Commit Graph

917 Commits

Author SHA1 Message Date
3d51bcba95 Move release notes to github v1.1.0 2022-01-28 09:27:47 +11:00
3331159821 Merge pull request #719 from sshuttle/revert-713-dependabot/pip/sphinx-4.4.0
Revert "Bump sphinx from 4.3.2 to 4.4.0"
2022-01-22 09:46:01 +11:00
d23a0fd2c5 Revert "Bump sphinx from 4.3.2 to 4.4.0" 2022-01-22 09:44:59 +11:00
164ceac198 Merge pull request #713 from sshuttle/dependabot/pip/sphinx-4.4.0
Bump sphinx from 4.3.2 to 4.4.0
2022-01-22 09:13:26 +11:00
ecc2d68a06 Bump sphinx from 4.3.2 to 4.4.0
Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.3.2 to 4.4.0.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v4.3.2...v4.4.0)

---
updated-dependencies:
- dependency-name: sphinx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-20 20:09:06 +00:00
f1bae5ea04 Merge pull request #718 from sshuttle/dependabot/pip/setuptools-scm-6.4.2
Bump setuptools-scm from 6.4.1 to 6.4.2
2022-01-21 07:08:14 +11:00
be667c7854 Bump setuptools-scm from 6.4.1 to 6.4.2
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 6.4.1 to 6.4.2.
- [Release notes](https://github.com/pypa/setuptools_scm/releases)
- [Changelog](https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/setuptools_scm/compare/v6.4.1...v6.4.2)

---
updated-dependencies:
- dependency-name: setuptools-scm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-20 10:08:39 +00:00
952336f97b Merge pull request #717 from sshuttle/dependabot/pip/setuptools-scm-6.4.1
Bump setuptools-scm from 6.4.0 to 6.4.1
2022-01-20 07:53:39 +11:00
0890ebd383 Bump setuptools-scm from 6.4.0 to 6.4.1
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/pypa/setuptools_scm/releases)
- [Changelog](https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/setuptools_scm/compare/v6.4.0...v6.4.1)

---
updated-dependencies:
- dependency-name: setuptools-scm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-19 10:12:35 +00:00
d593e8c4f7 Merge pull request #714 from sshuttle/dependabot/pip/setuptools-scm-6.4.0
Bump setuptools-scm from 6.3.2 to 6.4.0
2022-01-19 07:45:36 +11:00
9429f387ea Bump setuptools-scm from 6.3.2 to 6.4.0
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 6.3.2 to 6.4.0.
- [Release notes](https://github.com/pypa/setuptools_scm/releases)
- [Changelog](https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/setuptools_scm/compare/v6.3.2...v6.4.0)

---
updated-dependencies:
- dependency-name: setuptools-scm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-18 10:12:20 +00:00
4e43af758d Merge pull request #708 from skuhl/doas
Allow use of sudo or doas.
2022-01-17 08:04:50 +11:00
0ccd243a65 Merge pull request #712 from skuhl/sudo-use-pty-fix
Fix sshuttle when using sudo's use_pty option.
2022-01-10 10:03:55 +11:00
9e4822d7b7 Merge pull request #711 from skuhl/wait-for-dns-flush
Fix defunct process after flushing DNS cache.
2022-01-09 20:14:02 +11:00
80a822e079 Fix flake8 and unit test errors introduced by use_pty fixes. 2022-01-07 13:21:16 -05:00
8e826cfa7d Print to console with \r\n line endings.
If we run sudo with the use_pty option, the firewall process is
started in a new pseudoterminal. Other processes that are still
printing to the terminal (i.e., the main sshuttle client process,
messages from the shuttle server) have their output incorreclty
displayed. A newline character simply moves the output to the next
line without returning the cursor to the beginning of the line. Simply
changing all print commands to use \r\n line endings fixes the problem
and does not appear to cause any trouble in other configurations.
2022-01-07 13:13:37 -05:00
286bd3fa80 Make setsid() call in firewall process optional.
We previously called setsid() to ensure that the SIGINT generated by
Ctrl+C went to the main sshuttle process instead of the firewall
process. With the previous commit, we gracefully shutdown if either
the sshuttle process or firewall process receives a SIGINT. Therefore,
the setsid() call is optional. We still try calling setsid() since the
preferred shutdown process involves having the signal go to the main
sshuttle process. However, setsid() will fail if the firewall process
is started with sudo and sudo is configured with the use_pty option.
2022-01-07 12:14:57 -05:00
ae8af71886 Gracefully exit if firewall process receives Ctrl+C/SIGINT.
Typically sshuttle exits by having the main sshuttle client process
terminated. This closes file descriptors which the firewall process
then sees and uses as a cue to cleanup the firewall rules. The
firewall process ignored SIGINT/SIGTERM signals and used setsid() to
prevent Ctrl+C from sending signals to the firewall process.

This patch makes the firewall process accept SIGINT/SIGTERM signals
and then in turn sends a SIGINT signal to the main sshuttle client
process which then triggers a regular shutdown as described above.
This allows a user to manually send a SIGINT/SIGTERM to either
sshuttle process and have it exit gracefully. It also is needed if
setsid() fails (known to occur if sudo's use_pty option is used) and
then the Ctrl+C SIGINT signal goes to the firewall process.

The PID of the sshuttle client process is sent to the firewall
process. Using os.getppid() in the firewall process doesn't correctly
return the sshuttle client PID.
2022-01-07 11:52:39 -05:00
54b80e6ce2 Fix defunct process after flushing DNS cache.
When we flush the DNS cache by calling resolvectl, we should wait for
the process to finish. This ensures that the cache is actually flushed
and prevents the process from showing up as defunct when processes are
listed.
2022-01-07 10:45:17 -05:00
b00f2e0a68 Merge pull request #710 from skuhl/tproxy-check-root
Improve error message if tproxy method is used without running as root.
2022-01-06 10:26:27 +11:00
15a8752cc6 Improve error message if tproxy method is used without running as root.
When the tproxy method is used, sshuttle must be run as root:
https://sshuttle.readthedocs.io/en/stable/tproxy.html

Prior to this patch, sshuttle would encounter a exception and print a
message about how a setsockopt() call had a "PermissionError: [Errno 1]
Operation not permitted."

With this patch, we catch this exception, print a more understandable
error message, and exit.

The lack of error message clarity caused at least one bug report: #136
2022-01-04 14:52:21 -05:00
a2776cbbd9 Upgrade Sphinx version 2022-01-04 11:47:35 +11:00
44b772d049 Add readthedocs config 2022-01-04 11:38:07 +11:00
ae1faa7fa1 Merge pull request #709 from skuhl/tproxy-doc-fix
Minor improvement to tproxy documentation.
2022-01-02 12:02:33 +11:00
175da40db7 Fix typo in tproxy documentation.
"IPv6 DNS" was listed twice.
2021-12-31 14:54:17 -05:00
e11db3980f Minor improvement to tproxy documentation.
Previously, tproxy was unique in its support of IPv6. Now, many
sshuttle methods support IPv6 and tproxy remains the only option that
supports UDP.
2021-12-31 14:31:54 -05:00
d6f75fae25 Allow use of sudo or doas.
This is an alternative solution to pull request #611.

Previously, sshuttle would use doas on OpenBSD and sudo on Linux.
However, some Linux distributions are opting to use doas.

This patch changes the logic so that there can be multiple attempts to
elevate privilages. If the first command fails to run, it moves on to
the next command. Part of the existing code looked like it might be
attempting to do this, but it didn't work.

It also looks for the presence of doas and sudo in the path. If we can
find doas (but cannot find sudo) or if the platform is OpenBSD, we try
doas first. Otherwise, we try sudo, then doas. We try all the options
until one succeeds (including running the command without sudo or
doas) regardless of what is in the path. I'm open to adjusting
the logic here based on feedback.

If systems have both sudo and doas, they might be configured to give
different users different permissions. For example, if a user wishes
to use doas on this system, sshuttle would try sudo first and the user
would need to enter invalid passwords to eventually cause sudo to fail
and cause sshuttle to then try doas. This might not be ideal, but it
avoids implement another sshuttle argument that the user would need to
specify. Perhaps machines actually using doas will not have sudo
installed?
2021-12-31 14:20:50 -05:00
354cbe6071 Merge pull request #705 from JohnHay/ipfw
Make ipfw method work
2021-12-24 10:10:02 +11:00
922d827948 Flake8 does not like if we go over 79 characters on a line. 2021-12-22 06:04:25 +02:00
e6f076e1a5 Make flake8 happy. 2021-12-21 16:12:11 +02:00
2665b67926 Remove the ttl hack to allow the host and server to run on the same machine
from the ipfw method.
2021-12-20 11:52:09 +02:00
0cfee0ba84 ipfw expects text. 2021-12-20 09:20:32 +02:00
f247853f39 Changed one place where the Exception text was still tproxy to ipfw. 2021-12-20 08:58:25 +02:00
7c1f2b08cf Indent the else to the same level as its if. 2021-12-20 08:55:38 +02:00
f65a51bbee Add fport and lport (unused) to the for that parse subnets. Otherwise python
is unhappy with "ValueError: too many values to unpack (expected 4)"
2021-12-20 08:53:34 +02:00
b1ee4f1d65 check-state does not take extra options. 2021-12-20 08:37:15 +02:00
4f20efd592 Merge pull request #702 from sshuttle/dependabot/github_actions/actions/setup-python-2.3.1
Bump actions/setup-python from 2.3.0 to 2.3.1
2021-12-01 08:44:47 +11:00
fa0de2d1b7 Bump actions/setup-python from 2.3.0 to 2.3.1
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-30 10:07:48 +00:00
01415dc52e Merge pull request #700 from sshuttle/dependabot/github_actions/actions/setup-python-2.3.0
Bump actions/setup-python from 2.2.2 to 2.3.0
2021-11-19 09:31:07 +11:00
9257077b4e Bump actions/setup-python from 2.2.2 to 2.3.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.2.2 to 2.3.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2.2.2...v2.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-18 10:09:21 +00:00
b896a4b7f3 Remove references to legacy PyXAPI socket_ext for recvmsg
socket.recvmsg has been in Python since version 3.3 and we don't
support anything older then 3.6 the server side.
2021-11-11 08:01:15 +11:00
fca9bd6478 Merge pull request #695 from sshuttle/dependabot/github_actions/actions/checkout-2.4.0
Bump actions/checkout from 2.3.5 to 2.4.0
2021-11-04 07:57:40 +11:00
42bb67b050 Bump actions/checkout from 2.3.5 to 2.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-03 10:08:19 +00:00
b7800dadda Merge pull request #694 from cclauss/patch-1
pythonpackage.yml: Add Python 3.10 to the testing
2021-11-02 16:59:58 +11:00
3de631abec pythonpackage.yml: Add Python 3.10 to the testing 2021-11-01 19:35:57 +01:00
35382a98a7 Merge pull request #689 from sshuttle/dependabot/github_actions/actions/checkout-2.3.5
Bump actions/checkout from 2.3.4 to 2.3.5
2021-10-19 07:50:09 +11:00
bebfa45626 Bump actions/checkout from 2.3.4 to 2.3.5
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-18 10:11:32 +00:00
387dd4775b Merge pull request #687 from sshuttle/dependabot/pip/flake8-4.0.1
Bump flake8 from 4.0.0 to 4.0.1
2021-10-12 07:40:16 +11:00
f5cf79893a Bump flake8 from 4.0.0 to 4.0.1
Bumps [flake8](https://github.com/pycqa/flake8) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/pycqa/flake8/releases)
- [Commits](https://github.com/pycqa/flake8/compare/4.0.0...4.0.1)

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-11 20:38:33 +00:00
86a651099e Bump pyflakes from 2.3.1 to 2.4.0
Bumps [pyflakes](https://github.com/PyCQA/pyflakes) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/PyCQA/pyflakes/releases)
- [Changelog](https://github.com/PyCQA/pyflakes/blob/master/NEWS.rst)
- [Commits](https://github.com/PyCQA/pyflakes/compare/2.3.1...2.4.0)

---
updated-dependencies:
- dependency-name: pyflakes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 07:36:53 +11:00