Auto sudoers file (#269)

* added sudoers options to command line arguments * added sudoers options to command line arguments * template for sudoers file * Added option for GUI sudo * added support for GUI sudo * script for auto adding sudo file * sudoers auto add works and validates * small change * Clean up for CI * removed code that belongs in another PR * added path for package bins * added sudoers bin * added sudoers-add to setup file * fixed issue with sudoers bash script * auto sudoers now works * added --sudoers-no-modify option * bin now works with ./run * removed debug print * Updated sudoers-add script * Fixed error passing sudoers config to script * more dynamic building of sudoers file * added option to specify sudoers.d file name * fixed indent issue * fixed indent issue * indent issue * clean up * formating * docs * fix for flags * Update usage.rst * removed shell=true * cleared CI errors * cleared CI errors * removed random * cleared linter issue * cleared linter issue * cleared linter issue * updated sudoers-add script * safer temp file * moved bin directory * moved bin directory * removed print * fixed spacing issue * sudoers commands must only containe upper case latters
author: William Mantly <wmantly@gmail.com> 2019-12-12 16:15:31 -0500
committer: Brian May <brian@linuxpenguins.xyz> 2019-12-13 08:15:31 +1100
commit: 69d3f7dc64211d3ab91991cc90865dbf9edcba15 (patch)
tree: 84d44cc4ea82bbc27fcbc70f3ecd0e6f3127d105 /sshuttle
parent: 6ad4473c87511bcafaec3d8d0c69dfcb166b48ed (diff)
3 files changed, 112 insertions, 0 deletions
diff --git a/sshuttle/cmdline.py b/sshuttle/cmdline.py
index 31a57bf..5f1ba10 100644
--- a/sshuttle/cmdline.py
+++ b/sshuttle/cmdline.py
@@ -1,5 +1,6 @@
 import re
 import socket
+import platform
 import sshuttle.helpers as helpers
 import sshuttle.client as client
 import sshuttle.firewall as firewall
@@ -7,11 +8,27 @@ import sshuttle.hostwatch as hostwatch
 import sshuttle.ssyslog as ssyslog
 from sshuttle.options import parser, parse_ipport
 from sshuttle.helpers import family_ip_tuple, log, Fatal
+from sshuttle.sudoers import sudoers
 
 
 def main():
     opt = parser.parse_args()
 
+    if opt.sudoers or opt.sudoers_no_modify:
+        if platform.platform().startswith('OpenBSD'):
+            log('Automatic sudoers does not work on BSD')
+            exit(1)
+
+        if not opt.sudoers_filename:
+            log('--sudoers-file must be set or omited.')
+            exit(1)
+
+        sudoers(
+            user_name=opt.sudoers_user,
+            no_modify=opt.sudoers_no_modify,
+            file_name=opt.sudoers_filename
+        )
+
     if opt.daemon:
         opt.syslog = 1
     if opt.wrap:
diff --git a/sshuttle/options.py b/sshuttle/options.py
index 62f3510..79c404b 100644
--- a/sshuttle/options.py
+++ b/sshuttle/options.py
@@ -322,6 +322,37 @@ parser.add_argument(
     """
 )
 parser.add_argument(
+    "--sudoers",
+    action="store_true",
+    help="""
+    Add sshuttle to the sudoers for this user
+    """
+)
+parser.add_argument(
+    "--sudoers-no-modify",
+    action="store_true",
+    help="""
+    Prints the sudoers config to STDOUT and DOES NOT modify anything.
+    """
+)
+parser.add_argument(
+    "--sudoers-user",
+    default="",
+    help="""
+    Set the user name or group with %%group_name for passwordless operation.
+    Default is the current user.set ALL for all users. Only works with
+    --sudoers or --sudoers-no-modify option.
+    """
+)
+parser.add_argument(
+    "--sudoers-filename",
+    default="sshuttle_auto",
+    help="""
+    Set the file name for the sudoers.d file to be added. Default is
+    "sshuttle_auto". Only works with --sudoers or --sudoers-no-modify option.
+    """
+)
+parser.add_argument(
     "--no-sudo-pythonpath",
     action="store_false",
     dest="sudo_pythonpath",
diff --git a/sshuttle/sudoers.py b/sshuttle/sudoers.py
new file mode 100644
index 0000000..3f01e8e
--- /dev/null
+++ b/sshuttle/sudoers.py
@@ -0,0 +1,64 @@
+import os
+import sys
+import getpass
+from uuid import uuid4
+from subprocess import Popen, PIPE
+from sshuttle.helpers import log, debug1
+from distutils import spawn
+
+path_to_sshuttle = sys.argv[0]
+path_to_dist_packages = os.path.dirname(os.path.abspath(__file__))[:-9]
+
+# randomize command alias to avoid collisions
+command_alias = 'SSHUTTLE%(num)s' % {'num': uuid4().hex[-3:].upper()}
+
+# Template for the sudoers file
+template = '''
+Cmnd_Alias %(ca)s = /usr/bin/env PYTHONPATH=%(dist_packages)s %(py)s %(path)s *
+
+%(user_name)s ALL=NOPASSWD: %(ca)s
+'''
+
+
+def build_config(user_name):
+    content = template % {
+        'ca': command_alias,
+        'dist_packages': path_to_dist_packages,
+        'py': sys.executable,
+        'path': path_to_sshuttle,
+        'user_name': user_name,
+    }
+
+    return content
+
+
+def save_config(content, file_name):
+    process = Popen([
+        '/usr/bin/sudo',
+        spawn.find_executable('sudoers-add'),
+        file_name,
+    ], stdout=PIPE, stdin=PIPE)
+
+    process.stdin.write(content.encode())
+
+    streamdata = process.communicate()[0]
+    returncode = process.returncode
+
+    if returncode:
+        log('Failed updating sudoers file.\n')
+        debug1(streamdata)
+        exit(returncode)
+    else:
+        log('Success, sudoers file update.\n')
+        exit(0)
+
+
+def sudoers(user_name=None, no_modify=None, file_name=None):
+    user_name = user_name or getpass.getuser()
+    content = build_config(user_name)
+
+    if no_modify:
+        sys.stdout.write(content)
+        exit(0)
+    else:
+        save_config(content, file_name)
author	William Mantly <wmantly@gmail.com>	2019-12-12 16:15:31 -0500
committer	Brian May <brian@linuxpenguins.xyz>	2019-12-13 08:15:31 +1100
commit	69d3f7dc64211d3ab91991cc90865dbf9edcba15 (patch)
tree	84d44cc4ea82bbc27fcbc70f3ecd0e6f3127d105 /sshuttle
parent	6ad4473c87511bcafaec3d8d0c69dfcb166b48ed (diff)