diff options
| author | Dorian Pula <dorian.pula@amber-penguin-software.ca> | 2017-05-24 17:26:00 -0700 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2017-05-31 17:14:40 -0700 |
| commit | fa96fe0609b335c2b97aa7ff8db0dc4fb6710ff1 (patch) | |
| tree | f47678dde8dd6be7ef16391c0fee490488391050 | |
| parent | 28218bf90b97451d3aba9d2c9ee01d87349a8886 (diff) | |
Even more flake8.
| -rw-r--r-- | paramiko/channel.py | 37 | ||||
| -rw-r--r-- | paramiko/common.py | 8 | ||||
| -rw-r--r-- | paramiko/kex_gex.py | 16 | ||||
| -rw-r--r-- | paramiko/kex_group1.py | 17 | ||||
| -rw-r--r-- | paramiko/kex_gss.py | 77 | ||||
| -rw-r--r-- | paramiko/packet.py | 94 | ||||
| -rw-r--r-- | paramiko/pipe.py | 30 | ||||
| -rw-r--r-- | setup.cfg | 2 |
8 files changed, 172 insertions, 109 deletions
diff --git a/paramiko/channel.py b/paramiko/channel.py index 1b334264..f67ed7e2 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -50,12 +50,8 @@ def open_only(func): """ @wraps(func) def _check(self, *args, **kwds): - if ( - self.closed - or self.eof_received - or self.eof_sent - or not self.active - ): + if self.closed or self.eof_received or self.eof_sent or \ + not self.active: raise SSHException('Channel is not open') return func(self, *args, **kwds) return _check @@ -74,7 +70,7 @@ class Channel (ClosingContextManager): flow-controlled independently.) Similarly, if the server isn't reading data you send, calls to `send` may block, unless you set a timeout. This is exactly like a normal network socket, so it shouldn't be too surprising. - + Instances of this class may be used as context managers. """ @@ -157,7 +153,8 @@ class Channel (ClosingContextManager): It isn't necessary (or desirable) to call this method if you're going to execute a single command with `exec_command`. - :param str term: the terminal type to emulate (for example, ``'vt100'``) + :param str term: the terminal type to emulate + (for example, ``'vt100'``) :param int width: width (in characters) of the terminal screen :param int height: height (in characters) of the terminal screen :param int width_pixels: width (in pixels) of the terminal screen @@ -347,8 +344,14 @@ class Channel (ClosingContextManager): self.transport._send_user_message(m) @open_only - def request_x11(self, screen_number=0, auth_protocol=None, auth_cookie=None, - single_connection=False, handler=None): + def request_x11( + self, + screen_number=0, + auth_protocol=None, + auth_cookie=None, + single_connection=False, + handler=None + ): """ Request an x11 session on this channel. If the server allows it, further x11 requests can be made from the server to the client, @@ -364,7 +367,7 @@ class Channel (ClosingContextManager): generated, used, and returned. You will need to use this value to verify incoming x11 requests and replace them with the actual local x11 cookie (which requires some knowledge of the x11 protocol). - + If a handler is passed in, the handler is called from another thread whenever a new x11 connection arrives. The default handler queues up incoming x11 connections, which may be retrieved using @@ -497,16 +500,16 @@ class Channel (ClosingContextManager): self._feed(data) return old - ### socket API + # ...socket API... def settimeout(self, timeout): """ Set a timeout on blocking read/write operations. The ``timeout`` - argument can be a nonnegative float expressing seconds, or ``None``. If - a float is given, subsequent channel read/write operations will raise - a timeout exception if the timeout period value has elapsed before the - operation has completed. Setting a timeout of ``None`` disables - timeouts on socket operations. + argument can be a nonnegative float expressing seconds, or ``None``. + If a float is given, subsequent channel read/write operations will + raise a timeout exception if the timeout period value has elapsed + before the operation has completed. Setting a timeout of ``None`` + disables timeouts on socket operations. ``chan.settimeout(0.0)`` is equivalent to ``chan.setblocking(0)``; ``chan.settimeout(None)`` is equivalent to ``chan.setblocking(1)``. diff --git a/paramiko/common.py b/paramiko/common.py index 3dc4421d..a77e39b9 100644 --- a/paramiko/common.py +++ b/paramiko/common.py @@ -20,7 +20,8 @@ Common constants and global variables. """ import logging -from paramiko.py3compat import byte_chr, PY2, bytes_types, string_types, b, long +from paramiko.py3compat import byte_chr, PY2, bytes_types, string_types, b,\ + long MSG_DISCONNECT, MSG_IGNORE, MSG_UNIMPLEMENTED, MSG_DEBUG, \ MSG_SERVICE_REQUEST, MSG_SERVICE_ACCEPT = range(1, 7) @@ -31,7 +32,7 @@ MSG_USERAUTH_PK_OK = 60 MSG_USERAUTH_INFO_REQUEST, MSG_USERAUTH_INFO_RESPONSE = range(60, 62) MSG_USERAUTH_GSSAPI_RESPONSE, MSG_USERAUTH_GSSAPI_TOKEN = range(60, 62) MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, MSG_USERAUTH_GSSAPI_ERROR,\ -MSG_USERAUTH_GSSAPI_ERRTOK, MSG_USERAUTH_GSSAPI_MIC = range(63, 67) + MSG_USERAUTH_GSSAPI_ERRTOK, MSG_USERAUTH_GSSAPI_MIC = range(63, 67) MSG_GLOBAL_REQUEST, MSG_REQUEST_SUCCESS, MSG_REQUEST_FAILURE = range(80, 83) MSG_CHANNEL_OPEN, MSG_CHANNEL_OPEN_SUCCESS, MSG_CHANNEL_OPEN_FAILURE, \ MSG_CHANNEL_WINDOW_ADJUST, MSG_CHANNEL_DATA, MSG_CHANNEL_EXTENDED_DATA, \ @@ -171,6 +172,7 @@ def asbytes(s): raise Exception('Unknown type') return s + xffffffff = long(0xffffffff) x80000000 = long(0x80000000) o666 = 438 @@ -203,4 +205,4 @@ MIN_WINDOW_SIZE = 2 ** 15 MIN_PACKET_SIZE = 2 ** 12 # Max windows size according to http://www.ietf.org/rfc/rfc4254.txt -MAX_WINDOW_SIZE = 2**32 -1 +MAX_WINDOW_SIZE = 2 ** 32 - 1 diff --git a/paramiko/kex_gex.py b/paramiko/kex_gex.py index c407d9f1..ba45da18 100644 --- a/paramiko/kex_gex.py +++ b/paramiko/kex_gex.py @@ -137,7 +137,8 @@ class KexGex (object): # generate prime pack = self.transport._get_modulus_pack() if pack is None: - raise SSHException('Can\'t do server-side gex with no modulus pack') + raise SSHException( + 'Can\'t do server-side gex with no modulus pack') self.transport._log( DEBUG, 'Picking p (%d <= %d <= %d bits)' % ( @@ -162,7 +163,8 @@ class KexGex (object): # generate prime pack = self.transport._get_modulus_pack() if pack is None: - raise SSHException('Can\'t do server-side gex with no modulus pack') + raise SSHException( + 'Can\'t do server-side gex with no modulus pack') self.transport._log( DEBUG, 'Picking p (~ %d bits)' % (self.preferred_bits,)) self.g, self.p = pack.get_modulus( @@ -181,7 +183,9 @@ class KexGex (object): # reject if p's bit length < 1024 or > 8192 bitlen = util.bit_length(self.p) if (bitlen < 1024) or (bitlen > 8192): - raise SSHException('Server-generated gex p (don\'t ask) is out of range (%d bits)' % bitlen) + raise SSHException( + 'Server-generated gex p (don\'t ask) is out of range ' + '(%d bits)' % bitlen) self.transport._log(DEBUG, 'Got server p (%d bits)' % bitlen) self._generate_x() # now compute e = g^x mod p @@ -200,7 +204,8 @@ class KexGex (object): self.f = pow(self.g, self.x, self.p) K = pow(self.e, self.x, self.p) key = self.transport.get_server_key().asbytes() - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) # noqa hm = Message() hm.add(self.transport.remote_version, self.transport.local_version, self.transport.remote_kex_init, self.transport.local_kex_init, @@ -235,7 +240,8 @@ class KexGex (object): if (self.f < 1) or (self.f > self.p - 1): raise SSHException('Server kex "f" is out of range') K = pow(self.f, self.x, self.p) - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) # noqa hm = Message() hm.add(self.transport.local_version, self.transport.remote_version, self.transport.local_kex_init, self.transport.remote_kex_init, diff --git a/paramiko/kex_group1.py b/paramiko/kex_group1.py index 9eee066c..e8f042b1 100644 --- a/paramiko/kex_group1.py +++ b/paramiko/kex_group1.py @@ -41,7 +41,7 @@ b0000000000000000 = zero_byte * 8 class KexGroup1(object): # draft-ietf-secsh-transport-09.txt, page 17 - P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF + P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF # noqa G = 2 name = 'diffie-hellman-group1-sha1' @@ -75,14 +75,15 @@ class KexGroup1(object): return self._parse_kexdh_reply(m) raise SSHException('KexGroup1 asked to handle packet type %d' % ptype) - ### internals... + # ...internals... def _generate_x(self): # generate an "x" (1 < x < q), where q is (p-1)/2. - # p is a 128-byte (1024-bit) number, where the first 64 bits are 1. + # p is a 128-byte (1024-bit) number, where the first 64 bits are 1. # therefore q can be approximated as a 2^1023. we drop the subset of - # potential x where the first 63 bits are 1, because some of those will be - # larger than q (but this is a tiny tiny subset of potential x). + # potential x where the first 63 bits are 1, because some of those + # will be larger than q (but this is a tiny tiny subset of + # potential x). while 1: x_bytes = os.urandom(128) x_bytes = byte_mask(x_bytes[0], 0x7f) + x_bytes[1:] @@ -99,7 +100,8 @@ class KexGroup1(object): raise SSHException('Server kex "f" is out of range') sig = m.get_binary() K = pow(self.f, self.x, self.P) - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || e || f || K) hm = Message() hm.add(self.transport.local_version, self.transport.remote_version, self.transport.local_kex_init, self.transport.remote_kex_init) @@ -118,7 +120,8 @@ class KexGroup1(object): raise SSHException('Client kex "e" is out of range') K = pow(self.e, self.x, self.P) key = self.transport.get_server_key().asbytes() - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || e || f || K) hm = Message() hm.add(self.transport.remote_version, self.transport.local_version, self.transport.remote_kex_init, self.transport.local_kex_init) diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index 483c2dec..ccca8e9e 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -40,19 +40,23 @@ This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. import os from hashlib import sha1 -from paramiko.common import * +from paramiko.common import * # noqa from paramiko import util from paramiko.message import Message -from paramiko.py3compat import byte_chr, long, byte_mask, byte_ord +from paramiko.py3compat import byte_chr, byte_mask, byte_ord from paramiko.ssh_exception import SSHException MSG_KEXGSS_INIT, MSG_KEXGSS_CONTINUE, MSG_KEXGSS_COMPLETE, MSG_KEXGSS_HOSTKEY,\ -MSG_KEXGSS_ERROR = range(30, 35) + MSG_KEXGSS_ERROR = range(30, 35) MSG_KEXGSS_GROUPREQ, MSG_KEXGSS_GROUP = range(40, 42) c_MSG_KEXGSS_INIT, c_MSG_KEXGSS_CONTINUE, c_MSG_KEXGSS_COMPLETE,\ -c_MSG_KEXGSS_HOSTKEY, c_MSG_KEXGSS_ERROR = [byte_chr(c) for c in range(30, 35)] -c_MSG_KEXGSS_GROUPREQ, c_MSG_KEXGSS_GROUP = [byte_chr(c) for c in range(40, 42)] + c_MSG_KEXGSS_HOSTKEY, c_MSG_KEXGSS_ERROR = [ + byte_chr(c) for c in range(30, 35) + ] +c_MSG_KEXGSS_GROUPREQ, c_MSG_KEXGSS_GROUP = [ + byte_chr(c) for c in range(40, 42) +] class KexGSSGroup1(object): @@ -61,10 +65,10 @@ class KexGSSGroup1(object): 4462 Section 2 <https://tools.ietf.org/html/rfc4462.html#section-2>`_ """ # draft-ietf-secsh-transport-09.txt, page 17 - P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF + P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF # noqa G = 2 - b7fffffffffffffff = byte_chr(0x7f) + max_byte * 7 - b0000000000000000 = zero_byte * 8 + b7fffffffffffffff = byte_chr(0x7f) + max_byte * 7 # noqa + b0000000000000000 = zero_byte * 8 # noqa NAME = "gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==" def __init__(self, transport): @@ -127,14 +131,14 @@ class KexGSSGroup1(object): generate an "x" (1 < x < q), where q is (p-1)/2. p is a 128-byte (1024-bit) number, where the first 64 bits are 1. therefore q can be approximated as a 2^1023. we drop the subset of - potential x where the first 63 bits are 1, because some of those will be - larger than q (but this is a tiny tiny subset of potential x). + potential x where the first 63 bits are 1, because some of those will + be larger than q (but this is a tiny tiny subset of potential x). """ while 1: x_bytes = os.urandom(128) x_bytes = byte_mask(x_bytes[0], 0x7f) + x_bytes[1:] if (x_bytes[:8] != self.b7fffffffffffffff) and \ - (x_bytes[:8] != self.b0000000000000000): + (x_bytes[:8] != self.b0000000000000000): break self.x = util.inflate_long(x_bytes) @@ -156,18 +160,21 @@ class KexGSSGroup1(object): """ Parse the SSH2_MSG_KEXGSS_CONTINUE message. - :param `.Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message + :param `.Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE + message """ if not self.transport.server_mode: srv_token = m.get_string() m = Message() m.add_byte(c_MSG_KEXGSS_CONTINUE) - m.add_string(self.kexgss.ssh_init_sec_context(target=self.gss_host, - recv_token=srv_token)) + m.add_string(self.kexgss.ssh_init_sec_context( + target=self.gss_host, recv_token=srv_token)) self.transport.send_message(m) - self.transport._expect_packet(MSG_KEXGSS_CONTINUE, - MSG_KEXGSS_COMPLETE, - MSG_KEXGSS_ERROR) + self.transport._expect_packet( + MSG_KEXGSS_CONTINUE, + MSG_KEXGSS_COMPLETE, + MSG_KEXGSS_ERROR + ) else: pass @@ -175,7 +182,8 @@ class KexGSSGroup1(object): """ Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). - :param `.Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message + :param `.Message` m: The content of the + SSH2_MSG_KEXGSS_COMPLETE message """ # client mode if self.transport.host_key is None: @@ -190,7 +198,8 @@ class KexGSSGroup1(object): if bool: srv_token = m.get_string() K = pow(self.f, self.x, self.P) - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || e || f || K) hm = Message() hm.add(self.transport.local_version, self.transport.remote_version, self.transport.local_kex_init, self.transport.remote_kex_init) @@ -223,7 +232,8 @@ class KexGSSGroup1(object): K = pow(self.e, self.x, self.P) self.transport.host_key = NullHostKey() key = self.transport.host_key.__str__() - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || e || f || K) hm = Message() hm.add(self.transport.remote_version, self.transport.local_version, self.transport.remote_kex_init, self.transport.local_kex_init) @@ -271,7 +281,7 @@ class KexGSSGroup1(object): maj_status = m.get_int() min_status = m.get_int() err_msg = m.get_string() - lang_tag = m.get_string() # we don't care about the language! + m.get_string() # we don't care about the language! raise SSHException("GSS-API Error:\nMajor Status: %s\nMinor Status: %s\ \nError Message: %s\n") % (str(maj_status), str(min_status), @@ -284,7 +294,7 @@ class KexGSSGroup14(KexGSSGroup1): in `RFC 4462 Section 2 <https://tools.ietf.org/html/rfc4462.html#section-2>`_ """ - P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF + P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF # noqa G = 2 NAME = "gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==" @@ -378,7 +388,8 @@ class KexGSSGex(object): """ Parse the SSH2_MSG_KEXGSS_GROUPREQ message (server mode). - :param `.Message` m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message + :param `.Message` m: The content of the + SSH2_MSG_KEXGSS_GROUPREQ message """ minbits = m.get_int() preferredbits = m.get_int() @@ -402,8 +413,12 @@ class KexGSSGex(object): # generate prime pack = self.transport._get_modulus_pack() if pack is None: - raise SSHException('Can\'t do server-side gex with no modulus pack') - self.transport._log(DEBUG, 'Picking p (%d <= %d <= %d bits)' % (minbits, preferredbits, maxbits)) + raise SSHException( + 'Can\'t do server-side gex with no modulus pack') + self.transport._log( + DEBUG, # noqa + 'Picking p (%d <= %d <= %d bits)' % ( + minbits, preferredbits, maxbits)) self.g, self.p = pack.get_modulus(minbits, preferredbits, maxbits) m = Message() m.add_byte(c_MSG_KEXGSS_GROUP) @@ -423,8 +438,10 @@ class KexGSSGex(object): # reject if p's bit length < 1024 or > 8192 bitlen = util.bit_length(self.p) if (bitlen < 1024) or (bitlen > 8192): - raise SSHException('Server-generated gex p (don\'t ask) is out of range (%d bits)' % bitlen) - self.transport._log(DEBUG, 'Got server p (%d bits)' % bitlen) + raise SSHException( + 'Server-generated gex p (don\'t ask) is out of range ' + '(%d bits)' % bitlen) + self.transport._log(DEBUG, 'Got server p (%d bits)' % bitlen) # noqa self._generate_x() # now compute e = g^x mod p self.e = pow(self.g, self.x, self.p) @@ -453,7 +470,8 @@ class KexGSSGex(object): K = pow(self.e, self.x, self.p) self.transport.host_key = NullHostKey() key = self.transport.host_key.__str__() - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) # noqa hm = Message() hm.add(self.transport.remote_version, self.transport.local_version, self.transport.remote_kex_init, self.transport.local_kex_init, @@ -543,7 +561,8 @@ class KexGSSGex(object): if (self.f < 1) or (self.f > self.p - 1): raise SSHException('Server kex "f" is out of range') K = pow(self.f, self.x, self.p) - # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) + # okay, build up the hash H of + # (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K) # noqa hm = Message() hm.add(self.transport.local_version, self.transport.remote_version, self.transport.local_kex_init, self.transport.remote_kex_init, diff --git a/paramiko/packet.py b/paramiko/packet.py index c943fe3c..cae64727 100644 --- a/paramiko/packet.py +++ b/paramiko/packet.py @@ -54,8 +54,11 @@ class Packetizer (object): REKEY_PACKETS = pow(2, 29) REKEY_BYTES = pow(2, 29) - REKEY_PACKETS_OVERFLOW_MAX = pow(2, 29) # Allow receiving this many packets after a re-key request before terminating - REKEY_BYTES_OVERFLOW_MAX = pow(2, 29) # Allow receiving this many bytes after a re-key request before terminating + # Allow receiving this many packets after a re-key request before + # terminating + REKEY_PACKETS_OVERFLOW_MAX = pow(2, 29) + # Allow receiving this many bytes after a re-key request before terminating + REKEY_BYTES_OVERFLOW_MAX = pow(2, 29) def __init__(self, socket): self.__socket = socket @@ -113,7 +116,8 @@ class Packetizer (object): """ self.__logger = log - def set_outbound_cipher(self, block_engine, block_size, mac_engine, mac_size, mac_key, sdctr=False): + def set_outbound_cipher(self, block_engine, block_size, mac_engine, + mac_size, mac_key, sdctr=False): """ Switch outbound data cipher. """ @@ -125,13 +129,15 @@ class Packetizer (object): self.__mac_key_out = mac_key self.__sent_bytes = 0 self.__sent_packets = 0 - # wait until the reset happens in both directions before clearing rekey flag + # wait until the reset happens in both directions before clearing + # rekey flag self.__init_count |= 1 if self.__init_count == 3: self.__init_count = 0 self.__need_rekey = False - def set_inbound_cipher(self, block_engine, block_size, mac_engine, mac_size, mac_key): + def set_inbound_cipher( + self, block_engine, block_size, mac_engine, mac_size, mac_key): """ Switch inbound data cipher. """ @@ -144,7 +150,8 @@ class Packetizer (object): self.__received_packets = 0 self.__received_bytes_overflow = 0 self.__received_packets_overflow = 0 - # wait until the reset happens in both directions before clearing rekey flag + # wait until the reset happens in both directions before clearing + # rekey flag self.__init_count |= 2 if self.__init_count == 3: self.__init_count = 0 @@ -262,9 +269,11 @@ class Packetizer (object): # on Linux, sometimes instead of socket.timeout, we get # EAGAIN. this is a bug in recent (> 2.6.9) kernels but # we need to work around it. - if (type(e.args) is tuple) and (len(e.args) > 0) and (e.args[0] == errno.EAGAIN): + if (type(e.args) is tuple) and (len(e.args) > 0) and \ + (e.args[0] == errno.EAGAIN): got_timeout = True - elif (type(e.args) is tuple) and (len(e.args) > 0) and (e.args[0] == errno.EINTR): + elif (type(e.args) is tuple) and (len(e.args) > 0) and \ + (e.args[0] == errno.EINTR): # syscall interrupted; try again pass elif self.__closed: @@ -289,9 +298,11 @@ class Packetizer (object): except socket.timeout: retry_write = True except socket.error as e: - if (type(e.args) is tuple) and (len(e.args) > 0) and (e.args[0] == errno.EAGAIN): + if (type(e.args) is tuple) and (len(e.args) > 0) and \ + (e.args[0] == errno.EAGAIN): retry_write = True - elif (type(e.args) is tuple) and (len(e.args) > 0) and (e.args[0] == errno.EINTR): + elif (type(e.args) is tuple) and (len(e.args) > 0) and \ + (e.args[0] == errno.EINTR): # syscall interrupted; try again retry_write = True else: @@ -307,11 +318,11 @@ class Packetizer (object): n = -1 else: if n == 0 and iteration_with_zero_as_return_value > 10: - # We shouldn't retry the write, but we didn't - # manage to send anything over the socket. This might be an - # indication that we have lost contact with the remote side, - # but are yet to receive an EOFError or other socket errors. - # Let's give it some iteration to try and catch up. + # We shouldn't retry the write, but we didn't + # manage to send anything over the socket. This might be an + # indication that we have lost contact with the remote + # side, but are yet to receive an EOFError or other socket + # errors. Let's give it some iteration to try and catch up. n = -1 iteration_with_zero_as_return_value += 1 if n < 0: @@ -327,7 +338,7 @@ class Packetizer (object): line, so it's okay to attempt large reads. """ buf = self.__remainder - while not linefeed_byte in buf: + while linefeed_byte not in buf: buf += self._read_timeout(timeout) n = buf.index(linefeed_byte) self.__remainder = buf[n + 1:] @@ -354,7 +365,9 @@ class Packetizer (object): data = self.__compress_engine_out(data) packet = self._build_packet(data) if self.__dump_packets: - self._log(DEBUG, 'Write packet <%s>, length %d' % (cmd_name, orig_len)) + self._log( + DEBUG, + 'Write packet <%s>, length %d' % (cmd_name, orig_len)) self._log(DEBUG, util.format_binary(packet, 'OUT: ')) if self.__block_engine_out is not None: out = self.__block_engine_out.update(packet) @@ -362,14 +375,20 @@ class Packetizer (object): out = packet # + mac if self.__block_engine_out is not None: - payload = struct.pack('>I', self.__sequence_number_out) + packet - out += compute_hmac(self.__mac_key_out, payload, self.__mac_engine_out)[:self.__mac_size_out] - self.__sequence_number_out = (self.__sequence_number_out + 1) & xffffffff + payload = struct.pack( + '>I', self.__sequence_number_out) + packet + out += compute_hmac( + self.__mac_key_out, + payload, + self.__mac_engine_out)[:self.__mac_size_out] + self.__sequence_number_out = \ + (self.__sequence_number_out + 1) & xffffffff self.write_all(out) self.__sent_bytes += len(out) self.__sent_packets += 1 - if (self.__sent_packets >= self.REKEY_PACKETS or self.__sent_bytes >= self.REKEY_BYTES)\ + if (self.__sent_packets >= self.REKEY_PACKETS or + self.__sent_bytes >= self.REKEY_BYTES)\ and not self.__need_rekey: # only ask once for rekeying self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes sent)' % @@ -410,15 +429,21 @@ class Packetizer (object): if self.__mac_size_in > 0: mac = post_packet[:self.__mac_size_in] - mac_payload = struct.pack('>II', self.__sequence_number_in, packet_size) + packet - my_mac = compute_hmac(self.__mac_key_in, mac_payload, self.__mac_engine_in)[:self.__mac_size_in] + mac_payload = struct.pack( + '>II', self.__sequence_number_in, packet_size) + packet + my_mac = compute_hmac( + self.__mac_key_in, + mac_payload, + self.__mac_engine_in)[:self.__mac_size_in] if not util.constant_time_bytes_eq(my_mac, mac): raise SSHException('Mismatched MAC') padding = byte_ord(packet[0]) payload = packet[1:packet_size - padding] if self.__dump_packets: - self._log(DEBUG, 'Got payload (%d bytes, %d padding)' % (packet_size, padding)) + self._log( + DEBUG, + 'Got payload (%d bytes, %d padding)' % (packet_size, padding)) if self.__compress_engine_in is not None: payload = self.__compress_engine_in(payload) @@ -436,9 +461,12 @@ class Packetizer (object): # dropping the connection self.__received_bytes_overflow += raw_packet_size self.__received_packets_overflow += 1 - if (self.__received_packets_overflow >= self.REKEY_PACKETS_OVERFLOW_MAX) or \ - (self.__received_bytes_overflow >= self.REKEY_BYTES_OVERFLOW_MAX): - raise SSHException('Remote transport is ignoring rekey requests') + if (self.__received_packets_overflow >= + self.REKEY_PACKETS_OVERFLOW_MAX) or \ + (self.__received_bytes_overflow >= + self.REKEY_BYTES_OVERFLOW_MAX): + raise SSHException( + 'Remote transport is ignoring rekey requests') elif (self.__received_packets >= self.REKEY_PACKETS) or \ (self.__received_bytes >= self.REKEY_BYTES): # only ask once for rekeying @@ -454,10 +482,12 @@ class Packetizer (object): else: cmd_name = '$%x' % cmd if self.__dump_packets: - self._log(DEBUG, 'Read packet <%s>, length %d' % (cmd_name, len(payload))) + self._log( + DEBUG, + 'Read packet <%s>, length %d' % (cmd_name, len(payload))) return cmd, msg - ########## protected + # ...protected... def _log(self, level, msg): if self.__logger is None: @@ -469,7 +499,8 @@ class Packetizer (object): self.__logger.log(level, msg) def _check_keepalive(self): - if (not self.__keepalive_interval) or (not self.__block_engine_out) or \ + if (not self.__keepalive_interval) or \ + (not self.__block_engine_out) or \ self.__need_rekey: # wait till we're encrypting, and not in the middle of rekeying return @@ -508,7 +539,8 @@ class Packetizer (object): packet = struct.pack('>IB', len(payload) + padding + 1, padding) packet += payload if self.__sdctr_out or self.__block_engine_out is None: - # cute trick i caught openssh doing: if we're not encrypting or SDCTR mode (RFC4344), + # cute trick i caught openssh doing: if we're not encrypting or + # SDCTR mode (RFC4344), # don't waste random bytes for the padding packet += (zero_byte * padding) else: diff --git a/paramiko/pipe.py b/paramiko/pipe.py index 4f62d7c5..6ca37703 100644 --- a/paramiko/pipe.py +++ b/paramiko/pipe.py @@ -28,7 +28,6 @@ will trigger as readable in `select <select.select>`. import sys import os import socket -from paramiko.py3compat import b def make_pipe(): @@ -45,13 +44,13 @@ class PosixPipe (object): self._set = False self._forever = False self._closed = False - + def close(self): os.close(self._rfd) os.close(self._wfd) # used for unit tests: self._closed = True - + def fileno(self): return self._rfd @@ -60,13 +59,13 @@ class PosixPipe (object): return os.read(self._rfd, 1) self._set = False - + def set(self): if self._set or self._closed: return self._set = True os.write(self._wfd, b'*') - + def set_forever(self): self._forever = True self.set() @@ -81,39 +80,39 @@ class WindowsPipe (object): serv = socket.socket(socket.AF_INET, socket.SOCK_STREAM) serv.bind(('127.0.0.1', 0)) serv.listen(1) - + # need to save sockets in _rsock/_wsock so they don't get closed self._rsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self._rsock.connect(('127.0.0.1', serv.getsockname()[1])) - + self._wsock, addr = serv.accept() serv.close() self._set = False self._forever = False self._closed = False - + def close(self): self._rsock.close() self._wsock.close() # used for unit tests: self._closed = True - + def fileno(self): return self._rsock.fileno() - def clear (self): + def clear(self): if not self._set or self._forever: return self._rsock.recv(1) self._set = False - - def set (self): + + def set(self): if self._set or self._closed: return self._set = True self._wsock.send(b'*') - def set_forever (self): + def set_forever(self): self._forever = True self.set() @@ -123,12 +122,12 @@ class OrPipe (object): self._set = False self._partner = None self._pipe = pipe - + def set(self): self._set = True if not self._partner._set: self._pipe.set() - + def clear(self): self._set = False if not self._partner._set: @@ -146,4 +145,3 @@ def make_or_pipe(pipe): p1._partner = p2 p2._partner = p1 return p1, p2 - @@ -5,6 +5,6 @@ universal = 1 omit = paramiko/_winapi.py [flake8] -exclude = sites,.git,build,dist,alt_env,appveyor,demos,tests,test.py,kex_gss.py,kex_gex.py +exclude = sites,.git,build,dist,alt_env,appveyor,demos,tests,test.py ignore = E124,E125,E128,E261,E301,E302,E303,E402 max-line-length = 79 |