because it's too hard to tell if there will *be* an ssh password prompt. But people will probably assume that the password request is for the server anyway; few people are likely to think that 'sshuttle -r myhost.com' is going to prompt for the *local* password. Of course none of this is a problem on a modern OS, like Debian, that would say something like "Password for apenwarr@myhost.com:" instead of just "Password:". MacOS doesn't do that, however, so I assume many other OSes also don't. Let's try to help them out.
2024-11-25 09:23:48 +01:00 · 2010-11-08 23:27:02 -08:00 · 2010-11-08 23:27:02 -08:00 · bcf1892305
commit bcf1892305
parent fe742c928d
2 changed files with 12 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -54,8 +54,14 @@ This is how you use it:

 - <tt>./sshuttle -r username@sshserver 0.0.0.0/0 -vv</tt>

+(You may be prompted for one or more passwords; first, the
+local password to become root using either sudo or su, and
+then the remote ssh password.  Or you might have sudo and ssh set
+up to not require passwords, in which case you won't be
+prompted at all.)
+
 That's it!  Now your local machine can access the remote network as if you
-were right there!  And if your "client" machine is a router, everyone on
+were right there.  And if your "client" machine is a router, everyone on
 your local network can make connections to your remote network.

 You don't need to install sshuttle on the remote server;
--- a/client.py
+++ b/client.py
@ -31,7 +31,7 @@ class FirewallClient:
                    ['-v'] * (helpers.verbose or 0) +
                    ['--firewall', str(port)])
        argv_tries = [
-            ['sudo'] + argvbase,
+            ['sudo', '-p', '[local sudo] Password: '] + argvbase,
            ['su', '-c', ' '.join(argvbase)],
            argvbase
        ]
@ -45,8 +45,12 @@ class FirewallClient:
            # run in the child process
            s2.close()
        e = None
+        if os.getuid() == 0:
+            argv_tries = argv_tries[-1:]  # last entry only
        for argv in argv_tries:
            try:
+                if argv[0] == 'su':
+                    sys.stderr.write('[local su] ')
                self.p = ssubprocess.Popen(argv, stdout=s1, preexec_fn=setup)
                e = None
                break