From 27b800bf3f1c0ee7063221538d2913cec7c048c1 Mon Sep 17 00:00:00 2001 From: Torsten Landschoff Date: Fri, 12 Aug 2011 11:25:36 +0200 Subject: Issue #22: Try IPv4 as well as IPv6 when port is not open on IPv6. With this change, paramiko tries the next address family when the connection gets refused or the target port is unreachable. --- paramiko/client.py | 53 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 14 deletions(-) diff --git a/paramiko/client.py b/paramiko/client.py index c5a2d1ac..da08ad0a 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -25,6 +25,7 @@ import getpass import os import socket import warnings +from errno import ECONNREFUSED, EHOSTUNREACH from paramiko.agent import Agent from paramiko.common import * @@ -231,6 +232,29 @@ class SSHClient (object): """ self._policy = policy + def _families_and_addresses(self, hostname, port): + """ + Yield pairs of address families and addresses to try for connecting. + + @param hostname: the server to connect to + @type hostname: str + @param port: the server port to connect to + @type port: int + @rtype: generator + """ + guess = True + addrinfos = socket.getaddrinfo(hostname, port, socket.AF_UNSPEC, socket.SOCK_STREAM) + for (family, socktype, proto, canonname, sockaddr) in addrinfos: + if socktype == socket.SOCK_STREAM: + yield family, sockaddr + guess = False + + # some OS like AIX don't indicate SOCK_STREAM support, so just guess. :( + # We only do this if we did not get a single result marked as socktype == SOCK_STREAM. + if guess: + for family, _, _, _, sockaddr in addrinfos: + yield family, sockaddr + def connect(self, hostname, port=SSH_PORT, username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None): @@ -288,21 +312,22 @@ class SSHClient (object): @raise socket.error: if a socket error occurred while connecting """ if not sock: - for (family, socktype, proto, canonname, sockaddr) in socket.getaddrinfo(hostname, port, socket.AF_UNSPEC, socket.SOCK_STREAM): - if socktype == socket.SOCK_STREAM: - af = family - addr = sockaddr - break - else: - # some OS like AIX don't indicate SOCK_STREAM support, so just guess. :( - af, _, _, _, addr = socket.getaddrinfo(hostname, port, socket.AF_UNSPEC, socket.SOCK_STREAM) - sock = socket.socket(af, socket.SOCK_STREAM) - if timeout is not None: + for af, addr in self._families_and_addresses(hostname, port): try: - sock.settimeout(timeout) - except: - pass - retry_on_signal(lambda: sock.connect(addr)) + sock = socket.socket(af, socket.SOCK_STREAM) + if timeout is not None: + try: + sock.settimeout(timeout) + except: + pass + retry_on_signal(lambda: sock.connect(addr)) + # Break out of the loop on success + break + except socket.error, e: + # If the port is not open on IPv6 for example, we may still try IPv4. + # Likewise if the host is not reachable using that address family. + if e.errno not in (ECONNREFUSED, EHOSTUNREACH): + raise t = self._transport = Transport(sock) t.use_compression(compress=compress) -- cgit v1.2.3 From 5fbd4e3b6fcdc9edc04f84134d0ae76f349854a7 Mon Sep 17 00:00:00 2001 From: Jacob Beck Date: Tue, 14 Oct 2014 21:37:45 -0600 Subject: Converted all staticmethod/classmethod instances to decorators. --- paramiko/ber.py | 6 +++--- paramiko/dsskey.py | 2 +- paramiko/ecdsakey.py | 2 +- paramiko/hostkeys.py | 4 ++-- paramiko/pkey.py | 4 ++-- paramiko/rsakey.py | 2 +- paramiko/sftp_attr.py | 7 +++---- paramiko/sftp_client.py | 4 ++-- paramiko/sftp_server.py | 4 ++-- paramiko/transport.py | 4 ++-- paramiko/util.py | 2 +- tests/test_gssapi.py | 4 +--- tests/test_kex_gss.py | 4 +--- tests/test_sftp.py | 7 +++---- tests/test_ssh_gss.py | 4 +--- 15 files changed, 26 insertions(+), 34 deletions(-) diff --git a/paramiko/ber.py b/paramiko/ber.py index 05152303..a388df07 100644 --- a/paramiko/ber.py +++ b/paramiko/ber.py @@ -45,7 +45,7 @@ class BER(object): def decode(self): return self.decode_next() - + def decode_next(self): if self.idx >= len(self.content): return None @@ -89,6 +89,7 @@ class BER(object): # 1: boolean (00 false, otherwise true) raise BERException('Unknown ber encoding type %d (robey is lazy)' % ident) + @staticmethod def decode_sequence(data): out = [] ber = BER(data) @@ -98,7 +99,6 @@ class BER(object): break out.append(x) return out - decode_sequence = staticmethod(decode_sequence) def encode_tlv(self, ident, val): # no need to support ident > 31 here @@ -125,9 +125,9 @@ class BER(object): else: raise BERException('Unknown type for encoding: %s' % repr(type(x))) + @staticmethod def encode_sequence(data): ber = BER() for item in data: ber.encode(item) return ber.asbytes() - encode_sequence = staticmethod(encode_sequence) diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index 1901596d..d7dd6275 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -154,6 +154,7 @@ class DSSKey (PKey): def write_private_key(self, file_obj, password=None): self._write_private_key('DSA', file_obj, self._encode_key(), password) + @staticmethod def generate(bits=1024, progress_func=None): """ Generate a new private DSS key. This factory function can be used to @@ -169,7 +170,6 @@ class DSSKey (PKey): key = DSSKey(vals=(dsa.p, dsa.q, dsa.g, dsa.y)) key.x = dsa.x return key - generate = staticmethod(generate) ### internals... diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index a7f3c5ed..6b047959 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -126,6 +126,7 @@ class ECDSAKey (PKey): key = self.signing_key or self.verifying_key self._write_private_key('EC', file_obj, key.to_der(), password) + @staticmethod def generate(curve=curves.NIST256p, progress_func=None): """ Generate a new private RSA key. This factory function can be used to @@ -139,7 +140,6 @@ class ECDSAKey (PKey): signing_key = SigningKey.generate(curve) key = ECDSAKey(vals=(signing_key, signing_key.get_verifying_key())) return key - generate = staticmethod(generate) ### internals... diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index b94ff0db..84868875 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -255,6 +255,7 @@ class HostKeys (MutableMapping): ret.append(self.lookup(k)) return ret + @staticmethod def hash_host(hostname, salt=None): """ Return a "hashed" form of the hostname, as used by OpenSSH when storing @@ -274,7 +275,6 @@ class HostKeys (MutableMapping): hmac = HMAC(salt, b(hostname), sha1).digest() hostkey = '|1|%s|%s' % (u(encodebytes(salt)), u(encodebytes(hmac))) return hostkey.replace('\n', '') - hash_host = staticmethod(hash_host) class InvalidHostKey(Exception): @@ -294,6 +294,7 @@ class HostKeyEntry: self.hostnames = hostnames self.key = key + @classmethod def from_line(cls, line, lineno=None): """ Parses the given line of text to find the names for the host, @@ -336,7 +337,6 @@ class HostKeyEntry: raise InvalidHostKey(line, e) return cls(names, key) - from_line = classmethod(from_line) def to_line(self): """ diff --git a/paramiko/pkey.py b/paramiko/pkey.py index 2daf3723..1b4af010 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -160,6 +160,7 @@ class PKey (object): """ return False + @classmethod def from_private_key_file(cls, filename, password=None): """ Create a key object by reading a private key file. If the private @@ -181,8 +182,8 @@ class PKey (object): """ key = cls(filename=filename, password=password) return key - from_private_key_file = classmethod(from_private_key_file) + @classmethod def from_private_key(cls, file_obj, password=None): """ Create a key object by reading a private key from a file (or file-like) @@ -202,7 +203,6 @@ class PKey (object): """ key = cls(file_obj=file_obj, password=password) return key - from_private_key = classmethod(from_private_key) def write_private_key_file(self, filename, password=None): """ diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index d1f3ecfe..4ebd8354 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -131,6 +131,7 @@ class RSAKey (PKey): def write_private_key(self, file_obj, password=None): self._write_private_key('RSA', file_obj, self._encode_key(), password) + @staticmethod def generate(bits, progress_func=None): """ Generate a new private RSA key. This factory function can be used to @@ -148,7 +149,6 @@ class RSAKey (PKey): key.p = rsa.p key.q = rsa.q return key - generate = staticmethod(generate) ### internals... diff --git a/paramiko/sftp_attr.py b/paramiko/sftp_attr.py index d12eff8d..cf48f654 100644 --- a/paramiko/sftp_attr.py +++ b/paramiko/sftp_attr.py @@ -60,6 +60,7 @@ class SFTPAttributes (object): self.st_mtime = None self.attr = {} + @classmethod def from_stat(cls, obj, filename=None): """ Create an `.SFTPAttributes` object from an existing ``stat`` object (an @@ -79,13 +80,12 @@ class SFTPAttributes (object): if filename is not None: attr.filename = filename return attr - from_stat = classmethod(from_stat) def __repr__(self): return '' % self._debug_str() ### internals... - + @classmethod def _from_msg(cls, msg, filename=None, longname=None): attr = cls() attr._unpack(msg) @@ -94,7 +94,6 @@ class SFTPAttributes (object): if longname is not None: attr.longname = longname return attr - _from_msg = classmethod(_from_msg) def _unpack(self, msg): self._flags = msg.get_int() @@ -159,6 +158,7 @@ class SFTPAttributes (object): out += ']' return out + @staticmethod def _rwx(n, suid, sticky=False): if suid: suid = 2 @@ -168,7 +168,6 @@ class SFTPAttributes (object): else: out += '-xSs'[suid + (n & 1)] return out - _rwx = staticmethod(_rwx) def __str__(self): """create a unix-style long description of the file (like ls -l)""" diff --git a/paramiko/sftp_client.py b/paramiko/sftp_client.py index 62127cc2..89840eaa 100644 --- a/paramiko/sftp_client.py +++ b/paramiko/sftp_client.py @@ -65,7 +65,7 @@ class SFTPClient(BaseSFTP, ClosingContextManager): Used to open an SFTP session across an open SSH `.Transport` and perform remote file operations. - + Instances of this class may be used as context managers. """ def __init__(self, sock): @@ -101,6 +101,7 @@ class SFTPClient(BaseSFTP, ClosingContextManager): raise SSHException('EOF during negotiation') self._log(INFO, 'Opened sftp connection (server version %d)' % server_version) + @classmethod def from_transport(cls, t, window_size=None, max_packet_size=None): """ Create an SFTP client channel from an open `.Transport`. @@ -129,7 +130,6 @@ class SFTPClient(BaseSFTP, ClosingContextManager): return None chan.invoke_subsystem('sftp') return cls(chan) - from_transport = classmethod(from_transport) def _log(self, level, msg, *args): if isinstance(msg, list): diff --git a/paramiko/sftp_server.py b/paramiko/sftp_server.py index 2d8d1909..ce287e8f 100644 --- a/paramiko/sftp_server.py +++ b/paramiko/sftp_server.py @@ -129,6 +129,7 @@ class SFTPServer (BaseSFTP, SubsystemHandler): self.file_table = {} self.folder_table = {} + @staticmethod def convert_errno(e): """ Convert an errno value (as from an ``OSError`` or ``IOError``) into a @@ -146,8 +147,8 @@ class SFTPServer (BaseSFTP, SubsystemHandler): return SFTP_NO_SUCH_FILE else: return SFTP_FAILURE - convert_errno = staticmethod(convert_errno) + @staticmethod def set_file_attr(filename, attr): """ Change a file's attributes on the local filesystem. The contents of @@ -173,7 +174,6 @@ class SFTPServer (BaseSFTP, SubsystemHandler): if attr._flags & attr.FLAG_SIZE: with open(filename, 'w+') as f: f.truncate(attr.st_size) - set_file_attr = staticmethod(set_file_attr) ### internals... diff --git a/paramiko/transport.py b/paramiko/transport.py index bf30c784..6ce9225d 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -88,7 +88,7 @@ class Transport (threading.Thread, ClosingContextManager): `channels <.Channel>`, across the session. Multiple channels can be multiplexed across a single session (and often are, in the case of port forwardings). - + Instances of this class may be used as context managers. """ _PROTO_ID = '2.0' @@ -508,6 +508,7 @@ class Transport (threading.Thread, ClosingContextManager): pass return None + @staticmethod def load_server_moduli(filename=None): """ (optional) @@ -547,7 +548,6 @@ class Transport (threading.Thread, ClosingContextManager): # none succeeded Transport._modulus_pack = None return False - load_server_moduli = staticmethod(load_server_moduli) def close(self): """ diff --git a/paramiko/util.py b/paramiko/util.py index 88ca2bc4..2b3389a8 100644 --- a/paramiko/util.py +++ b/paramiko/util.py @@ -307,9 +307,9 @@ class Counter (object): self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x) return self.value.tostring() + @classmethod def new(cls, nbits, initial_value=long(1), overflow=long(0)): return cls(nbits, initial_value=initial_value, overflow=overflow) - new = classmethod(new) def constant_time_bytes_eq(a, b): diff --git a/tests/test_gssapi.py b/tests/test_gssapi.py index a328dd65..96c268d9 100644 --- a/tests/test_gssapi.py +++ b/tests/test_gssapi.py @@ -27,15 +27,13 @@ import socket class GSSAPITest(unittest.TestCase): - + @staticmethod def init(hostname=None, srv_mode=False): global krb5_mech, targ_name, server_mode krb5_mech = "1.2.840.113554.1.2.2" targ_name = hostname server_mode = srv_mode - init = staticmethod(init) - def test_1_pyasn1(self): """ Test the used methods of pyasn1. diff --git a/tests/test_kex_gss.py b/tests/test_kex_gss.py index 8769d09c..91d4c9b2 100644 --- a/tests/test_kex_gss.py +++ b/tests/test_kex_gss.py @@ -58,14 +58,12 @@ class NullServer (paramiko.ServerInterface): class GSSKexTest(unittest.TestCase): - + @staticmethod def init(username, hostname): global krb5_principal, targ_name krb5_principal = username targ_name = hostname - init = staticmethod(init) - def setUp(self): self.username = krb5_principal self.hostname = socket.getfqdn(targ_name) diff --git a/tests/test_sftp.py b/tests/test_sftp.py index 72c7ba03..cb8f7f84 100755 --- a/tests/test_sftp.py +++ b/tests/test_sftp.py @@ -97,7 +97,7 @@ def get_sftp(): class SFTPTest (unittest.TestCase): - + @staticmethod def init(hostname, username, keyfile, passwd): global sftp, tc @@ -129,8 +129,8 @@ class SFTPTest (unittest.TestCase): sys.stderr.write('\n') sys.exit(1) sftp = paramiko.SFTP.from_transport(t) - init = staticmethod(init) + @staticmethod def init_loopback(): global sftp, tc @@ -150,12 +150,11 @@ class SFTPTest (unittest.TestCase): event.wait(1.0) sftp = paramiko.SFTP.from_transport(tc) - init_loopback = staticmethod(init_loopback) + @staticmethod def set_big_file_test(onoff): global g_big_file_test g_big_file_test = onoff - set_big_file_test = staticmethod(set_big_file_test) def setUp(self): global FOLDER diff --git a/tests/test_ssh_gss.py b/tests/test_ssh_gss.py index 595081b8..99ccdc9c 100644 --- a/tests/test_ssh_gss.py +++ b/tests/test_ssh_gss.py @@ -57,14 +57,12 @@ class NullServer (paramiko.ServerInterface): class GSSAuthTest(unittest.TestCase): - + @staticmethod def init(username, hostname): global krb5_principal, targ_name krb5_principal = username targ_name = hostname - init = staticmethod(init) - def setUp(self): self.username = krb5_principal self.hostname = socket.getfqdn(targ_name) -- cgit v1.2.3 From c5836ad5524e52df87801ddd4f3a5187afae785f Mon Sep 17 00:00:00 2001 From: Jacob Beck Date: Tue, 14 Oct 2014 22:00:50 -0600 Subject: Property decorators --- paramiko/_winapi.py | 8 ++++--- paramiko/transport.py | 66 ++++++++++++++++++++++++++++----------------------- 2 files changed, 41 insertions(+), 33 deletions(-) diff --git a/paramiko/_winapi.py b/paramiko/_winapi.py index 0d55d291..f48e1890 100644 --- a/paramiko/_winapi.py +++ b/paramiko/_winapi.py @@ -213,12 +213,14 @@ class SECURITY_ATTRIBUTES(ctypes.Structure): super(SECURITY_ATTRIBUTES, self).__init__(*args, **kwargs) self.nLength = ctypes.sizeof(SECURITY_ATTRIBUTES) - def _get_descriptor(self): + @property + def descriptor(self): return self._descriptor - def _set_descriptor(self, descriptor): + + @descriptor.setter + def descriptor(self, value): self._descriptor = descriptor self.lpSecurityDescriptor = ctypes.addressof(descriptor) - descriptor = property(_get_descriptor, _set_descriptor) def GetTokenInformation(token, information_class): """ diff --git a/paramiko/transport.py b/paramiko/transport.py index 6ce9225d..3b26f0b8 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -2207,21 +2207,6 @@ class SecurityOptions (object): """ return '' % repr(self._transport) - def _get_ciphers(self): - return self._transport._preferred_ciphers - - def _get_digests(self): - return self._transport._preferred_macs - - def _get_key_types(self): - return self._transport._preferred_keys - - def _get_kex(self): - return self._transport._preferred_kex - - def _get_compression(self): - return self._transport._preferred_compression - def _set(self, name, orig, x): if type(x) is list: x = tuple(x) @@ -2233,30 +2218,51 @@ class SecurityOptions (object): raise ValueError('unknown cipher') setattr(self._transport, name, x) - def _set_ciphers(self, x): + @property + def ciphers(self): + """Symmetric encryption ciphers""" + return self._transport._preferred_ciphers + + @ciphers.setter + def ciphers(self, x): self._set('_preferred_ciphers', '_cipher_info', x) - def _set_digests(self, x): + @property + def digests(self): + """Digest (one-way hash) algorithms""" + return self._transport._preferred_macs + + @digests.setter + def digests(self, x): self._set('_preferred_macs', '_mac_info', x) - def _set_key_types(self, x): + @property + def key_types(self): + """Public-key algorithms""" + return self._transport._preferred_keys + + @key_types.setter + def key_types(self, x): self._set('_preferred_keys', '_key_info', x) - def _set_kex(self, x): + + @property + def kex(self): + """Key exchange algorithms""" + return self._transport._preferred_kex + + @kex.setter + def kex(self, x): self._set('_preferred_kex', '_kex_info', x) - def _set_compression(self, x): - self._set('_preferred_compression', '_compression_info', x) + @property + def compression(self): + """Compression algorithms""" + return self._transport._preferred_compression - ciphers = property(_get_ciphers, _set_ciphers, None, - "Symmetric encryption ciphers") - digests = property(_get_digests, _set_digests, None, - "Digest (one-way hash) algorithms") - key_types = property(_get_key_types, _set_key_types, None, - "Public-key algorithms") - kex = property(_get_kex, _set_kex, None, "Key exchange algorithms") - compression = property(_get_compression, _set_compression, None, - "Compression algorithms") + @compression.setter + def compression(self, x): + self._set('_preferred_compression', '_compression_info', x) class ChannelMap (object): -- cgit v1.2.3 From f4063c176fe0845ae134efc4849c35bd8ee24033 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 15 Dec 2014 12:40:24 -0800 Subject: Add a missing versionadded for get_banner --- paramiko/transport.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/paramiko/transport.py b/paramiko/transport.py index 296d6eb7..ab30f058 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -966,6 +966,8 @@ class Transport (threading.Thread): supplied, this method returns ``None``. :returns: server supplied banner (`str`), or ``None``. + + .. versionadded:: 1.13 """ if not self.active or (self.auth_handler is None): return None -- cgit v1.2.3 From e6ce82e67711fbfb0f10eed250ae4763ec7deb28 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 13:46:26 -0800 Subject: Explicitly close agent connection in top level agent class. Fixes #459 --- paramiko/agent.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/paramiko/agent.py b/paramiko/agent.py index 2b11337f..e77b7281 100644 --- a/paramiko/agent.py +++ b/paramiko/agent.py @@ -72,7 +72,8 @@ class AgentSSH(object): self._keys = tuple(keys) def _close(self): - #self._conn.close() + if self._conn is not None: + self._conn.close() self._conn = None self._keys = () -- cgit v1.2.3 From 8f2d8c044463ef0620f91d4eafa118e4d6960b1c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 13:47:18 -0800 Subject: Changelog re #459 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3f05caf7..3738874d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`459` Tighten up agent connection closure behavior to avoid spurious + ``ResourceWarning`` display in some situations. Thanks to ``@tkrapp`` for the + catch. * :bug:`429` Server-level debug message logging was overlooked during the Python 3 compatibility update; Python 3 clients attempting to log SSH debug packets encountered type errors. This is now fixed. Thanks to ``@mjmaenpaa`` -- cgit v1.2.3 From f92c519e91824e39601f69f7115b604f9318dd7a Mon Sep 17 00:00:00 2001 From: Enno Gröper Date: Tue, 11 Feb 2014 13:04:11 +0100 Subject: Fix Connection to Enterasys B2 Switch Connecting to an Enterasys B2 Switch (using demo_simple.py) for an interactive shell doesn't work: Connected. Getting Shell... DEBUG:paramiko.transport:[chan 1] Max packet in: 34816 bytes DEBUG:paramiko.transport:[chan 1] Max packet out: 16384 bytes INFO:paramiko.transport:Secsh channel 1 opened. ERROR:paramiko.transport:Channel request for unknown channel 0 *** Caught exception: : Channel closed. The channels gets opened with index 1 on client (paramiko) side and index 0 on server (switch) side. Probably the switch doesn't support this and replies to the pty request with a wrong channel id. Because of that paramiko closes the connection. This can be solved (or worked around) easily by initialising _channel_counter with 0. This is what other clients, like openssh do. I don't see a problem with initialising this counter with 0. Conflicts: paramiko/transport.py --- paramiko/transport.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/transport.py b/paramiko/transport.py index ab30f058..cbbdb79f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -232,7 +232,7 @@ class Transport (threading.Thread): self._channels = ChannelMap() self.channel_events = {} # (id -> Event) self.channels_seen = {} # (id -> True) - self._channel_counter = 1 + self._channel_counter = 0 self.window_size = 65536 self.max_packet_size = 34816 self._forward_agent_handler = None -- cgit v1.2.3 From 522c480127cf9bbc119c039921cbbb63faf31fc1 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 14:19:23 -0800 Subject: Changelog re #266 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3738874d..299115ac 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to + start at 0 instead of 1 for better compatibility with OpenSSH & certain + server implementations which break on 1-indexed channels. Thanks to + ``@egroeper`` for catch & patch. * :bug:`459` Tighten up agent connection closure behavior to avoid spurious ``ResourceWarning`` display in some situations. Thanks to ``@tkrapp`` for the catch. -- cgit v1.2.3 From 14b517d3c131fd508e287fee1e09c632b6faa615 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 14:45:02 -0800 Subject: Changelog re #419, closes #419 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 79cf318b..e8f103a9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`419` Modernize a bunch of the codebase internals to leverage + decorators. Props to ``@beckjake`` for realizing we're no longer on Python + 2.2 :D * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to -- cgit v1.2.3 From 05030b2d5e63349c6abacd1e3a65c70faadbb35f Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Thu, 16 Oct 2014 17:20:20 +0200 Subject: Use modern api to check if event is set. Since we are a python2.6+ code base now, we want to be as forward compatible as possible. --- demos/demo_server.py | 2 +- paramiko/auth_handler.py | 2 +- paramiko/channel.py | 6 +++--- paramiko/transport.py | 12 ++++++------ tests/test_auth.py | 4 ++-- tests/test_client.py | 8 ++++---- tests/test_kex_gss.py | 2 +- tests/test_ssh_gss.py | 2 +- tests/test_transport.py | 22 +++++++++++----------- 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/demos/demo_server.py b/demos/demo_server.py index 5b3d5164..c4af9b10 100644 --- a/demos/demo_server.py +++ b/demos/demo_server.py @@ -159,7 +159,7 @@ try: print('Authenticated!') server.event.wait(10) - if not server.event.isSet(): + if not server.event.is_set(): print('*** Client never asked for a shell.') sys.exit(1) diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py index b5fea654..c001aeee 100644 --- a/paramiko/auth_handler.py +++ b/paramiko/auth_handler.py @@ -195,7 +195,7 @@ class AuthHandler (object): if (e is None) or issubclass(e.__class__, EOFError): e = AuthenticationException('Authentication failed.') raise e - if event.isSet(): + if event.is_set(): break if not self.is_authenticated(): e = self.transport.get_exception() diff --git a/paramiko/channel.py b/paramiko/channel.py index 9de278cb..f1b0483d 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -290,7 +290,7 @@ class Channel (ClosingContextManager): .. versionadded:: 1.7.3 """ - return self.closed or self.status_event.isSet() + return self.closed or self.status_event.is_set() def recv_exit_status(self): """ @@ -305,7 +305,7 @@ class Channel (ClosingContextManager): .. versionadded:: 1.2 """ self.status_event.wait() - assert self.status_event.isSet() + assert self.status_event.is_set() return self.exit_status def send_exit_status(self, status): @@ -1077,7 +1077,7 @@ class Channel (ClosingContextManager): def _wait_for_event(self): self.event.wait() - assert self.event.isSet() + assert self.event.is_set() if self.event_ready: return e = self.transport.get_exception() diff --git a/paramiko/transport.py b/paramiko/transport.py index cf2c49f5..2a700a88 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -405,7 +405,7 @@ class Transport (threading.Thread, ClosingContextManager): if e is not None: raise e raise SSHException('Negotiation failed.') - if event.isSet(): + if event.is_set(): break def start_server(self, event=None, server=None): @@ -470,7 +470,7 @@ class Transport (threading.Thread, ClosingContextManager): if e is not None: raise e raise SSHException('Negotiation failed.') - if event.isSet(): + if event.is_set(): break def add_server_key(self, key): @@ -729,7 +729,7 @@ class Transport (threading.Thread, ClosingContextManager): if e is None: e = SSHException('Unable to open channel.') raise e - if event.isSet(): + if event.is_set(): break chan = self._channels.get(chanid) if chan is not None: @@ -849,7 +849,7 @@ class Transport (threading.Thread, ClosingContextManager): if e is not None: raise e raise SSHException('Negotiation failed.') - if self.completion_event.isSet(): + if self.completion_event.is_set(): break return @@ -900,7 +900,7 @@ class Transport (threading.Thread, ClosingContextManager): self.completion_event.wait(0.1) if not self.active: return None - if self.completion_event.isSet(): + if self.completion_event.is_set(): break return self.global_response @@ -1461,7 +1461,7 @@ class Transport (threading.Thread, ClosingContextManager): self._log(DEBUG, 'Dropping user packet because connection is dead.') return self.clear_to_send_lock.acquire() - if self.clear_to_send.isSet(): + if self.clear_to_send.is_set(): break self.clear_to_send_lock.release() if time.time() > start + self.clear_to_send_timeout: diff --git a/tests/test_auth.py b/tests/test_auth.py index 1d972d53..ec78e3ce 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -118,12 +118,12 @@ class AuthTest (unittest.TestCase): self.ts.add_server_key(host_key) self.event = threading.Event() self.server = NullServer() - self.assertTrue(not self.event.isSet()) + self.assertTrue(not self.event.is_set()) self.ts.start_server(self.event, self.server) def verify_finished(self): self.event.wait(1.0) - self.assertTrue(self.event.isSet()) + self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) def test_1_bad_auth_type(self): diff --git a/tests/test_client.py b/tests/test_client.py index 28d1cb46..3d2e75c9 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -128,7 +128,7 @@ class SSHClientTest (unittest.TestCase): # Authentication successful? self.event.wait(1.0) - self.assertTrue(self.event.isSet()) + self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) self.assertEqual('slowdive', self.ts.get_username()) self.assertEqual(True, self.ts.is_authenticated()) @@ -226,7 +226,7 @@ class SSHClientTest (unittest.TestCase): self.tc.connect(self.addr, self.port, username='slowdive', password='pygmalion') self.event.wait(1.0) - self.assertTrue(self.event.isSet()) + self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) self.assertEqual('slowdive', self.ts.get_username()) self.assertEqual(True, self.ts.is_authenticated()) @@ -281,7 +281,7 @@ class SSHClientTest (unittest.TestCase): self.tc.connect(self.addr, self.port, username='slowdive', password='pygmalion') self.event.wait(1.0) - self.assertTrue(self.event.isSet()) + self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) p = weakref.ref(self.tc._transport.packetizer) @@ -316,7 +316,7 @@ class SSHClientTest (unittest.TestCase): self.tc.connect(self.addr, self.port, username='slowdive', password='pygmalion') self.event.wait(1.0) - self.assertTrue(self.event.isSet()) + self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) self.assertTrue(self.tc._transport is not None) diff --git a/tests/test_kex_gss.py b/tests/test_kex_gss.py index 91d4c9b2..3bf788da 100644 --- a/tests/test_kex_gss.py +++ b/tests/test_kex_gss.py @@ -109,7 +109,7 @@ class GSSKexTest(unittest.TestCase): gss_auth=True, gss_kex=True) self.event.wait(1.0) - self.assert_(self.event.isSet()) + self.assert_(self.event.is_set()) self.assert_(self.ts.is_active()) self.assertEquals(self.username, self.ts.get_username()) self.assertEquals(True, self.ts.is_authenticated()) diff --git a/tests/test_ssh_gss.py b/tests/test_ssh_gss.py index 99ccdc9c..e20d348f 100644 --- a/tests/test_ssh_gss.py +++ b/tests/test_ssh_gss.py @@ -102,7 +102,7 @@ class GSSAuthTest(unittest.TestCase): gss_auth=True) self.event.wait(1.0) - self.assert_(self.event.isSet()) + self.assert_(self.event.is_set()) self.assert_(self.ts.is_active()) self.assertEquals(self.username, self.ts.get_username()) self.assertEquals(True, self.ts.is_authenticated()) diff --git a/tests/test_transport.py b/tests/test_transport.py index 50b1d86b..dd522c4e 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -136,12 +136,12 @@ class TransportTest(unittest.TestCase): event = threading.Event() self.server = NullServer() - self.assertTrue(not event.isSet()) + self.assertTrue(not event.is_set()) self.ts.start_server(event, self.server) self.tc.connect(hostkey=public_host_key, username='slowdive', password='pygmalion') event.wait(1.0) - self.assertTrue(event.isSet()) + self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active()) def test_1_security_options(self): @@ -180,7 +180,7 @@ class TransportTest(unittest.TestCase): self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() - self.assertTrue(not event.isSet()) + self.assertTrue(not event.is_set()) self.assertEqual(None, self.tc.get_username()) self.assertEqual(None, self.ts.get_username()) self.assertEqual(False, self.tc.is_authenticated()) @@ -189,7 +189,7 @@ class TransportTest(unittest.TestCase): self.tc.connect(hostkey=public_host_key, username='slowdive', password='pygmalion') event.wait(1.0) - self.assertTrue(event.isSet()) + self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active()) self.assertEqual('slowdive', self.tc.get_username()) self.assertEqual('slowdive', self.ts.get_username()) @@ -205,13 +205,13 @@ class TransportTest(unittest.TestCase): self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() - self.assertTrue(not event.isSet()) + self.assertTrue(not event.is_set()) self.socks.send(LONG_BANNER) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='slowdive', password='pygmalion') event.wait(1.0) - self.assertTrue(event.isSet()) + self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active()) def test_4_special(self): @@ -680,7 +680,7 @@ class TransportTest(unittest.TestCase): def run(self): try: for i in range(1, 1+self.iterations): - if self.done_event.isSet(): + if self.done_event.is_set(): break self.watchdog_event.set() #print i, "SEND" @@ -699,7 +699,7 @@ class TransportTest(unittest.TestCase): def run(self): try: - while not self.done_event.isSet(): + while not self.done_event.is_set(): if self.chan.recv_ready(): chan.recv(65536) self.watchdog_event.set() @@ -753,12 +753,12 @@ class TransportTest(unittest.TestCase): # Act as a watchdog timer, checking deadlocked = False - while not deadlocked and not done_event.isSet(): + while not deadlocked and not done_event.is_set(): for event in (st.watchdog_event, rt.watchdog_event): event.wait(timeout) - if done_event.isSet(): + if done_event.is_set(): break - if not event.isSet(): + if not event.is_set(): deadlocked = True break event.clear() -- cgit v1.2.3 From e07dbc9cd7dcf6ebaa9315ad9d4a44eb5ed20e5b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 14:59:43 -0800 Subject: Changelog re #421, closes #421 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e8f103a9..de432870 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`421` Modernize threading calls to user newer API. Thanks to Olle + Lundberg. * :support:`419` Modernize a bunch of the codebase internals to leverage decorators. Props to ``@beckjake`` for realizing we're no longer on Python 2.2 :D -- cgit v1.2.3 From 1970abbdf2f587e52e977f72f198808a40fe0f8f Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Thu, 16 Oct 2014 17:30:39 +0200 Subject: Remove unused import and functions. --- paramiko/util.py | 9 --------- 1 file changed, 9 deletions(-) diff --git a/paramiko/util.py b/paramiko/util.py index 542bb218..46278a69 100644 --- a/paramiko/util.py +++ b/paramiko/util.py @@ -23,7 +23,6 @@ Useful functions used by the rest of paramiko. from __future__ import generators import array -from binascii import hexlify, unhexlify import errno import sys import struct @@ -106,14 +105,6 @@ def format_binary_line(data): return '%-50s %s' % (left, right) -def hexify(s): - return hexlify(s).upper() - - -def unhexify(s): - return unhexlify(s) - - def safe_string(s): out = b('') for c in s: -- cgit v1.2.3 From 25182389e6c16bf5b89540b3d3bd89ba4fb733f8 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:04:58 -0800 Subject: Changelog closes #422 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 299115ac..b65ecd42 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to -- cgit v1.2.3 From dc1e3d0f787fd042d5eeb1f7ac0dd60c0aabbd1f Mon Sep 17 00:00:00 2001 From: Yan Kalchevskiy Date: Tue, 11 Nov 2014 00:12:08 +0300 Subject: Improve parsing method of hosts in ssh_config. There is a module in standard library for such parsing -- shlex. --- paramiko/config.py | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/paramiko/config.py b/paramiko/config.py index 85fdddd3..91943ffb 100644 --- a/paramiko/config.py +++ b/paramiko/config.py @@ -24,6 +24,7 @@ Configuration file (aka ``ssh_config``) support. import fnmatch import os import re +import shlex import socket SSH_PORT = 22 @@ -54,7 +55,6 @@ class SSHConfig (object): :param file file_obj: a file-like object to read the config file from """ - host = {"host": ['*'], "config": {}} for line in file_obj: line = line.rstrip('\r\n').lstrip() @@ -222,25 +222,10 @@ class SSHConfig (object): """ Return a list of host_names from host value. """ - i, length = 0, len(host) - hosts = [] - while i < length: - if host[i] == '"': - end = host.find('"', i + 1) - if end < 0: - raise Exception("Unparsable host %s" % host) - hosts.append(host[i + 1:end]) - i = end + 1 - elif not host[i].isspace(): - end = i + 1 - while end < length and not host[end].isspace() and host[end] != '"': - end += 1 - hosts.append(host[i:end]) - i = end - else: - i += 1 - - return hosts + try: + return shlex.split(host) + except ValueError: + raise Exception("Unparsable host %s" % host) class LazyFqdn(object): -- cgit v1.2.3 From c0520adbe5905af2befc85064b25f3ba0a39b019 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:10:12 -0800 Subject: Changelog closes #413 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1c312ba2..68f5e910 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`413` Replace handrolled ``ssh_config`` parsing code with use of the + ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :support:`421` Modernize threading calls to user newer API. Thanks to Olle Lundberg. -- cgit v1.2.3 From b3ed2d5b7eef96a349809517e2d782fca3906e94 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:12:29 -0800 Subject: Try using new Travis container-based workers --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index e17bdafd..64f64e60 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ language: python +sudo: false python: - "2.6" - "2.7" -- cgit v1.2.3 From e5b105ca57b21b3142a80f29ee07e2a5e87ac547 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:13:31 -0800 Subject: Dyslexia strikes again. Actually close #431, not #413 --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 68f5e910..d35ad788 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,7 +2,7 @@ Changelog ========= -* :support:`413` Replace handrolled ``ssh_config`` parsing code with use of the +* :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :support:`421` Modernize threading calls to user newer API. Thanks to Olle -- cgit v1.2.3 From d120ce4f06da5866c76e5e61196742a89f3c54c3 Mon Sep 17 00:00:00 2001 From: Sean Johnson Date: Tue, 11 Nov 2014 13:15:08 +1100 Subject: Added check for proxycommand none and associated test as per Paramiko Issue 415 Conflicts: tests/test_util.py --- paramiko/config.py | 3 +++ tests/test_util.py | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/paramiko/config.py b/paramiko/config.py index 91943ffb..233a87d9 100644 --- a/paramiko/config.py +++ b/paramiko/config.py @@ -73,6 +73,9 @@ class SSHConfig (object): 'host': self._get_hosts(value), 'config': {} } + elif key == 'proxycommand' and value.lower() == 'none': + # Proxycommands of none should not be added as an actual value. (Issue #415) + continue else: if value.startswith('"') and value.endswith('"'): value = value[1:-1] diff --git a/tests/test_util.py b/tests/test_util.py index 7f68de21..bfdc525e 100644 --- a/tests/test_util.py +++ b/tests/test_util.py @@ -464,3 +464,23 @@ Host param3 parara assert safe_vanilla == vanilla, err.format(safe_vanilla, vanilla) assert safe_has_bytes == expected_bytes, \ err.format(safe_has_bytes, expected_bytes) + + def test_proxycommand_none_issue_418(self): + test_config_file = """ +Host proxycommand-standard-none + ProxyCommand None + +Host proxycommand-with-equals-none + ProxyCommand=None + """ + for host, values in { + 'proxycommand-standard-none': {'hostname': 'proxycommand-standard-none'}, + 'proxycommand-with-equals-none': {'hostname': 'proxycommand-with-equals-none'} + }.items(): + + f = StringIO(test_config_file) + config = paramiko.util.parse_ssh_config(f) + self.assertEqual( + paramiko.util.lookup_ssh_host_config(host, config), + values + ) -- cgit v1.2.3 From 0a73a54c745c2102b74f0e40514692448e942fec Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:35:09 -0800 Subject: Changelog re #415 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d35ad788..9c2e2a0f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`415` Fix ``ssh_config`` parsing to correctly interpret ``ProxyCommand + none`` as the lack of a proxy command, instead of as a literal command string + of ``"none"``. Thanks to Richard Spiers for the catch & Sean Johnson for the + fix. * :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. -- cgit v1.2.3 From 34c4d0c4a29c8b3c26925c2a05a9b0e50a83f617 Mon Sep 17 00:00:00 2001 From: achapp Date: Mon, 24 Nov 2014 18:08:26 -0600 Subject: Test update/Fix progress temp save Edited test to catch readline error. file.py code change in progress (DOES NOT WORK PROPERLY) so saving it temporarily. --- paramiko/file.py | 9 +++++++-- tests/test_file.py | 4 +++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/paramiko/file.py b/paramiko/file.py index 0a7fbcba..139c453b 100644 --- a/paramiko/file.py +++ b/paramiko/file.py @@ -221,8 +221,8 @@ class BufferedFile (object): # truncate line and return self._rbuffer = line[size:] line = line[:size] - self._pos += len(line) - return line if self._flags & self.FLAG_BINARY else u(line) + #self._pos += len(line) + break#return line if self._flags & self.FLAG_BINARY else u(line) n = size - len(line) else: n = self._bufsize @@ -244,6 +244,11 @@ class BufferedFile (object): rpos = line.find(cr_byte) if (rpos >= 0) and (rpos < pos or pos < 0): pos = rpos + if pos == -1: + #self._rbuffer = line[size:] + #line = line[:size] + self._pos += len(line) + return line if self._flags & self.FLAG_BINARY else u(line) xpos = pos + 1 if (line[pos] == cr_byte_value) and (xpos < len(line)) and (line[xpos] == linefeed_byte_value): xpos += 1 diff --git a/tests/test_file.py b/tests/test_file.py index 22a34aca..24a7fa9b 100755 --- a/tests/test_file.py +++ b/tests/test_file.py @@ -70,13 +70,15 @@ class BufferedFileTest (unittest.TestCase): def test_2_readline(self): f = LoopbackFile('r+U') - f.write(b'First line.\nSecond line.\r\nThird line.\nFinal line non-terminated.') + f.write(b'First line.\nSecond line.\r\nThird line.\nFourth line.\nFifth line.\nFinal line non-terminated.') self.assertEqual(f.readline(), 'First line.\n') # universal newline mode should convert this linefeed: self.assertEqual(f.readline(), 'Second line.\n') # truncated line: self.assertEqual(f.readline(7), 'Third l') self.assertEqual(f.readline(), 'ine.\n') + self.assertEqual(f.readline(25), 'Fourth line.\n') + self.assertEqual(f.readline(), 'Fifth line.\n') self.assertEqual(f.readline(), 'Final line non-terminated.') self.assertEqual(f.readline(), '') f.close() -- cgit v1.2.3 From 0a5485390d43f408b130011ae3452855e766786d Mon Sep 17 00:00:00 2001 From: achapp Date: Tue, 25 Nov 2014 12:30:32 -0600 Subject: new readline test passes Changed file.py readline() to always check for a newline. Had to make a few changes for what went into self._rbuffer in the case where buffer size was met or exceeded and we found a newline. --- paramiko/file.py | 12 ++++++------ tests/test_file.py | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/paramiko/file.py b/paramiko/file.py index 139c453b..f549cb99 100644 --- a/paramiko/file.py +++ b/paramiko/file.py @@ -204,6 +204,7 @@ class BufferedFile (object): if not (self._flags & self.FLAG_READ): raise IOError('File not open for reading') line = self._rbuffer + truncated = False; while True: if self._at_trailing_cr and (self._flags & self.FLAG_UNIVERSAL_NEWLINE) and (len(line) > 0): # edge case: the newline may be '\r\n' and we may have read @@ -218,11 +219,11 @@ class BufferedFile (object): # enough. if (size is not None) and (size >= 0): if len(line) >= size: - # truncate line and return + # truncate line self._rbuffer = line[size:] line = line[:size] - #self._pos += len(line) - break#return line if self._flags & self.FLAG_BINARY else u(line) + truncated = True + break n = size - len(line) else: n = self._bufsize @@ -245,14 +246,13 @@ class BufferedFile (object): if (rpos >= 0) and (rpos < pos or pos < 0): pos = rpos if pos == -1: - #self._rbuffer = line[size:] - #line = line[:size] self._pos += len(line) return line if self._flags & self.FLAG_BINARY else u(line) xpos = pos + 1 if (line[pos] == cr_byte_value) and (xpos < len(line)) and (line[xpos] == linefeed_byte_value): xpos += 1 - self._rbuffer = line[xpos:] + + self._rbuffer = line[xpos:] + self._rbuffer if truncated else line[xpos:] lf = line[pos:xpos] line = line[:pos] + linefeed_byte if (len(self._rbuffer) == 0) and (lf == cr_byte): diff --git a/tests/test_file.py b/tests/test_file.py index 24a7fa9b..044dc591 100755 --- a/tests/test_file.py +++ b/tests/test_file.py @@ -77,6 +77,7 @@ class BufferedFileTest (unittest.TestCase): # truncated line: self.assertEqual(f.readline(7), 'Third l') self.assertEqual(f.readline(), 'ine.\n') + # readline should not read past the fourth line self.assertEqual(f.readline(25), 'Fourth line.\n') self.assertEqual(f.readline(), 'Fifth line.\n') self.assertEqual(f.readline(), 'Final line non-terminated.') -- cgit v1.2.3 From b2f45f90350b46e69ebb677cb040b916c95fbc34 Mon Sep 17 00:00:00 2001 From: achapp Date: Tue, 25 Nov 2014 13:23:15 -0600 Subject: Refactoring Added comments. Removed fifth line from test because it was unnecessary since the final line could be used instead. --- paramiko/file.py | 7 +++++-- tests/test_file.py | 9 +++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/paramiko/file.py b/paramiko/file.py index f549cb99..1c99abeb 100644 --- a/paramiko/file.py +++ b/paramiko/file.py @@ -204,7 +204,7 @@ class BufferedFile (object): if not (self._flags & self.FLAG_READ): raise IOError('File not open for reading') line = self._rbuffer - truncated = False; + truncated = False while True: if self._at_trailing_cr and (self._flags & self.FLAG_UNIVERSAL_NEWLINE) and (len(line) > 0): # edge case: the newline may be '\r\n' and we may have read @@ -246,12 +246,15 @@ class BufferedFile (object): if (rpos >= 0) and (rpos < pos or pos < 0): pos = rpos if pos == -1: + # we couldn't find a newline in the truncated string, return it self._pos += len(line) return line if self._flags & self.FLAG_BINARY else u(line) xpos = pos + 1 if (line[pos] == cr_byte_value) and (xpos < len(line)) and (line[xpos] == linefeed_byte_value): xpos += 1 - + # if the string was truncated, _rbuffer needs to have the string after + # the newline character plus the truncated part of the line we stored + # earlier in _rbuffer self._rbuffer = line[xpos:] + self._rbuffer if truncated else line[xpos:] lf = line[pos:xpos] line = line[:pos] + linefeed_byte diff --git a/tests/test_file.py b/tests/test_file.py index 044dc591..a6ff69e9 100755 --- a/tests/test_file.py +++ b/tests/test_file.py @@ -70,16 +70,17 @@ class BufferedFileTest (unittest.TestCase): def test_2_readline(self): f = LoopbackFile('r+U') - f.write(b'First line.\nSecond line.\r\nThird line.\nFourth line.\nFifth line.\nFinal line non-terminated.') + f.write(b'First line.\nSecond line.\r\nThird line.\n' + + b'Fourth line.\nFinal line non-terminated.') + self.assertEqual(f.readline(), 'First line.\n') # universal newline mode should convert this linefeed: self.assertEqual(f.readline(), 'Second line.\n') # truncated line: self.assertEqual(f.readline(7), 'Third l') self.assertEqual(f.readline(), 'ine.\n') - # readline should not read past the fourth line - self.assertEqual(f.readline(25), 'Fourth line.\n') - self.assertEqual(f.readline(), 'Fifth line.\n') + # newline should be detected and only the fourth line returned + self.assertEqual(f.readline(39), 'Fourth line.\n') self.assertEqual(f.readline(), 'Final line non-terminated.') self.assertEqual(f.readline(), '') f.close() -- cgit v1.2.3 From fc59b7db5d995d03cc502be906f6fab8e948228c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 16:00:58 -0800 Subject: Changelog closes #428 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index b65ecd42..99c28fbd 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`428` Fix an issue in `~paramiko.file.BufferedFile` (primarily used in + the SFTP modules) concerning incorrect behavior by + `~paramiko.file.BufferedFile.readlines` on files whose size exceeds the + buffer size. Thanks to ``@achapp`` for catch & patch. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain -- cgit v1.2.3 From 25e3c0c34e98b50f429a2e72ecc059d469dc1168 Mon Sep 17 00:00:00 2001 From: Jeff Quast Date: Sun, 14 Dec 2014 00:03:42 -0800 Subject: Log "clamped" value of self.out_max_packet_size This log message misleads one to believe a maximum packet size, such as 16384 requested by OpenSSH has been honored, when in fact it is "clamped" to 32768. --- paramiko/channel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/channel.py b/paramiko/channel.py index f1b0483d..8a97c974 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -890,7 +890,7 @@ class Channel (ClosingContextManager): self.out_max_packet_size = self.transport. \ _sanitize_packet_size(max_packet_size) self.active = 1 - self._log(DEBUG, 'Max packet out: %d bytes' % max_packet_size) + self._log(DEBUG, 'Max packet out: %d bytes' % self.out_max_packet_size) def _request_success(self, m): self._log(DEBUG, 'Sesch channel %d request ok' % self.chanid) -- cgit v1.2.3 From 6b7d45f2c87c993b7944e7526b184290314d7f9b Mon Sep 17 00:00:00 2001 From: Jeff Quast Date: Sun, 14 Dec 2014 00:05:39 -0800 Subject: Suggest a MIN_WINDOW_SIZE and MIN_PACKET_SIZE Not fully confident with this change, though I will describe my findings fully in the pull request. The OpenSSH client requests a maximum packet size of 16384, but this MIN_PACKET_SIZE value of 32768 causes its request to be "clamped" up to 32768, later causing an error to stderr on the OpenSSH client. Suggest then, to delineate MIN_WINDOW_SIZE from MIN_PACKET_SIZE, as they are applied. I don't think there is any minimum value of MIN_PACKET_SIZE, however we can suggest a value of 4096 for now. --- paramiko/common.py | 6 +++++- paramiko/transport.py | 6 +++--- tests/test_transport.py | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/paramiko/common.py b/paramiko/common.py index 97b2f958..0b0cc2a7 100644 --- a/paramiko/common.py +++ b/paramiko/common.py @@ -195,7 +195,11 @@ DEFAULT_MAX_PACKET_SIZE = 2 ** 15 # lower bound on the max packet size we'll accept from the remote host # Minimum packet size is 32768 bytes according to # http://www.ietf.org/rfc/rfc4254.txt -MIN_PACKET_SIZE = 2 ** 15 +MIN_WINDOW_SIZE = 2 ** 15 + +# However, according to http://www.ietf.org/rfc/rfc4253.txt it is perfectly +# legal to accept a size much smaller, as OpenSSH client does as size 16384. +MIN_PACKET_SIZE = 2 ** 12 # Max windows size according to http://www.ietf.org/rfc/rfc4254.txt MAX_WINDOW_SIZE = 2**32 -1 diff --git a/paramiko/transport.py b/paramiko/transport.py index 2a700a88..36da3043 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -43,8 +43,8 @@ from paramiko.common import xffffffff, cMSG_CHANNEL_OPEN, cMSG_IGNORE, \ MSG_CHANNEL_OPEN_SUCCESS, MSG_CHANNEL_OPEN_FAILURE, MSG_CHANNEL_OPEN, \ MSG_CHANNEL_SUCCESS, MSG_CHANNEL_FAILURE, MSG_CHANNEL_DATA, \ MSG_CHANNEL_EXTENDED_DATA, MSG_CHANNEL_WINDOW_ADJUST, MSG_CHANNEL_REQUEST, \ - MSG_CHANNEL_EOF, MSG_CHANNEL_CLOSE, MIN_PACKET_SIZE, MAX_WINDOW_SIZE, \ - DEFAULT_WINDOW_SIZE, DEFAULT_MAX_PACKET_SIZE + MSG_CHANNEL_EOF, MSG_CHANNEL_CLOSE, MIN_WINDOW_SIZE, MIN_PACKET_SIZE, \ + MAX_WINDOW_SIZE, DEFAULT_WINDOW_SIZE, DEFAULT_MAX_PACKET_SIZE from paramiko.compress import ZlibCompressor, ZlibDecompressor from paramiko.dsskey import DSSKey from paramiko.kex_gex import KexGex @@ -1554,7 +1554,7 @@ class Transport (threading.Thread, ClosingContextManager): def _sanitize_window_size(self, window_size): if window_size is None: window_size = self.default_window_size - return clamp_value(MIN_PACKET_SIZE, window_size, MAX_WINDOW_SIZE) + return clamp_value(MIN_WINDOW_SIZE, window_size, MAX_WINDOW_SIZE) def _sanitize_packet_size(self, max_packet_size): if max_packet_size is None: diff --git a/tests/test_transport.py b/tests/test_transport.py index dd522c4e..5cf9a867 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -35,7 +35,7 @@ from paramiko import Transport, SecurityOptions, ServerInterface, RSAKey, DSSKey from paramiko import AUTH_FAILED, AUTH_SUCCESSFUL from paramiko import OPEN_SUCCEEDED, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED from paramiko.common import MSG_KEXINIT, cMSG_CHANNEL_WINDOW_ADJUST, \ - MIN_PACKET_SIZE, MAX_WINDOW_SIZE, \ + MIN_PACKET_SIZE, MIN_WINDOW_SIZE, MAX_WINDOW_SIZE, \ DEFAULT_WINDOW_SIZE, DEFAULT_MAX_PACKET_SIZE from paramiko.py3compat import bytes from paramiko.message import Message @@ -779,7 +779,7 @@ class TransportTest(unittest.TestCase): """ verify that we conform to the rfc of packet and window sizes. """ - for val, correct in [(32767, MIN_PACKET_SIZE), + for val, correct in [(4095, MIN_PACKET_SIZE), (None, DEFAULT_MAX_PACKET_SIZE), (2**32, MAX_WINDOW_SIZE)]: self.assertEqual(self.tc._sanitize_packet_size(val), correct) @@ -788,7 +788,7 @@ class TransportTest(unittest.TestCase): """ verify that we conform to the rfc of packet and window sizes. """ - for val, correct in [(32767, MIN_PACKET_SIZE), + for val, correct in [(32767, MIN_WINDOW_SIZE), (None, DEFAULT_WINDOW_SIZE), (2**32, MAX_WINDOW_SIZE)]: self.assertEqual(self.tc._sanitize_window_size(val), correct) -- cgit v1.2.3 From 681f32583fe052c0516a2fda67e163169676ad11 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 16:07:13 -0800 Subject: Changelog closes #455 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9603e6d5..4e56ad1f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`455` Tweak packet size handling to conform better to the OpenSSH RFCs; + this helps address issues with interactive program cursors. Courtesy of Jeff + Quast. * :bug:`428` Fix an issue in `~paramiko.file.BufferedFile` (primarily used in the SFTP modules) concerning incorrect behavior by `~paramiko.file.BufferedFile.readlines` on files whose size exceeds the -- cgit v1.2.3 From b4e9dc3ab96e699a38a71aa6bb46337a596312d5 Mon Sep 17 00:00:00 2001 From: John Morrissey Date: Fri, 12 Dec 2014 13:23:25 -0500 Subject: read in >1 byte chunks, and set a useful timeout on select() this way, we're not rolling this loop over nearly as much, while still preserving the overall timeout semantics --- paramiko/proxy.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/paramiko/proxy.py b/paramiko/proxy.py index 8959b244..25666be5 100644 --- a/paramiko/proxy.py +++ b/paramiko/proxy.py @@ -24,6 +24,7 @@ import signal from subprocess import Popen, PIPE from select import select import socket +import time from paramiko.ssh_exception import ProxyCommandFailure @@ -76,20 +77,24 @@ class ProxyCommand(object): :return: the length of the read content, as an `int` """ try: - start = datetime.now() + start = time.time() while len(self.buffer) < size: + select_timeout = None if self.timeout is not None: - elapsed = (datetime.now() - start).microseconds - timeout = self.timeout * 1000 * 1000 # to microseconds - if elapsed >= timeout: + elapsed = (time.time() - start) + if elapsed >= self.timeout: raise socket.timeout() - r, w, x = select([self.process.stdout], [], [], 0.0) + select_timeout = self.timeout - elapsed + + r, w, x = select( + [self.process.stdout], [], [], select_timeout) if r and r[0] == self.process.stdout: - b = os.read(self.process.stdout.fileno(), 1) + b = os.read( + self.process.stdout.fileno(), size - len(self.buffer)) # Store in class-level buffer for persistence across # timeouts; this makes us act more like a real socket # (where timeouts don't actually drop data.) - self.buffer.append(b) + self.buffer.extend(b) result = ''.join(self.buffer) self.buffer = [] return result -- cgit v1.2.3 From 741b4fbb9322a45282e86958c92b1b6706c07f8c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Dec 2014 13:53:24 -0800 Subject: Changelog re #413, closes #454 --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 99c28fbd..66bbb806 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly + smarter about polling & timing behavior when running proxy commands, to avoid + unnecessary (often 100%!) CPU usage. Major thanks to Jason Dunsmore for + report & initial patchset and to Chris Adams & John Morrissey for followup + improvements. * :bug:`428` Fix an issue in `~paramiko.file.BufferedFile` (primarily used in the SFTP modules) concerning incorrect behavior by `~paramiko.file.BufferedFile.readlines` on files whose size exceeds the -- cgit v1.2.3 From ec5a86619c5527f119a687ec00e8811657dd1f51 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Dec 2014 13:57:36 -0800 Subject: Fix busted changelog indent --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 66bbb806..8a705382 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -24,7 +24,7 @@ Changelog packets encountered type errors. This is now fixed. Thanks to ``@mjmaenpaa`` for the catch. * :bug:`320` Update our win_pageant module to be Python 3 compatible. Thanks to -``@sherbang`` and ``@adamkerz`` for the patches. + ``@sherbang`` and ``@adamkerz`` for the patches. * :support:`378 backported` Minor code cleanup in the SSH config module courtesy of Olle Lundberg. * :support:`249` Consolidate version information into one spot. Thanks to Gabi -- cgit v1.2.3 From 3905dfb0a8f719b435125d404ca4403f9849e17c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Dec 2014 14:00:30 -0800 Subject: Mark some backported support items as such --- sites/www/changelog.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 8a705382..9cc3a3eb 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -11,7 +11,8 @@ Changelog the SFTP modules) concerning incorrect behavior by `~paramiko.file.BufferedFile.readlines` on files whose size exceeds the buffer size. Thanks to ``@achapp`` for catch & patch. -* :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. +* :support:`422 backported` Clean up some unused imports. Courtesy of Olle + Lundberg. * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to @@ -27,8 +28,8 @@ Changelog ``@sherbang`` and ``@adamkerz`` for the patches. * :support:`378 backported` Minor code cleanup in the SSH config module courtesy of Olle Lundberg. -* :support:`249` Consolidate version information into one spot. Thanks to Gabi - Davar for the reminder. +* :support:`249 backported` Consolidate version information into one spot. + Thanks to Gabi Davar for the reminder. * :release:`1.13.2 <2014-08-25>` * :bug:`376` Be less aggressive about expanding variables in ``ssh_config`` files, which results in a speedup of SSH config parsing. Credit to Olle -- cgit v1.2.3 From 5601bf0928e2e738917320d83f8302703a62091b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Dec 2014 14:02:28 -0800 Subject: Mark more backported support issues as such --- sites/www/changelog.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f6f2bb28..e5adbd22 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -18,15 +18,15 @@ Changelog none`` as the lack of a proxy command, instead of as a literal command string of ``"none"``. Thanks to Richard Spiers for the catch & Sean Johnson for the fix. -* :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the - ``shlex`` module. Thanks to Yan Kalchevskiy. +* :support:`431 backported` Replace handrolled ``ssh_config`` parsing code with + use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422 backported` Clean up some unused imports. Courtesy of Olle Lundberg. -* :support:`421` Modernize threading calls to user newer API. Thanks to Olle - Lundberg. -* :support:`419` Modernize a bunch of the codebase internals to leverage - decorators. Props to ``@beckjake`` for realizing we're no longer on Python - 2.2 :D +* :support:`421 backported` Modernize threading calls to user newer API. Thanks + to Olle Lundberg. +* :support:`419 backported` Modernize a bunch of the codebase internals to + leverage decorators. Props to ``@beckjake`` for realizing we're no longer on + Python 2.2 :D * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to -- cgit v1.2.3 From 9451f2aada77850c4ba5719e8f732989c9b4f663 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Dec 2014 14:54:15 -0800 Subject: Cut 1.13.3 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9cc3a3eb..9ce2eded 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly smarter about polling & timing behavior when running proxy commands, to avoid unnecessary (often 100%!) CPU usage. Major thanks to Jason Dunsmore for -- cgit v1.2.3 From ccdfd02c047d5588b6bebdc501a766271a009493 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Dec 2014 14:55:15 -0800 Subject: Cut 1.14.2 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 8ad82a71..695149de 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly smarter about polling & timing behavior when running proxy commands, to avoid -- cgit v1.2.3 From 424ba615c2a94d3b059e7f24db1a1093a92d8d22 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Dec 2014 14:55:48 -0800 Subject: Cut 1.15.2 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/paramiko/_version.py b/paramiko/_version.py index d9f78740..3bf9dac7 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 1) +__version_info__ = (1, 15, 2) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f5348e5b..bb93f885 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly -- cgit v1.2.3 From 67ae41a03ef2c94443e809b65f5eb2c4e7cf8937 Mon Sep 17 00:00:00 2001 From: ThiefMaster Date: Thu, 1 Jan 2015 13:50:52 +0100 Subject: Fix typo --- paramiko/_winapi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/_winapi.py b/paramiko/_winapi.py index f48e1890..d6aabf76 100644 --- a/paramiko/_winapi.py +++ b/paramiko/_winapi.py @@ -106,7 +106,7 @@ MapViewOfFile.restype = ctypes.wintypes.HANDLE class MemoryMap(object): """ - A memory map object which can have security attributes overrideden. + A memory map object which can have security attributes overridden. """ def __init__(self, name, length, security_attributes=None): self.name = name -- cgit v1.2.3 From fac347718a69179ba9404d5f5e825798f4ee9379 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Jan 2015 14:24:31 -0800 Subject: Happy new year --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 61c5c852..a645b140 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ paramiko :Paramiko: Python SSH module :Copyright: Copyright (c) 2003-2009 Robey Pointer -:Copyright: Copyright (c) 2013-2014 Jeff Forcier +:Copyright: Copyright (c) 2013-2015 Jeff Forcier :License: LGPL :Homepage: https://github.com/paramiko/paramiko/ :API docs: http://docs.paramiko.org -- cgit v1.2.3 From 70924234bb70d15005e4ce18305fc610482acf1b Mon Sep 17 00:00:00 2001 From: Scott Maxwell Date: Mon, 26 Jan 2015 22:36:15 -0800 Subject: Revert add_int and get_int to strictly 32-bits and add adaptive versions --- paramiko/message.py | 45 +++++++++------------------------------------ tests/test_message.py | 8 ++++---- 2 files changed, 13 insertions(+), 40 deletions(-) diff --git a/paramiko/message.py b/paramiko/message.py index b893e76d..bf4c6b95 100644 --- a/paramiko/message.py +++ b/paramiko/message.py @@ -129,7 +129,7 @@ class Message (object): b = self.get_bytes(1) return b != zero_byte - def get_int(self): + def get_adaptive_int(self): """ Fetch an int from the stream. @@ -141,20 +141,7 @@ class Message (object): byte += self.get_bytes(3) return struct.unpack('>I', byte)[0] - def get_size(self): - """ - Fetch an int from the stream. - - @return: a 32-bit unsigned integer. - @rtype: int - """ - byte = self.get_bytes(1) - if byte == max_byte: - return util.inflate_long(self.get_binary()) - byte += self.get_bytes(3) - return struct.unpack('>I', byte)[0] - - def get_size(self): + def get_int(self): """ Fetch an int from the stream. @@ -185,7 +172,7 @@ class Message (object): contain unprintable characters. (It's not unheard of for a string to contain another byte-stream message.) """ - return self.get_bytes(self.get_size()) + return self.get_bytes(self.get_int()) def get_text(self): """ @@ -196,7 +183,7 @@ class Message (object): @return: a string. @rtype: string """ - return u(self.get_bytes(self.get_size())) + return u(self.get_bytes(self.get_int())) #return self.get_bytes(self.get_size()) def get_binary(self): @@ -208,7 +195,7 @@ class Message (object): @return: a string. @rtype: string """ - return self.get_bytes(self.get_size()) + return self.get_bytes(self.get_int()) def get_list(self): """ @@ -248,7 +235,7 @@ class Message (object): self.packet.write(zero_byte) return self - def add_size(self, n): + def add_int(self, n): """ Add an integer to the stream. @@ -257,7 +244,7 @@ class Message (object): self.packet.write(struct.pack('>I', n)) return self - def add_int(self, n): + def add_adaptive_int(self, n): """ Add an integer to the stream. @@ -270,20 +257,6 @@ class Message (object): self.packet.write(struct.pack('>I', n)) return self - def add_int(self, n): - """ - Add an integer to the stream. - - @param n: integer to add - @type n: int - """ - if n >= Message.big_int: - self.packet.write(max_byte) - self.add_string(util.deflate_long(n)) - else: - self.packet.write(struct.pack('>I', n)) - return self - def add_int64(self, n): """ Add a 64-bit int to the stream. @@ -310,7 +283,7 @@ class Message (object): :param str s: string to add """ s = asbytes(s) - self.add_size(len(s)) + self.add_int(len(s)) self.packet.write(s) return self @@ -329,7 +302,7 @@ class Message (object): if type(i) is bool: return self.add_boolean(i) elif isinstance(i, integer_types): - return self.add_int(i) + return self.add_adaptive_int(i) elif type(i) is list: return self.add_list(i) else: diff --git a/tests/test_message.py b/tests/test_message.py index f308c037..f18cae90 100644 --- a/tests/test_message.py +++ b/tests/test_message.py @@ -92,12 +92,12 @@ class MessageTest (unittest.TestCase): def test_4_misc(self): msg = Message(self.__d) - self.assertEqual(msg.get_int(), 5) - self.assertEqual(msg.get_int(), 0x1122334455) - self.assertEqual(msg.get_int(), 0xf00000000000000000) + self.assertEqual(msg.get_adaptive_int(), 5) + self.assertEqual(msg.get_adaptive_int(), 0x1122334455) + self.assertEqual(msg.get_adaptive_int(), 0xf00000000000000000) self.assertEqual(msg.get_so_far(), self.__d[:29]) self.assertEqual(msg.get_remainder(), self.__d[29:]) msg.rewind() - self.assertEqual(msg.get_int(), 5) + self.assertEqual(msg.get_adaptive_int(), 5) self.assertEqual(msg.get_so_far(), self.__d[:4]) self.assertEqual(msg.get_remainder(), self.__d[4:]) -- cgit v1.2.3 From 3700d6e151d7891a12b958cf8f2729576205d927 Mon Sep 17 00:00:00 2001 From: Ken Jordan Date: Thu, 22 Jan 2015 19:39:22 -0700 Subject: Updated agent.py to print a more appropriate exception when unable to connect to the SSH agent --- paramiko/agent.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/paramiko/agent.py b/paramiko/agent.py index a75ac59e..185666e7 100644 --- a/paramiko/agent.py +++ b/paramiko/agent.py @@ -32,7 +32,7 @@ from select import select from paramiko.common import asbytes, io_sleep from paramiko.py3compat import byte_chr -from paramiko.ssh_exception import SSHException +from paramiko.ssh_exception import SSHException, AuthenticationException from paramiko.message import Message from paramiko.pkey import PKey from paramiko.util import retry_on_signal @@ -109,9 +109,15 @@ class AgentProxyThread(threading.Thread): def run(self): try: (r, addr) = self.get_connection() + # Found that r should be either a socket from the socket library or None self.__inr = r - self.__addr = addr + self.__addr = addr # This should be an IP address as a string? or None self._agent.connect() + print("Conn Value: ", self._agent._conn) + print("Has fileno method: ", hasattr(self._agent._conn, 'fileno')) + print("Verify isinstance of int: ", isinstance(self._agent, int)) + if self._agent._conn is None or not (hasattr(self._agent._conn, 'fileno') or isinstance(self._agent, int)): + raise AuthenticationException("Unable to connect to SSH agent") self._communicate() except: #XXX Not sure what to do here ... raise or pass ? -- cgit v1.2.3 From b26dbc3f719e9844721d38d6264c5cb5e0ed4c2f Mon Sep 17 00:00:00 2001 From: Ken Jordan Date: Thu, 22 Jan 2015 19:41:15 -0700 Subject: Removed debug print statements --- paramiko/agent.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/paramiko/agent.py b/paramiko/agent.py index 185666e7..01bd0252 100644 --- a/paramiko/agent.py +++ b/paramiko/agent.py @@ -113,9 +113,6 @@ class AgentProxyThread(threading.Thread): self.__inr = r self.__addr = addr # This should be an IP address as a string? or None self._agent.connect() - print("Conn Value: ", self._agent._conn) - print("Has fileno method: ", hasattr(self._agent._conn, 'fileno')) - print("Verify isinstance of int: ", isinstance(self._agent, int)) if self._agent._conn is None or not (hasattr(self._agent._conn, 'fileno') or isinstance(self._agent, int)): raise AuthenticationException("Unable to connect to SSH agent") self._communicate() -- cgit v1.2.3 From 394e269a081e6cf07d38fa5a375f0a03374c0d2b Mon Sep 17 00:00:00 2001 From: jordo1ken Date: Fri, 30 Jan 2015 17:57:40 -0700 Subject: Update agent.py Updated logic for error checking. --- paramiko/agent.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/agent.py b/paramiko/agent.py index 01bd0252..f928881e 100644 --- a/paramiko/agent.py +++ b/paramiko/agent.py @@ -113,7 +113,7 @@ class AgentProxyThread(threading.Thread): self.__inr = r self.__addr = addr # This should be an IP address as a string? or None self._agent.connect() - if self._agent._conn is None or not (hasattr(self._agent._conn, 'fileno') or isinstance(self._agent, int)): + if not isinstance(self._agent, int) and (self._agent._conn is None or not hasattr(self._agent._conn, 'fileno')): raise AuthenticationException("Unable to connect to SSH agent") self._communicate() except: -- cgit v1.2.3 From c5d0d6a2919ca2158b3f6271f7449faeeb3c865f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 4 Feb 2015 16:00:50 -0800 Subject: Changelog fixes #402, closes #479 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index bb93f885..6520dde4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`402` Check to see if an SSH agent is actually present before trying to + forward it to the remote end. This replaces what was usually a useless + ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken + Jordan for the fix and Yvan Marques for original report. * :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` -- cgit v1.2.3 From d97c938db32c44a8253f6f872cc3b354492a21cc Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 6 Feb 2015 15:33:28 -0800 Subject: Fix docstring for Sphinx --- paramiko/client.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/paramiko/client.py b/paramiko/client.py index 312f71a9..dbe7fcba 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -177,11 +177,9 @@ class SSHClient (ClosingContextManager): """ Yield pairs of address families and addresses to try for connecting. - @param hostname: the server to connect to - @type hostname: str - @param port: the server port to connect to - @type port: int - @rtype: generator + :param str hostname: the server to connect to + :param int port: the server port to connect to + :returns: Yields an iterable of ``(family, address)`` tuples """ guess = True addrinfos = socket.getaddrinfo(hostname, port, socket.AF_UNSPEC, socket.SOCK_STREAM) -- cgit v1.2.3 From b42b5338de868c3a5343dd03a8ee3f8a968d2f65 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 6 Feb 2015 15:33:32 -0800 Subject: Comment --- paramiko/client.py | 1 + 1 file changed, 1 insertion(+) diff --git a/paramiko/client.py b/paramiko/client.py index dbe7fcba..b907d3b0 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -256,6 +256,7 @@ class SSHClient (ClosingContextManager): ``gss_deleg_creds`` and ``gss_host`` arguments. """ if not sock: + # Try multiple possible address families (e.g. IPv4 vs IPv6) for af, addr in self._families_and_addresses(hostname, port): try: sock = socket.socket(af, socket.SOCK_STREAM) -- cgit v1.2.3 From c2e346372c06c5eb4982055c689e1eb89955bddf Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 6 Feb 2015 16:20:51 -0800 Subject: Bump dev version. (might end up 2.0 tho) --- paramiko/_version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/_version.py b/paramiko/_version.py index 3bf9dac7..e82b8667 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 2) +__version_info__ = (1, 16, 0) __version__ = '.'.join(map(str, __version_info__)) -- cgit v1.2.3 From f99e1d8775be20c471c39f8d7a91126b8419381d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 6 Feb 2015 19:33:06 -0800 Subject: Raise usefully ambiguous error when every connect attempt fails. Re #22 --- paramiko/client.py | 24 ++++++++++++++++++++---- paramiko/ssh_exception.py | 30 ++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 4 deletions(-) diff --git a/paramiko/client.py b/paramiko/client.py index b907d3b0..57e9919d 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -36,7 +36,9 @@ from paramiko.hostkeys import HostKeys from paramiko.py3compat import string_types from paramiko.resource import ResourceManager from paramiko.rsakey import RSAKey -from paramiko.ssh_exception import SSHException, BadHostKeyException +from paramiko.ssh_exception import ( + SSHException, BadHostKeyException, ConnectionError +) from paramiko.transport import Transport from paramiko.util import retry_on_signal, ClosingContextManager @@ -256,8 +258,10 @@ class SSHClient (ClosingContextManager): ``gss_deleg_creds`` and ``gss_host`` arguments. """ if not sock: + errors = {} # Try multiple possible address families (e.g. IPv4 vs IPv6) - for af, addr in self._families_and_addresses(hostname, port): + to_try = list(self._families_and_addresses(hostname, port)) + for af, addr in to_try: try: sock = socket.socket(af, socket.SOCK_STREAM) if timeout is not None: @@ -269,10 +273,22 @@ class SSHClient (ClosingContextManager): # Break out of the loop on success break except socket.error, e: - # If the port is not open on IPv6 for example, we may still try IPv4. - # Likewise if the host is not reachable using that address family. + # Raise anything that isn't a straight up connection error + # (such as a resolution error) if e.errno not in (ECONNREFUSED, EHOSTUNREACH): raise + # Capture anything else so we know how the run looks once + # iteration is complete. Retain info about which attempt + # this was. + errors[addr] = e + + # Make sure we explode usefully if no address family attempts + # succeeded. We've no way of knowing which error is the "right" + # one, so we construct a hybrid exception containing all the real + # ones, of a subclass that client code should still be watching for + # (socket.error) + if len(errors) == len(to_try): + raise ConnectionError(errors) t = self._transport = Transport(sock, gss_kex=gss_kex, gss_deleg_creds=gss_deleg_creds) t.use_compression(compress=compress) diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index b99e42b3..7e6f2568 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -16,6 +16,8 @@ # along with Paramiko; if not, write to the Free Software Foundation, Inc., # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +import socket + class SSHException (Exception): """ @@ -129,3 +131,31 @@ class ProxyCommandFailure (SSHException): self.error = error # for unpickling self.args = (command, error, ) + + +class ConnectionError(socket.error): + """ + High-level socket error wrapping 1+ actual socket.error objects. + + To see the wrapped exception objects, access the ``errors`` attribute. + ``errors`` is a dict whose keys are address tuples (e.g. ``('127.0.0.1', + 22)``) and whose values are the exception encountered trying to connect to + that address. + + It is implied/assumed that all the errors given to a single instance of + this class are from connecting to the same hostname + port (and thus that + the differences are in the resolution of the hostname - e.g. IPv4 vs v6). + """ + def __init__(self, errors): + """ + :param dict errors: + The errors dict to store, as described by class docstring. + """ + addrs = errors.keys() + body = ', '.join([x[0] for x in addrs[:-1]]) + tail = addrs[-1][0] + msg = "Unable to connect to port {0} at {1} or {2}" + super(ConnectionError, self).__init__( + msg.format(addrs[0][1], body, tail) + ) + self.errors = errors -- cgit v1.2.3 From b98ba1c5bb6ff1d968e9105ff093d360ac9091e9 Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Tue, 24 Feb 2015 14:47:49 +0100 Subject: Add support for signaling a handshake process in packetizer. This makes it possible to raise an EOFError if the handshake process has started but takes too long time to finish. --- paramiko/packet.py | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/paramiko/packet.py b/paramiko/packet.py index f516ff9b..b922000c 100644 --- a/paramiko/packet.py +++ b/paramiko/packet.py @@ -99,6 +99,10 @@ class Packetizer (object): self.__keepalive_last = time.time() self.__keepalive_callback = None + self.__timer = None + self.__handshake_complete = False + self.__timer_expired = False + def set_log(self, log): """ Set the Python log object to use for logging. @@ -182,6 +186,45 @@ class Packetizer (object): self.__keepalive_callback = callback self.__keepalive_last = time.time() + def read_timer(self): + self.__timer_expired = True + + def start_handshake(self, timeout): + """ + Tells `Packetizer` that the handshake process started. + Starts a book keeping timer that can signal a timeout in the + handshake process. + + :param float timeout: amount of seconds to wait before timing out + """ + if not self.__timer: + self.__timer = threading.Timer(float(timeout), self.read_timer) + self.__timer.start() + + def handshake_timed_out(self): + """ + Checks if the handshake has timed out. + If `start_handshake` wasn't called before the call to this function + the return value will always be `False`. + If the handshake completed before a time out was reached the return value will be `False` + + :return: handshake time out status, as a `bool` + """ + if not self.__timer: + return False + if self.__handshake_complete: + return False + return self.__timer_expired + + def complete_handshake(self): + """ + Tells `Packetizer` that the handshake has completed. + """ + if self.__timer: + self.__timer.cancel() + self.__timer_expired = False + self.__handshake_complete = True + def read_all(self, n, check_rekey=False): """ Read as close to N bytes as possible, blocking as long as necessary. @@ -200,6 +243,8 @@ class Packetizer (object): n -= len(out) while n > 0: got_timeout = False + if self.handshake_timed_out(): + raise EOFError() try: x = self.__socket.recv(n) if len(x) == 0: -- cgit v1.2.3 From d1f72859c76beda46a072cdc75b2e19e4418275a Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Tue, 24 Feb 2015 14:49:36 +0100 Subject: Expose handshake timeout in the transport API. This is a reimplementation of #62. --- paramiko/transport.py | 9 +++++++++ sites/www/changelog.rst | 5 +++++ tests/test_transport.py | 17 +++++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/paramiko/transport.py b/paramiko/transport.py index 36da3043..6047fb99 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -295,6 +295,8 @@ class Transport (threading.Thread, ClosingContextManager): self.global_response = None # response Message from an arbitrary global request self.completion_event = None # user-defined event callbacks self.banner_timeout = 15 # how long (seconds) to wait for the SSH banner + self.handshake_timeout = 15 # how long (seconds) to wait for the handshake to finish after SSH banner sent. + # server mode: self.server_mode = False @@ -1582,6 +1584,12 @@ class Transport (threading.Thread, ClosingContextManager): try: self.packetizer.write_all(b(self.local_version + '\r\n')) self._check_banner() + # The above is actually very much part of the handshake, but sometimes the banner can be read + # but the machine is not responding, for example when the remote ssh daemon is loaded in to memory + # but we can not read from the disk/spawn a new shell. + # Make sure we can specify a timeout for the initial handshake. + # Re-use the banner timeout for now. + self.packetizer.start_handshake(self.handshake_timeout) self._send_kex_init() self._expect_packet(MSG_KEXINIT) @@ -1631,6 +1639,7 @@ class Transport (threading.Thread, ClosingContextManager): msg.add_byte(cMSG_UNIMPLEMENTED) msg.add_int(m.seqno) self._send_message(msg) + self.packetizer.complete_handshake() except SSHException as e: self._log(ERROR, 'Exception: ' + str(e)) self._log(ERROR, util.tb_strings()) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..f9900327 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`62` Add timeout for handshake completion. + This adds a mechanism for timing out a connection if the ssh handshake + never completes. + Credit to ``@dacut`` for initial report and patch and to Olle Lundberg for + re-implementation. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken diff --git a/tests/test_transport.py b/tests/test_transport.py index 5cf9a867..3c8ad81e 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -792,3 +792,20 @@ class TransportTest(unittest.TestCase): (None, DEFAULT_WINDOW_SIZE), (2**32, MAX_WINDOW_SIZE)]: self.assertEqual(self.tc._sanitize_window_size(val), correct) + + def test_L_handshake_timeout(self): + """ + verify that we can get a hanshake timeout. + """ + host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) + public_host_key = RSAKey(data=host_key.asbytes()) + self.ts.add_server_key(host_key) + event = threading.Event() + server = NullServer() + self.assertTrue(not event.is_set()) + self.tc.handshake_timeout = 0.000000000001 + self.ts.start_server(event, server) + self.assertRaises(EOFError, self.tc.connect, + hostkey=public_host_key, + username='slowdive', + password='pygmalion') -- cgit v1.2.3 From 6ba6ccda7bb34f16e92aa1acfb430055f264bd41 Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Tue, 24 Feb 2015 15:14:51 +0100 Subject: Patch resolving the timeout issue on lost conection. (This rolls in patch in #439) --- paramiko/client.py | 2 +- paramiko/transport.py | 18 +++++++++++++----- sites/www/changelog.rst | 3 +++ 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/paramiko/client.py b/paramiko/client.py index 393e3e09..9ee30287 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -338,7 +338,7 @@ class SSHClient (ClosingContextManager): :raises SSHException: if the server fails to execute the command """ - chan = self._transport.open_session() + chan = self._transport.open_session(timeout=timeout) if get_pty: chan.get_pty() chan.settimeout(timeout) diff --git a/paramiko/transport.py b/paramiko/transport.py index 6047fb99..31c27a2f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -589,7 +589,7 @@ class Transport (threading.Thread, ClosingContextManager): """ return self.active - def open_session(self, window_size=None, max_packet_size=None): + def open_session(self, window_size=None, max_packet_size=None, timeout=None): """ Request a new channel to the server, of type ``"session"``. This is just an alias for calling `open_channel` with an argument of @@ -614,7 +614,8 @@ class Transport (threading.Thread, ClosingContextManager): """ return self.open_channel('session', window_size=window_size, - max_packet_size=max_packet_size) + max_packet_size=max_packet_size, + timeout=timeout) def open_x11_channel(self, src_addr=None): """ @@ -661,7 +662,8 @@ class Transport (threading.Thread, ClosingContextManager): dest_addr=None, src_addr=None, window_size=None, - max_packet_size=None): + max_packet_size=None, + timeout=None): """ Request a new channel to the server. `Channels <.Channel>` are socket-like objects used for the actual transfer of data across the @@ -685,17 +687,20 @@ class Transport (threading.Thread, ClosingContextManager): optional window size for this session. :param int max_packet_size: optional max packet size for this session. + :param float timeout: + optional timeout opening a channel, default 3600s (1h) :return: a new `.Channel` on success - :raises SSHException: if the request is rejected or the session ends - prematurely + :raises SSHException: if the request is rejected, the session ends + prematurely or there is a timeout openning a channel .. versionchanged:: 1.15 Added the ``window_size`` and ``max_packet_size`` arguments. """ if not self.active: raise SSHException('SSH session not active') + timeout = 3600 if timeout is None else timeout self.lock.acquire() try: window_size = self._sanitize_window_size(window_size) @@ -724,6 +729,7 @@ class Transport (threading.Thread, ClosingContextManager): finally: self.lock.release() self._send_user_message(m) + start_ts = time.time() while True: event.wait(0.1) if not self.active: @@ -733,6 +739,8 @@ class Transport (threading.Thread, ClosingContextManager): raise e if event.is_set(): break + elif start_ts + timeout < time.time(): + raise SSHException('Timeout openning channel.') chan = self._channels.get(chanid) if chan is not None: return chan diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f9900327..16a60a68 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`439` Resolve the timeout issue on lost conection. + When the destination disappears on an established session paramiko will hang on trying to open a channel. + Credit to ``@vazir`` for patch. * :bug:`62` Add timeout for handshake completion. This adds a mechanism for timing out a connection if the ssh handshake never completes. -- cgit v1.2.3 From 4ca8d68c0443c4e5e17ae4fcee39dd6f2507c7cd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 27 Feb 2015 13:19:35 -0800 Subject: Changelog closes #22 --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..0e8f92c4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 + vs IPv6) in case of connection issues; this helps with problems such as hosts + which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. + Thanks to Dries Desmet for original report and Torsten Landschoff for the + foundational patchset. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken -- cgit v1.2.3 From 27e6177f4b7bae87c9fc7aa3556d20100ff9a319 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 27 Feb 2015 13:29:32 -0800 Subject: Fix a Python 3 incompat bit from recent merge --- paramiko/client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/client.py b/paramiko/client.py index 57e9919d..2e1a4dc4 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -272,7 +272,7 @@ class SSHClient (ClosingContextManager): retry_on_signal(lambda: sock.connect(addr)) # Break out of the loop on success break - except socket.error, e: + except socket.error as e: # Raise anything that isn't a straight up connection error # (such as a resolution error) if e.errno not in (ECONNREFUSED, EHOSTUNREACH): -- cgit v1.2.3 From 3ceab6a5f65db5be219b3dba17677e3101a0489f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 27 Feb 2015 14:52:26 -0800 Subject: Some 80-col fixes --- paramiko/client.py | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/paramiko/client.py b/paramiko/client.py index 2e1a4dc4..6c48b269 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -196,10 +196,25 @@ class SSHClient (ClosingContextManager): for family, _, _, _, sockaddr in addrinfos: yield family, sockaddr - def connect(self, hostname, port=SSH_PORT, username=None, password=None, pkey=None, - key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, - compress=False, sock=None, gss_auth=False, gss_kex=False, - gss_deleg_creds=True, gss_host=None, banner_timeout=None): + def connect( + self, + hostname, + port=SSH_PORT, + username=None, + password=None, + pkey=None, + key_filename=None, + timeout=None, + allow_agent=True, + look_for_keys=True, + compress=False, + sock=None, + gss_auth=False, + gss_kex=False, + gss_deleg_creds=True, + gss_host=None, + banner_timeout=None + ): """ Connect to an SSH server and authenticate to it. The server's host key is checked against the system host keys (see `load_system_host_keys`) @@ -230,8 +245,10 @@ class SSHClient (ClosingContextManager): :param str key_filename: the filename, or list of filenames, of optional private key(s) to try for authentication - :param float timeout: an optional timeout (in seconds) for the TCP connect - :param bool allow_agent: set to False to disable connecting to the SSH agent + :param float timeout: + an optional timeout (in seconds) for the TCP connect + :param bool allow_agent: + set to False to disable connecting to the SSH agent :param bool look_for_keys: set to False to disable searching for discoverable private key files in ``~/.ssh/`` @@ -240,9 +257,11 @@ class SSHClient (ClosingContextManager): an open socket or socket-like object (such as a `.Channel`) to use for communication to the target host :param bool gss_auth: ``True`` if you want to use GSS-API authentication - :param bool gss_kex: Perform GSS-API Key Exchange and user authentication + :param bool gss_kex: + Perform GSS-API Key Exchange and user authentication :param bool gss_deleg_creds: Delegate GSS-API client credentials or not - :param str gss_host: The targets name in the kerberos database. default: hostname + :param str gss_host: + The targets name in the kerberos database. default: hostname :param float banner_timeout: an optional timeout (in seconds) to wait for the SSH banner to be presented. -- cgit v1.2.3 From ca0fd1024ecf61b1758bdd38350fbd4c4ccaaefb Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 28 Feb 2015 19:54:52 -0800 Subject: Replace/add RFC links using ``:rfc:``, /ht @sigmavirus24 --- paramiko/channel.py | 2 +- paramiko/kex_gss.py | 27 +++++++++++++++------------ paramiko/ssh_gss.py | 2 +- sites/www/index.rst | 8 ++------ 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/paramiko/channel.py b/paramiko/channel.py index 8a97c974..7e39a15b 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -337,7 +337,7 @@ class Channel (ClosingContextManager): further x11 requests can be made from the server to the client, when an x11 application is run in a shell session. - From RFC4254:: + From :rfc:`4254`:: It is RECOMMENDED that the 'x11 authentication cookie' that is sent be a fake, random cookie, and that the cookie be checked and diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index 4e8380ef..d026807c 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -21,14 +21,15 @@ """ -This module provides GSS-API / SSPI Key Exchange as defined in RFC 4462. +This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. .. note:: - `RFC 4462 Section 2.2 `_ says we are - not required to implement GSS-API error messages. Thus, in many methods - within this module, if an error occurs an exception will be thrown and the + `RFC 4462 Section 2.2 + `_ says we are not + required to implement GSS-API error messages. Thus, in many methods within + this module, if an error occurs an exception will be thrown and the connection will be terminated. .. seealso:: :doc:`/api/ssh_gss` @@ -55,8 +56,8 @@ c_MSG_KEXGSS_GROUPREQ, c_MSG_KEXGSS_GROUP = [byte_chr(c) for c in range(40, 42)] class KexGSSGroup1(object): """ - GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange - as defined in `RFC 4462 Section 2 `_ + GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC + 4462 Section 2 `_ """ # draft-ietf-secsh-transport-09.txt, page 17 P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF @@ -278,8 +279,9 @@ class KexGSSGroup1(object): class KexGSSGroup14(KexGSSGroup1): """ - GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange - as defined in `RFC 4462 Section 2 `_ + GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined + in `RFC 4462 Section 2 + `_ """ P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF G = 2 @@ -288,8 +290,8 @@ class KexGSSGroup14(KexGSSGroup1): class KexGSSGex(object): """ - GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange - as defined in `RFC 4462 Section 2 `_ + GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in + `RFC 4462 Section 2 `_ """ NAME = "gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" min_bits = 1024 @@ -590,8 +592,9 @@ class KexGSSGex(object): class NullHostKey(object): """ - This class represents the Null Host Key for GSS-API Key Exchange - as defined in `RFC 4462 Section 5 `_ + This class represents the Null Host Key for GSS-API Key Exchange as defined + in `RFC 4462 Section 5 + `_ """ def __init__(self): self.key = "" diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index ebf2cc80..aa28e2ec 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -20,7 +20,7 @@ """ -This module provides GSS-API / SSPI authentication as defined in RFC 4462. +This module provides GSS-API / SSPI authentication as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. diff --git a/sites/www/index.rst b/sites/www/index.rst index 1b609709..8e7562af 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -26,11 +26,7 @@ Please see the sidebar to the left to begin. .. rubric:: Footnotes .. [#] - SSH is defined in RFCs - `4251 `_, - `4252 `_, - `4253 `_, and - `4254 `_; - the primary working implementation of the protocol is the `OpenSSH project + SSH is defined in :rfc:`4251`, :rfc:`4252`, :rfc:`4253` and :rfc:`4254`. The + primary working implementation of the protocol is the `OpenSSH project `_. Paramiko implements a large portion of the SSH feature set, but there are occasional gaps. -- cgit v1.2.3 From 23dc9d1fdee82b94c40cc86970246e027c0f360e Mon Sep 17 00:00:00 2001 From: Anselm Kruis Date: Tue, 3 Mar 2015 12:30:37 +0100 Subject: Add a missing import. --- paramiko/auth_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py index c001aeee..9cf4e271 100644 --- a/paramiko/auth_handler.py +++ b/paramiko/auth_handler.py @@ -34,7 +34,7 @@ from paramiko.common import cMSG_SERVICE_REQUEST, cMSG_DISCONNECT, \ cMSG_USERAUTH_GSSAPI_ERRTOK, cMSG_USERAUTH_GSSAPI_MIC,\ MSG_USERAUTH_GSSAPI_RESPONSE, MSG_USERAUTH_GSSAPI_TOKEN, \ MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, MSG_USERAUTH_GSSAPI_ERROR, \ - MSG_USERAUTH_GSSAPI_ERRTOK, MSG_USERAUTH_GSSAPI_MIC + MSG_USERAUTH_GSSAPI_ERRTOK, MSG_USERAUTH_GSSAPI_MIC, MSG_NAMES from paramiko.message import Message from paramiko.py3compat import bytestring -- cgit v1.2.3 From ee47257684d2b9999743317c1b1bc1a0b135875d Mon Sep 17 00:00:00 2001 From: Anselm Kruis Date: Tue, 3 Mar 2015 12:59:01 +0100 Subject: Fix the documentation of both implementations of ssh_check_mic. The method raises an exception, if the check fails and has no return value. --- paramiko/ssh_gss.py | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index aa28e2ec..e9b13a66 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -360,8 +360,8 @@ class _SSH_GSSAPI(_SSH_GSSAuth): :param str mic_token: The MIC token received from the client :param str session_id: The SSH session ID :param str username: The name of the user who attempts to login - :return: 0 if the MIC check was successful and 1 if it fails - :rtype: int + :return: None if the MIC check was successful + :raises gssapi.GSSException: if the MIC check failed """ self._session_id = session_id self._username = username @@ -371,11 +371,7 @@ class _SSH_GSSAPI(_SSH_GSSAuth): self._username, self._service, self._auth_method) - try: - self._gss_srv_ctxt.verify_mic(mic_field, - mic_token) - except gssapi.BadSignature: - raise Exception("GSS-API MIC check failed.") + self._gss_srv_ctxt.verify_mic(mic_field, mic_token) else: # for key exchange with gssapi-keyex # client mode @@ -534,31 +530,26 @@ class _SSH_SSPI(_SSH_GSSAuth): :param str mic_token: The MIC token received from the client :param str session_id: The SSH session ID :param str username: The name of the user who attempts to login - :return: 0 if the MIC check was successful - :rtype: int + :return: None if the MIC check was successful + :raises sspi.error: if the MIC check failed """ self._session_id = session_id self._username = username - mic_status = 1 if username is not None: # server mode mic_field = self._ssh_build_mic(self._session_id, self._username, self._service, self._auth_method) - mic_status = self._gss_srv_ctxt.verify(mic_field, - mic_token) + # Verifies data and its signature. If verification fails, an + # sspi.error will be raised. + self._gss_srv_ctxt.verify(mic_field, mic_token) else: # for key exchange with gssapi-keyex # client mode - mic_status = self._gss_ctxt.verify(self._session_id, - mic_token) - """ - The SSPI method C{verify} has no return value, so if no SSPI error - is returned, set C{mic_status} to 0. - """ - mic_status = 0 - return mic_status + # Verifies data and its signature. If verification fails, an + # sspi.error will be raised. + self._gss_ctxt.verify(self._session_id, mic_token) @property def credentials_delegated(self): -- cgit v1.2.3 From ceddde7498a1b88e9662668b037552b71010cf46 Mon Sep 17 00:00:00 2001 From: Anselm Kruis Date: Tue, 3 Mar 2015 13:00:47 +0100 Subject: Fix an uninitialised variable usage and simplify the code. --- paramiko/auth_handler.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py index 9cf4e271..ef4a8c7e 100644 --- a/paramiko/auth_handler.py +++ b/paramiko/auth_handler.py @@ -510,15 +510,11 @@ class AuthHandler (object): result = AUTH_FAILED self._send_auth_result(username, method, result) raise - if retval == 0: - # TODO: Implement client credential saving. - # The OpenSSH server is able to create a TGT with the delegated - # client credentials, but this is not supported by GSS-API. - result = AUTH_SUCCESSFUL - self.transport.server_object.check_auth_gssapi_with_mic( - username, result) - else: - result = AUTH_FAILED + # TODO: Implement client credential saving. + # The OpenSSH server is able to create a TGT with the delegated + # client credentials, but this is not supported by GSS-API. + result = AUTH_SUCCESSFUL + self.transport.server_object.check_auth_gssapi_with_mic(username, result) elif method == "gssapi-keyex" and gss_auth: mic_token = m.get_string() sshgss = self.transport.kexgss_ctxt @@ -534,12 +530,8 @@ class AuthHandler (object): result = AUTH_FAILED self._send_auth_result(username, method, result) raise - if retval == 0: - result = AUTH_SUCCESSFUL - self.transport.server_object.check_auth_gssapi_keyex(username, - result) - else: - result = AUTH_FAILED + result = AUTH_SUCCESSFUL + self.transport.server_object.check_auth_gssapi_keyex(username, result) else: result = self.transport.server_object.check_auth_none(username) # okay, send result -- cgit v1.2.3 From c158db9833c70b2f57db0a58ab6133595c740d6f Mon Sep 17 00:00:00 2001 From: Anselm Kruis Date: Tue, 3 Mar 2015 13:02:02 +0100 Subject: Switch kex_gss from using PyCrypto's Random to using os.urandom. --- paramiko/kex_gss.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index d026807c..69969f8a 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -37,6 +37,7 @@ This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. versionadded:: 1.15 """ +import os from hashlib import sha1 from paramiko.common import * @@ -130,7 +131,7 @@ class KexGSSGroup1(object): larger than q (but this is a tiny tiny subset of potential x). """ while 1: - x_bytes = self.transport.rng.read(128) + x_bytes = os.urandom(128) x_bytes = byte_mask(x_bytes[0], 0x7f) + x_bytes[1:] if (x_bytes[:8] != self.b7fffffffffffffff) and \ (x_bytes[:8] != self.b0000000000000000): @@ -366,7 +367,7 @@ class KexGSSGex(object): qhbyte <<= 1 qmask >>= 1 while True: - x_bytes = self.transport.rng.read(byte_count) + x_bytes = os.urandom(byte_count) x_bytes = byte_mask(x_bytes[0], qmask) + x_bytes[1:] x = util.inflate_long(x_bytes, 1) if (x > 1) and (x < q): -- cgit v1.2.3 From b0a5ca8e3747a34082895bbd170a617f76ebe7e5 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 5 Mar 2015 09:54:41 -0800 Subject: Rename new exception class to be less generic Re #22 --- paramiko/client.py | 4 ++-- paramiko/ssh_exception.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/paramiko/client.py b/paramiko/client.py index 6c48b269..e10e9da7 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -37,7 +37,7 @@ from paramiko.py3compat import string_types from paramiko.resource import ResourceManager from paramiko.rsakey import RSAKey from paramiko.ssh_exception import ( - SSHException, BadHostKeyException, ConnectionError + SSHException, BadHostKeyException, NoValidConnectionsError ) from paramiko.transport import Transport from paramiko.util import retry_on_signal, ClosingContextManager @@ -307,7 +307,7 @@ class SSHClient (ClosingContextManager): # ones, of a subclass that client code should still be watching for # (socket.error) if len(errors) == len(to_try): - raise ConnectionError(errors) + raise NoValidConnectionsError(errors) t = self._transport = Transport(sock, gss_kex=gss_kex, gss_deleg_creds=gss_deleg_creds) t.use_compression(compress=compress) diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index 7e6f2568..169dad81 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -133,7 +133,7 @@ class ProxyCommandFailure (SSHException): self.args = (command, error, ) -class ConnectionError(socket.error): +class NoValidConnectionsError(socket.error): """ High-level socket error wrapping 1+ actual socket.error objects. @@ -155,7 +155,7 @@ class ConnectionError(socket.error): body = ', '.join([x[0] for x in addrs[:-1]]) tail = addrs[-1][0] msg = "Unable to connect to port {0} at {1} or {2}" - super(ConnectionError, self).__init__( + super(NoValidConnectionsError, self).__init__( msg.format(addrs[0][1], body, tail) ) self.errors = errors -- cgit v1.2.3 From 136e0deef9c949a1b223244b696e6d870cc12e34 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 5 Mar 2015 09:55:29 -0800 Subject: Add null errno to socket.error subclass. Makes downstream code less likely to break when they expect errno+msg style socket error objects. Re #22 --- paramiko/ssh_exception.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index 169dad81..1fbebde8 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -135,7 +135,14 @@ class ProxyCommandFailure (SSHException): class NoValidConnectionsError(socket.error): """ - High-level socket error wrapping 1+ actual socket.error objects. + Multiple connection attempts were made and no families succeeded. + + This exception class wraps multiple "real" underlying connection errors, + all of which represent failed connection attempts. Because these errors are + not guaranteed to all be of the same error type (i.e. different errno, + class, message, etc) we expose a single unified error message and a + ``None`` errno so that instances of this class match most normal handling + of `socket.error` objects. To see the wrapped exception objects, access the ``errors`` attribute. ``errors`` is a dict whose keys are address tuples (e.g. ``('127.0.0.1', @@ -156,6 +163,7 @@ class NoValidConnectionsError(socket.error): tail = addrs[-1][0] msg = "Unable to connect to port {0} at {1} or {2}" super(NoValidConnectionsError, self).__init__( + None, # stand-in for errno msg.format(addrs[0][1], body, tail) ) self.errors = errors -- cgit v1.2.3 From cfeca480db0116c5c8d95ba1aaa9e5e5e02951ed Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 5 Mar 2015 09:55:36 -0800 Subject: Error message langauge tweak --- paramiko/ssh_exception.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index 1fbebde8..2e09c6d6 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -161,7 +161,7 @@ class NoValidConnectionsError(socket.error): addrs = errors.keys() body = ', '.join([x[0] for x in addrs[:-1]]) tail = addrs[-1][0] - msg = "Unable to connect to port {0} at {1} or {2}" + msg = "Unable to connect to port {0} on {1} or {2}" super(NoValidConnectionsError, self).__init__( None, # stand-in for errno msg.format(addrs[0][1], body, tail) -- cgit v1.2.3 From 2e4d604cdd3d65dd5a826794231ad03839c28d4a Mon Sep 17 00:00:00 2001 From: Anselm Kruis Date: Wed, 18 Mar 2015 14:49:09 +0100 Subject: Add a missing import. --- paramiko/server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paramiko/server.py b/paramiko/server.py index bf5039a2..f79a1748 100644 --- a/paramiko/server.py +++ b/paramiko/server.py @@ -22,7 +22,7 @@ import threading from paramiko import util -from paramiko.common import DEBUG, ERROR, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED, AUTH_FAILED +from paramiko.common import DEBUG, ERROR, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED, AUTH_FAILED, AUTH_SUCCESSFUL from paramiko.py3compat import string_types -- cgit v1.2.3 From 7400ce4fd80fc6c0cfc1b3d96900ee2fb87f9ebe Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 29 Apr 2015 19:25:25 -0700 Subject: Packaging updates --- dev-requirements.txt | 8 +++++--- tasks.py | 24 +++--------------------- 2 files changed, 8 insertions(+), 24 deletions(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 7a0ccbc5..059572cf 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,9 +1,11 @@ # Older junk tox>=1.4,<1.5 # For newer tasks like building Sphinx docs. -invoke>=0.7.0,<0.8 -invocations>=0.5.0 +invoke>=0.10 +invocations>=0.9.2 sphinx>=1.1.3 alabaster>=0.6.1 releases>=0.5.2 -wheel==0.23.0 +semantic_version>=2.4,<2.5 +wheel==0.24 +twine==1.5 diff --git a/tasks.py b/tasks.py index 1afce514..20ded03d 100644 --- a/tasks.py +++ b/tasks.py @@ -3,28 +3,10 @@ from os.path import join from shutil import rmtree, copytree from invoke import Collection, ctask as task -from invocations import docs as _docs +from invocations.docs import docs, www from invocations.packaging import publish -d = 'sites' - -# Usage doc/API site (published as docs.paramiko.org) -docs_path = join(d, 'docs') -docs_build = join(docs_path, '_build') -docs = Collection.from_module(_docs, name='docs', config={ - 'sphinx.source': docs_path, - 'sphinx.target': docs_build, -}) - -# Main/about/changelog site ((www.)?paramiko.org) -www_path = join(d, 'www') -www = Collection.from_module(_docs, name='www', config={ - 'sphinx.source': www_path, - 'sphinx.target': join(www_path, '_build'), -}) - - # Until we move to spec-based testing @task def test(ctx): @@ -45,9 +27,9 @@ def release(ctx): rmtree(target, ignore_errors=True) copytree(docs_build, target) # Publish - publish(ctx, wheel=True) + publish(ctx) # Remind print("\n\nDon't forget to update RTD's versions page for new minor releases!") -ns = Collection(test, coverage, release, docs=docs, www=www) +ns = Collection(test, coverage, release, docs, www) -- cgit v1.2.3 From 9c77538747881bb8cb3f6c7b220515cfd6943b92 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 29 Apr 2015 19:39:04 -0700 Subject: Not sure how this got nuked --- tasks.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tasks.py b/tasks.py index c7d28b16..3d575670 100644 --- a/tasks.py +++ b/tasks.py @@ -17,6 +17,11 @@ def test(ctx, coverage=False): ctx.run("{0} test.py {1}".format(runner, flags), pty=True) +@task +def coverage(ctx): + ctx.run("coverage run --source=paramiko test.py --verbose") + + # Until we stop bundling docs w/ releases. Need to discover use cases first. @task def release(ctx): -- cgit v1.2.3 From dd9135b24174ba8b02e0982ce2f9026cd22bef21 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 11 Jun 2015 16:42:07 -0700 Subject: Tweak docstring --- paramiko/ssh_exception.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index 2e09c6d6..d053974a 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -140,9 +140,9 @@ class NoValidConnectionsError(socket.error): This exception class wraps multiple "real" underlying connection errors, all of which represent failed connection attempts. Because these errors are not guaranteed to all be of the same error type (i.e. different errno, - class, message, etc) we expose a single unified error message and a - ``None`` errno so that instances of this class match most normal handling - of `socket.error` objects. + `socket.error` subclass, message, etc) we expose a single unified error + message and a ``None`` errno so that instances of this class match most + normal handling of `socket.error` objects. To see the wrapped exception objects, access the ``errors`` attribute. ``errors`` is a dict whose keys are address tuples (e.g. ``('127.0.0.1', -- cgit v1.2.3 From 7a6e89bcbd75c495205ddf7520c044000c2e6a65 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 17 Aug 2015 21:00:05 -0700 Subject: Add TODO found while poking API from fabric v2 --- paramiko/sftp_client.py | 1 + 1 file changed, 1 insertion(+) diff --git a/paramiko/sftp_client.py b/paramiko/sftp_client.py index 89840eaa..6d48e692 100644 --- a/paramiko/sftp_client.py +++ b/paramiko/sftp_client.py @@ -589,6 +589,7 @@ class SFTPClient(BaseSFTP, ClosingContextManager): .. versionadded:: 1.4 """ + # TODO: make class initialize with self._cwd set to self.normalize('.') return self._cwd and u(self._cwd) def putfo(self, fl, remotepath, file_size=0, callback=None, confirm=True): -- cgit v1.2.3 From 6c5df3650a90ca2567e6f865de237c5fb1fadf5d Mon Sep 17 00:00:00 2001 From: Peter Odding Date: Sat, 5 Sep 2015 17:57:45 +0200 Subject: Try to fix `python setup.py bdist_dumb' on Mac OS X (paylogic/pip-accel#2) Additions based on /usr/lib/python2.7/distutils/archive_util.py from the Ubuntu 12.04 package python2.7 (2.7.3-0ubuntu3.8). I have not looked into the compatibility of the software licenses of Paramiko vs distutils however the original setup_helper.py code in Paramiko was clearly also copied from distutils so to be honest it's not like I'm changing the status quo. --- setup_helper.py | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 52 insertions(+), 5 deletions(-) diff --git a/setup_helper.py b/setup_helper.py index ff6b0e16..5d23137b 100644 --- a/setup_helper.py +++ b/setup_helper.py @@ -30,9 +30,42 @@ import distutils.archive_util from distutils.dir_util import mkpath from distutils.spawn import spawn - -def make_tarball(base_name, base_dir, compress='gzip', - verbose=False, dry_run=False): +try: + from pwd import getpwnam +except ImportError: + getpwnam = None + +try: + from grp import getgrnam +except ImportError: + getgrnam = None + +def _get_gid(name): + """Returns a gid, given a group name.""" + if getgrnam is None or name is None: + return None + try: + result = getgrnam(name) + except KeyError: + result = None + if result is not None: + return result[2] + return None + +def _get_uid(name): + """Returns an uid, given a user name.""" + if getpwnam is None or name is None: + return None + try: + result = getpwnam(name) + except KeyError: + result = None + if result is not None: + return result[2] + return None + +def make_tarball(base_name, base_dir, compress='gzip', verbose=0, dry_run=0, + owner=None, group=None): """Create a tar file from all the files under 'base_dir'. This file may be compressed. @@ -75,11 +108,25 @@ def make_tarball(base_name, base_dir, compress='gzip', mkpath(os.path.dirname(archive_name), dry_run=dry_run) log.info('Creating tar file %s with mode %s' % (archive_name, mode)) + uid = _get_uid(owner) + gid = _get_gid(group) + + def _set_uid_gid(tarinfo): + if gid is not None: + tarinfo.gid = gid + tarinfo.gname = group + if uid is not None: + tarinfo.uid = uid + tarinfo.uname = owner + return tarinfo + if not dry_run: tar = tarfile.open(archive_name, mode=mode) # This recursively adds everything underneath base_dir - tar.add(base_dir) - tar.close() + try: + tar.add(base_dir, filter=_set_uid_gid) + finally: + tar.close() if compress and compress not in tarfile_compress_flag: spawn([compress] + compress_flags[compress] + [archive_name], -- cgit v1.2.3 From a7c8266fe784dffa2a5fdd1526437c6ba7ba1aab Mon Sep 17 00:00:00 2001 From: Peter Odding Date: Wed, 9 Sep 2015 22:18:24 +0200 Subject: Restore Python 2.6 compatibility for `python setup.py {s,b}dist' --- setup_helper.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setup_helper.py b/setup_helper.py index 5d23137b..9e3834b3 100644 --- a/setup_helper.py +++ b/setup_helper.py @@ -124,7 +124,12 @@ def make_tarball(base_name, base_dir, compress='gzip', verbose=0, dry_run=0, tar = tarfile.open(archive_name, mode=mode) # This recursively adds everything underneath base_dir try: - tar.add(base_dir, filter=_set_uid_gid) + try: + # Support for the `filter' parameter was added in Python 2.7, + # earlier versions will raise TypeError. + tar.add(base_dir, filter=_set_uid_gid) + except TypeError: + tar.add(base_dir) finally: tar.close() -- cgit v1.2.3 From 97e134aa43c9632f34be278ca1d08f56cc83993a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 10 Sep 2015 14:09:13 -0700 Subject: Changelog fixes #582 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0e8f92c4..6379dba9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`582` Fix some old ``setup.py`` related helper code which was + breaking ``bdist_dumb`` on Mac OS X. Thanks to Peter Odding for the patch. * :bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 vs IPv6) in case of connection issues; this helps with problems such as hosts which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. -- cgit v1.2.3 From 7b33770b4786af2508fab11cebe934584fe19ca6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 21 Sep 2015 17:19:40 -0700 Subject: gratipay no more :( --- sites/shared_conf.py | 1 - 1 file changed, 1 deletion(-) diff --git a/sites/shared_conf.py b/sites/shared_conf.py index 4a6a5c4e..99fab315 100644 --- a/sites/shared_conf.py +++ b/sites/shared_conf.py @@ -12,7 +12,6 @@ html_theme_options = { 'description': "A Python implementation of SSHv2.", 'github_user': 'paramiko', 'github_repo': 'paramiko', - 'gratipay_user': 'bitprophet', 'analytics_id': 'UA-18486793-2', 'travis_button': True, } -- cgit v1.2.3 From aef405c9adc3ca087b21836d4a2ee56e05a2b3c4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:02:27 -0700 Subject: Changelog closes #353 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..be3f5da7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port + which caused ``OverFlowError`` (and other symptoms) in SFTP functionality. + Thanks to ``@dboreham`` for leading the troubleshooting charge, and to + Scott Maxwell for the final patch. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken -- cgit v1.2.3 From a436b9f1087752b60bc31d73306bdac1229d1118 Mon Sep 17 00:00:00 2001 From: Steve Cohen Date: Tue, 17 Feb 2015 13:47:03 -0500 Subject: Typo causes failure if Putty Pageant is running. --- paramiko/_winapi.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paramiko/_winapi.py b/paramiko/_winapi.py index d6aabf76..cf4d68e5 100644 --- a/paramiko/_winapi.py +++ b/paramiko/_winapi.py @@ -219,8 +219,8 @@ class SECURITY_ATTRIBUTES(ctypes.Structure): @descriptor.setter def descriptor(self, value): - self._descriptor = descriptor - self.lpSecurityDescriptor = ctypes.addressof(descriptor) + self._descriptor = value + self.lpSecurityDescriptor = ctypes.addressof(value) def GetTokenInformation(token, information_class): """ -- cgit v1.2.3 From e9d65f4199bb6a8589c9a89f8a8d68edd66ac6d0 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:09:15 -0700 Subject: Changelog closes #488 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index be3f5da7..7e8c02fe 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a + typo introduced in the 1.15 release which broke WinPageant support. Thanks to + everyone who submitted patches, and to Steve Cohen who was the lucky winner + of the cherry-pick lottery. * :bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port which caused ``OverFlowError`` (and other symptoms) in SFTP functionality. Thanks to ``@dboreham`` for leading the troubleshooting charge, and to -- cgit v1.2.3 From 3bc8fd1a02358a8647bcee11e652ee5aec0bdf97 Mon Sep 17 00:00:00 2001 From: Loic Dachary Date: Thu, 25 Sep 2014 21:32:19 +0200 Subject: Add informative BadHostKeyException Displaying the keys being compared makes it easy to diagnose the problem. Otherwise there is more guessing involved. Signed-off-by: Loic Dachary --- paramiko/ssh_exception.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index b99e42b3..e120a45e 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -105,7 +105,11 @@ class BadHostKeyException (SSHException): .. versionadded:: 1.6 """ def __init__(self, hostname, got_key, expected_key): - SSHException.__init__(self, 'Host key for server %s does not match!' % hostname) + SSHException.__init__(self, + 'Host key for server %s does not match : got %s expected %s' % ( + hostname, + got_key.get_base64(), + expected_key.get_base64())) self.hostname = hostname self.key = got_key self.expected_key = expected_key -- cgit v1.2.3 From 48dc72b87567152ac8d45b4bad2bdd0d4ad3ac8b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:14:27 -0700 Subject: Changelog closes #404 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 7e8c02fe..3c11ff87 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`404` Print details when displaying `BadHostKeyException` objects + (expected vs received data) instead of just "hey shit broke". Patch credit: + Loic Dachary. * :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner -- cgit v1.2.3 From 669ecbd66f1218e5c93f6a53a25ea062c7b0b947 Mon Sep 17 00:00:00 2001 From: Martin Topholm Date: Mon, 2 Mar 2015 07:17:50 +0100 Subject: Silently ignore invalid keys in HostKeys.load() When broken entries exists in known_hosts, paramiko raises SSHException with "Invalid key". This patch catches the exception during HostKeys.load() and continues to next line. This should fix #490. --- paramiko/hostkeys.py | 6 +++++- tests/test_hostkeys.py | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index 84868875..7e2d22cf 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -19,6 +19,7 @@ import binascii import os +import ssh_exception from hashlib import sha1 from hmac import HMAC @@ -96,7 +97,10 @@ class HostKeys (MutableMapping): line = line.strip() if (len(line) == 0) or (line[0] == '#'): continue - e = HostKeyEntry.from_line(line, lineno) + try: + e = HostKeyEntry.from_line(line, lineno) + except ssh_exception.SSHException: + continue if e is not None: _hostnames = e.hostnames for h in _hostnames: diff --git a/tests/test_hostkeys.py b/tests/test_hostkeys.py index 0ee1bbf0..2bdcad9c 100644 --- a/tests/test_hostkeys.py +++ b/tests/test_hostkeys.py @@ -31,6 +31,7 @@ test_hosts_file = """\ secure.example.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1PD6U2/TVxET6lkpKhOk5r\ 9q/kAYG6sP9f5zuUYP8i7FOFp/6ncCEbbtg/lB+A3iidyxoSWl+9jtoyyDOOVX4UIDV9G11Ml8om3\ D+jrpI9cycZHqilK0HmxDeCuxbwyMuaCygU9gS2qoRvNLWZk70OpIKSSpBo0Wl3/XUmz9uhc= +broken.example.com ssh-rsa AAAA happy.example.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8bP1ZA7DCZDB9J0s50l31M\ BGQ3GQ/Fc7SX6gkpXkwcZryoi4kNFhHu5LvHcZPdxXV1D+uTMfGS1eyd2Yz/DoNWXNAl8TI0cAsW\ 5ymME3bQ4J/k1IKxCtz/bAlAqFgKoc+EolMziDYqWIATtW0rYTJvzGAzTmMj80/QpsFH+Pc2M= -- cgit v1.2.3 From fb258f88b4b61627a51f30f9a21fcbc7ec35c1e6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:18:24 -0700 Subject: Changelog closes #490, closes #500 (cherry-pick) --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3c11ff87..5f6a16f9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead + of raising `SSHException`. This brings Paramiko's behavior more in line with + OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin + Topholm. * :bug:`404` Print details when displaying `BadHostKeyException` objects (expected vs received data) instead of just "hey shit broke". Patch credit: Loic Dachary. -- cgit v1.2.3 From 0e9b78539da392170dd09d629bcfaef9cf724bc1 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:32:05 -0700 Subject: No idea why this only tanked tests on Python 3, ugh @ our old crusty test suite --- paramiko/hostkeys.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index 7e2d22cf..c7e1f72e 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -19,7 +19,6 @@ import binascii import os -import ssh_exception from hashlib import sha1 from hmac import HMAC @@ -36,6 +35,7 @@ from paramiko.dsskey import DSSKey from paramiko.rsakey import RSAKey from paramiko.util import get_logger, constant_time_bytes_eq from paramiko.ecdsakey import ECDSAKey +from paramiko.ssh_exception import SSHException class HostKeys (MutableMapping): @@ -99,7 +99,7 @@ class HostKeys (MutableMapping): continue try: e = HostKeyEntry.from_line(line, lineno) - except ssh_exception.SSHException: + except SSHException: continue if e is not None: _hostnames = e.hostnames -- cgit v1.2.3 From e287d6b70c5de5470393210623a46741f73a526d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:41:26 -0700 Subject: Don't use --coverage for tests under 3.2 anymore --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9a55dbb6..45fb1722 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,8 +13,8 @@ install: - pip install coveralls # For coveralls.io specifically - pip install -r dev-requirements.txt script: - # Main tests, with coverage! - - inv test --coverage + # Main tests, w/ coverage! (but skip coverage on 3.2, coverage.py dropped it) + - "[[ $TRAVIS_PYTHON_VERSION != 3.2 ]] && inv test --coverage || inv test" # Ensure documentation & invoke pipeline run OK. # Run 'docs' first since its objects.inv is referred to by 'www'. # Also force warnings to be errors since most of them tend to be actual -- cgit v1.2.3 From 57106d04def84ca1d9dd23c4d85b2ba9242556ff Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:53:02 -0700 Subject: Rework changelog entries re #491 a bit Closes #491, closes #62, closes #439 --- sites/www/changelog.rst | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 97b6fe9c..764c8801 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,14 +2,10 @@ Changelog ========= -* :bug:`439` Resolve the timeout issue on lost conection. - When the destination disappears on an established session paramiko will hang on trying to open a channel. - Credit to ``@vazir`` for patch. -* :bug:`62` Add timeout for handshake completion. - This adds a mechanism for timing out a connection if the ssh handshake - never completes. - Credit to ``@dacut`` for initial report and patch and to Olle Lundberg for - re-implementation. +* :bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout + functionality to address hangs from dropped network connections and/or failed + handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and + to Olle Lundberg for reimplementation. * :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead of raising `SSHException`. This brings Paramiko's behavior more in line with OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin -- cgit v1.2.3 From 8bf03014128b074bf6988100f18e48a94671cca2 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 15:43:59 -0700 Subject: Changelog re #496 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 764c8801..5b900c61 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI + support (note: this includes switching from PyCrypo's Random to + `os.urandom`). Thanks to Anselm Kruis for catch & patch. * :bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout functionality to address hangs from dropped network connections and/or failed handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and -- cgit v1.2.3 From 93694bb9ed4e28673586fd18ffce0fc0e925df1f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 15:57:59 -0700 Subject: Add docstring to AgentRequestHandler so it shows up in the docs. --- paramiko/agent.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/paramiko/agent.py b/paramiko/agent.py index f928881e..6a8e7fb4 100644 --- a/paramiko/agent.py +++ b/paramiko/agent.py @@ -290,6 +290,26 @@ class AgentServerProxy(AgentSSH): class AgentRequestHandler(object): + """ + Primary/default implementation of SSH agent forwarding functionality. + + Simply instantiate this class, handing it a live command-executing session + object, and it will handle forwarding any local SSH agent processes it + finds. + + For example:: + + # Connect + client = SSHClient() + client.connect(host, port, username) + # Obtain session + session = client.get_transport().open_session() + # Forward local agent + AgentRequestHandler(session) + # Commands executed after this point will see the forwarded agent on + # the remote end. + session.exec_command("git clone https://my.git.repository/") + """ def __init__(self, chanClient): self._conn = None self.__chanC = chanClient -- cgit v1.2.3 From b67ee80ba6cbb985a537123a0ae099b81ddfc999 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 15:59:04 -0700 Subject: Changelog closes #516 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5b900c61..b7f19d63 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. + Thanks to ``@toejough`` for report & suggestions. * :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI support (note: this includes switching from PyCrypo's Random to `os.urandom`). Thanks to Anselm Kruis for catch & patch. -- cgit v1.2.3 From 150960800dd5cf260a9932df53847d2d029c3656 Mon Sep 17 00:00:00 2001 From: Jared Hance Date: Sun, 5 Jul 2015 10:18:34 -0700 Subject: Fix ECDSA generate documentation. Was a blatant copy of a comment from RSAKey. --- paramiko/ecdsakey.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index 6b047959..8827a1db 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -129,13 +129,11 @@ class ECDSAKey (PKey): @staticmethod def generate(curve=curves.NIST256p, progress_func=None): """ - Generate a new private RSA key. This factory function can be used to + Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. - :param function progress_func: - an optional function to call at key points in key generation (used - by ``pyCrypto.PublicKey``). - :returns: A new private key (`.RSAKey`) object + :param function progress_func: Not used for this type of key. + :returns: A new private key (`.ECDSAKey`) object """ signing_key = SigningKey.generate(curve) key = ECDSAKey(vals=(signing_key, signing_key.get_verifying_key())) -- cgit v1.2.3 From a8ac9e6441030f2cc49de579c3d598e5f05ca331 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:23:16 -0700 Subject: Changelog closes #554 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index b7f19d63..1d3debb7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key + class. Thanks to Jared Hance for the patch. * :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. Thanks to ``@toejough`` for report & suggestions. * :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI -- cgit v1.2.3 From 9a5fbad601d7567cde59071f36ba6a34d6bcf696 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:56:28 -0700 Subject: Fix some typos/bad doc references in changelog --- sites/www/changelog.rst | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1d3debb7..9a4e6c76 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -14,12 +14,12 @@ Changelog handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and to Olle Lundberg for reimplementation. * :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead - of raising `SSHException`. This brings Paramiko's behavior more in line with - OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin - Topholm. -* :bug:`404` Print details when displaying `BadHostKeyException` objects - (expected vs received data) instead of just "hey shit broke". Patch credit: - Loic Dachary. + of raising `~paramiko.ssh_exception.SSHException`. This brings Paramiko's + behavior more in line with OpenSSH, which silently ignores such input. Catch + & patch courtesy of Martin Topholm. +* :bug:`404` Print details when displaying + `~paramiko.ssh_exception.BadHostKeyException` objects (expected vs received + data) instead of just "hey shit broke". Patch credit: Loic Dachary. * :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner @@ -30,8 +30,9 @@ Changelog Scott Maxwell for the final patch. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless - ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken - Jordan for the fix and Yvan Marques for original report. + ``TypeError`` with a human-readable + `~paramiko.ssh_exception.AuthenticationException`. Credit to Ken Jordan for + the fix and Yvan Marques for original report. * :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` -- cgit v1.2.3 From 5b1b13c2fb48ac55d64022212bf132b8c01ce0c7 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:59:15 -0700 Subject: Cut 1.15.3 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/paramiko/_version.py b/paramiko/_version.py index 3bf9dac7..25aac14f 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 2) +__version_info__ = (1, 15, 3) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9a4e6c76..d94d5bc2 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.3 <2015-10-02>` * :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch. * :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. -- cgit v1.2.3 From 985df357ec039bcb28f6f260e64e9838204506f6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 16:20:27 -0700 Subject: Fix dumb bug in release task --- tasks.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks.py b/tasks.py index 3d575670..7c920daf 100644 --- a/tasks.py +++ b/tasks.py @@ -30,7 +30,8 @@ def release(ctx): # Move the built docs into where Epydocs used to live target = 'docs' rmtree(target, ignore_errors=True) - copytree(docs_build, target) + # TODO: make it easier to yank out this config val from the docs coll + copytree('sites/docs/_build', target) # Publish publish(ctx) # Remind -- cgit v1.2.3