diff options
author | William Mantly <wmantly@gmail.com> | 2019-12-12 16:15:31 -0500 |
---|---|---|
committer | Brian May <brian@linuxpenguins.xyz> | 2019-12-13 08:15:31 +1100 |
commit | 69d3f7dc64211d3ab91991cc90865dbf9edcba15 (patch) | |
tree | 84d44cc4ea82bbc27fcbc70f3ecd0e6f3127d105 /sshuttle | |
parent | 6ad4473c87511bcafaec3d8d0c69dfcb166b48ed (diff) |
Auto sudoers file (#269)
* added sudoers options to command line arguments
* added sudoers options to command line arguments
* template for sudoers file
* Added option for GUI sudo
* added support for GUI sudo
* script for auto adding sudo file
* sudoers auto add works and validates
* small change
* Clean up for CI
* removed code that belongs in another PR
* added path for package bins
* added sudoers bin
* added sudoers-add to setup file
* fixed issue with sudoers bash script
* auto sudoers now works
* added --sudoers-no-modify option
* bin now works with ./run
* removed debug print
* Updated sudoers-add script
* Fixed error passing sudoers config to script
* more dynamic building of sudoers file
* added option to specify sudoers.d file name
* fixed indent issue
* fixed indent issue
* indent issue
* clean up
* formating
* docs
* fix for flags
* Update usage.rst
* removed shell=true
* cleared CI errors
* cleared CI errors
* removed random
* cleared linter issue
* cleared linter issue
* cleared linter issue
* updated sudoers-add script
* safer temp file
* moved bin directory
* moved bin directory
* removed print
* fixed spacing issue
* sudoers commands must only containe upper case latters
Diffstat (limited to 'sshuttle')
-rw-r--r-- | sshuttle/cmdline.py | 17 | ||||
-rw-r--r-- | sshuttle/options.py | 31 | ||||
-rw-r--r-- | sshuttle/sudoers.py | 64 |
3 files changed, 112 insertions, 0 deletions
diff --git a/sshuttle/cmdline.py b/sshuttle/cmdline.py index 31a57bf..5f1ba10 100644 --- a/sshuttle/cmdline.py +++ b/sshuttle/cmdline.py @@ -1,5 +1,6 @@ import re import socket +import platform import sshuttle.helpers as helpers import sshuttle.client as client import sshuttle.firewall as firewall @@ -7,11 +8,27 @@ import sshuttle.hostwatch as hostwatch import sshuttle.ssyslog as ssyslog from sshuttle.options import parser, parse_ipport from sshuttle.helpers import family_ip_tuple, log, Fatal +from sshuttle.sudoers import sudoers def main(): opt = parser.parse_args() + if opt.sudoers or opt.sudoers_no_modify: + if platform.platform().startswith('OpenBSD'): + log('Automatic sudoers does not work on BSD') + exit(1) + + if not opt.sudoers_filename: + log('--sudoers-file must be set or omited.') + exit(1) + + sudoers( + user_name=opt.sudoers_user, + no_modify=opt.sudoers_no_modify, + file_name=opt.sudoers_filename + ) + if opt.daemon: opt.syslog = 1 if opt.wrap: diff --git a/sshuttle/options.py b/sshuttle/options.py index 62f3510..79c404b 100644 --- a/sshuttle/options.py +++ b/sshuttle/options.py @@ -322,6 +322,37 @@ parser.add_argument( """ ) parser.add_argument( + "--sudoers", + action="store_true", + help=""" + Add sshuttle to the sudoers for this user + """ +) +parser.add_argument( + "--sudoers-no-modify", + action="store_true", + help=""" + Prints the sudoers config to STDOUT and DOES NOT modify anything. + """ +) +parser.add_argument( + "--sudoers-user", + default="", + help=""" + Set the user name or group with %%group_name for passwordless operation. + Default is the current user.set ALL for all users. Only works with + --sudoers or --sudoers-no-modify option. + """ +) +parser.add_argument( + "--sudoers-filename", + default="sshuttle_auto", + help=""" + Set the file name for the sudoers.d file to be added. Default is + "sshuttle_auto". Only works with --sudoers or --sudoers-no-modify option. + """ +) +parser.add_argument( "--no-sudo-pythonpath", action="store_false", dest="sudo_pythonpath", diff --git a/sshuttle/sudoers.py b/sshuttle/sudoers.py new file mode 100644 index 0000000..3f01e8e --- /dev/null +++ b/sshuttle/sudoers.py @@ -0,0 +1,64 @@ +import os +import sys +import getpass +from uuid import uuid4 +from subprocess import Popen, PIPE +from sshuttle.helpers import log, debug1 +from distutils import spawn + +path_to_sshuttle = sys.argv[0] +path_to_dist_packages = os.path.dirname(os.path.abspath(__file__))[:-9] + +# randomize command alias to avoid collisions +command_alias = 'SSHUTTLE%(num)s' % {'num': uuid4().hex[-3:].upper()} + +# Template for the sudoers file +template = ''' +Cmnd_Alias %(ca)s = /usr/bin/env PYTHONPATH=%(dist_packages)s %(py)s %(path)s * + +%(user_name)s ALL=NOPASSWD: %(ca)s +''' + + +def build_config(user_name): + content = template % { + 'ca': command_alias, + 'dist_packages': path_to_dist_packages, + 'py': sys.executable, + 'path': path_to_sshuttle, + 'user_name': user_name, + } + + return content + + +def save_config(content, file_name): + process = Popen([ + '/usr/bin/sudo', + spawn.find_executable('sudoers-add'), + file_name, + ], stdout=PIPE, stdin=PIPE) + + process.stdin.write(content.encode()) + + streamdata = process.communicate()[0] + returncode = process.returncode + + if returncode: + log('Failed updating sudoers file.\n') + debug1(streamdata) + exit(returncode) + else: + log('Success, sudoers file update.\n') + exit(0) + + +def sudoers(user_name=None, no_modify=None, file_name=None): + user_name = user_name or getpass.getuser() + content = build_config(user_name) + + if no_modify: + sys.stdout.write(content) + exit(0) + else: + save_config(content, file_name) |