diff options
-rw-r--r-- | paramiko/proxy.py | 4 | ||||
-rw-r--r-- | paramiko/transport.py | 27 | ||||
-rw-r--r-- | sites/www/changelog.rst | 9 |
3 files changed, 25 insertions, 15 deletions
diff --git a/paramiko/proxy.py b/paramiko/proxy.py index d3ae436f..059ba83e 100644 --- a/paramiko/proxy.py +++ b/paramiko/proxy.py @@ -21,7 +21,6 @@ from datetime import datetime import os from shlex import split as shlsplit import signal -from subprocess import Popen, PIPE from select import select import socket import time @@ -49,6 +48,9 @@ class ProxyCommand(ClosingContextManager): :param str command_line: the command that should be executed and used as the proxy. """ + # NOTE: subprocess import done lazily so platforms without it (e.g. + # GAE) can still import us during overall Paramiko load. + from subprocess import Popen, PIPE self.cmd = shlsplit(command_line) self.process = Popen(self.cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE, bufsize=0) diff --git a/paramiko/transport.py b/paramiko/transport.py index b52d3158..71d5109e 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -229,6 +229,7 @@ class Transport (threading.Thread, ClosingContextManager): } _modulus_pack = None + _active_check_timeout = 0.1 def __init__(self, sock, @@ -316,7 +317,7 @@ class Transport (threading.Thread, ClosingContextManager): # we set the timeout so we can check self.active periodically to # see if we should bail. socket.timeout exception is never # propagated. - self.sock.settimeout(0.1) + self.sock.settimeout(self._active_check_timeout) except AttributeError: pass @@ -1428,20 +1429,18 @@ class Transport (threading.Thread, ClosingContextManager): def auth_gssapi_keyex(self, username): """ - Authenticate to the Server with GSS-API / SSPI if GSS-API Key Exchange - was the used key exchange method. + Authenticate to the server with GSS-API/SSPI if GSS-API kex is in use. - :param str username: The username to authenticate as - :param str gss_host: The target host - :param bool gss_deleg_creds: Delegate credentials or not - :return: list of auth types permissible for the next stage of - authentication (normally empty) - :rtype: list - :raise BadAuthenticationType: if GSS-API Key Exchange was not performed - (and no event was passed in) - :raise AuthenticationException: if the authentication failed (and no - event was passed in) - :raise SSHException: if there was a network error + :param str username: The username to authenticate as. + :returns: + a `list` of auth types permissible for the next stage of + authentication (normally empty) + :raises BadAuthenticationType: + if GSS-API Key Exchange was not performed (and no event was passed + in) + :raises AuthenticationException: + if the authentication failed (and no event was passed in) + :raises SSHException: if there was a network error """ if (not self.active) or (not self.initial_kex_done): # we should never try to authenticate unless we're on a secure link diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 037fbed6..fa3afffd 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -7,6 +7,15 @@ Changelog ``SSHException``. This moves the behavior in line with other "bad keys" situations, re: Paramiko's main auth loop. Thanks to MengHuan Yu for the patch. +* :bug:`334` Make the ``subprocess`` import in ``proxy.py`` lazy so users on + platforms without it (such as Google App Engine) can import Paramiko + successfully. (Relatedly, make it easier to tweak an active socket check + timeout [in `Transport <paramko.transport.Transport>`] which was previously + hardcoded.) Credit: Shinya Okano. +* :support:`854 backported` Fix incorrect docstring/param-list for + `Transport.auth_gssapi_keyex + <paramiko.transport.Transport.auth_gssapi_keyex>` so it matches the real + signature. Caught by ``@Score_Under``. * :bug:`681` Fix a Python3-specific bug re: the handling of read buffers when using ``ProxyCommand``. Thanks to Paul Kapp for catch & patch. * :support:`819 backported (>=1.15,<2.0)` Document how lacking ``gmp`` headers |