Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MacOS precompiled app package for sshuttle-0.45

  • Loading branch information...
commit 34ea1ed8b7ec3188af378100dc43616e8d304856 0 parents
@apenwarr apenwarr authored
Showing with 4,194 additions and 0 deletions.
  1. +40 −0 Sshuttle VPN.app/Contents/Info.plist
  2. BIN  Sshuttle VPN.app/Contents/MacOS/Sshuttle
  3. BIN  Sshuttle VPN.app/Contents/Resources/English.lproj/MainMenu.nib
  4. +10 −0 Sshuttle VPN.app/Contents/Resources/UserDefaults.plist
  5. BIN  Sshuttle VPN.app/Contents/Resources/app.icns
  6. +28 −0 Sshuttle VPN.app/Contents/Resources/askpass.py
  7. BIN  Sshuttle VPN.app/Contents/Resources/chicken-tiny-bw.png
  8. BIN  Sshuttle VPN.app/Contents/Resources/chicken-tiny-err.png
  9. BIN  Sshuttle VPN.app/Contents/Resources/chicken-tiny.png
  10. +352 −0 Sshuttle VPN.app/Contents/Resources/main.py
  11. +131 −0 Sshuttle VPN.app/Contents/Resources/models.py
  12. +62 −0 Sshuttle VPN.app/Contents/Resources/my.py
  13. +26 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/assembler.py
  14. +356 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/client.py
  15. 0  Sshuttle VPN.app/Contents/Resources/sshuttle/compat/__init__.py
  16. +1,305 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/compat/ssubprocess.py
  17. +304 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/firewall.py
  18. +37 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/helpers.py
  19. +277 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/hostwatch.py
  20. +122 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/main.py
  21. +201 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/options.py
  22. +176 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/server.py
  23. +95 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/ssh.py
  24. +122 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/sshuttle
  25. +520 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/ssnet.py
  26. +16 −0 Sshuttle VPN.app/Contents/Resources/sshuttle/ssyslog.py
  27. +14 −0 Sshuttle VPN.app/Contents/Resources/stupid.py
40 Sshuttle VPN.app/Contents/Info.plist
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleDisplayName</key>
+ <string>Sshuttle VPN</string>
+ <key>CFBundleExecutable</key>
+ <string>Sshuttle</string>
+ <key>CFBundleIconFile</key>
+ <string>app.icns</string>
+ <key>CFBundleIdentifier</key>
+ <string>ca.apenwarr.Sshuttle</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>Sshuttle VPN</string>
+ <key>CFBundlePackageType</key>
+ <string>APPL</string>
+ <key>CFBundleShortVersionString</key>
+ <string>0.0.0</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleVersion</key>
+ <string>0.0.0</string>
+ <key>LSUIElement</key>
+ <string>1</string>
+ <key>LSHasLocalizedDisplayName</key>
+ <false/>
+ <key>NSAppleScriptEnabled</key>
+ <false/>
+ <key>NSHumanReadableCopyright</key>
+ <string>GNU LGPL Version 2</string>
+ <key>NSMainNibFile</key>
+ <string>MainMenu</string>
+ <key>NSPrincipalClass</key>
+ <string>NSApplication</string>
+</dict>
+</plist>
BIN  Sshuttle VPN.app/Contents/MacOS/Sshuttle
Binary file not shown
BIN  Sshuttle VPN.app/Contents/Resources/English.lproj/MainMenu.nib
Binary file not shown
10 Sshuttle VPN.app/Contents/Resources/UserDefaults.plist
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>startAtLogin</key>
+ <false/>
+ <key>autoReconnect</key>
+ <true/>
+</dict>
+</plist>
BIN  Sshuttle VPN.app/Contents/Resources/app.icns
Binary file not shown
28 Sshuttle VPN.app/Contents/Resources/askpass.py
@@ -0,0 +1,28 @@
+import sys, os, re, subprocess
+
+def askpass(prompt):
+ prompt = prompt.replace('"', "'")
+
+ if 'yes/no' in prompt:
+ return "yes"
+
+ script="""
+ tell application "Finder"
+ activate
+ display dialog "%s" \
+ with title "Sshuttle SSH Connection" \
+ default answer "" \
+ with icon caution \
+ with hidden answer
+ end tell
+ """ % prompt
+
+ p = subprocess.Popen(['osascript', '-e', script], stdout=subprocess.PIPE)
+ out = p.stdout.read()
+ rv = p.wait()
+ if rv:
+ return None
+ g = re.match("text returned:(.*), button returned:.*", out)
+ if not g:
+ return None
+ return g.group(1)
BIN  Sshuttle VPN.app/Contents/Resources/chicken-tiny-bw.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
BIN  Sshuttle VPN.app/Contents/Resources/chicken-tiny-err.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
BIN  Sshuttle VPN.app/Contents/Resources/chicken-tiny.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
352 Sshuttle VPN.app/Contents/Resources/main.py
@@ -0,0 +1,352 @@
+import sys, os, pty
+from AppKit import *
+import my, models, askpass
+
+def sshuttle_args(host, auto_nets, auto_hosts, nets, debug):
+ argv = [my.bundle_path('sshuttle/sshuttle', ''), '-r', host]
+ assert(argv[0])
+ if debug:
+ argv.append('-v')
+ if auto_nets:
+ argv.append('--auto-nets')
+ if auto_hosts:
+ argv.append('--auto-hosts')
+ argv += nets
+ return argv
+
+
+class _Callback(NSObject):
+ def initWithFunc_(self, func):
+ self = super(_Callback, self).init()
+ self.func = func
+ return self
+ def func_(self, obj):
+ return self.func(obj)
+
+
+class Callback:
+ def __init__(self, func):
+ self.obj = _Callback.alloc().initWithFunc_(func)
+ self.sel = self.obj.func_
+
+
+class Runner:
+ def __init__(self, argv, logfunc, promptfunc, serverobj):
+ print 'in __init__'
+ self.id = argv
+ self.rv = None
+ self.pid = None
+ self.fd = None
+ self.logfunc = logfunc
+ self.promptfunc = promptfunc
+ self.serverobj = serverobj
+ self.buf = ''
+ self.logfunc('\nConnecting to %s.\n' % self.serverobj.host())
+ print 'will run: %r' % argv
+ self.serverobj.setConnected_(False)
+ pid,fd = pty.fork()
+ if pid == 0:
+ # child
+ try:
+ os.execvp(argv[0], argv)
+ except Exception, e:
+ sys.stderr.write('failed to start: %r\n' % e)
+ raise
+ finally:
+ os._exit(42)
+ # parent
+ self.pid = pid
+ self.file = NSFileHandle.alloc()\
+ .initWithFileDescriptor_closeOnDealloc_(fd, True)
+ self.cb = Callback(self.gotdata)
+ NSNotificationCenter.defaultCenter()\
+ .addObserver_selector_name_object_(self.cb.obj, self.cb.sel,
+ NSFileHandleDataAvailableNotification, self.file)
+ self.file.waitForDataInBackgroundAndNotify()
+
+ def __del__(self):
+ self.wait()
+
+ def _try_wait(self, options):
+ if self.rv == None and self.pid > 0:
+ pid,code = os.waitpid(self.pid, options)
+ if pid == self.pid:
+ if os.WIFEXITED(code):
+ self.rv = os.WEXITSTATUS(code)
+ else:
+ self.rv = -os.WSTOPSIG(code)
+ self.serverobj.setConnected_(False)
+ self.serverobj.setError_('VPN process died')
+ self.logfunc('Disconnected.\n')
+ print 'wait_result: %r' % self.rv
+ return self.rv
+
+ def wait(self):
+ return self._try_wait(0)
+
+ def poll(self):
+ return self._try_wait(os.WNOHANG)
+
+ def kill(self):
+ assert(self.pid > 0)
+ print 'killing: pid=%r rv=%r' % (self.pid, self.rv)
+ if self.rv == None:
+ self.logfunc('Disconnecting from %s.\n' % self.serverobj.host())
+ os.kill(self.pid, 15)
+ self.wait()
+
+ def gotdata(self, notification):
+ print 'gotdata!'
+ d = str(self.file.availableData())
+ if d:
+ self.logfunc(d)
+ self.buf = self.buf + d
+ if 'Connected.\r\n' in self.buf:
+ self.serverobj.setConnected_(True)
+ self.buf = self.buf[-4096:]
+ if self.buf.strip().endswith(':'):
+ lastline = self.buf.rstrip().split('\n')[-1]
+ resp = self.promptfunc(lastline)
+ add = ' (response)\n'
+ self.buf += add
+ self.logfunc(add)
+ self.file.writeData_(my.Data(resp + '\n'))
+ self.file.waitForDataInBackgroundAndNotify()
+ self.poll()
+ #print 'gotdata done!'
+
+
+class SshuttleApp(NSObject):
+ def initialize(self):
+ d = my.PList('UserDefaults')
+ my.Defaults().registerDefaults_(d)
+
+
+class SshuttleController(NSObject):
+ # Interface builder outlets
+ startAtLoginField = objc.IBOutlet()
+ autoReconnectField = objc.IBOutlet()
+ debugField = objc.IBOutlet()
+ routingField = objc.IBOutlet()
+ prefsWindow = objc.IBOutlet()
+ serversController = objc.IBOutlet()
+ logField = objc.IBOutlet()
+
+ servers = []
+ conns = {}
+
+ def _connect(self, server):
+ host = server.host()
+ print 'connecting %r' % host
+ self.fill_menu()
+ def logfunc(msg):
+ print 'log! (%d bytes)' % len(msg)
+ self.logField.textStorage()\
+ .appendAttributedString_(NSAttributedString.alloc()\
+ .initWithString_(msg))
+ self.logField.didChangeText()
+ def promptfunc(prompt):
+ print 'prompt! %r' % prompt
+ return askpass.askpass(prompt)
+ nets_mode = server.autoNets()
+ if nets_mode == models.NET_MANUAL:
+ manual_nets = ["%s/%d" % (i.subnet(), i.width())
+ for i in server.nets()]
+ elif nets_mode == models.NET_ALL:
+ manual_nets = ['0/0']
+ else:
+ manual_nets = []
+ conn = Runner(sshuttle_args(host,
+ auto_nets = nets_mode == models.NET_AUTO,
+ auto_hosts = server.autoHosts(),
+ nets = manual_nets,
+ debug = self.debugField.state()),
+ logfunc=logfunc, promptfunc=promptfunc,
+ serverobj=server)
+ self.conns[host] = conn
+
+ def _disconnect(self, server):
+ host = server.host()
+ print 'disconnecting %r' % host
+ conn = self.conns.get(host)
+ if conn:
+ conn.kill()
+ self.fill_menu()
+ self.logField.textStorage().setAttributedString_(
+ NSAttributedString.alloc().initWithString_(''))
+
+ @objc.IBAction
+ def cmd_connect(self, sender):
+ server = sender.representedObject()
+ server.setWantConnect_(True)
+
+ @objc.IBAction
+ def cmd_disconnect(self, sender):
+ server = sender.representedObject()
+ server.setWantConnect_(False)
+
+ @objc.IBAction
+ def cmd_show(self, sender):
+ self.prefsWindow.makeKeyAndOrderFront_(self)
+ NSApp.activateIgnoringOtherApps_(True)
+
+ @objc.IBAction
+ def cmd_quit(self, sender):
+ NSApp.performSelector_withObject_afterDelay_(NSApp.terminate_,
+ None, 0.0)
+
+ def fill_menu(self):
+ menu = self.menu
+ menu.removeAllItems()
+
+ def additem(name, func, obj):
+ it = menu.addItemWithTitle_action_keyEquivalent_(name, None, "")
+ it.setRepresentedObject_(obj)
+ it.setTarget_(self)
+ it.setAction_(func)
+ def addnote(name):
+ additem(name, None, None)
+
+ any_inprogress = None
+ any_conn = None
+ any_err = None
+ if len(self.servers):
+ for i in self.servers:
+ host = i.host()
+ want = i.wantConnect()
+ connected = i.connected()
+ numnets = len(list(i.nets()))
+ if not host:
+ additem('Connect Untitled', None, i)
+ elif i.autoNets() == models.NET_MANUAL and not numnets:
+ additem('Connect %s (no routes)' % host, None, i)
+ elif want:
+ any_conn = i
+ additem('Disconnect %s' % host, self.cmd_disconnect, i)
+ else:
+ additem('Connect %s' % host, self.cmd_connect, i)
+ if not want:
+ msg = 'Off'
+ elif i.error():
+ msg = 'ERROR - try reconnecting'
+ any_err = i
+ elif connected:
+ msg = 'Connected'
+ else:
+ msg = 'Connecting...'
+ any_inprogress = i
+ addnote(' State: %s' % msg)
+ if i.autoNets() == 0:
+ addnote(' Routes: All')
+ elif i.autoNets() == 2:
+ addnote(' Routes: Auto')
+ else:
+ addnote(' Routes: Custom')
+ else:
+ addnote('No servers defined yet')
+
+ menu.addItem_(NSMenuItem.separatorItem())
+ additem('Preferences...', self.cmd_show, None)
+ additem('Quit Sshuttle VPN', self.cmd_quit, None)
+
+ if any_err:
+ self.statusitem.setImage_(self.img_err)
+ self.statusitem.setTitle_('Error!')
+ elif any_conn:
+ self.statusitem.setImage_(self.img_running)
+ if any_inprogress:
+ self.statusitem.setTitle_('Connecting...')
+ else:
+ self.statusitem.setTitle_('')
+ else:
+ self.statusitem.setImage_(self.img_idle)
+ self.statusitem.setTitle_('')
+
+ def load_servers(self):
+ l = my.Defaults().arrayForKey_('servers') or []
+ sl = []
+ for s in l:
+ host = s.get('host', None)
+ if not host: continue
+
+ nets = s.get('nets', [])
+ nl = []
+ for n in nets:
+ subnet = n[0]
+ width = n[1]
+ net = models.SshuttleNet.alloc().init()
+ net.setSubnet_(subnet)
+ net.setWidth_(width)
+ nl.append(net)
+
+ autoNets = s.get('autoNets', 1)
+ autoHosts = s.get('autoHosts', 1)
+ srv = models.SshuttleServer.alloc().init()
+ srv.setHost_(host)
+ srv.setAutoNets_(autoNets)
+ srv.setAutoHosts_(autoHosts)
+ srv.setNets_(nl)
+ sl.append(srv)
+ self.serversController.addObjects_(sl)
+ self.serversController.setSelectionIndex_(0)
+
+ def save_servers(self):
+ l = []
+ for s in self.servers:
+ host = s.host()
+ if not host: continue
+ nets = []
+ for n in s.nets():
+ subnet = n.subnet()
+ if not subnet: continue
+ nets.append((subnet, n.width()))
+ d = dict(host=s.host(),
+ nets=nets,
+ autoNets=s.autoNets(),
+ autoHosts=s.autoHosts())
+ l.append(d)
+ my.Defaults().setObject_forKey_(l, 'servers')
+ self.fill_menu()
+
+ def awakeFromNib(self):
+ self.routingField.removeAllItems()
+ tf = self.routingField.addItemWithTitle_
+ tf('Send all traffic through this server')
+ tf('Determine automatically')
+ tf('Custom...')
+
+ # Hmm, even when I mark this as !enabled in the .nib, it still comes
+ # through as enabled. So let's just disable it here (since we don't
+ # support this feature yet).
+ self.startAtLoginField.setEnabled_(False)
+ self.startAtLoginField.setState_(False)
+ self.autoReconnectField.setEnabled_(False)
+ self.autoReconnectField.setState_(False)
+
+ self.load_servers()
+
+ # Initialize our menu item
+ self.menu = NSMenu.alloc().initWithTitle_('Sshuttle')
+ bar = NSStatusBar.systemStatusBar()
+ statusitem = bar.statusItemWithLength_(NSVariableStatusItemLength)
+ self.statusitem = statusitem
+ self.img_idle = my.Image('chicken-tiny-bw', 'png')
+ self.img_running = my.Image('chicken-tiny', 'png')
+ self.img_err = my.Image('chicken-tiny-err', 'png')
+ statusitem.setImage_(self.img_idle)
+ statusitem.setHighlightMode_(True)
+ statusitem.setMenu_(self.menu)
+ self.fill_menu()
+
+ models.configchange_callback = my.DelayedCallback(self.save_servers)
+
+ def sc(server):
+ if server.wantConnect():
+ self._connect(server)
+ else:
+ self._disconnect(server)
+ models.setconnect_callback = sc
+
+
+# Note: NSApplicationMain calls sys.exit(), so this never returns.
+NSApplicationMain(sys.argv)
131 Sshuttle VPN.app/Contents/Resources/models.py
@@ -0,0 +1,131 @@
+from AppKit import *
+import my
+
+
+configchange_callback = setconnect_callback = None
+
+
+def config_changed():
+ if configchange_callback:
+ configchange_callback()
+
+
+def _validate_ip(v):
+ parts = v.split('.')[:4]
+ if len(parts) < 4:
+ parts += ['0'] * (4 - len(parts))
+ for i in range(4):
+ n = my.atoi(parts[i])
+ if n < 0:
+ n = 0
+ elif n > 255:
+ n = 255
+ parts[i] = str(n)
+ return '.'.join(parts)
+
+
+def _validate_width(v):
+ n = my.atoi(v)
+ if n < 0:
+ n = 0
+ elif n > 32:
+ n = 32
+ return n
+
+
+class SshuttleNet(NSObject):
+ def subnet(self):
+ return getattr(self, '_k_subnet', None)
+ def setSubnet_(self, v):
+ self._k_subnet = v
+ config_changed()
+ @objc.accessor
+ def validateSubnet_error_(self, value, error):
+ #print 'validateSubnet!'
+ return True, _validate_ip(value), error
+
+ def width(self):
+ return getattr(self, '_k_width', 24)
+ def setWidth_(self, v):
+ self._k_width = v
+ config_changed()
+ @objc.accessor
+ def validateWidth_error_(self, value, error):
+ #print 'validateWidth!'
+ return True, _validate_width(value), error
+
+NET_ALL = 0
+NET_AUTO = 1
+NET_MANUAL = 2
+
+class SshuttleServer(NSObject):
+ def init(self):
+ self = super(SshuttleServer, self).init()
+ config_changed()
+ return self
+
+ def wantConnect(self):
+ return getattr(self, '_k_wantconnect', False)
+ def setWantConnect_(self, v):
+ self._k_wantconnect = v
+ self.setError_(None)
+ config_changed()
+ if setconnect_callback: setconnect_callback(self)
+
+ def connected(self):
+ return getattr(self, '_k_connected', False)
+ def setConnected_(self, v):
+ print 'setConnected of %r to %r' % (self, v)
+ self._k_connected = v
+ if v: self.setError_(None) # connected ok, so no error
+ config_changed()
+
+ def error(self):
+ return getattr(self, '_k_error', None)
+ def setError_(self, v):
+ self._k_error = v
+ config_changed()
+
+ def isValid(self):
+ if not self.host():
+ return False
+ if self.autoNets() == NET_MANUAL and not len(list(self.nets())):
+ return False
+ return True
+
+ def host(self):
+ return getattr(self, '_k_host', None)
+ def setHost_(self, v):
+ self._k_host = v
+ config_changed()
+ @objc.accessor
+ def validateHost_error_(self, value, error):
+ #print 'validatehost! %r %r %r' % (self, value, error)
+ while value.startswith('-'):
+ value = value[1:]
+ return True, value, error
+
+ def nets(self):
+ return getattr(self, '_k_nets', [])
+ def setNets_(self, v):
+ self._k_nets = v
+ config_changed()
+ def netsHidden(self):
+ #print 'checking netsHidden'
+ return self.autoNets() != NET_MANUAL
+ def setNetsHidden_(self, v):
+ config_changed()
+ #print 'setting netsHidden to %r' % v
+
+ def autoNets(self):
+ return getattr(self, '_k_autoNets', NET_AUTO)
+ def setAutoNets_(self, v):
+ self._k_autoNets = v
+ self.setNetsHidden_(-1)
+ config_changed()
+
+ def autoHosts(self):
+ return getattr(self, '_k_autoHosts', True)
+ def setAutoHosts_(self, v):
+ self._k_autoHosts = v
+ config_changed()
62 Sshuttle VPN.app/Contents/Resources/my.py
@@ -0,0 +1,62 @@
+import sys, os
+from AppKit import *
+import PyObjCTools.AppHelper
+
+
+def bundle_path(name, typ):
+ if typ:
+ return NSBundle.mainBundle().pathForResource_ofType_(name, typ)
+ else:
+ return os.path.join(NSBundle.mainBundle().resourcePath(), name)
+
+
+# Load an NSData using a python string
+def Data(s):
+ return NSData.alloc().initWithBytes_length_(s, len(s))
+
+
+# Load a property list from a file in the application bundle.
+def PList(name):
+ path = bundle_path(name, 'plist')
+ return NSDictionary.dictionaryWithContentsOfFile_(path)
+
+
+# Load an NSImage from a file in the application bundle.
+def Image(name, ext):
+ bytes = open(bundle_path(name, ext)).read()
+ img = NSImage.alloc().initWithData_(Data(bytes))
+ return img
+
+
+# Return the NSUserDefaults shared object.
+def Defaults():
+ return NSUserDefaults.standardUserDefaults()
+
+
+# Usage:
+# f = DelayedCallback(func, args...)
+# later:
+# f()
+#
+# When you call f(), it will schedule a call to func() next time the
+# ObjC event loop iterates. Multiple calls to f() in a single iteration
+# will only result in one call to func().
+#
+def DelayedCallback(func, *args, **kwargs):
+ flag = [0]
+ def _go():
+ if flag[0]:
+ print 'running %r (flag=%r)' % (func, flag)
+ flag[0] = 0
+ func(*args, **kwargs)
+ def call():
+ flag[0] += 1
+ PyObjCTools.AppHelper.callAfter(_go)
+ return call
+
+
+def atoi(s):
+ try:
+ return int(s)
+ except ValueError:
+ return 0
26 Sshuttle VPN.app/Contents/Resources/sshuttle/assembler.py
@@ -0,0 +1,26 @@
+import sys, zlib
+
+z = zlib.decompressobj()
+mainmod = sys.modules[__name__]
+while 1:
+ name = sys.stdin.readline().strip()
+ if name:
+ nbytes = int(sys.stdin.readline())
+ if verbosity >= 2:
+ sys.stderr.write('server: assembling %r (%d bytes)\n'
+ % (name, nbytes))
+ content = z.decompress(sys.stdin.read(nbytes))
+ exec compile(content, name, "exec")
+
+ # FIXME: this crushes everything into a single module namespace,
+ # then makes each of the module names point at this one. Gross.
+ assert(name.endswith('.py'))
+ modname = name[:-3]
+ mainmod.__dict__[modname] = mainmod
+ else:
+ break
+
+verbose = verbosity
+sys.stderr.flush()
+sys.stdout.flush()
+main()
356 Sshuttle VPN.app/Contents/Resources/sshuttle/client.py
@@ -0,0 +1,356 @@
+import struct, socket, select, errno, re, signal
+import compat.ssubprocess as ssubprocess
+import helpers, ssnet, ssh, ssyslog
+from ssnet import SockWrapper, Handler, Proxy, Mux, MuxWrapper
+from helpers import *
+
+_extra_fd = os.open('/dev/null', os.O_RDONLY)
+
+def _islocal(ip):
+ sock = socket.socket()
+ try:
+ try:
+ sock.bind((ip, 0))
+ except socket.error, e:
+ if e.args[0] == errno.EADDRNOTAVAIL:
+ return False # not a local IP
+ else:
+ raise
+ finally:
+ sock.close()
+ return True # it's a local IP, or there would have been an error
+
+
+def got_signal(signum, frame):
+ log('exiting on signal %d\n' % signum)
+ sys.exit(1)
+
+
+_pidname = None
+def check_daemon(pidfile):
+ global _pidname
+ _pidname = os.path.abspath(pidfile)
+ try:
+ oldpid = open(_pidname).read(1024)
+ except IOError, e:
+ if e.errno == errno.ENOENT:
+ return # no pidfile, ok
+ else:
+ raise Fatal("can't read %s: %s" % (_pidname, e))
+ if not oldpid:
+ os.unlink(_pidname)
+ return # invalid pidfile, ok
+ oldpid = int(oldpid.strip() or 0)
+ if oldpid <= 0:
+ os.unlink(_pidname)
+ return # invalid pidfile, ok
+ try:
+ os.kill(oldpid, 0)
+ except OSError, e:
+ if e.errno == errno.ESRCH:
+ os.unlink(_pidname)
+ return # outdated pidfile, ok
+ elif e.errno == errno.EPERM:
+ pass
+ else:
+ raise
+ raise Fatal("%s: sshuttle is already running (pid=%d)"
+ % (_pidname, oldpid))
+
+
+def daemonize():
+ if os.fork():
+ os._exit(0)
+ os.setsid()
+ if os.fork():
+ os._exit(0)
+
+ outfd = os.open(_pidname, os.O_WRONLY|os.O_CREAT|os.O_EXCL, 0666)
+ try:
+ os.write(outfd, '%d\n' % os.getpid())
+ finally:
+ os.close(outfd)
+ os.chdir("/")
+
+ # Normal exit when killed, or try/finally won't work and the pidfile won't
+ # be deleted.
+ signal.signal(signal.SIGTERM, got_signal)
+
+ si = open('/dev/null', 'r+')
+ os.dup2(si.fileno(), 0)
+ os.dup2(si.fileno(), 1)
+ si.close()
+
+ ssyslog.stderr_to_syslog()
+
+
+def daemon_cleanup():
+ try:
+ os.unlink(_pidname)
+ except OSError, e:
+ if e.errno == errno.ENOENT:
+ pass
+ else:
+ raise
+
+
+def original_dst(sock):
+ try:
+ SO_ORIGINAL_DST = 80
+ SOCKADDR_MIN = 16
+ sockaddr_in = sock.getsockopt(socket.SOL_IP,
+ SO_ORIGINAL_DST, SOCKADDR_MIN)
+ (proto, port, a,b,c,d) = struct.unpack('!HHBBBB', sockaddr_in[:8])
+ assert(socket.htons(proto) == socket.AF_INET)
+ ip = '%d.%d.%d.%d' % (a,b,c,d)
+ return (ip,port)
+ except socket.error, e:
+ if e.args[0] == errno.ENOPROTOOPT:
+ return sock.getsockname()
+ raise
+
+
+class FirewallClient:
+ def __init__(self, port, subnets_include, subnets_exclude):
+ self.port = port
+ self.auto_nets = []
+ self.subnets_include = subnets_include
+ self.subnets_exclude = subnets_exclude
+ argvbase = ([sys.argv[0]] +
+ ['-v'] * (helpers.verbose or 0) +
+ ['--firewall', str(port)])
+ if ssyslog._p:
+ argvbase += ['--syslog']
+ argv_tries = [
+ ['sudo', '-p', '[local sudo] Password: '] + argvbase,
+ ['su', '-c', ' '.join(argvbase)],
+ argvbase
+ ]
+
+ # we can't use stdin/stdout=subprocess.PIPE here, as we normally would,
+ # because stupid Linux 'su' requires that stdin be attached to a tty.
+ # Instead, attach a *bidirectional* socket to its stdout, and use
+ # that for talking in both directions.
+ (s1,s2) = socket.socketpair()
+ def setup():
+ # run in the child process
+ s2.close()
+ e = None
+ if os.getuid() == 0:
+ argv_tries = argv_tries[-1:] # last entry only
+ for argv in argv_tries:
+ try:
+ if argv[0] == 'su':
+ sys.stderr.write('[local su] ')
+ self.p = ssubprocess.Popen(argv, stdout=s1, preexec_fn=setup)
+ e = None
+ break
+ except OSError, e:
+ pass
+ self.argv = argv
+ s1.close()
+ self.pfile = s2.makefile('wb+')
+ if e:
+ log('Spawning firewall manager: %r\n' % self.argv)
+ raise Fatal(e)
+ line = self.pfile.readline()
+ self.check()
+ if line != 'READY\n':
+ raise Fatal('%r expected READY, got %r' % (self.argv, line))
+
+ def check(self):
+ rv = self.p.poll()
+ if rv:
+ raise Fatal('%r returned %d' % (self.argv, rv))
+
+ def start(self):
+ self.pfile.write('ROUTES\n')
+ for (ip,width) in self.subnets_include+self.auto_nets:
+ self.pfile.write('%d,0,%s\n' % (width, ip))
+ for (ip,width) in self.subnets_exclude:
+ self.pfile.write('%d,1,%s\n' % (width, ip))
+ self.pfile.write('GO\n')
+ self.pfile.flush()
+ line = self.pfile.readline()
+ self.check()
+ if line != 'STARTED\n':
+ raise Fatal('%r expected STARTED, got %r' % (self.argv, line))
+
+ def sethostip(self, hostname, ip):
+ assert(not re.search(r'[^-\w]', hostname))
+ assert(not re.search(r'[^0-9.]', ip))
+ self.pfile.write('HOST %s,%s\n' % (hostname, ip))
+ self.pfile.flush()
+
+ def done(self):
+ self.pfile.close()
+ rv = self.p.wait()
+ if rv:
+ raise Fatal('cleanup: %r returned %d' % (self.argv, rv))
+
+
+def _main(listener, fw, ssh_cmd, remotename, python, seed_hosts, auto_nets,
+ syslog, daemon):
+ handlers = []
+ if helpers.verbose >= 1:
+ helpers.logprefix = 'c : '
+ else:
+ helpers.logprefix = 'client: '
+ debug1('connecting to server...\n')
+
+ try:
+ (serverproc, serversock) = ssh.connect(ssh_cmd, remotename, python,
+ stderr=ssyslog._p and ssyslog._p.stdin)
+ except socket.error, e:
+ if e.args[0] == errno.EPIPE:
+ raise Fatal("failed to establish ssh session (1)")
+ else:
+ raise
+ mux = Mux(serversock, serversock)
+ handlers.append(mux)
+
+ expected = 'SSHUTTLE0001'
+ try:
+ initstring = serversock.recv(len(expected))
+ except socket.error, e:
+ if e.args[0] == errno.ECONNRESET:
+ raise Fatal("failed to establish ssh session (2)")
+ else:
+ raise
+
+ rv = serverproc.poll()
+ if rv:
+ raise Fatal('server died with error code %d' % rv)
+
+ if initstring != expected:
+ raise Fatal('expected server init string %r; got %r'
+ % (expected, initstring))
+ debug1('connected.\n')
+ print 'Connected.'
+ sys.stdout.flush()
+ if daemon:
+ daemonize()
+ log('daemonizing (%s).\n' % _pidname)
+ elif syslog:
+ debug1('switching to syslog.\n')
+ ssyslog.stderr_to_syslog()
+
+ def onroutes(routestr):
+ if auto_nets:
+ for line in routestr.strip().split('\n'):
+ (ip,width) = line.split(',', 1)
+ fw.auto_nets.append((ip,int(width)))
+
+ # we definitely want to do this *after* starting ssh, or we might end
+ # up intercepting the ssh connection!
+ #
+ # Moreover, now that we have the --auto-nets option, we have to wait
+ # for the server to send us that message anyway. Even if we haven't
+ # set --auto-nets, we might as well wait for the message first, then
+ # ignore its contents.
+ mux.got_routes = None
+ fw.start()
+ mux.got_routes = onroutes
+
+ def onhostlist(hostlist):
+ debug2('got host list: %r\n' % hostlist)
+ for line in hostlist.strip().split():
+ if line:
+ name,ip = line.split(',', 1)
+ fw.sethostip(name, ip)
+ mux.got_host_list = onhostlist
+
+ def onaccept():
+ global _extra_fd
+ try:
+ sock,srcip = listener.accept()
+ except socket.error, e:
+ if e.args[0] in [errno.EMFILE, errno.ENFILE]:
+ debug1('Rejected incoming connection: too many open files!\n')
+ # free up an fd so we can eat the connection
+ os.close(_extra_fd)
+ try:
+ sock,srcip = listener.accept()
+ sock.close()
+ finally:
+ _extra_fd = os.open('/dev/null', os.O_RDONLY)
+ return
+ else:
+ raise
+ dstip = original_dst(sock)
+ debug1('Accept: %s:%r -> %s:%r.\n' % (srcip[0],srcip[1],
+ dstip[0],dstip[1]))
+ if dstip[1] == listener.getsockname()[1] and _islocal(dstip[0]):
+ debug1("-- ignored: that's my address!\n")
+ sock.close()
+ return
+ chan = mux.next_channel()
+ mux.send(chan, ssnet.CMD_CONNECT, '%s,%s' % dstip)
+ outwrap = MuxWrapper(mux, chan)
+ handlers.append(Proxy(SockWrapper(sock, sock), outwrap))
+ handlers.append(Handler([listener], onaccept))
+
+ if seed_hosts != None:
+ debug1('seed_hosts: %r\n' % seed_hosts)
+ mux.send(0, ssnet.CMD_HOST_REQ, '\n'.join(seed_hosts))
+
+ while 1:
+ rv = serverproc.poll()
+ if rv:
+ raise Fatal('server died with error code %d' % rv)
+
+ ssnet.runonce(handlers, mux)
+ mux.callback()
+ mux.check_fullness()
+
+
+def main(listenip, ssh_cmd, remotename, python, seed_hosts, auto_nets,
+ subnets_include, subnets_exclude, syslog, daemon, pidfile):
+ if syslog:
+ ssyslog.start_syslog()
+ if daemon:
+ try:
+ check_daemon(pidfile)
+ except Fatal, e:
+ log("%s\n" % e)
+ return 5
+ debug1('Starting sshuttle proxy.\n')
+ listener = socket.socket()
+ listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+ if listenip[1]:
+ ports = [listenip[1]]
+ else:
+ ports = xrange(12300,9000,-1)
+ last_e = None
+ bound = False
+ debug2('Binding:')
+ for port in ports:
+ debug2(' %d' % port)
+ try:
+ listener.bind((listenip[0], port))
+ bound = True
+ break
+ except socket.error, e:
+ last_e = e
+ debug2('\n')
+ if not bound:
+ assert(last_e)
+ raise last_e
+ listener.listen(10)
+ listenip = listener.getsockname()
+ debug1('Listening on %r.\n' % (listenip,))
+
+ fw = FirewallClient(listenip[1], subnets_include, subnets_exclude)
+
+ try:
+ return _main(listener, fw, ssh_cmd, remotename,
+ python, seed_hosts, auto_nets, syslog, daemon)
+ finally:
+ try:
+ if daemon:
+ # it's not our child anymore; can't waitpid
+ fw.p.returncode = 0
+ fw.done()
+ finally:
+ if daemon:
+ daemon_cleanup()
0  Sshuttle VPN.app/Contents/Resources/sshuttle/compat/__init__.py
No changes.
1,305 Sshuttle VPN.app/Contents/Resources/sshuttle/compat/ssubprocess.py
@@ -0,0 +1,1305 @@
+# subprocess - Subprocesses with accessible I/O streams
+#
+# For more information about this module, see PEP 324.
+#
+# This module should remain compatible with Python 2.2, see PEP 291.
+#
+# Copyright (c) 2003-2005 by Peter Astrand <astrand@lysator.liu.se>
+#
+# Licensed to PSF under a Contributor Agreement.
+# See http://www.python.org/2.4/license for licensing details.
+
+r"""subprocess - Subprocesses with accessible I/O streams
+
+This module allows you to spawn processes, connect to their
+input/output/error pipes, and obtain their return codes. This module
+intends to replace several other, older modules and functions, like:
+
+os.system
+os.spawn*
+os.popen*
+popen2.*
+commands.*
+
+Information about how the subprocess module can be used to replace these
+modules and functions can be found below.
+
+
+
+Using the subprocess module
+===========================
+This module defines one class called Popen:
+
+class Popen(args, bufsize=0, executable=None,
+ stdin=None, stdout=None, stderr=None,
+ preexec_fn=None, close_fds=False, shell=False,
+ cwd=None, env=None, universal_newlines=False,
+ startupinfo=None, creationflags=0):
+
+
+Arguments are:
+
+args should be a string, or a sequence of program arguments. The
+program to execute is normally the first item in the args sequence or
+string, but can be explicitly set by using the executable argument.
+
+On UNIX, with shell=False (default): In this case, the Popen class
+uses os.execvp() to execute the child program. args should normally
+be a sequence. A string will be treated as a sequence with the string
+as the only item (the program to execute).
+
+On UNIX, with shell=True: If args is a string, it specifies the
+command string to execute through the shell. If args is a sequence,
+the first item specifies the command string, and any additional items
+will be treated as additional shell arguments.
+
+On Windows: the Popen class uses CreateProcess() to execute the child
+program, which operates on strings. If args is a sequence, it will be
+converted to a string using the list2cmdline method. Please note that
+not all MS Windows applications interpret the command line the same
+way: The list2cmdline is designed for applications using the same
+rules as the MS C runtime.
+
+bufsize, if given, has the same meaning as the corresponding argument
+to the built-in open() function: 0 means unbuffered, 1 means line
+buffered, any other positive value means use a buffer of
+(approximately) that size. A negative bufsize means to use the system
+default, which usually means fully buffered. The default value for
+bufsize is 0 (unbuffered).
+
+stdin, stdout and stderr specify the executed programs' standard
+input, standard output and standard error file handles, respectively.
+Valid values are PIPE, an existing file descriptor (a positive
+integer), an existing file object, and None. PIPE indicates that a
+new pipe to the child should be created. With None, no redirection
+will occur; the child's file handles will be inherited from the
+parent. Additionally, stderr can be STDOUT, which indicates that the
+stderr data from the applications should be captured into the same
+file handle as for stdout.
+
+If preexec_fn is set to a callable object, this object will be called
+in the child process just before the child is executed.
+
+If close_fds is true, all file descriptors except 0, 1 and 2 will be
+closed before the child process is executed.
+
+if shell is true, the specified command will be executed through the
+shell.
+
+If cwd is not None, the current directory will be changed to cwd
+before the child is executed.
+
+If env is not None, it defines the environment variables for the new
+process.
+
+If universal_newlines is true, the file objects stdout and stderr are
+opened as a text files, but lines may be terminated by any of '\n',
+the Unix end-of-line convention, '\r', the Macintosh convention or
+'\r\n', the Windows convention. All of these external representations
+are seen as '\n' by the Python program. Note: This feature is only
+available if Python is built with universal newline support (the
+default). Also, the newlines attribute of the file objects stdout,
+stdin and stderr are not updated by the communicate() method.
+
+The startupinfo and creationflags, if given, will be passed to the
+underlying CreateProcess() function. They can specify things such as
+appearance of the main window and priority for the new process.
+(Windows only)
+
+
+This module also defines two shortcut functions:
+
+call(*popenargs, **kwargs):
+ Run command with arguments. Wait for command to complete, then
+ return the returncode attribute.
+
+ The arguments are the same as for the Popen constructor. Example:
+
+ retcode = call(["ls", "-l"])
+
+check_call(*popenargs, **kwargs):
+ Run command with arguments. Wait for command to complete. If the
+ exit code was zero then return, otherwise raise
+ CalledProcessError. The CalledProcessError object will have the
+ return code in the returncode attribute.
+
+ The arguments are the same as for the Popen constructor. Example:
+
+ check_call(["ls", "-l"])
+
+Exceptions
+----------
+Exceptions raised in the child process, before the new program has
+started to execute, will be re-raised in the parent. Additionally,
+the exception object will have one extra attribute called
+'child_traceback', which is a string containing traceback information
+from the childs point of view.
+
+The most common exception raised is OSError. This occurs, for
+example, when trying to execute a non-existent file. Applications
+should prepare for OSErrors.
+
+A ValueError will be raised if Popen is called with invalid arguments.
+
+check_call() will raise CalledProcessError, if the called process
+returns a non-zero return code.
+
+
+Security
+--------
+Unlike some other popen functions, this implementation will never call
+/bin/sh implicitly. This means that all characters, including shell
+metacharacters, can safely be passed to child processes.
+
+
+Popen objects
+=============
+Instances of the Popen class have the following methods:
+
+poll()
+ Check if child process has terminated. Returns returncode
+ attribute.
+
+wait()
+ Wait for child process to terminate. Returns returncode attribute.
+
+communicate(input=None)
+ Interact with process: Send data to stdin. Read data from stdout
+ and stderr, until end-of-file is reached. Wait for process to
+ terminate. The optional input argument should be a string to be
+ sent to the child process, or None, if no data should be sent to
+ the child.
+
+ communicate() returns a tuple (stdout, stderr).
+
+ Note: The data read is buffered in memory, so do not use this
+ method if the data size is large or unlimited.
+
+The following attributes are also available:
+
+stdin
+ If the stdin argument is PIPE, this attribute is a file object
+ that provides input to the child process. Otherwise, it is None.
+
+stdout
+ If the stdout argument is PIPE, this attribute is a file object
+ that provides output from the child process. Otherwise, it is
+ None.
+
+stderr
+ If the stderr argument is PIPE, this attribute is file object that
+ provides error output from the child process. Otherwise, it is
+ None.
+
+pid
+ The process ID of the child process.
+
+returncode
+ The child return code. A None value indicates that the process
+ hasn't terminated yet. A negative value -N indicates that the
+ child was terminated by signal N (UNIX only).
+
+
+Replacing older functions with the subprocess module
+====================================================
+In this section, "a ==> b" means that b can be used as a replacement
+for a.
+
+Note: All functions in this section fail (more or less) silently if
+the executed program cannot be found; this module raises an OSError
+exception.
+
+In the following examples, we assume that the subprocess module is
+imported with "from subprocess import *".
+
+
+Replacing /bin/sh shell backquote
+---------------------------------
+output=`mycmd myarg`
+==>
+output = Popen(["mycmd", "myarg"], stdout=PIPE).communicate()[0]
+
+
+Replacing shell pipe line
+-------------------------
+output=`dmesg | grep hda`
+==>
+p1 = Popen(["dmesg"], stdout=PIPE)
+p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE)
+output = p2.communicate()[0]
+
+
+Replacing os.system()
+---------------------
+sts = os.system("mycmd" + " myarg")
+==>
+p = Popen("mycmd" + " myarg", shell=True)
+pid, sts = os.waitpid(p.pid, 0)
+
+Note:
+
+* Calling the program through the shell is usually not required.
+
+* It's easier to look at the returncode attribute than the
+ exitstatus.
+
+A more real-world example would look like this:
+
+try:
+ retcode = call("mycmd" + " myarg", shell=True)
+ if retcode < 0:
+ print >>sys.stderr, "Child was terminated by signal", -retcode
+ else:
+ print >>sys.stderr, "Child returned", retcode
+except OSError, e:
+ print >>sys.stderr, "Execution failed:", e
+
+
+Replacing os.spawn*
+-------------------
+P_NOWAIT example:
+
+pid = os.spawnlp(os.P_NOWAIT, "/bin/mycmd", "mycmd", "myarg")
+==>
+pid = Popen(["/bin/mycmd", "myarg"]).pid
+
+
+P_WAIT example:
+
+retcode = os.spawnlp(os.P_WAIT, "/bin/mycmd", "mycmd", "myarg")
+==>
+retcode = call(["/bin/mycmd", "myarg"])
+
+
+Vector example:
+
+os.spawnvp(os.P_NOWAIT, path, args)
+==>
+Popen([path] + args[1:])
+
+
+Environment example:
+
+os.spawnlpe(os.P_NOWAIT, "/bin/mycmd", "mycmd", "myarg", env)
+==>
+Popen(["/bin/mycmd", "myarg"], env={"PATH": "/usr/bin"})
+
+
+Replacing os.popen*
+-------------------
+pipe = os.popen(cmd, mode='r', bufsize)
+==>
+pipe = Popen(cmd, shell=True, bufsize=bufsize, stdout=PIPE).stdout
+
+pipe = os.popen(cmd, mode='w', bufsize)
+==>
+pipe = Popen(cmd, shell=True, bufsize=bufsize, stdin=PIPE).stdin
+
+
+(child_stdin, child_stdout) = os.popen2(cmd, mode, bufsize)
+==>
+p = Popen(cmd, shell=True, bufsize=bufsize,
+ stdin=PIPE, stdout=PIPE, close_fds=True)
+(child_stdin, child_stdout) = (p.stdin, p.stdout)
+
+
+(child_stdin,
+ child_stdout,
+ child_stderr) = os.popen3(cmd, mode, bufsize)
+==>
+p = Popen(cmd, shell=True, bufsize=bufsize,
+ stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
+(child_stdin,
+ child_stdout,
+ child_stderr) = (p.stdin, p.stdout, p.stderr)
+
+
+(child_stdin, child_stdout_and_stderr) = os.popen4(cmd, mode, bufsize)
+==>
+p = Popen(cmd, shell=True, bufsize=bufsize,
+ stdin=PIPE, stdout=PIPE, stderr=STDOUT, close_fds=True)
+(child_stdin, child_stdout_and_stderr) = (p.stdin, p.stdout)
+
+
+Replacing popen2.*
+------------------
+Note: If the cmd argument to popen2 functions is a string, the command
+is executed through /bin/sh. If it is a list, the command is directly
+executed.
+
+(child_stdout, child_stdin) = popen2.popen2("somestring", bufsize, mode)
+==>
+p = Popen(["somestring"], shell=True, bufsize=bufsize
+ stdin=PIPE, stdout=PIPE, close_fds=True)
+(child_stdout, child_stdin) = (p.stdout, p.stdin)
+
+
+(child_stdout, child_stdin) = popen2.popen2(["mycmd", "myarg"], bufsize, mode)
+==>
+p = Popen(["mycmd", "myarg"], bufsize=bufsize,
+ stdin=PIPE, stdout=PIPE, close_fds=True)
+(child_stdout, child_stdin) = (p.stdout, p.stdin)
+
+The popen2.Popen3 and popen2.Popen4 basically works as subprocess.Popen,
+except that:
+
+* subprocess.Popen raises an exception if the execution fails
+* the capturestderr argument is replaced with the stderr argument.
+* stdin=PIPE and stdout=PIPE must be specified.
+* popen2 closes all filedescriptors by default, but you have to specify
+ close_fds=True with subprocess.Popen.
+"""
+
+import sys
+mswindows = (sys.platform == "win32")
+
+import os
+import types
+import traceback
+import gc
+import signal
+
+# Exception classes used by this module.
+class CalledProcessError(Exception):
+ """This exception is raised when a process run by check_call() returns
+ a non-zero exit status. The exit status will be stored in the
+ returncode attribute."""
+ def __init__(self, returncode, cmd):
+ self.returncode = returncode
+ self.cmd = cmd
+ def __str__(self):
+ return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode)
+
+
+if mswindows:
+ import threading
+ import msvcrt
+ if 0: # <-- change this to use pywin32 instead of the _subprocess driver
+ import pywintypes
+ from win32api import GetStdHandle, STD_INPUT_HANDLE, \
+ STD_OUTPUT_HANDLE, STD_ERROR_HANDLE
+ from win32api import GetCurrentProcess, DuplicateHandle, \
+ GetModuleFileName, GetVersion
+ from win32con import DUPLICATE_SAME_ACCESS, SW_HIDE
+ from win32pipe import CreatePipe
+ from win32process import CreateProcess, STARTUPINFO, \
+ GetExitCodeProcess, STARTF_USESTDHANDLES, \
+ STARTF_USESHOWWINDOW, CREATE_NEW_CONSOLE
+ from win32process import TerminateProcess
+ from win32event import WaitForSingleObject, INFINITE, WAIT_OBJECT_0
+ else:
+ from _subprocess import *
+ class STARTUPINFO:
+ dwFlags = 0
+ hStdInput = None
+ hStdOutput = None
+ hStdError = None
+ wShowWindow = 0
+ class pywintypes:
+ error = IOError
+else:
+ import select
+ import errno
+ import fcntl
+ import pickle
+
+__all__ = ["Popen", "PIPE", "STDOUT", "call", "check_call", "CalledProcessError"]
+
+try:
+ MAXFD = os.sysconf("SC_OPEN_MAX")
+except:
+ MAXFD = 256
+
+# True/False does not exist on 2.2.0
+#try:
+# False
+#except NameError:
+# False = 0
+# True = 1
+
+_active = []
+
+def _cleanup():
+ for inst in _active[:]:
+ if inst._internal_poll(_deadstate=sys.maxint) >= 0:
+ try:
+ _active.remove(inst)
+ except ValueError:
+ # This can happen if two threads create a new Popen instance.
+ # It's harmless that it was already removed, so ignore.
+ pass
+
+PIPE = -1
+STDOUT = -2
+
+
+def call(*popenargs, **kwargs):
+ """Run command with arguments. Wait for command to complete, then
+ return the returncode attribute.
+
+ The arguments are the same as for the Popen constructor. Example:
+
+ retcode = call(["ls", "-l"])
+ """
+ return Popen(*popenargs, **kwargs).wait()
+
+
+def check_call(*popenargs, **kwargs):
+ """Run command with arguments. Wait for command to complete. If
+ the exit code was zero then return, otherwise raise
+ CalledProcessError. The CalledProcessError object will have the
+ return code in the returncode attribute.
+
+ The arguments are the same as for the Popen constructor. Example:
+
+ check_call(["ls", "-l"])
+ """
+ retcode = call(*popenargs, **kwargs)
+ cmd = kwargs.get("args")
+ if cmd is None:
+ cmd = popenargs[0]
+ if retcode:
+ raise CalledProcessError(retcode, cmd)
+ return retcode
+
+
+def list2cmdline(seq):
+ """
+ Translate a sequence of arguments into a command line
+ string, using the same rules as the MS C runtime:
+
+ 1) Arguments are delimited by white space, which is either a
+ space or a tab.
+
+ 2) A string surrounded by double quotation marks is
+ interpreted as a single argument, regardless of white space
+ or pipe characters contained within. A quoted string can be
+ embedded in an argument.
+
+ 3) A double quotation mark preceded by a backslash is
+ interpreted as a literal double quotation mark.
+
+ 4) Backslashes are interpreted literally, unless they
+ immediately precede a double quotation mark.
+
+ 5) If backslashes immediately precede a double quotation mark,
+ every pair of backslashes is interpreted as a literal
+ backslash. If the number of backslashes is odd, the last
+ backslash escapes the next double quotation mark as
+ described in rule 3.
+ """
+
+ # See
+ # http://msdn.microsoft.com/library/en-us/vccelng/htm/progs_12.asp
+ result = []
+ needquote = False
+ for arg in seq:
+ bs_buf = []
+
+ # Add a space to separate this argument from the others
+ if result:
+ result.append(' ')
+
+ needquote = (" " in arg) or ("\t" in arg) or ("|" in arg) or not arg
+ if needquote:
+ result.append('"')
+
+ for c in arg:
+ if c == '\\':
+ # Don't know if we need to double yet.
+ bs_buf.append(c)
+ elif c == '"':
+ # Double backslashes.
+ result.append('\\' * len(bs_buf)*2)
+ bs_buf = []
+ result.append('\\"')
+ else:
+ # Normal char
+ if bs_buf:
+ result.extend(bs_buf)
+ bs_buf = []
+ result.append(c)
+
+ # Add remaining backslashes, if any.
+ if bs_buf:
+ result.extend(bs_buf)
+
+ if needquote:
+ result.extend(bs_buf)
+ result.append('"')
+
+ return ''.join(result)
+
+
+def _closerange(start, max):
+ try:
+ os.closerange(start, max)
+ except AttributeError:
+ for i in xrange(start, max):
+ try:
+ os.close(i)
+ except:
+ pass
+
+
+class Popen(object):
+ def __init__(self, args, bufsize=0, executable=None,
+ stdin=None, stdout=None, stderr=None,
+ preexec_fn=None, close_fds=False, shell=False,
+ cwd=None, env=None, universal_newlines=False,
+ startupinfo=None, creationflags=0):
+ """Create new Popen instance."""
+ _cleanup()
+
+ self._child_created = False
+ if not isinstance(bufsize, (int, long)):
+ raise TypeError("bufsize must be an integer")
+
+ if mswindows:
+ if preexec_fn is not None:
+ raise ValueError("preexec_fn is not supported on Windows "
+ "platforms")
+ if close_fds and (stdin is not None or stdout is not None or
+ stderr is not None):
+ raise ValueError("close_fds is not supported on Windows "
+ "platforms if you redirect stdin/stdout/stderr")
+ else:
+ # POSIX
+ if startupinfo is not None:
+ raise ValueError("startupinfo is only supported on Windows "
+ "platforms")
+ if creationflags != 0:
+ raise ValueError("creationflags is only supported on Windows "
+ "platforms")
+
+ self.stdin = None
+ self.stdout = None
+ self.stderr = None
+ self.pid = None
+ self.returncode = None
+ self.universal_newlines = universal_newlines
+
+ # Input and output objects. The general principle is like
+ # this:
+ #
+ # Parent Child
+ # ------ -----
+ # p2cwrite ---stdin---> p2cread
+ # c2pread <--stdout--- c2pwrite
+ # errread <--stderr--- errwrite
+ #
+ # On POSIX, the child objects are file descriptors. On
+ # Windows, these are Windows file handles. The parent objects
+ # are file descriptors on both platforms. The parent objects
+ # are None when not using PIPEs. The child objects are None
+ # when not redirecting.
+
+ (p2cread, p2cwrite,
+ c2pread, c2pwrite,
+ errread, errwrite) = self._get_handles(stdin, stdout, stderr)
+
+ self._execute_child(args, executable, preexec_fn, close_fds,
+ cwd, env, universal_newlines,
+ startupinfo, creationflags, shell,
+ p2cread, p2cwrite,
+ c2pread, c2pwrite,
+ errread, errwrite)
+
+ # On Windows, you cannot just redirect one or two handles: You
+ # either have to redirect all three or none. If the subprocess
+ # user has only redirected one or two handles, we are
+ # automatically creating PIPEs for the rest. We should close
+ # these after the process is started. See bug #1124861.
+ if mswindows:
+ if stdin is None and p2cwrite is not None:
+ os.close(p2cwrite)
+ p2cwrite = None
+ if stdout is None and c2pread is not None:
+ os.close(c2pread)
+ c2pread = None
+ if stderr is None and errread is not None:
+ os.close(errread)
+ errread = None
+
+ if p2cwrite is not None:
+ self.stdin = os.fdopen(p2cwrite, 'wb', bufsize)
+ if c2pread is not None:
+ if universal_newlines:
+ self.stdout = os.fdopen(c2pread, 'rU', bufsize)
+ else:
+ self.stdout = os.fdopen(c2pread, 'rb', bufsize)
+ if errread is not None:
+ if universal_newlines:
+ self.stderr = os.fdopen(errread, 'rU', bufsize)
+ else:
+ self.stderr = os.fdopen(errread, 'rb', bufsize)
+
+
+ def _translate_newlines(self, data):
+ data = data.replace("\r\n", "\n")
+ data = data.replace("\r", "\n")
+ return data
+
+
+ def __del__(self, sys=sys):
+ if not self._child_created:
+ # We didn't get to successfully create a child process.
+ return
+ # In case the child hasn't been waited on, check if it's done.
+ self._internal_poll(_deadstate=sys.maxint)
+ if self.returncode is None and _active is not None:
+ # Child is still running, keep us alive until we can wait on it.
+ _active.append(self)
+
+
+ def communicate(self, input=None):
+ """Interact with process: Send data to stdin. Read data from
+ stdout and stderr, until end-of-file is reached. Wait for
+ process to terminate. The optional input argument should be a
+ string to be sent to the child process, or None, if no data
+ should be sent to the child.
+
+ communicate() returns a tuple (stdout, stderr)."""
+
+ # Optimization: If we are only using one pipe, or no pipe at
+ # all, using select() or threads is unnecessary.
+ if [self.stdin, self.stdout, self.stderr].count(None) >= 2:
+ stdout = None
+ stderr = None
+ if self.stdin:
+ if input:
+ self.stdin.write(input)
+ self.stdin.close()
+ elif self.stdout:
+ stdout = self.stdout.read()
+ self.stdout.close()
+ elif self.stderr:
+ stderr = self.stderr.read()
+ self.stderr.close()
+ self.wait()
+ return (stdout, stderr)
+
+ return self._communicate(input)
+
+
+ def poll(self):
+ return self._internal_poll()
+
+
+ if mswindows:
+ #
+ # Windows methods
+ #
+ def _get_handles(self, stdin, stdout, stderr):
+ """Construct and return tupel with IO objects:
+ p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite
+ """
+ if stdin is None and stdout is None and stderr is None:
+ return (None, None, None, None, None, None)
+
+ p2cread, p2cwrite = None, None
+ c2pread, c2pwrite = None, None
+ errread, errwrite = None, None
+
+ if stdin is None:
+ p2cread = GetStdHandle(STD_INPUT_HANDLE)
+ if p2cread is not None:
+ pass
+ elif stdin is None or stdin == PIPE:
+ p2cread, p2cwrite = CreatePipe(None, 0)
+ # Detach and turn into fd
+ p2cwrite = p2cwrite.Detach()
+ p2cwrite = msvcrt.open_osfhandle(p2cwrite, 0)
+ elif isinstance(stdin, int):
+ p2cread = msvcrt.get_osfhandle(stdin)
+ else:
+ # Assuming file-like object
+ p2cread = msvcrt.get_osfhandle(stdin.fileno())
+ p2cread = self._make_inheritable(p2cread)
+
+ if stdout is None:
+ c2pwrite = GetStdHandle(STD_OUTPUT_HANDLE)
+ if c2pwrite is not None:
+ pass
+ elif stdout is None or stdout == PIPE:
+ c2pread, c2pwrite = CreatePipe(None, 0)
+ # Detach and turn into fd
+ c2pread = c2pread.Detach()
+ c2pread = msvcrt.open_osfhandle(c2pread, 0)
+ elif isinstance(stdout, int):
+ c2pwrite = msvcrt.get_osfhandle(stdout)
+ else:
+ # Assuming file-like object
+ c2pwrite = msvcrt.get_osfhandle(stdout.fileno())
+ c2pwrite = self._make_inheritable(c2pwrite)
+
+ if stderr is None:
+ errwrite = GetStdHandle(STD_ERROR_HANDLE)
+ if errwrite is not None:
+ pass
+ elif stderr is None or stderr == PIPE:
+ errread, errwrite = CreatePipe(None, 0)
+ # Detach and turn into fd
+ errread = errread.Detach()
+ errread = msvcrt.open_osfhandle(errread, 0)
+ elif stderr == STDOUT:
+ errwrite = c2pwrite
+ elif isinstance(stderr, int):
+ errwrite = msvcrt.get_osfhandle(stderr)
+ else:
+ # Assuming file-like object
+ errwrite = msvcrt.get_osfhandle(stderr.fileno())
+ errwrite = self._make_inheritable(errwrite)
+
+ return (p2cread, p2cwrite,
+ c2pread, c2pwrite,
+ errread, errwrite)
+
+
+ def _make_inheritable(self, handle):
+ """Return a duplicate of handle, which is inheritable"""
+ return DuplicateHandle(GetCurrentProcess(), handle,
+ GetCurrentProcess(), 0, 1,
+ DUPLICATE_SAME_ACCESS)
+
+
+ def _find_w9xpopen(self):
+ """Find and return absolut path to w9xpopen.exe"""
+ w9xpopen = os.path.join(os.path.dirname(GetModuleFileName(0)),
+ "w9xpopen.exe")
+ if not os.path.exists(w9xpopen):
+ # Eeek - file-not-found - possibly an embedding
+ # situation - see if we can locate it in sys.exec_prefix
+ w9xpopen = os.path.join(os.path.dirname(sys.exec_prefix),
+ "w9xpopen.exe")
+ if not os.path.exists(w9xpopen):
+ raise RuntimeError("Cannot locate w9xpopen.exe, which is "
+ "needed for Popen to work with your "
+ "shell or platform.")
+ return w9xpopen
+
+
+ def _execute_child(self, args, executable, preexec_fn, close_fds,
+ cwd, env, universal_newlines,
+ startupinfo, creationflags, shell,
+ p2cread, p2cwrite,
+ c2pread, c2pwrite,
+ errread, errwrite):
+ """Execute program (MS Windows version)"""
+
+ if not isinstance(args, types.StringTypes):
+ args = list2cmdline(args)
+
+ # Process startup details
+ if startupinfo is None:
+ startupinfo = STARTUPINFO()
+ if None not in (p2cread, c2pwrite, errwrite):
+ startupinfo.dwFlags |= STARTF_USESTDHANDLES
+ startupinfo.hStdInput = p2cread
+ startupinfo.hStdOutput = c2pwrite
+ startupinfo.hStdError = errwrite
+
+ if shell:
+ startupinfo.dwFlags |= STARTF_USESHOWWINDOW
+ startupinfo.wShowWindow = SW_HIDE
+ comspec = os.environ.get("COMSPEC", "cmd.exe")
+ args = comspec + " /c " + args
+ if (GetVersion() >= 0x80000000L or
+ os.path.basename(comspec).lower() == "command.com"):
+ # Win9x, or using command.com on NT. We need to
+ # use the w9xpopen intermediate program. For more
+ # information, see KB Q150956
+ # (http://web.archive.org/web/20011105084002/http://support.microsoft.com/support/kb/articles/Q150/9/56.asp)
+ w9xpopen = self._find_w9xpopen()
+ args = '"%s" %s' % (w9xpopen, args)
+ # Not passing CREATE_NEW_CONSOLE has been known to
+ # cause random failures on win9x. Specifically a
+ # dialog: "Your program accessed mem currently in
+ # use at xxx" and a hopeful warning about the
+ # stability of your system. Cost is Ctrl+C wont
+ # kill children.
+ creationflags |= CREATE_NEW_CONSOLE
+
+ # Start the process
+ try:
+ hp, ht, pid, tid = CreateProcess(executable, args,
+ # no special security
+ None, None,
+ int(not close_fds),
+ creationflags,
+ env,
+ cwd,
+ startupinfo)
+ except pywintypes.error, e:
+ # Translate pywintypes.error to WindowsError, which is
+ # a subclass of OSError. FIXME: We should really
+ # translate errno using _sys_errlist (or simliar), but
+ # how can this be done from Python?
+ raise WindowsError(*e.args)
+
+ # Retain the process handle, but close the thread handle
+ self._child_created = True
+ self._handle = hp
+ self.pid = pid
+ ht.Close()
+
+ # Child is launched. Close the parent's copy of those pipe
+ # handles that only the child should have open. You need
+ # to make sure that no handles to the write end of the
+ # output pipe are maintained in this process or else the
+ # pipe will not close when the child process exits and the
+ # ReadFile will hang.
+ if p2cread is not None:
+ p2cread.Close()
+ if c2pwrite is not None:
+ c2pwrite.Close()
+ if errwrite is not None:
+ errwrite.Close()
+
+
+ def _internal_poll(self, _deadstate=None):
+ """Check if child process has terminated. Returns returncode
+ attribute."""
+ if self.returncode is None:
+ if WaitForSingleObject(self._handle, 0) == WAIT_OBJECT_0:
+ self.returncode = GetExitCodeProcess(self._handle)
+ return self.returncode
+
+
+ def wait(self):
+ """Wait for child process to terminate. Returns returncode
+ attribute."""
+ if self.returncode is None:
+ obj = WaitForSingleObject(self._handle, INFINITE)
+ self.returncode = GetExitCodeProcess(self._handle)
+ return self.returncode
+
+
+ def _readerthread(self, fh, buffer):
+ buffer.append(fh.read())
+
+
+ def _communicate(self, input):
+ stdout = None # Return
+ stderr = None # Return
+
+ if self.stdout:
+ stdout = []
+ stdout_thread = threading.Thread(target=self._readerthread,
+ args=(self.stdout, stdout))
+ stdout_thread.setDaemon(True)
+ stdout_thread.start()
+ if self.stderr:
+ stderr = []
+ stderr_thread = threading.Thread(target=self._readerthread,
+ args=(self.stderr, stderr))
+ stderr_thread.setDaemon(True)
+ stderr_thread.start()
+
+ if self.stdin:
+ if input is not None:
+ self.stdin.write(input)
+ self.stdin.close()
+
+ if self.stdout:
+ stdout_thread.join()
+ if self.stderr:
+ stderr_thread.join()
+
+ # All data exchanged. Translate lists into strings.
+ if stdout is not None:
+ stdout = stdout[0]
+ if stderr is not None:
+ stderr = stderr[0]
+
+ # Translate newlines, if requested. We cannot let the file
+ # object do the translation: It is based on stdio, which is
+ # impossible to combine with select (unless forcing no
+ # buffering).
+ if self.universal_newlines and hasattr(file, 'newlines'):
+ if stdout:
+ stdout = self._translate_newlines(stdout)
+ if stderr:
+ stderr = self._translate_newlines(stderr)
+
+ self.wait()
+ return (stdout, stderr)
+
+ def send_signal(self, sig):
+ """Send a signal to the process
+ """
+ if sig == signal.SIGTERM:
+ self.terminate()
+ else:
+ raise ValueError("Only SIGTERM is supported on Windows")
+
+ def terminate(self):
+ """Terminates the process
+ """
+ TerminateProcess(self._handle, 1)
+
+ kill = terminate
+
+ else:
+ #
+ # POSIX methods
+ #
+ def _get_handles(self, stdin, stdout, stderr):
+ """Construct and return tupel with IO objects:
+ p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite
+ """
+ p2cread, p2cwrite = None, None
+ c2pread, c2pwrite = None, None
+ errread, errwrite = None, None
+
+ if stdin is None:
+ pass
+ elif stdin == PIPE:
+ p2cread, p2cwrite = os.pipe()
+ elif isinstance(stdin, int):
+ p2cread = stdin
+ else:
+ # Assuming file-like object
+ p2cread = stdin.fileno()
+
+ if stdout is None:
+ pass
+ elif stdout == PIPE:
+ c2pread, c2pwrite = os.pipe()
+ elif isinstance(stdout, int):
+ c2pwrite = stdout
+ else:
+ # Assuming file-like object
+ c2pwrite = stdout.fileno()
+
+ if stderr is None:
+ pass
+ elif stderr == PIPE:
+ errread, errwrite = os.pipe()
+ elif stderr == STDOUT:
+ errwrite = c2pwrite
+ elif isinstance(stderr, int):
+ errwrite = stderr
+ else:
+ # Assuming file-like object
+ errwrite = stderr.fileno()
+
+ return (p2cread, p2cwrite,
+ c2pread, c2pwrite,
+ errread, errwrite)
+
+
+ def _set_cloexec_flag(self, fd):
+ try:
+ cloexec_flag = fcntl.FD_CLOEXEC
+ except AttributeError:
+ cloexec_flag = 1
+
+ old = fcntl.fcntl(fd, fcntl.F_GETFD)
+ fcntl.fcntl(fd, fcntl.F_SETFD, old | cloexec_flag)
+
+
+ def _close_fds(self, but):
+ _closerange(3, but)
+ _closerange(but + 1, MAXFD)
+
+
+ def _execute_child(self, args, executable, preexec_fn, close_fds,
+ cwd, env, universal_newlines,
+ startupinfo, creationflags, shell,
+ p2cread, p2cwrite,
+ c2pread, c2pwrite,
+ errread, errwrite):
+ """Execute program (POSIX version)"""
+
+ if isinstance(args, types.StringTypes):
+ args = [args]
+ else:
+ args = list(args)
+
+ if shell:
+ args = ["/bin/sh", "-c"] + args
+
+ if executable is None:
+ executable = args[0]
+
+ # For transferring possible exec failure from child to parent
+ # The first char specifies the exception type: 0 means
+ # OSError, 1 means some other error.
+ errpipe_read, errpipe_write = os.pipe()
+ self._set_cloexec_flag(errpipe_write)
+
+ gc_was_enabled = gc.isenabled()
+ # Disable gc to avoid bug where gc -> file_dealloc ->
+ # write to stderr -> hang. http://bugs.python.org/issue1336
+ gc.disable()
+ try:
+ self.pid = os.fork()
+ except:
+ if gc_was_enabled:
+ gc.enable()
+ raise
+ self._child_created = True
+ if self.pid == 0:
+ # Child
+ try:
+ # Close parent's pipe ends
+ if p2cwrite is not None:
+ os.close(p2cwrite)
+ if c2pread is not None:
+ os.close(c2pread)
+ if errread is not None:
+ os.close(errread)
+ os.close(errpipe_read)
+
+ # Dup fds for child
+ if p2cread is not None:
+ os.dup2(p2cread, 0)
+ if c2pwrite is not None:
+ os.dup2(c2pwrite, 1)
+ if errwrite is not None:
+ os.dup2(errwrite, 2)
+
+ # Close pipe fds. Make sure we don't close the same
+ # fd more than once, or standard fds.
+ if p2cread is not None and p2cread not in (0,):
+ os.close(p2cread)
+ if c2pwrite is not None and c2pwrite not in (p2cread, 1):
+ os.close(c2pwrite)
+ if errwrite is not None and errwrite not in (p2cread, c2pwrite, 2):
+ os.close(errwrite)
+
+ # Close all other fds, if asked for
+ if close_fds:
+ self._close_fds(but=errpipe_write)
+
+ if cwd is not None:
+ os.chdir(cwd)
+
+ if preexec_fn:
+ preexec_fn()
+
+ if env is None:
+ os.execvp(executable, args)
+ else:
+ os.execvpe(executable, args, env)
+
+ except:
+ exc_type, exc_value, tb = sys.exc_info()
+ # Save the traceback and attach it to the exception object
+ exc_lines = traceback.format_exception(exc_type,
+ exc_value,
+ tb)
+ exc_value.child_traceback = ''.join(exc_lines)
+ os.write(errpipe_write, pickle.dumps(exc_value))
+
+ # This exitcode won't be reported to applications, so it
+ # really doesn't matter what we return.
+ os._exit(255)
+
+ # Parent
+ if gc_was_enabled:
+ gc.enable()
+ os.close(errpipe_write)
+ if p2cread is not None and p2cwrite is not None:
+ os.close(p2cread)
+ if c2pwrite is not None and c2pread is not None:
+ os.close(c2pwrite)
+ if errwrite is not None and errread is not None:
+ os.close(errwrite)
+
+ # Wait for exec to fail or succeed; possibly raising exception
+ data = os.read(errpipe_read, 1048576) # Exceptions limited to 1 MB
+ os.close(errpipe_read)
+ if data != "":
+ os.waitpid(self.pid, 0)
+ child_exception = pickle.loads(data)
+ raise child_exception
+
+
+ def _handle_exitstatus(self, sts):
+ if os.WIFSIGNALED(sts):
+ self.returncode = -os.WTERMSIG(sts)
+ elif os.WIFEXITED(sts):
+ self.returncode = os.WEXITSTATUS(sts)
+ else:
+ # Should never happen
+ raise RuntimeError("Unknown child exit status!")
+
+
+ def _internal_poll(self, _deadstate=None):
+ """Check if child process has terminated. Returns returncode
+ attribute."""
+ if self.returncode is None:
+ try:
+ pid, sts = os.waitpid(self.pid, os.WNOHANG)
+ if pid == self.pid:
+ self._handle_exitstatus(sts)
+ except os.error:
+ if _deadstate is not None:
+ self.returncode = _deadstate
+ return self.returncode
+
+
+ def wait(self):
+ """Wait for child process to terminate. Returns returncode
+ attribute."""
+ if self.returncode is None:
+ pid, sts = os.waitpid(self.pid, 0)
+ self._handle_exitstatus(sts)
+ return self.returncode
+
+
+ def _communicate(self, input):
+ read_set = []
+ write_set = []
+ stdout = None # Return
+ stderr = None # Return
+
+ if self.stdin:
+ # Flush stdio buffer. This might block, if the user has
+ # been writing to .stdin in an uncontrolled fashion.
+ self.stdin.flush()
+ if input:
+ write_set.append(self.stdin)
+ else:
+ self.stdin.close()
+ if self.stdout:
+ read_set.append(self.stdout)
+ stdout = []
+ if self.stderr:
+ read_set.append(self.stderr)
+ stderr = []
+
+ input_offset = 0
+ while read_set or write_set:
+ try:
+ rlist, wlist, xlist = select.select(read_set, write_set, [])
+ except select.error, e:
+ if e.args[0] == errno.EINTR:
+ continue
+ raise
+
+ if self.stdin in wlist:
+ # When select has indicated that the file is writable,
+ # we can write up to PIPE_BUF bytes without risk
+ # blocking. POSIX defines PIPE_BUF >= 512
+ chunk = input[input_offset : input_offset + 512]
+ bytes_written = os.write(self.stdin.fileno(), chunk)
+ input_offset += bytes_written
+ if input_offset >= len(input):
+ self.stdin.close()
+ write_set.remove(self.stdin)
+
+ if self.stdout in rlist:
+ data = os.read(self.stdout.fileno(), 1024)
+ if data == "":
+ self.stdout.close()
+ read_set.remove(self.stdout)
+ stdout.append(data)
+
+ if self.stderr in rlist:
+ data = os.read(self.stderr.fileno(), 1024)
+ if data == "":
+ self.stderr.close()
+ read_set.remove(self.stderr)
+ stderr.append(data)
+
+ # All data exchanged. Translate lists into strings.
+ if stdout is not None:
+ stdout = ''.join(stdout)
+ if stderr is not None:
+ stderr = ''.join(stderr)
+
+ # Translate newlines, if requested. We cannot let the file
+ # object do the translation: It is based on stdio, which is
+ # impossible to combine with select (unless forcing no
+ # buffering).
+ if self.universal_newlines and hasattr(file, 'newlines'):
+ if stdout:
+ stdout = self._translate_newlines(stdout)
+ if stderr:
+ stderr = self._translate_newlines(stderr)
+
+ self.wait()
+ return (stdout, stderr)
+
+ def send_signal(self, sig):
+ """Send a signal to the process
+ """
+ os.kill(self.pid, sig)
+
+ def terminate(self):
+ """Terminate the process with SIGTERM
+ """
+ self.send_signal(signal.SIGTERM)
+
+ def kill(self):
+ """Kill the process with SIGKILL
+ """
+ self.send_signal(signal.SIGKILL)
+
+
+def _demo_posix():
+ #
+ # Example 1: Simple redirection: Get process list
+ #
+ plist = Popen(["ps"], stdout=PIPE).communicate()[0]
+ print "Process list:"
+ print plist
+
+ #
+ # Example 2: Change uid before executing child
+ #
+ if os.getuid() == 0:
+ p = Popen(["id"], preexec_fn=lambda: os.setuid(100))
+ p.wait()
+
+ #
+ # Example 3: Connecting several subprocesses
+ #
+ print "Looking for 'hda'..."
+ p1 = Popen(["dmesg"], stdout=PIPE)
+ p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE)
+ print repr(p2.communicate()[0])
+
+ #
+ # Example 4: Catch execution error
+ #
+ print
+ print "Trying a weird file..."
+ try:
+ print Popen(["/this/path/does/not/exist"]).communicate()
+ except OSError, e:
+ if e.errno == errno.ENOENT:
+ print "The file didn't exist. I thought so..."
+ print "Child traceback:"
+ print e.child_traceback
+ else:
+ print "Error", e.errno
+ else:
+ print >>sys.stderr, "Gosh. No error."
+
+
+def _demo_windows():
+ #
+ # Example 1: Connecting several subprocesses
+ #
+ print "Looking for 'PROMPT' in set output..."
+ p1 = Popen("set", stdout=PIPE, shell=True)
+ p2 = Popen('find "PROMPT"', stdin=p1.stdout, stdout=PIPE)
+ print repr(p2.communicate()[0])
+
+ #
+ # Example 2: Simple execution of program
+ #
+ print "Executing calc..."
+ p = Popen("calc")
+ p.wait()
+
+
+if 0 and __name__ == "__main__":
+ if mswindows:
+ _demo_windows()
+ else:
+ _demo_posix()
304 Sshuttle VPN.app/Contents/Resources/sshuttle/firewall.py
@@ -0,0 +1,304 @@
+import re, errno
+import compat.ssubprocess as ssubprocess
+import helpers, ssyslog
+from helpers import *
+
+
+def ipt_chain_exists(name):
+ argv = ['iptables', '-t', 'nat', '-nL']
+ p = ssubprocess.Popen(argv, stdout = ssubprocess.PIPE)
+ for line in p.stdout:
+ if line.startswith('Chain %s ' % name):
+ return True
+ rv = p.wait()
+ if rv:
+ raise Fatal('%r returned %d' % (argv, rv))
+
+
+def ipt(*args):
+ argv = ['iptables', '-t', 'nat'] + list(args)
+ debug1('>> %s\n' % ' '.join(argv))
+ rv = ssubprocess.call(argv)
+ if rv:
+ raise Fatal('%r returned %d' % (argv, rv))
+
+
+# We name the chain based on the transproxy port number so that it's possible
+# to run multiple copies of sshuttle at the same time. Of course, the
+# multiple copies shouldn't have overlapping subnets, or only the most-
+# recently-started one will win (because we use "-I OUTPUT 1" instead of
+# "-A OUTPUT").
+def do_iptables(port, subnets):
+ chain = 'sshuttle-%s' % port
+
+ # basic cleanup/setup of chains
+ if ipt_chain_exists(chain):
+ ipt('-D', 'OUTPUT', '-j', chain)
+ ipt('-D', 'PREROUTING', '-j', chain)
+ ipt('-F', chain)
+ ipt('-X', chain)
+
+ if subnets:
+ ipt('-N', chain)
+ ipt('-F', chain)
+ ipt('-I', 'OUTPUT', '1', '-j', chain)
+ ipt('-I', 'PREROUTING', '1', '-j', chain)
+
+ # create new subnet entries. Note that we're sorting in a very
+ # particular order: we need to go from most-specific (largest swidth)
+ # to least-specific, and at any given level of specificity, we want
+ # excludes to come first. That's why the columns are in such a non-
+ # intuitive order.
+ for swidth,sexclude,snet in sorted(subnets, reverse=True):
+ if sexclude:
+ ipt('-A', chain, '-j', 'RETURN',
+ '--dest', '%s/%s' % (snet,swidth),
+ '-p', 'tcp')
+ else:
+ ipt('-A', chain, '-j', 'REDIRECT',
+ '--dest', '%s/%s' % (snet,swidth),
+ '-p', 'tcp',
+ '--to-ports', str(port),
+ '-m', 'ttl', '!', '--ttl', '42' # to prevent infinite loops
+ )
+
+
+def ipfw_rule_exists(n):
+ argv = ['ipfw', 'list']
+ p = ssubprocess.Popen(argv, stdout = ssubprocess.PIPE)
+ found = False
+ for line in p.stdout:
+ if line.startswith('%05d ' % n):
+ if not ('ipttl 42 setup keep-state' in line
+ or ('skipto %d' % (n+1)) in line
+ or 'check-state' in line):
+ log('non-sshuttle ipfw rule: %r\n' % line.strip())
+ raise Fatal('non-sshuttle ipfw rule #%d already exists!' % n)
+ found = True
+ rv = p.wait()
+ if rv:
+ raise Fatal('%r returned %d' % (argv, rv))
+ return found
+
+
+_oldctls = {}
+def _fill_oldctls(prefix):
+ argv = ['sysctl', prefix]
+ p = ssubprocess.Popen(argv, stdout = ssubprocess.PIPE)
+ for line in p.stdout:
+ assert(line[-1] == '\n')
+ (k,v) = line[:-1].split(': ', 1)
+ _oldctls[k] = v
+ rv = p.wait()
+ if rv:
+ raise Fatal('%r returned %d' % (argv, rv))
+ if not line:
+ raise Fatal('%r returned no data' % (argv,))
+
+
+def _sysctl_set(name, val):
+ argv = ['sysctl', '-w', '%s=%s' % (name, val)]
+ debug1('>> %s\n' % ' '.join(argv))
+ rv = ssubprocess.call(argv, stdout = open('/dev/null', 'w'))
+
+
+_changedctls = []
+def sysctl_set(name, val):
+ PREFIX = 'net.inet.ip'
+ assert(name.startswith(PREFIX + '.'))
+ val = str(val)
+ if not _oldctls:
+ _fill_oldctls(PREFIX)
+ if not (name in _oldctls):
+ debug1('>> No such sysctl: %r\n' % name)
+ return
+ oldval = _oldctls[name]
+ if val != oldval:
+ _changedctls.append(name)
+ return _sysctl_set(name, val)
+
+
+def ipfw(*args):
+ argv = ['ipfw', '-q'] + list(args)
+ debug1('>> %s\n' % ' '.join(argv))
+ rv = ssubprocess.call(argv)
+ if rv:
+ raise Fatal('%r returned %d' % (argv, rv))
+
+
+def do_ipfw(port, subnets):
+ sport = str(port)
+ xsport = str(port+1)
+
+ # cleanup any existing rules
+ if ipfw_rule_exists(port):
+ ipfw('delete', sport)
+
+ while _changedctls:
+ name = _changedctls.pop()
+ oldval = _oldctls[name]
+ _sysctl_set(name, oldval)
+
+ if subnets:
+ sysctl_set('net.inet.ip.fw.enable', 1)
+ sysctl_set('net.inet.ip.scopedroute', 0)
+
+ ipfw('add', sport, 'check-state', 'ip',
+ 'from', 'any', 'to', 'any')
+
+ # create new subnet entries
+ for swidth,sexclude,snet in sorted(subnets, reverse=True):
+ if sexclude:
+ ipfw('add', sport, 'skipto', xsport,
+ 'log', 'tcp',
+ 'from', 'any', 'to', '%s/%s' % (snet,swidth))
+ else:
+ ipfw('add', sport, 'fwd', '127.0.0.1,%d' % port,
+ 'log', 'tcp',
+ 'from', 'any', 'to', '%s/%s' % (snet,swidth),
+ 'not', 'ipttl', '42', 'keep-state', 'setup')
+
+
+def program_exists(name):
+ paths = (os.getenv('PATH') or os.defpath).split(os.pathsep)
+ for p in paths:
+ fn = '%s/%s' % (p, name)
+ if os.path.exists(fn):
+ return not os.path.isdir(fn) and os.access(fn, os.X_OK)
+
+hostmap = {}
+def rewrite_etc_hosts(port):
+ HOSTSFILE='/etc/hosts'
+ BAKFILE='%s.sbak' % HOSTSFILE
+ APPEND='# sshuttle-firewall-%d AUTOCREATED' % port
+ old_content = ''
+ st = None
+ try:
+ old_content = open(HOSTSFILE).read()
+ st = os.stat(HOSTSFILE)
+ except IOError, e:
+ if e.errno == errno.ENOENT:
+ pass
+ else:
+ raise
+ if old_content.strip() and not os.path.exists(BAKFILE):
+ os.link(HOSTSFILE, BAKFILE)
+ tmpname = "%s.%d.tmp" % (HOSTSFILE, port)
+ f = open(tmpname, 'w')
+ for line in old_content.rstrip().split('\n'):
+ if line.find(APPEND) >= 0:
+ continue
+ f.write('%s\n' % line)
+ for (name,ip) in sorted(hostmap.items()):
+ f.write('%-30s %s\n' % ('%s %s' % (ip,name), APPEND))
+ f.close()
+
+ if st:
+ os.chown(tmpname, st.st_uid, st.st_gid)
+ os.chmod(tmpname, st.st_mode)
+ else:
+ os.chown(tmpname, 0, 0)
+ os.chmod(tmpname, 0644)
+ os.rename(tmpname, HOSTSFILE)
+
+
+def restore_etc_hosts(port):
+ global hostmap
+ hostmap = {}
+ rewrite_etc_hosts(port)
+
+
+# This is some voodoo for setting up the kernel's transparent
+# proxying stuff. If subnets is empty, we just delete our sshuttle rules;
+# otherwise we delete it, then make them from scratch.
+#
+# This code is supposed to clean up after itself by deleting its rules on
+# exit. In case that fails, it's not the end of the world; future runs will
+# supercede it in the transproxy list, at least, so the leftover rules
+# are hopefully harmless.
+def main(port, syslog):
+ assert(port > 0)
+ assert(port <= 65535)
+
+ if os.getuid() != 0:
+ raise Fatal('you must be root (or enable su/sudo) to set the firewall')