Commit Graph

1091 Commits

Author SHA1 Message Date
Scott Kuhl
d6f75fae25 Allow use of sudo or doas.
This is an alternative solution to pull request #611.

Previously, sshuttle would use doas on OpenBSD and sudo on Linux.
However, some Linux distributions are opting to use doas.

This patch changes the logic so that there can be multiple attempts to
elevate privilages. If the first command fails to run, it moves on to
the next command. Part of the existing code looked like it might be
attempting to do this, but it didn't work.

It also looks for the presence of doas and sudo in the path. If we can
find doas (but cannot find sudo) or if the platform is OpenBSD, we try
doas first. Otherwise, we try sudo, then doas. We try all the options
until one succeeds (including running the command without sudo or
doas) regardless of what is in the path. I'm open to adjusting
the logic here based on feedback.

If systems have both sudo and doas, they might be configured to give
different users different permissions. For example, if a user wishes
to use doas on this system, sshuttle would try sudo first and the user
would need to enter invalid passwords to eventually cause sudo to fail
and cause sshuttle to then try doas. This might not be ideal, but it
avoids implement another sshuttle argument that the user would need to
specify. Perhaps machines actually using doas will not have sudo
installed?
2021-12-31 14:20:50 -05:00
Brian May
354cbe6071
Merge pull request #705 from JohnHay/ipfw
Make ipfw method work
2021-12-24 10:10:02 +11:00
JohnHay
922d827948 Flake8 does not like if we go over 79 characters on a line. 2021-12-22 06:04:25 +02:00
JohnHay
e6f076e1a5 Make flake8 happy. 2021-12-21 16:12:11 +02:00
JohnHay
2665b67926 Remove the ttl hack to allow the host and server to run on the same machine
from the ipfw method.
2021-12-20 11:52:09 +02:00
JohnHay
0cfee0ba84 ipfw expects text. 2021-12-20 09:20:32 +02:00
JohnHay
f247853f39 Changed one place where the Exception text was still tproxy to ipfw. 2021-12-20 08:58:25 +02:00
JohnHay
7c1f2b08cf Indent the else to the same level as its if. 2021-12-20 08:55:38 +02:00
JohnHay
f65a51bbee Add fport and lport (unused) to the for that parse subnets. Otherwise python
is unhappy with "ValueError: too many values to unpack (expected 4)"
2021-12-20 08:53:34 +02:00
JohnHay
b1ee4f1d65 check-state does not take extra options. 2021-12-20 08:37:15 +02:00
Brian May
4f20efd592
Merge pull request #702 from sshuttle/dependabot/github_actions/actions/setup-python-2.3.1
Bump actions/setup-python from 2.3.0 to 2.3.1
2021-12-01 08:44:47 +11:00
dependabot[bot]
fa0de2d1b7
Bump actions/setup-python from 2.3.0 to 2.3.1
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-30 10:07:48 +00:00
Brian May
01415dc52e
Merge pull request #700 from sshuttle/dependabot/github_actions/actions/setup-python-2.3.0
Bump actions/setup-python from 2.2.2 to 2.3.0
2021-11-19 09:31:07 +11:00
dependabot[bot]
9257077b4e
Bump actions/setup-python from 2.2.2 to 2.3.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.2.2 to 2.3.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2.2.2...v2.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-18 10:09:21 +00:00
Brian May
b896a4b7f3 Remove references to legacy PyXAPI socket_ext for recvmsg
socket.recvmsg has been in Python since version 3.3 and we don't
support anything older then 3.6 the server side.
2021-11-11 08:01:15 +11:00
Brian May
fca9bd6478
Merge pull request #695 from sshuttle/dependabot/github_actions/actions/checkout-2.4.0
Bump actions/checkout from 2.3.5 to 2.4.0
2021-11-04 07:57:40 +11:00
dependabot[bot]
42bb67b050
Bump actions/checkout from 2.3.5 to 2.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.5...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-03 10:08:19 +00:00
Brian May
b7800dadda
Merge pull request #694 from cclauss/patch-1
pythonpackage.yml: Add Python 3.10 to the testing
2021-11-02 16:59:58 +11:00
Christian Clauss
3de631abec
pythonpackage.yml: Add Python 3.10 to the testing 2021-11-01 19:35:57 +01:00
Brian May
35382a98a7
Merge pull request #689 from sshuttle/dependabot/github_actions/actions/checkout-2.3.5
Bump actions/checkout from 2.3.4 to 2.3.5
2021-10-19 07:50:09 +11:00
dependabot[bot]
bebfa45626
Bump actions/checkout from 2.3.4 to 2.3.5
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-18 10:11:32 +00:00
Brian May
387dd4775b
Merge pull request #687 from sshuttle/dependabot/pip/flake8-4.0.1
Bump flake8 from 4.0.0 to 4.0.1
2021-10-12 07:40:16 +11:00
dependabot[bot]
f5cf79893a
Bump flake8 from 4.0.0 to 4.0.1
Bumps [flake8](https://github.com/pycqa/flake8) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/pycqa/flake8/releases)
- [Commits](https://github.com/pycqa/flake8/compare/4.0.0...4.0.1)

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-11 20:38:33 +00:00
dependabot[bot]
86a651099e Bump pyflakes from 2.3.1 to 2.4.0
Bumps [pyflakes](https://github.com/PyCQA/pyflakes) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/PyCQA/pyflakes/releases)
- [Changelog](https://github.com/PyCQA/pyflakes/blob/master/NEWS.rst)
- [Commits](https://github.com/PyCQA/pyflakes/compare/2.3.1...2.4.0)

---
updated-dependencies:
- dependency-name: pyflakes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 07:36:53 +11:00
dependabot[bot]
a42f6a5e67 Bump flake8 from 3.9.2 to 4.0.0
Bumps [flake8](https://github.com/pycqa/flake8) from 3.9.2 to 4.0.0.
- [Release notes](https://github.com/pycqa/flake8/releases)
- [Commits](https://github.com/pycqa/flake8/compare/3.9.2...4.0.0)

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 07:36:18 +11:00
Brian May
5c4c943db8
Merge pull request #683 from sshuttle/dependabot/pip/pytest-cov-3.0.0
Bump pytest-cov from 2.12.1 to 3.0.0
2021-10-05 08:00:42 +11:00
dependabot[bot]
ccf1c9f478
Bump pytest-cov from 2.12.1 to 3.0.0
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.12.1 to 3.0.0.
- [Release notes](https://github.com/pytest-dev/pytest-cov/releases)
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.12.1...v3.0.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-04 10:12:27 +00:00
Brian May
9399cf10f6
Merge pull request #682 from a1346054/fixes
Simple maintenance improvements
2021-09-23 08:49:18 +10:00
a1346054
b95c1f3357
Trim excess whitespace 2021-09-22 12:36:36 +00:00
a1346054
5257d9fd1b
Fix shellcheck warnings 2021-09-22 12:36:27 +00:00
a1346054
ef244a5490
Fix typos 2021-09-22 12:36:26 +00:00
Brian May
7fb0f0a81b
Merge pull request #678 from sshuttle/dependabot/pip/setuptools-scm-6.3.2
Bump setuptools-scm from 6.3.1 to 6.3.2
2021-09-14 07:45:18 +10:00
dependabot[bot]
e8653d444d
Bump setuptools-scm from 6.3.1 to 6.3.2
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 6.3.1 to 6.3.2.
- [Release notes](https://github.com/pypa/setuptools_scm/releases)
- [Changelog](https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/setuptools_scm/compare/v6.3.1...v6.3.2)

---
updated-dependencies:
- dependency-name: setuptools-scm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-13 10:11:54 +00:00
Brian May
83038f0472
Merge pull request #676 from balping/master
add openSUSE install instructions
2021-09-07 08:57:25 +10:00
Balázs Dura-Kovács
9974ca17f8
add openSUSE install instructions 2021-09-06 23:47:12 +01:00
Brian May
e2f2fecc8a
Merge pull request #675 from sshuttle/dependabot/pip/setuptools-scm-6.3.1
Bump setuptools-scm from 6.1.1 to 6.3.1
2021-09-07 08:26:20 +10:00
dependabot[bot]
b59ce9c014
Bump setuptools-scm from 6.1.1 to 6.3.1
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 6.1.1 to 6.3.1.
- [Release notes](https://github.com/pypa/setuptools_scm/releases)
- [Changelog](https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/setuptools_scm/compare/v6.1.1...v6.3.1)

---
updated-dependencies:
- dependency-name: setuptools-scm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-06 10:10:44 +00:00
Brian May
aa50f762cc
Merge pull request #674 from sshuttle/dependabot/pip/pytest-6.2.5
Bump pytest from 6.2.4 to 6.2.5
2021-09-01 08:49:21 +10:00
dependabot[bot]
57640ea2d0
Bump pytest from 6.2.4 to 6.2.5
Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.4 to 6.2.5.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.2.4...6.2.5)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-31 10:09:42 +00:00
Brian May
e59cc3959c
Merge pull request #672 from sshuttle/dependabot/pip/setuptools-scm-6.1.1
Bump setuptools-scm from 6.0.1 to 6.1.1
2021-08-28 17:28:18 +10:00
dependabot[bot]
86d20da82a
Bump setuptools-scm from 6.0.1 to 6.1.1
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 6.0.1 to 6.1.1.
- [Release notes](https://github.com/pypa/setuptools_scm/releases)
- [Changelog](https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/setuptools_scm/compare/v6.0.1...v6.1.1)

---
updated-dependencies:
- dependency-name: setuptools-scm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-27 10:11:01 +00:00
Brian May
d3fae535cd
Merge pull request #668 from skuhl/use-pty-warning
Improve error message when sudo's use_pty option is enabled.
2021-07-30 07:54:57 +10:00
Brian May
7d44e890eb
Merge pull request #667 from skuhl/server-version-print-early
Print server's python version earlier
2021-07-30 07:52:28 +10:00
Scott Kuhl
68a7766d24 Improve error message when sudo's use_pty option is enabled.
If sudo's use_pty is enabled, the setsid() call in firewall.py will
fail (see #664). When I ignore the error, sshuttle does not behave
properly. This patch explains to the user what is happening and
suggests a workaround.

It might be possible to make sshuttle work with use_pty in the future.
2021-07-29 11:49:09 -04:00
Scott Kuhl
09aab1a0fa Print server's python version earlier
Previously, we printed the server's python version in server.py.
Moving it to assembler.py means that it can be printed earlier so that
it can be seen before a potential error that could occur during
assembly. Additionally, the path to the python executable used by the
server was added to the output as well.

An example of where this would be useful: #666
2021-07-29 11:39:37 -04:00
Brian May
bd00a530dd
Merge pull request #661 from skuhl/no-ttl
Remove ttl hack & require -r option.
2021-07-15 11:47:57 +10:00
Scott Kuhl
bc065e368d Remove ttl hack & require -r option.
Previously, it was possible to run sshuttle locally without using ssh
and connecting to a remote server. In this configuration, traffic was
redirected to the sshuttle server running on the localhost. However,
the firewall needed to distinguish between traffic leaving the
sshuttle server and traffic that originated from the machine that
still needed to be routed through the sshuttle server. The TTL of the
packets leaving the sshuttle server were manipulated to indicate to
the firewall what should happen. The TTL was adjusted for all packets
leaving the sshuttle server (even if it wasn't necessary because the
server and client were running on different machines).

Changing the TTL caused trouble and some machines, and
the --ttl option was added as a workaround to change how the TTL was
set for traffic leaving sshuttle. All of this added complexity to the
code for a feature (running the server on localhost) that is likely
only used for testing and rarely used by others.

This commit updates the associated documentation, but doesn't fully
fix the ipfw method since I am unable to test that.

This change will also make sshuttle fail to work if -r is used to
specify a localhost. Pull request #610 partially addresses that issue.

For example, see: #240, #490, #660, #606.
2021-07-12 11:24:29 -04:00
Brian May
6ae0b51c61
Merge pull request #658 from skuhl/pfctl-error-report
Print pfctl error message when it returns non-zero.
2021-07-01 08:03:00 +10:00
Scott Kuhl
d7e257642e Print pfctl error message when it returns non-zero.
If pfctl returns non-zero when setting up the firewall, sshuttle exits
and indicates the exit status code. This patch makes it so the output
of pfctl is also printed so the user can get a better idea of what
caused the problem.

For example: issue #491
2021-06-30 14:13:13 -04:00
Brian May
bea5e1a1f4
Merge pull request #657 from kylekyle/master
Remove psutil from requirements.txt
2021-06-29 08:21:04 +10:00