Commit Graph

851 Commits

Author SHA1 Message Date
86d20da82a Bump setuptools-scm from 6.0.1 to 6.1.1
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 6.0.1 to 6.1.1.
- [Release notes](https://github.com/pypa/setuptools_scm/releases)
- [Changelog](https://github.com/pypa/setuptools_scm/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/setuptools_scm/compare/v6.0.1...v6.1.1)

---
updated-dependencies:
- dependency-name: setuptools-scm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-27 10:11:01 +00:00
d3fae535cd Merge pull request #668 from skuhl/use-pty-warning
Improve error message when sudo's use_pty option is enabled.
2021-07-30 07:54:57 +10:00
7d44e890eb Merge pull request #667 from skuhl/server-version-print-early
Print server's python version earlier
2021-07-30 07:52:28 +10:00
68a7766d24 Improve error message when sudo's use_pty option is enabled.
If sudo's use_pty is enabled, the setsid() call in firewall.py will
fail (see #664). When I ignore the error, sshuttle does not behave
properly. This patch explains to the user what is happening and
suggests a workaround.

It might be possible to make sshuttle work with use_pty in the future.
2021-07-29 11:49:09 -04:00
09aab1a0fa Print server's python version earlier
Previously, we printed the server's python version in server.py.
Moving it to assembler.py means that it can be printed earlier so that
it can be seen before a potential error that could occur during
assembly. Additionally, the path to the python executable used by the
server was added to the output as well.

An example of where this would be useful: #666
2021-07-29 11:39:37 -04:00
bd00a530dd Merge pull request #661 from skuhl/no-ttl
Remove ttl hack & require -r option.
2021-07-15 11:47:57 +10:00
bc065e368d Remove ttl hack & require -r option.
Previously, it was possible to run sshuttle locally without using ssh
and connecting to a remote server. In this configuration, traffic was
redirected to the sshuttle server running on the localhost. However,
the firewall needed to distinguish between traffic leaving the
sshuttle server and traffic that originated from the machine that
still needed to be routed through the sshuttle server. The TTL of the
packets leaving the sshuttle server were manipulated to indicate to
the firewall what should happen. The TTL was adjusted for all packets
leaving the sshuttle server (even if it wasn't necessary because the
server and client were running on different machines).

Changing the TTL caused trouble and some machines, and
the --ttl option was added as a workaround to change how the TTL was
set for traffic leaving sshuttle. All of this added complexity to the
code for a feature (running the server on localhost) that is likely
only used for testing and rarely used by others.

This commit updates the associated documentation, but doesn't fully
fix the ipfw method since I am unable to test that.

This change will also make sshuttle fail to work if -r is used to
specify a localhost. Pull request #610 partially addresses that issue.

For example, see: #240, #490, #660, #606.
2021-07-12 11:24:29 -04:00
6ae0b51c61 Merge pull request #658 from skuhl/pfctl-error-report
Print pfctl error message when it returns non-zero.
2021-07-01 08:03:00 +10:00
d7e257642e Print pfctl error message when it returns non-zero.
If pfctl returns non-zero when setting up the firewall, sshuttle exits
and indicates the exit status code. This patch makes it so the output
of pfctl is also printed so the user can get a better idea of what
caused the problem.

For example: issue #491
2021-06-30 14:13:13 -04:00
bea5e1a1f4 Merge pull request #657 from kylekyle/master
Remove psutil from requirements.txt
2021-06-29 08:21:04 +10:00
99787c1459 Remove psutil from requirements.txt 2021-06-26 13:11:24 -04:00
ee02e1aaa2 Merge pull request #656 from kylekyle/master
replace psutil with os
2021-06-25 15:06:39 +10:00
c06581cf83 replace psutil with os 2021-06-23 21:53:03 -04:00
78b80709f2 Merge pull request #650 from skuhl/hw-improve
Improve hostwatch robustness and documentation
2021-06-03 07:28:12 +10:00
d3f4889f21 fix lint errors 2021-06-02 15:32:04 -04:00
560c6b4ce8 Improve hostwatch robustness and documentation.
If an exception occurs in hostwatch, sshuttle exits. Problems
read/writing the ~/.sshuttle.hosts cache file on the remote machine
would therefore cause sshuttle to exit. With this patch, we simply
continue running without writing/reading the cache file in the remote
home directory. This serves as an alternate fix for
pull request #322 which proposed storing the cache file elsewhere.

A list of included changes:

- If we can't read or write the host cache file on the server,
  continue running. Hosts can be collected through the netstat,
  /etc/hosts, etc and the information can be reconstructed each run if
  a cache file isn't available to read. We write a log() message when
  this occurs.

- Add additional types of exceptions to handle.

- Continue even if we cannot read /etc/hosts on the server.

- Update man page to mention the cache file on the remote host.

- Indicate that messages are related to remote host instead of local
  host.

- Add comments and descriptions to the code.
2021-06-02 15:22:04 -04:00
d21a322f05 Merge pull request #649 from sshuttle/dependabot/pip/pytest-cov-2.12.1
Bump pytest-cov from 2.12.0 to 2.12.1
2021-06-02 20:20:55 +10:00
3e308b4266 Bump pytest-cov from 2.12.0 to 2.12.1
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/pytest-dev/pytest-cov/releases)
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.12.0...v2.12.1)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-02 06:20:06 +00:00
a3cbf0885f Merge pull request #646 from skuhl/nat-ipv6
Add IPv6 support to nat (iptables) method.
2021-06-01 07:40:08 +10:00
3f201095ea Merge branch 'master' into nat-ipv6 2021-05-30 21:09:32 -04:00
58c264ff1c Merge pull request #648 from skuhl/sudoers-add-sanitize
Fix #637: sudoers-add should always write to /etc/sudoers.d/...
2021-05-31 07:53:19 +10:00
1820264dd5 Merge pull request #647 from skuhl/man-page-updates
Update documentation
2021-05-31 07:48:56 +10:00
be847f5d81 Merge pull request #645 from skuhl/hostwatch-remove-dead-code
Remove dead code in hostwatch.py
2021-05-31 07:44:21 +10:00
d2836a082f Merge pull request #644 from skuhl/fix-tmark
Fix --tmark option
2021-05-31 07:42:30 +10:00
8c5ffc9e72 Fix #637: File written by sudoers-add should always begin with /etc/sudoers.d/
The problem and patch was originally submitted aayla-secura. I made a
minor improvement to the error message.
2021-05-30 17:03:03 -04:00
843a729d64 flake8: fix long line 2021-05-29 21:58:56 -04:00
851b26cb13 Update documentation
The output in the examples provided in the man page hadn't been
updated as sshuttle changed its output over time.

The example of testing sshuttle without a remote host was removed. It
was the first example previously and it is something that is unlikely
users will wish to do.

Also:
 - Update some --help messages.
 - Manpage: Fix a typo.
 - Manpage: Mention that host specified with -r can be an ssh alias.
 - Eliminate variable only used once.
2021-05-29 21:54:47 -04:00
c026a92cad Add IPv6 support to nat (iptables) method.
Adding IPv6 support to the nat method is straightforward after the
previous work to add IPv6 support for nft.
2021-05-29 20:55:48 -04:00
1dbec7252d Remove dead code in hostwatch.py
11 years ago in commit 384d0e7c1d,
hostwatch was updated to use netstat to find hosts, and
_check_smb()/_check_nmb() were edited to immediately return. This
patch removes all of the unused code in these two functions.
2021-05-29 20:48:33 -04:00
a7df12cd68 Fix --tmark option
Even when --tmark was used, the iptables code always used '1' for the
mark. This patch corrects the problem.

Previously, it wasn't clear if the tmark should be supplied in
hexadecimal or as an integer. This makes it use hexadecimal, checks
that the input is hexadecimal, and updates the associated
documentation.

This patch also makes --ttl information get passed to the firewall in
a way that matches how other information gets passed. The ttl and
tmark information are passed next to each other in many places and
this patch also makes the order consistent.
2021-05-27 21:48:43 -04:00
bc54ffe398 Merge pull request #643 from skuhl/fix-to-ns-with-ns-hosts
Fix: Allow --to-ns and --ns-host without --dns.
2021-05-22 13:06:48 +10:00
31f059883c Fix: Allow --to-ns and --ns-host without --dns.
If the user specifies --to-ns (tells the remote server which DNS
server to use for lookups coming from sshuttle), then either --ns-host
or --dns need to also be used (route DNS requests through sshuttle).

A previous commit incorrectly made it so --to-ns and --ns-host
couldn't be successfully used together.

Attempts to fix #641.
2021-05-21 17:47:38 -04:00
f376674941 Merge pull request #634 from skuhl/systemd-dns-flush
Flush systemd DNS cache on startup and exit.
2021-05-18 15:40:56 +10:00
41ca86dbf2 Merge pull request #640 from sshuttle/dependabot/pip/pytest-cov-2.12.0
Bump pytest-cov from 2.11.1 to 2.12.0
2021-05-18 08:17:26 +10:00
7760d63870 Bump pytest-cov from 2.11.1 to 2.12.0
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.11.1 to 2.12.0.
- [Release notes](https://github.com/pytest-dev/pytest-cov/releases)
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.11.1...v2.12.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 07:36:53 +00:00
8b69c706c2 Merge pull request #639 from sshuttle/dependabot/github_actions/actions/setup-python-2.2.2
Bump actions/setup-python from 2 to 2.2.2
2021-05-12 20:36:42 +10:00
d289fb2e73 Merge pull request #638 from sshuttle/dependabot/github_actions/actions/checkout-2.3.4
Bump actions/checkout from 2 to 2.3.4
2021-05-12 20:36:28 +10:00
20c38afaba Bump actions/setup-python from 2 to 2.2.2
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 2.2.2.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v2.2.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 06:13:47 +00:00
7aeb7929c5 Bump actions/checkout from 2 to 2.3.4
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-12 06:13:43 +00:00
30767135fb Merge pull request #636 from sshuttle/dependabot/pip/flake8-3.9.2
Bump flake8 from 3.9.1 to 3.9.2
2021-05-10 20:53:51 +10:00
df383edaf6 Bump flake8 from 3.9.1 to 3.9.2
Bumps [flake8](https://gitlab.com/pycqa/flake8) from 3.9.1 to 3.9.2.
- [Release notes](https://gitlab.com/pycqa/flake8/tags)
- [Commits](https://gitlab.com/pycqa/flake8/compare/3.9.1...3.9.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-10 10:00:12 +00:00
88154f4f9c Merge pull request #635 from skuhl/sudoers-warning
Warn about adding sshuttle to sudoers.
2021-05-09 20:25:26 +10:00
915497f73f Warn about adding sshuttle to sudoers.
Issue #631 suggests that we should warn about users who add sshuttle
to sudoers because it isn't obvious that when a user can run sshuttle
as root, they can run any command as root using sshuttle's -e or
--ssh-cmd parameters.

This patch adds a comment that warns about this problem to the sudoers
file. It also prints the warning to the console if the user uses an
option that writes the data directly to the file. This patch also
causes the output of the sudoers-add command to be printed to the
console so that the user can see the name of the file that was
created.

There is room for improvement: Warnings could be added to the
documentation and/or these parameters could be removed entirely.
2021-05-07 14:13:56 -04:00
652113818e Merge pull request #633 from sshuttle/dependabot/pip/pytest-6.2.4
Bump pytest from 6.2.3 to 6.2.4
2021-05-06 08:08:28 +10:00
cdfb4b7d71 Flush systemd DNS cache on startup and exit.
It is possible for DNS requests to go through systemd's DNS resolution
system (which includes a cache) before sshuttle has an opportunity to
intercept the requests. The DNS entries in the cache may become
outdated when sshuttle starts or exits. This patch fixes the problem
by flushing the cache when sshuttle firewall starts and exits.
2021-05-05 12:24:58 -04:00
45b788c908 Bump pytest from 6.2.3 to 6.2.4
Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.3 to 6.2.4.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.2.3...6.2.4)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-05 07:58:09 +00:00
f6176d3581 Merge pull request #630 from thesamesam/patch-1
README.rst: fix Gentoo entry syntax
2021-04-27 07:47:46 +10:00
bc08198cae README.rst: fix Gentoo entry syntax 2021-04-26 16:22:42 +01:00
613412b3cd Merge pull request #627 from sshuttle/dependabot/pip/flake8-3.9.1
Bump flake8 from 3.9.0 to 3.9.1
2021-04-18 10:26:40 +10:00
4f7706db59 Bump flake8 from 3.9.0 to 3.9.1
Bumps [flake8](https://gitlab.com/pycqa/flake8) from 3.9.0 to 3.9.1.
- [Release notes](https://gitlab.com/pycqa/flake8/tags)
- [Commits](https://gitlab.com/pycqa/flake8/compare/3.9.0...3.9.1)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-16 08:00:29 +00:00