Commit Graph

341 Commits

Author SHA1 Message Date
Brian May
9df7a0a053 Bump version: 1.1.0 → 1.1.1 2022-09-06 08:17:47 +10:00
Bastian Venthur
810b4a3170 added bump2version 2022-09-05 08:24:31 +10:00
Brian May
f8086dfa59 Update flake8 and pyflakes 2022-08-05 08:00:56 +10:00
Scott Kuhl
df98790206 Fix incorrect permissions for /etc/hosts
If we modify /etc/hosts, we read/copy the ownership and permissions
from the existing /etc/hosts before we make our new temporary file
which will eventually overwrite /etc/hosts. If we fail to retrieve the
permissions of the existing /etc/hosts file, we made the temporary
file owned by root 0o600 permissions. It should have 0o644 permissions
so that /etc/hosts has the correct permissions once we rename it.

It is unlikely many encoutered this bug since most machines have
/etc/hosts prior to sshuttle running and we should be able to read the
permission/ownership of that existing file.
2022-06-26 09:36:13 +10:00
Nikos Atlas
93200f7095 add comment and warning 2022-06-03 07:48:44 +10:00
Nikos Atlas
1def53e085 fallback to file editing in case file is locked 2022-06-03 07:48:44 +10:00
Brian May
004365f5c7 Delete stresstest.py
This file has not been touched in years. And looks like it is broken,
e.g. listener.accept() is called after infinite loop.
2022-04-24 18:38:51 +10:00
Brian May
d6fa0c1462 Replace BaseException with Exception
BaseException includes exceptions like SystemExit, KeyboardInterrupt
and GeneratorExit that we should not be catching.
2022-04-24 17:50:05 +10:00
Brian May
9e3209e931 Remove unused flags assignment 2022-04-24 17:40:43 +10:00
Brian May
7d67231faf Update style issues 2022-04-24 17:37:10 +10:00
Brian May
30cdc5e74b Fix LGTM reported issues 2022-04-24 16:43:07 +10:00
Brian May
181bf648a7 Remove useless assignment 2022-04-24 16:11:14 +10:00
Brian May
10341f3ad6 Add missing raise keyword for UDP not supported error 2022-04-24 16:09:55 +10:00
Scott Kuhl
5719d424de Remove --sudoers, improve --sudoers-no-modify
Allowing sshuttle to add/overwrite sudoers configuration file at
locations of the users' choosing adds complexity to the code compared
to asking users to install the sudo configuration themselves. It
requires sshuttle to make decisions about how much effort we put into
ensuring that the file is written to a proper location. The current
method relies on the 'realpath' program which is not installed on
MacOS by default.

There are serious problems when the sudo configuration is used to
allow a user to *only* run sshuttle as root (with or without a
password). First, that user could then use the --sudoers option to
give other users sudo privileges. Second, the user can run any command
as root because sshuttle accepts a --ssh-cmd parameter which allows a
user to specify a program that sshuttle should run. There may also be
additional issues that we have not identified.

By removing the --sudoers option (and the associated sudoers-add
script), this reduces the problems above. This code keeps the
--sudoers-no-modify feature which prints a configuration to stdout for
the user to install. It includes a clear warning about how --ssh-cmd
could potentially be abused to run other programs.

A warning about some of these issues has been in sshuttle since
version 1.1.0. This commit also adds that warning to more locations in
the documentation.
2022-03-13 09:29:56 +11:00
mangano-ito
016919cf95 accept a wildcarded host 2022-02-10 23:32:43 +09:00
Scott Kuhl
0c3b615736 Improve message when bind fails with a IPv6 address
The comments at the end of issue #673 shows an example where sshuttle
exits with an OSError exception when it cannot bind to an IPv6
address. This patch makes a suggestion to try the --disable-ipv6
option instead of the cryptic error message.
2022-02-04 15:20:25 -05:00
Scott Kuhl
0f92735ee5 Make --sudoers option work properly, fix regression in v1.1.0
Commit d6f75fa unintentionally changed the order of some of the
parameters when running the firewall process. This prevented the
--sudoers option from working properly. This patch restores the
previous ordering.

Most discussion was in issue #724. Also fixes #722 and #723.
2022-02-03 13:53:39 -05:00
Brian May
4e43af758d
Merge pull request #708 from skuhl/doas
Allow use of sudo or doas.
2022-01-17 08:04:50 +11:00
Brian May
0ccd243a65
Merge pull request #712 from skuhl/sudo-use-pty-fix
Fix sshuttle when using sudo's use_pty option.
2022-01-10 10:03:55 +11:00
Brian May
9e4822d7b7
Merge pull request #711 from skuhl/wait-for-dns-flush
Fix defunct process after flushing DNS cache.
2022-01-09 20:14:02 +11:00
Scott Kuhl
80a822e079 Fix flake8 and unit test errors introduced by use_pty fixes. 2022-01-07 13:21:16 -05:00
Scott Kuhl
8e826cfa7d Print to console with \r\n line endings.
If we run sudo with the use_pty option, the firewall process is
started in a new pseudoterminal. Other processes that are still
printing to the terminal (i.e., the main sshuttle client process,
messages from the shuttle server) have their output incorreclty
displayed. A newline character simply moves the output to the next
line without returning the cursor to the beginning of the line. Simply
changing all print commands to use \r\n line endings fixes the problem
and does not appear to cause any trouble in other configurations.
2022-01-07 13:13:37 -05:00
Scott Kuhl
286bd3fa80 Make setsid() call in firewall process optional.
We previously called setsid() to ensure that the SIGINT generated by
Ctrl+C went to the main sshuttle process instead of the firewall
process. With the previous commit, we gracefully shutdown if either
the sshuttle process or firewall process receives a SIGINT. Therefore,
the setsid() call is optional. We still try calling setsid() since the
preferred shutdown process involves having the signal go to the main
sshuttle process. However, setsid() will fail if the firewall process
is started with sudo and sudo is configured with the use_pty option.
2022-01-07 12:14:57 -05:00
Scott Kuhl
ae8af71886 Gracefully exit if firewall process receives Ctrl+C/SIGINT.
Typically sshuttle exits by having the main sshuttle client process
terminated. This closes file descriptors which the firewall process
then sees and uses as a cue to cleanup the firewall rules. The
firewall process ignored SIGINT/SIGTERM signals and used setsid() to
prevent Ctrl+C from sending signals to the firewall process.

This patch makes the firewall process accept SIGINT/SIGTERM signals
and then in turn sends a SIGINT signal to the main sshuttle client
process which then triggers a regular shutdown as described above.
This allows a user to manually send a SIGINT/SIGTERM to either
sshuttle process and have it exit gracefully. It also is needed if
setsid() fails (known to occur if sudo's use_pty option is used) and
then the Ctrl+C SIGINT signal goes to the firewall process.

The PID of the sshuttle client process is sent to the firewall
process. Using os.getppid() in the firewall process doesn't correctly
return the sshuttle client PID.
2022-01-07 11:52:39 -05:00
Scott Kuhl
54b80e6ce2 Fix defunct process after flushing DNS cache.
When we flush the DNS cache by calling resolvectl, we should wait for
the process to finish. This ensures that the cache is actually flushed
and prevents the process from showing up as defunct when processes are
listed.
2022-01-07 10:45:17 -05:00
Scott Kuhl
15a8752cc6 Improve error message if tproxy method is used without running as root.
When the tproxy method is used, sshuttle must be run as root:
https://sshuttle.readthedocs.io/en/stable/tproxy.html

Prior to this patch, sshuttle would encounter a exception and print a
message about how a setsockopt() call had a "PermissionError: [Errno 1]
Operation not permitted."

With this patch, we catch this exception, print a more understandable
error message, and exit.

The lack of error message clarity caused at least one bug report: #136
2022-01-04 14:52:21 -05:00
Scott Kuhl
d6f75fae25 Allow use of sudo or doas.
This is an alternative solution to pull request #611.

Previously, sshuttle would use doas on OpenBSD and sudo on Linux.
However, some Linux distributions are opting to use doas.

This patch changes the logic so that there can be multiple attempts to
elevate privilages. If the first command fails to run, it moves on to
the next command. Part of the existing code looked like it might be
attempting to do this, but it didn't work.

It also looks for the presence of doas and sudo in the path. If we can
find doas (but cannot find sudo) or if the platform is OpenBSD, we try
doas first. Otherwise, we try sudo, then doas. We try all the options
until one succeeds (including running the command without sudo or
doas) regardless of what is in the path. I'm open to adjusting
the logic here based on feedback.

If systems have both sudo and doas, they might be configured to give
different users different permissions. For example, if a user wishes
to use doas on this system, sshuttle would try sudo first and the user
would need to enter invalid passwords to eventually cause sudo to fail
and cause sshuttle to then try doas. This might not be ideal, but it
avoids implement another sshuttle argument that the user would need to
specify. Perhaps machines actually using doas will not have sudo
installed?
2021-12-31 14:20:50 -05:00
JohnHay
922d827948 Flake8 does not like if we go over 79 characters on a line. 2021-12-22 06:04:25 +02:00
JohnHay
e6f076e1a5 Make flake8 happy. 2021-12-21 16:12:11 +02:00
JohnHay
2665b67926 Remove the ttl hack to allow the host and server to run on the same machine
from the ipfw method.
2021-12-20 11:52:09 +02:00
JohnHay
0cfee0ba84 ipfw expects text. 2021-12-20 09:20:32 +02:00
JohnHay
f247853f39 Changed one place where the Exception text was still tproxy to ipfw. 2021-12-20 08:58:25 +02:00
JohnHay
7c1f2b08cf Indent the else to the same level as its if. 2021-12-20 08:55:38 +02:00
JohnHay
f65a51bbee Add fport and lport (unused) to the for that parse subnets. Otherwise python
is unhappy with "ValueError: too many values to unpack (expected 4)"
2021-12-20 08:53:34 +02:00
JohnHay
b1ee4f1d65 check-state does not take extra options. 2021-12-20 08:37:15 +02:00
Brian May
b896a4b7f3 Remove references to legacy PyXAPI socket_ext for recvmsg
socket.recvmsg has been in Python since version 3.3 and we don't
support anything older then 3.6 the server side.
2021-11-11 08:01:15 +11:00
a1346054
b95c1f3357
Trim excess whitespace 2021-09-22 12:36:36 +00:00
a1346054
ef244a5490
Fix typos 2021-09-22 12:36:26 +00:00
Brian May
d3fae535cd
Merge pull request #668 from skuhl/use-pty-warning
Improve error message when sudo's use_pty option is enabled.
2021-07-30 07:54:57 +10:00
Scott Kuhl
68a7766d24 Improve error message when sudo's use_pty option is enabled.
If sudo's use_pty is enabled, the setsid() call in firewall.py will
fail (see #664). When I ignore the error, sshuttle does not behave
properly. This patch explains to the user what is happening and
suggests a workaround.

It might be possible to make sshuttle work with use_pty in the future.
2021-07-29 11:49:09 -04:00
Scott Kuhl
09aab1a0fa Print server's python version earlier
Previously, we printed the server's python version in server.py.
Moving it to assembler.py means that it can be printed earlier so that
it can be seen before a potential error that could occur during
assembly. Additionally, the path to the python executable used by the
server was added to the output as well.

An example of where this would be useful: #666
2021-07-29 11:39:37 -04:00
Scott Kuhl
bc065e368d Remove ttl hack & require -r option.
Previously, it was possible to run sshuttle locally without using ssh
and connecting to a remote server. In this configuration, traffic was
redirected to the sshuttle server running on the localhost. However,
the firewall needed to distinguish between traffic leaving the
sshuttle server and traffic that originated from the machine that
still needed to be routed through the sshuttle server. The TTL of the
packets leaving the sshuttle server were manipulated to indicate to
the firewall what should happen. The TTL was adjusted for all packets
leaving the sshuttle server (even if it wasn't necessary because the
server and client were running on different machines).

Changing the TTL caused trouble and some machines, and
the --ttl option was added as a workaround to change how the TTL was
set for traffic leaving sshuttle. All of this added complexity to the
code for a feature (running the server on localhost) that is likely
only used for testing and rarely used by others.

This commit updates the associated documentation, but doesn't fully
fix the ipfw method since I am unable to test that.

This change will also make sshuttle fail to work if -r is used to
specify a localhost. Pull request #610 partially addresses that issue.

For example, see: #240, #490, #660, #606.
2021-07-12 11:24:29 -04:00
Brian May
6ae0b51c61
Merge pull request #658 from skuhl/pfctl-error-report
Print pfctl error message when it returns non-zero.
2021-07-01 08:03:00 +10:00
Scott Kuhl
d7e257642e Print pfctl error message when it returns non-zero.
If pfctl returns non-zero when setting up the firewall, sshuttle exits
and indicates the exit status code. This patch makes it so the output
of pfctl is also printed so the user can get a better idea of what
caused the problem.

For example: issue #491
2021-06-30 14:13:13 -04:00
Kyle
c06581cf83 replace psutil with os 2021-06-23 21:53:03 -04:00
Scott Kuhl
d3f4889f21 fix lint errors 2021-06-02 15:32:04 -04:00
Scott Kuhl
560c6b4ce8 Improve hostwatch robustness and documentation.
If an exception occurs in hostwatch, sshuttle exits. Problems
read/writing the ~/.sshuttle.hosts cache file on the remote machine
would therefore cause sshuttle to exit. With this patch, we simply
continue running without writing/reading the cache file in the remote
home directory. This serves as an alternate fix for
pull request #322 which proposed storing the cache file elsewhere.

A list of included changes:

- If we can't read or write the host cache file on the server,
  continue running. Hosts can be collected through the netstat,
  /etc/hosts, etc and the information can be reconstructed each run if
  a cache file isn't available to read. We write a log() message when
  this occurs.

- Add additional types of exceptions to handle.

- Continue even if we cannot read /etc/hosts on the server.

- Update man page to mention the cache file on the remote host.

- Indicate that messages are related to remote host instead of local
  host.

- Add comments and descriptions to the code.
2021-06-02 15:22:04 -04:00
Scott Kuhl
3f201095ea Merge branch 'master' into nat-ipv6 2021-05-30 21:09:32 -04:00
Brian May
1820264dd5
Merge pull request #647 from skuhl/man-page-updates
Update documentation
2021-05-31 07:48:56 +10:00
Brian May
be847f5d81
Merge pull request #645 from skuhl/hostwatch-remove-dead-code
Remove dead code in hostwatch.py
2021-05-31 07:44:21 +10:00