Make password prompting more clear.

Based on suggestions by Jason Grossman and Ed Maste on the mailing list. We now add a [local su] prefix to the 'su' password prompt (by cheating and printing it before calling su), and we replace the 'sudo' password prompt with '[local sudo] Password: ' (by using the little-known and hopefully-portable -p option). We no longer call sudo or su if the uid is already 0; otherwise the prefix on the 'su' prompt would look weird, since su wouldn't ask for a password in that case. We don't add a prefix to the ssh password prompt, because it's too hard to tell if there will *be* an ssh password prompt. But people will probably assume that the password request is for the server anyway; few people are likely to think that 'sshuttle -r myhost.com' is going to prompt for the *local* password. Of course none of this is a problem on a modern OS, like Debian, that would say something like "Password for apenwarr@myhost.com:" instead of just "Password:". MacOS doesn't do that, however, so I assume many other OSes also don't. Let's try to help them out.
author: Avery Pennarun <apenwarr@gmail.com> 2010-11-08 23:27:02 -0800
committer: Avery Pennarun <apenwarr@gmail.com> 2010-11-08 23:35:16 -0800
commit: bcf189230579f62afd5f826a32b938e28bf047d6 (patch)
tree: cf71b646c82f3241e1a4effe15f9a87e9fe7212f
parent: fe742c928d3a134aab9ced7fa316b04b9bbfbf3f (diff)
2 files changed, 12 insertions, 2 deletions
diff --git a/README.md b/README.md
index 4038945..6762f72 100644
--- a/README.md
+++ b/README.md
@@ -54,8 +54,14 @@ This is how you use it:
 
  - <tt>./sshuttle -r username@sshserver 0.0.0.0/0 -vv</tt>
 
+(You may be prompted for one or more passwords; first, the
+local password to become root using either sudo or su, and
+then the remote ssh password.  Or you might have sudo and ssh set
+up to not require passwords, in which case you won't be
+prompted at all.)
+
 That's it!  Now your local machine can access the remote network as if you
-were right there!  And if your "client" machine is a router, everyone on
+were right there.  And if your "client" machine is a router, everyone on
 your local network can make connections to your remote network.
 
 You don't need to install sshuttle on the remote server;
diff --git a/client.py b/client.py
index 4d657dd..64a0f52 100644
--- a/client.py
+++ b/client.py
@@ -31,7 +31,7 @@ class FirewallClient:
                     ['-v'] * (helpers.verbose or 0) +
                     ['--firewall', str(port)])
         argv_tries = [
-            ['sudo'] + argvbase,
+            ['sudo', '-p', '[local sudo] Password: '] + argvbase,
             ['su', '-c', ' '.join(argvbase)],
             argvbase
         ]
@@ -45,8 +45,12 @@ class FirewallClient:
             # run in the child process
             s2.close()
         e = None
+        if os.getuid() == 0:
+            argv_tries = argv_tries[-1:]  # last entry only
         for argv in argv_tries:
             try:
+                if argv[0] == 'su':
+                    sys.stderr.write('[local su] ')
                 self.p = ssubprocess.Popen(argv, stdout=s1, preexec_fn=setup)
                 e = None
                 break
author	Avery Pennarun <apenwarr@gmail.com>	2010-11-08 23:27:02 -0800
committer	Avery Pennarun <apenwarr@gmail.com>	2010-11-08 23:35:16 -0800
commit	bcf189230579f62afd5f826a32b938e28bf047d6 (patch)
tree	cf71b646c82f3241e1a4effe15f9a87e9fe7212f
parent	fe742c928d3a134aab9ced7fa316b04b9bbfbf3f (diff)