From b43dfe13259f43e670b568764e23e5ea057154b4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 19 Feb 2017 11:38:57 -0800 Subject: Changelog re #895, closes #895 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3ed75e27..e65353a4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`895` Fix a bug in server-mode concerning multiple interactive auth + steps (which were incorrectly responded to). Thanks to Dennis Kaarsemaker for + catch & patch. * :support:`866 backported` (also :issue:`838`) Remove an old test-related file we don't support, and add PyPy to Travis-CI config. Thanks to Pierce Lopez for the final patch and Pedro Rodrigues for an earlier edition. -- cgit v1.2.3 From 2e9dd2f57283b9bbb7d44324169fffa1e2aad789 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 13:49:35 -0800 Subject: Changelog re #713, re #714, re #889 --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e65353a4..491a60d8 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`713 (<2.0)` (via :issue:`714` and :issue:`889`) Don't pass + initialization vectors to PyCrypto when dealing with counter-mode ciphers; + newer PyCrypto versions throw an exception otherwise (older ones simply + ignored this parameter altogether). Thanks to ``@jmh045000`` for report & + patches. * :bug:`895` Fix a bug in server-mode concerning multiple interactive auth steps (which were incorrectly responded to). Thanks to Dennis Kaarsemaker for catch & patch. -- cgit v1.2.3 From acf0fbf1fd4ed69df19d78a1675f8c54b215ae83 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 14:04:37 -0800 Subject: Update a whole bunch of changelog entries lacking proper version statements =/ Grump, for now support types need both 'backported' and version spec? --- sites/www/changelog.rst | 49 +++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 491a60d8..e9d212ad 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -7,12 +7,13 @@ Changelog newer PyCrypto versions throw an exception otherwise (older ones simply ignored this parameter altogether). Thanks to ``@jmh045000`` for report & patches. -* :bug:`895` Fix a bug in server-mode concerning multiple interactive auth - steps (which were incorrectly responded to). Thanks to Dennis Kaarsemaker for - catch & patch. -* :support:`866 backported` (also :issue:`838`) Remove an old test-related file - we don't support, and add PyPy to Travis-CI config. Thanks to Pierce Lopez - for the final patch and Pedro Rodrigues for an earlier edition. +* :bug:`895 (1.17+)` Fix a bug in server-mode concerning multiple interactive + auth steps (which were incorrectly responded to). Thanks to Dennis + Kaarsemaker for catch & patch. +* :support:`866 backported (1.17+)` (also :issue:`838`) Remove an old + test-related file we don't support, and add PyPy to Travis-CI config. Thanks + to Pierce Lopez for the final patch and Pedro Rodrigues for an earlier + edition. * :release:`2.0.4 <2016-12-12>` * :release:`1.18.1 <2016-12-12>` * :bug:`859` (via :issue:`860`) A tweak to the original patch implementing @@ -30,15 +31,15 @@ Changelog * :bug:`802 (1.17+)` (via :issue:`804`) Update our vendored Windows API module to address errors of the form ``AttributeError: 'module' object has no attribute 'c_ssize_t'``. Credit to Jason R. Coombs. -* :bug:`824` Fix the implementation of ``PKey.write_private_key_file`` (this - method is only publicly defined on subclasses; the fix was in the private - real implementation) so it passes the correct params to ``open()``. This bug - apparently went unnoticed and unfixed for 12 entire years. Congrats to John - Villalovos for noticing & submitting the patch! -* :support:`801 (1.17+)` Skip a Unix-only test when on Windows; thanks to - Gabi Davar. -* :support:`792 (1.17+)` Minor updates to the README and demos; thanks to Alan - Yee. +* :bug:`824 (1.17+)` Fix the implementation of ``PKey.write_private_key_file`` + (this method is only publicly defined on subclasses; the fix was in the + private real implementation) so it passes the correct params to ``open()``. + This bug apparently went unnoticed and unfixed for 12 entire years. Congrats + to John Villalovos for noticing & submitting the patch! +* :support:`801 backported (1.17+)` Skip a Unix-only test when on Windows; + thanks to Gabi Davar. +* :support:`792 backported (1.17+)` Minor updates to the README and demos; + thanks to Alan Yee. * :feature:`780 (1.18+)` (also :issue:`779`, and may help users affected by :issue:`520`) Add an optional ``timeout`` parameter to `Transport.start_client ` (and @@ -52,21 +53,21 @@ Changelog ``SSHException``. This moves the behavior in line with other "bad keys" situations, re: Paramiko's main auth loop. Thanks to MengHuan Yu for the patch. -* :bug:`789` Add a missing ``.closed`` attribute (plus ``._closed`` because - reasons) to `ProxyCommand ` so the earlier - partial fix for :issue:`520` works in situations where one is gatewaying via - ``ProxyCommand``. -* :bug:`334` Make the ``subprocess`` import in ``proxy.py`` lazy so users on - platforms without it (such as Google App Engine) can import Paramiko +* :bug:`789 (1.17+)` Add a missing ``.closed`` attribute (plus ``._closed`` + because reasons) to `ProxyCommand ` so the + earlier partial fix for :issue:`520` works in situations where one is + gatewaying via ``ProxyCommand``. +* :bug:`334 (1.17+)` Make the ``subprocess`` import in ``proxy.py`` lazy so + users on platforms without it (such as Google App Engine) can import Paramiko successfully. (Relatedly, make it easier to tweak an active socket check timeout [in `Transport `] which was previously hardcoded.) Credit: Shinya Okano. -* :support:`854 backported` Fix incorrect docstring/param-list for +* :support:`854 backported (1.17+)` Fix incorrect docstring/param-list for `Transport.auth_gssapi_keyex ` so it matches the real signature. Caught by ``@Score_Under``. -* :bug:`681` Fix a Python3-specific bug re: the handling of read buffers when - using ``ProxyCommand``. Thanks to Paul Kapp for catch & patch. +* :bug:`681 (1.17+)` Fix a Python3-specific bug re: the handling of read + buffers when using ``ProxyCommand``. Thanks to Paul Kapp for catch & patch. * :support:`819 backported (>=1.15,<2.0)` Document how lacking ``gmp`` headers at install time can cause a significant performance hit if you build PyCrypto from source. (Most system-distributed packages already have this enabled.) -- cgit v1.2.3 From 598c877abb73abc9c57fa3444ba24f3dd1c628b9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 14:28:56 -0800 Subject: Not sure how this got overlooked in the cherrypicking, ugh @ myself --- sites/www/changelog.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e9d212ad..03a7ba94 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -16,8 +16,8 @@ Changelog edition. * :release:`2.0.4 <2016-12-12>` * :release:`1.18.1 <2016-12-12>` -* :bug:`859` (via :issue:`860`) A tweak to the original patch implementing - :issue:`398` was not fully applied, causing calls to +* :bug:`859 (1.18+)` (via :issue:`860`) A tweak to the original patch + implementing :issue:`398` was not fully applied, causing calls to `~paramiko.client.SSHClient.invoke_shell` to fail with ``AttributeError``. This has been fixed. Patch credit: Kirk Byers. * :bug:`-` Accidentally merged the new features from 1.18.0 into the -- cgit v1.2.3 From 11f4c2fa13aadd000a22f33edb9ef4d70cf03236 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 14:29:56 -0800 Subject: let's be consistent --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 03a7ba94..427eda0f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,7 +2,7 @@ Changelog ========= -* :bug:`713 (<2.0)` (via :issue:`714` and :issue:`889`) Don't pass +* :bug:`713 (1.17+)` (via :issue:`714` and :issue:`889`) Don't pass initialization vectors to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto versions throw an exception otherwise (older ones simply ignored this parameter altogether). Thanks to ``@jmh045000`` for report & -- cgit v1.2.3 From efe7856283242374b6456711ea95fabb7320b46e Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 14:38:38 -0800 Subject: Changelog closes #44, closes #891 --- sites/www/changelog.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 427eda0f..376897c9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,13 @@ Changelog ========= +* :bug:`44` (via :issue:`891`) `SSHClient ` now + gives its internal `Transport ` a handle on + itself, preventing garbage collection of the client until the session is + closed. Without this, some code which returns stream or transport objects + without the client that generated them, would result in premature session + closure when the client was GCd. Credit: ``@w31rd0`` for original report, + Omer Anson for the patch. * :bug:`713 (1.17+)` (via :issue:`714` and :issue:`889`) Don't pass initialization vectors to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto versions throw an exception otherwise (older ones simply -- cgit v1.2.3 From 5835599f0047b4ab1d2a090c058baf282a1402f7 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 14:40:38 -0800 Subject: Sigh --- sites/www/changelog.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 376897c9..22681f49 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,8 +2,8 @@ Changelog ========= -* :bug:`44` (via :issue:`891`) `SSHClient ` now - gives its internal `Transport ` a handle on +* :bug:`44 (1.17+)` (via :issue:`891`) `SSHClient ` + now gives its internal `Transport ` a handle on itself, preventing garbage collection of the client until the session is closed. Without this, some code which returns stream or transport objects without the client that generated them, would result in premature session -- cgit v1.2.3 From 168b8b383efc894cfa8d81946e524a639326f413 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 14:46:27 -0800 Subject: Changelog closes #863 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 22681f49..c79ffba8 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`862 (1.17+)` (via :issue:`863`) Avoid test suite exceptions on + platforms lacking ``errno.ETIME`` (which seems to be some FreeBSD and some + Windows environments.) Thanks to Sofian Brabez. * :bug:`44 (1.17+)` (via :issue:`891`) `SSHClient ` now gives its internal `Transport ` a handle on itself, preventing garbage collection of the client until the session is -- cgit v1.2.3 From b139524296f2c6ef7f2584568c5a0cd600baae39 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 21:02:12 -0800 Subject: Changelog closes #853 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index c79ffba8..1ae20a0b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`853 (1.17+)` Tweak how `RSAKey.__str__ ` + behaves so it doesn't cause ``TypeError`` under Python 3. Thanks to Francisco + Couzo for the report. * :bug:`862 (1.17+)` (via :issue:`863`) Avoid test suite exceptions on platforms lacking ``errno.ETIME`` (which seems to be some FreeBSD and some Windows environments.) Thanks to Sofian Brabez. -- cgit v1.2.3 From cd276f90bb5a71dcec9d7498c4638daa5077b761 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 21:11:46 -0800 Subject: Cut 1.17.4 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1ae20a0b..2085e800 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.17.4 <2017-02-20>` * :bug:`853 (1.17+)` Tweak how `RSAKey.__str__ ` behaves so it doesn't cause ``TypeError`` under Python 3. Thanks to Francisco Couzo for the report. -- cgit v1.2.3 From 8f0ad8b87ffc1c6cc0628930a8bacf663f4d8cbd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 21:15:38 -0800 Subject: Cut 1.18.2 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 2085e800..1c8226a7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.18.2 <2017-02-20>` * :release:`1.17.4 <2017-02-20>` * :bug:`853 (1.17+)` Tweak how `RSAKey.__str__ ` behaves so it doesn't cause ``TypeError`` under Python 3. Thanks to Francisco -- cgit v1.2.3 From f9bafb731054db9299ba03551e440a46992e9c7c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 21:19:45 -0800 Subject: Cut 2.0.5 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www') diff --git a/paramiko/_version.py b/paramiko/_version.py index 8b4a7707..4e7cf19d 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (2, 0, 4) +__version_info__ = (2, 0, 5) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1c8226a7..e06e6079 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`2.0.5 <2017-02-20>` * :release:`1.18.2 <2017-02-20>` * :release:`1.17.4 <2017-02-20>` * :bug:`853 (1.17+)` Tweak how `RSAKey.__str__ ` -- cgit v1.2.3 From f1985e632862689502d8757e61a0e51bbbb6dee9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 21:24:10 -0800 Subject: Cut 2.1.2 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www') diff --git a/paramiko/_version.py b/paramiko/_version.py index cf6d810b..2ad47eb4 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (2, 1, 1) +__version_info__ = (2, 1, 2) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 49555ec9..2704bf3d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`2.1.2 <2017-02-20>` * :release:`2.0.5 <2017-02-20>` * :release:`1.18.2 <2017-02-20>` * :release:`1.17.4 <2017-02-20>` -- cgit v1.2.3 From ae0bac09273fbd0fa3927906caebea6dfcc9c9b4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 20 Feb 2017 21:42:29 -0800 Subject: This doesn't affect 2.x lines, wups --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e06e6079..14352a41 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -18,7 +18,7 @@ Changelog without the client that generated them, would result in premature session closure when the client was GCd. Credit: ``@w31rd0`` for original report, Omer Anson for the patch. -* :bug:`713 (1.17+)` (via :issue:`714` and :issue:`889`) Don't pass +* :bug:`713 (<2.0)` (via :issue:`714` and :issue:`889`) Don't pass initialization vectors to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto versions throw an exception otherwise (older ones simply ignored this parameter altogether). Thanks to ``@jmh045000`` for report & -- cgit v1.2.3 From bc86eee2a61bc0967029e6e8dfd2c5e640e6657c Mon Sep 17 00:00:00 2001 From: Pierce Lopez Date: Thu, 23 Feb 2017 01:55:04 -0500 Subject: update changelog for fixing #683 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 14352a41..809e32c9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :bug:`683` Make `util.log_to_file()` append instead of replace. Thanks + to ``@vlcinsky`` for the report. * :release:`2.0.5 <2017-02-20>` * :release:`1.18.2 <2017-02-20>` * :release:`1.17.4 <2017-02-20>` -- cgit v1.2.3 From 7e8546d7869b34343a81cd0b9b46b9a44019211a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 3 Apr 2017 10:04:08 -0700 Subject: Hrm that should always have been an h1 [skip ci] --- sites/www/installing-1.x.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites/www') diff --git a/sites/www/installing-1.x.rst b/sites/www/installing-1.x.rst index 356fac49..8ede40d5 100644 --- a/sites/www/installing-1.x.rst +++ b/sites/www/installing-1.x.rst @@ -1,3 +1,4 @@ +================ Installing (1.x) ================ -- cgit v1.2.3 From 15aa741ba245b7384e6af4f4eb095431cfec4c19 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 3 Apr 2017 10:15:30 -0700 Subject: Having this in a mini-toctree made the nav look funny and is also just unintuitive --- sites/www/index.rst | 1 + sites/www/installing.rst | 6 ------ 2 files changed, 1 insertion(+), 6 deletions(-) (limited to 'sites/www') diff --git a/sites/www/index.rst b/sites/www/index.rst index b09ab589..f0a5db8a 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -20,6 +20,7 @@ Please see the sidebar to the left to begin. changelog FAQs installing + installing-1.x contributing contact diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 6537b850..f335a9e7 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -110,9 +110,3 @@ due to their infrequent utility & non-platform-agnostic requirements): delegation, make sure that the target host is trusted for delegation in the active directory configuration. For details see: http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx - - -.. toctree:: - :hidden: - - installing-1.x -- cgit v1.2.3 From a46aacaa1353c7ac7befb6e065959b1b5ccfdff0 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 31 May 2017 18:26:08 -0700 Subject: Changelog closes #974 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 809e32c9..f7adf14a 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant + (i.e. passes the maintainer's preferred `flake8 `_ + configuration) and add a ``flake8`` step to the Travis config. Big thanks to + Dorian Pula! * :bug:`683` Make `util.log_to_file()` append instead of replace. Thanks to ``@vlcinsky`` for the report. * :release:`2.0.5 <2017-02-20>` -- cgit v1.2.3 From 5f454ded40172c2b0d5763fb9b8df9ef55e5f05c Mon Sep 17 00:00:00 2001 From: Pierce Lopez Date: Mon, 5 Jun 2017 04:14:22 -0400 Subject: changelog: update for #794 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f7adf14a..2e38fafb 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`794` Finishing touches to support ecdsa-sha2-nistp384 and + ecdsa-sha2-nistp521 host keys. Thanks ``@ncoult`` and ``@kasdoe`` for + reports. * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to -- cgit v1.2.3 From 927a4c236a6c8a30603d3f04fe3848fa2cf1846b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 5 Jun 2017 18:03:08 -0700 Subject: Changelog re #972, re #325, closes #325 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 09edd3c2..e81dc69a 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`325` (via :issue:`972`) Add Ed25519 support, for both host keys + and user authentication. Big thanks to Alex Gaynor for the patch. * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to -- cgit v1.2.3 From cbec93b9a466ec8dad856f89e90e5401e70730b6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 5 Jun 2017 19:28:36 -0700 Subject: Overhaul changelog re #981. Closes #794. --- sites/www/changelog.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 2e38fafb..db2043cf 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,9 +2,11 @@ Changelog ========= -* :bug:`794` Finishing touches to support ecdsa-sha2-nistp384 and - ecdsa-sha2-nistp521 host keys. Thanks ``@ncoult`` and ``@kasdoe`` for - reports. +* :bug:`794` (via :issue:`981`) Prior support for ``ecdsa-sha2-nistp(384|521)`` + algorithms didn't fully extend to covering host keys, preventing connection + to hosts which only offer these key types and no others. This is now fixed. + Thanks to ``@ncoult`` and ``@kasdoe`` for reports and Pierce Lopez for the + patch. * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to -- cgit v1.2.3 From 9f25a600f1d568be6764ae94717883f5c3ebf6e4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 5 Jun 2017 19:43:58 -0700 Subject: Add a note about new Python-level deps to changelog re: Ed25519 support --- sites/www/changelog.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index a4883c23..70126c27 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -9,6 +9,12 @@ Changelog patch. * :feature:`325` (via :issue:`972`) Add Ed25519 support, for both host keys and user authentication. Big thanks to Alex Gaynor for the patch. + + .. note:: + This change adds the ``bcrypt`` and ``pynacl`` Python libraries as + dependencies. No C-level dependencies beyond those previously required (for + Cryptography) have been added. + * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to -- cgit v1.2.3 From 691f6191601366255d55176bcdb103987626cc86 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 5 Jun 2017 19:59:28 -0700 Subject: Changelog closes #911, closes #900 --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index db2043cf..f8b3d328 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`900` (via :issue:`911`) Prefer newer ``ecdsa-sha2-nistp`` keys over RSA + and DSA keys during host key selection. This improves compatibility with + OpenSSH, both in terms of general behavior, and also re: ability to properly + leverage OpenSSH-modified ``known_hosts`` files. Credit: ``@kasdoe`` for + original report/PR and Pierce Lopez for the second draft. * :bug:`794` (via :issue:`981`) Prior support for ``ecdsa-sha2-nistp(384|521)`` algorithms didn't fully extend to covering host keys, preventing connection to hosts which only offer these key types and no others. This is now fixed. -- cgit v1.2.3 From fd94765e54272706b55e50c692c814d07c8008d1 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 5 Jun 2017 20:49:29 -0700 Subject: Move to 'inv sites' style doc nitpicking. Existing just-warnings setup was old and not as rigorous as my usual. Required a lot of stupid little changes, but now same tooling for all projects, toot toot. --- .travis.yml | 7 ++--- paramiko/agent.py | 4 +-- paramiko/buffered_pipe.py | 10 +++--- paramiko/channel.py | 43 +++++++++++++++----------- paramiko/client.py | 20 ++++++------ paramiko/dsskey.py | 2 +- paramiko/ecdsakey.py | 2 +- paramiko/file.py | 20 ++++++------ paramiko/hostkeys.py | 4 +-- paramiko/kex_gss.py | 4 +-- paramiko/packet.py | 12 ++++--- paramiko/pkey.py | 32 +++++++++---------- paramiko/rsakey.py | 2 +- paramiko/server.py | 67 ++++++++++++++++++++-------------------- paramiko/sftp_client.py | 19 ++++++------ paramiko/sftp_file.py | 24 +++++++------- paramiko/sftp_handle.py | 10 +++--- paramiko/sftp_server.py | 2 +- paramiko/sftp_si.py | 20 ++++++------ paramiko/ssh_exception.py | 18 +++++------ paramiko/ssh_gss.py | 43 +++++++++----------------- paramiko/transport.py | 79 +++++++++++++++++++++++++++-------------------- sites/www/changelog.rst | 19 ++++++------ 23 files changed, 235 insertions(+), 228 deletions(-) (limited to 'sites/www') diff --git a/.travis.yml b/.travis.yml index 4cacb017..c8faf0a2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,11 +20,8 @@ install: script: # Main tests, w/ coverage! - inv test --coverage - # Ensure documentation & invoke pipeline run OK. - # Run 'docs' first since its objects.inv is referred to by 'www'. - # Also force warnings to be errors since most of them tend to be actual - # problems. - - invoke docs -o -W www -o -W + # Ensure documentation builds, both sites, maxxed nitpicking + - inv sites # flake8 is now possible! - flake8 notifications: diff --git a/paramiko/agent.py b/paramiko/agent.py index a7cab4d8..bc857efa 100644 --- a/paramiko/agent.py +++ b/paramiko/agent.py @@ -253,7 +253,7 @@ class AgentServerProxy(AgentSSH): """ :param .Transport t: Transport used for SSH Agent communication forwarding - :raises SSHException: mostly if we lost the agent + :raises: `.SSHException` -- mostly if we lost the agent """ def __init__(self, t): AgentSSH.__init__(self) @@ -347,7 +347,7 @@ class Agent(AgentSSH): opened, if one is running. If no agent is running, initialization will succeed, but `get_keys` will return an empty tuple. - :raises SSHException: + :raises: `.SSHException` -- if an SSH agent is found, but speaks an incompatible protocol """ def __init__(self): diff --git a/paramiko/buffered_pipe.py b/paramiko/buffered_pipe.py index 9a65cd95..d9f5149d 100644 --- a/paramiko/buffered_pipe.py +++ b/paramiko/buffered_pipe.py @@ -90,7 +90,7 @@ class BufferedPipe (object): Feed new data into this pipe. This method is assumed to be called from a separate thread, so synchronization is done. - :param data: the data to add, as a `str` or `bytes` + :param data: the data to add, as a ``str`` or ``bytes`` """ self._lock.acquire() try: @@ -134,11 +134,11 @@ class BufferedPipe (object): :param int nbytes: maximum number of bytes to read :param float timeout: maximum seconds to wait (or ``None``, the default, to wait forever) - :return: the read data, as a `bytes` + :return: the read data, as a ``str`` or ``bytes`` - :raises PipeTimeout: - if a timeout was specified and no data was ready before that - timeout + :raises: + `.PipeTimeout` -- if a timeout was specified and no data was ready + before that timeout """ out = bytes() self._lock.acquire() diff --git a/paramiko/channel.py b/paramiko/channel.py index f2ecc4c0..1f603cf0 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -46,8 +46,9 @@ def open_only(func): """ Decorator for `.Channel` methods which performs an openness check. - :raises SSHException: - If the wrapped method is called on an unopened `.Channel`. + :raises: + `.SSHException` -- If the wrapped method is called on an unopened + `.Channel`. """ @wraps(func) def _check(self, *args, **kwds): @@ -165,8 +166,9 @@ class Channel (ClosingContextManager): :param int width_pixels: width (in pixels) of the terminal screen :param int height_pixels: height (in pixels) of the terminal screen - :raises SSHException: - if the request was rejected or the channel was closed + :raises: + `.SSHException` -- if the request was rejected or the channel was + closed """ m = Message() m.add_byte(cMSG_CHANNEL_REQUEST) @@ -197,7 +199,8 @@ class Channel (ClosingContextManager): When the shell exits, the channel will be closed and can't be reused. You must open a new channel if you wish to open another shell. - :raises SSHException: if the request was rejected or the channel was + :raises: + `.SSHException` -- if the request was rejected or the channel was closed """ m = Message() @@ -222,7 +225,8 @@ class Channel (ClosingContextManager): :param str command: a shell command to execute. - :raises SSHException: if the request was rejected or the channel was + :raises: + `.SSHException` -- if the request was rejected or the channel was closed """ m = Message() @@ -247,8 +251,9 @@ class Channel (ClosingContextManager): :param str subsystem: name of the subsystem being requested. - :raises SSHException: - if the request was rejected or the channel was closed + :raises: + `.SSHException` -- if the request was rejected or the channel was + closed """ m = Message() m.add_byte(cMSG_CHANNEL_REQUEST) @@ -271,8 +276,9 @@ class Channel (ClosingContextManager): :param int width_pixels: new width (in pixels) of the terminal screen :param int height_pixels: new height (in pixels) of the terminal screen - :raises SSHException: - if the request was rejected or the channel was closed + :raises: + `.SSHException` -- if the request was rejected or the channel was + closed """ m = Message() m.add_byte(cMSG_CHANNEL_REQUEST) @@ -313,11 +319,11 @@ class Channel (ClosingContextManager): `.Transport` or session's ``window_size`` (e.g. that set by the ``default_window_size`` kwarg for `.Transport.__init__`) will cause `.recv_exit_status` to hang indefinitely if it is called prior to a - sufficiently large `~Channel..read` (or if there are no threads - calling `~Channel.read` in the background). + sufficiently large `.Channel.recv` (or if there are no threads + calling `.Channel.recv` in the background). In these cases, ensuring that `.recv_exit_status` is called *after* - `~Channel.read` (or, again, using threads) can avoid the hang. + `.Channel.recv` (or, again, using threads) can avoid the hang. :return: the exit code (as an `int`) of the process on the server. @@ -391,8 +397,8 @@ class Channel (ClosingContextManager): if True, only a single x11 connection will be forwarded (by default, any number of x11 connections can arrive over this session) - :param function handler: - an optional handler to use for incoming X11 connections + :param handler: + an optional callable handler to use for incoming X11 connections :return: the auth_cookie used """ if auth_protocol is None: @@ -421,8 +427,9 @@ class Channel (ClosingContextManager): Request for a forward SSH Agent on this channel. This is only valid for an ssh-agent from OpenSSH !!! - :param function handler: - a required handler to use for incoming SSH Agent connections + :param handler: + a required callable handler to use for incoming SSH Agent + connections :return: True if we are ok, else False (at that time we always return ok) @@ -613,7 +620,7 @@ class Channel (ClosingContextManager): length zero is returned, the channel stream has closed. :param int nbytes: maximum number of bytes to read. - :return: received data, as a `bytes` + :return: received data, as a ``str``/``bytes``. :raises socket.timeout: if no data is ready before the timeout set by `settimeout`. diff --git a/paramiko/client.py b/paramiko/client.py index bbda1f80..ef1dc43e 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -91,7 +91,7 @@ class SSHClient (ClosingContextManager): :param str filename: the filename to read, or ``None`` - :raises IOError: + :raises: ``IOError`` -- if a filename was provided and the file could not be read """ if filename is None: @@ -118,7 +118,7 @@ class SSHClient (ClosingContextManager): :param str filename: the filename to read - :raises IOError: if the filename could not be read + :raises: ``IOError`` -- if the filename could not be read """ self._host_keys_filename = filename self._host_keys.load(filename) @@ -131,7 +131,7 @@ class SSHClient (ClosingContextManager): :param str filename: the filename to save to - :raises IOError: if the file could not be written + :raises: ``IOError`` -- if the file could not be written """ # update local host keys from file (in case other SSH clients @@ -282,10 +282,12 @@ class SSHClient (ClosingContextManager): :param float banner_timeout: an optional timeout (in seconds) to wait for the SSH banner to be presented. - :raises BadHostKeyException: if the server's host key could not be + :raises: + `.BadHostKeyException` -- if the server's host key could not be verified - :raises AuthenticationException: if authentication failed - :raises SSHException: if there was any other error connecting or + :raises: `.AuthenticationException` -- if authentication failed + :raises: + `.SSHException` -- if there was any other error connecting or establishing an SSH session :raises socket.error: if a socket error occurred while connecting @@ -416,12 +418,12 @@ class SSHClient (ClosingContextManager): interpreted the same way as by the built-in ``file()`` function in Python :param int timeout: - set command's channel timeout. See `Channel.settimeout`.settimeout + set command's channel timeout. See `.Channel.settimeout` :return: the stdin, stdout, and stderr of the executing command, as a 3-tuple - :raises SSHException: if the server fails to execute the command + :raises: `.SSHException` -- if the server fails to execute the command """ chan = self._transport.open_session(timeout=timeout) if get_pty: @@ -448,7 +450,7 @@ class SSHClient (ClosingContextManager): :param int height_pixels: the height (in pixels) of the terminal window :return: a new `.Channel` connected to the remote shell - :raises SSHException: if the server fails to invoke a shell + :raises: `.SSHException` -- if the server fails to invoke a shell """ chan = self._transport.open_session() chan.get_pty(term, width, height, width_pixels, height_pixels) diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index ac6875bc..55ef1e9b 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -208,7 +208,7 @@ class DSSKey(PKey): generate a new host key or authentication key. :param int bits: number of bits the generated key should be. - :param function progress_func: Unused + :param progress_func: Unused :return: new `.DSSKey` private key """ numbers = dsa.generate_private_key( diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index 51f8d8ce..f5dacac8 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -231,7 +231,7 @@ class ECDSAKey(PKey): Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. - :param function progress_func: Not used for this type of key. + :param progress_func: Not used for this type of key. :returns: A new private key (`.ECDSAKey`) object """ if bits is not None: diff --git a/paramiko/file.py b/paramiko/file.py index e31ad9dd..5212091a 100644 --- a/paramiko/file.py +++ b/paramiko/file.py @@ -67,7 +67,7 @@ class BufferedFile (ClosingContextManager): file. This iterator happens to return the file itself, since a file is its own iterator. - :raises ValueError: if the file is closed. + :raises: ``ValueError`` -- if the file is closed. """ if self._closed: raise ValueError('I/O operation on closed file') @@ -93,10 +93,10 @@ class BufferedFile (ClosingContextManager): def next(self): """ Returns the next line from the input, or raises - `~exceptions.StopIteration` when EOF is hit. Unlike Python file + ``StopIteration`` when EOF is hit. Unlike Python file objects, it's okay to mix calls to `next` and `readline`. - :raises StopIteration: when the end of the file is reached. + :raises: ``StopIteration`` -- when the end of the file is reached. :returns: a line (`str`) read from the file. """ @@ -107,11 +107,11 @@ class BufferedFile (ClosingContextManager): else: def __next__(self): """ - Returns the next line from the input, or raises `.StopIteration` + Returns the next line from the input, or raises ``StopIteration`` when EOF is hit. Unlike python file objects, it's okay to mix calls to `.next` and `.readline`. - :raises StopIteration: when the end of the file is reached. + :raises: ``StopIteration`` -- when the end of the file is reached. :returns: a line (`str`) read from the file. """ @@ -152,8 +152,8 @@ class BufferedFile (ClosingContextManager): def readinto(self, buff): """ - Read up to ``len(buff)`` bytes into :class:`bytearray` *buff* and - return the number of bytes read. + Read up to ``len(buff)`` bytes into ``bytearray`` *buff* and return the + number of bytes read. :returns: The number of bytes read. @@ -368,7 +368,7 @@ class BufferedFile (ClosingContextManager): type of movement: 0 = absolute; 1 = relative to the current position; 2 = relative to the end of the file. - :raises IOError: if the file doesn't support random access. + :raises: ``IOError`` -- if the file doesn't support random access. """ raise IOError('File does not support seeking.') @@ -389,7 +389,7 @@ class BufferedFile (ClosingContextManager): written yet. (Use `flush` or `close` to force buffered data to be written out.) - :param str/bytes data: data to write + :param data: ``str``/``bytes`` data to write """ data = b(data) if self._closed: @@ -423,7 +423,7 @@ class BufferedFile (ClosingContextManager): name is intended to match `readlines`; `writelines` does not add line separators.) - :param iterable sequence: an iterable sequence of strings. + :param sequence: an iterable sequence of strings. """ for line in sequence: self.write(line) diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index 18a0d333..008ba592 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -90,7 +90,7 @@ class HostKeys (MutableMapping): :param str filename: name of the file to read host keys from - :raises IOError: if there was an error reading the file + :raises: ``IOError`` -- if there was an error reading the file """ with open(filename, 'r') as f: for lineno, line in enumerate(f, 1): @@ -118,7 +118,7 @@ class HostKeys (MutableMapping): :param str filename: name of the file to write - :raises IOError: if there was an error writing the file + :raises: ``IOError`` -- if there was an error writing the file .. versionadded:: 1.6.1 """ diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index 40ceb5cd..ba24c0a0 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -108,7 +108,7 @@ class KexGSSGroup1(object): """ Parse the next packet. - :param char ptype: The type of the incoming packet + :param ptype: The (string) type of the incoming packet :param `.Message` m: The paket content """ if self.transport.server_mode and (ptype == MSG_KEXGSS_INIT): @@ -345,7 +345,7 @@ class KexGSSGex(object): """ Parse the next packet. - :param char ptype: The type of the incoming packet + :param ptype: The (string) type of the incoming packet :param `.Message` m: The paket content """ if ptype == MSG_KEXGSS_GROUPREQ: diff --git a/paramiko/packet.py b/paramiko/packet.py index 16288a0a..95a26c6e 100644 --- a/paramiko/packet.py +++ b/paramiko/packet.py @@ -43,6 +43,9 @@ def compute_hmac(key, message, digest_class): class NeedRekeyException (Exception): + """ + Exception indicating a rekey is needed. + """ pass @@ -253,8 +256,9 @@ class Packetizer (object): :param int n: number of bytes to read :return: the data read, as a `str` - :raises EOFError: - if the socket was closed before all the bytes could be read + :raises: + ``EOFError`` -- if the socket was closed before all the bytes could + be read """ out = bytes() # handle over-reading from reading the banner line @@ -413,8 +417,8 @@ class Packetizer (object): Only one thread should ever be in this function (no other locking is done). - :raises SSHException: if the packet is mangled - :raises NeedRekeyException: if the transport should rekey + :raises: `.SSHException` -- if the packet is mangled + :raises: `.NeedRekeyException` -- if the transport should rekey """ header = self.read_all(self.__block_size_in, check_rekey=True) if self.__block_engine_in is not None: diff --git a/paramiko/pkey.py b/paramiko/pkey.py index af9370fc..f5b0cd18 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -68,7 +68,7 @@ class PKey(object): :param str data: an optional string containing a public key of this type - :raises SSHException: + :raises: `.SSHException` -- if a key cannot be created from the ``data`` or ``msg`` given, or no key was passed in. """ @@ -95,7 +95,7 @@ class PKey(object): of the key are compared, so a public key will compare equal to its corresponding private key. - :param .Pkey other: key to compare to. + :param .PKey other: key to compare to. """ hs = hash(self) ho = hash(other) @@ -191,10 +191,10 @@ class PKey(object): encrypted :return: a new `.PKey` based on the given private key - :raises IOError: if there was an error reading the file - :raises PasswordRequiredException: if the private key file is + :raises: ``IOError`` -- if there was an error reading the file + :raises: `.PasswordRequiredException` -- if the private key file is encrypted, and ``password`` is ``None`` - :raises SSHException: if the key file is invalid + :raises: `.SSHException` -- if the key file is invalid """ key = cls(filename=filename, password=password) return key @@ -212,10 +212,10 @@ class PKey(object): an optional password to use to decrypt the key, if it's encrypted :return: a new `.PKey` based on the given private key - :raises IOError: if there was an error reading the key - :raises PasswordRequiredException: + :raises: ``IOError`` -- if there was an error reading the key + :raises: `.PasswordRequiredException` -- if the private key file is encrypted, and ``password`` is ``None`` - :raises SSHException: if the key file is invalid + :raises: `.SSHException` -- if the key file is invalid """ key = cls(file_obj=file_obj, password=password) return key @@ -229,8 +229,8 @@ class PKey(object): :param str password: an optional password to use to encrypt the key file - :raises IOError: if there was an error writing the file - :raises SSHException: if the key is invalid + :raises: ``IOError`` -- if there was an error writing the file + :raises: `.SSHException` -- if the key is invalid """ raise Exception('Not implemented in PKey') @@ -242,8 +242,8 @@ class PKey(object): :param file_obj: the file-like object to write into :param str password: an optional password to use to encrypt the key - :raises IOError: if there was an error writing to the file - :raises SSHException: if the key is invalid + :raises: ``IOError`` -- if there was an error writing to the file + :raises: `.SSHException` -- if the key is invalid """ raise Exception('Not implemented in PKey') @@ -263,10 +263,10 @@ class PKey(object): encrypted. :return: data blob (`str`) that makes up the private key. - :raises IOError: if there was an error reading the file. - :raises PasswordRequiredException: if the private key file is + :raises: ``IOError`` -- if there was an error reading the file. + :raises: `.PasswordRequiredException` -- if the private key file is encrypted, and ``password`` is ``None``. - :raises SSHException: if the key file is invalid. + :raises: `.SSHException` -- if the key file is invalid. """ with open(filename, 'r') as f: data = self._read_private_key(tag, f, password) @@ -340,7 +340,7 @@ class PKey(object): :param str data: data blob that makes up the private key. :param str password: an optional password to use to encrypt the file. - :raises IOError: if there was an error writing the file. + :raises: ``IOError`` -- if there was an error writing the file. """ with open(filename, 'w') as f: os.chmod(filename, o600) diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index 8ccf4c30..f6d11a09 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -160,7 +160,7 @@ class RSAKey(PKey): generate a new host key or authentication key. :param int bits: number of bits the generated key should be. - :param function progress_func: Unused + :param progress_func: Unused :return: new `.RSAKey` private key """ key = rsa.generate_private_key( diff --git a/paramiko/server.py b/paramiko/server.py index b2a07916..adc606bf 100644 --- a/paramiko/server.py +++ b/paramiko/server.py @@ -106,15 +106,15 @@ class ServerInterface (object): Determine if a client may open channels with no (further) authentication. - Return `.AUTH_FAILED` if the client must authenticate, or - `.AUTH_SUCCESSFUL` if it's okay for the client to not + Return ``AUTH_FAILED`` if the client must authenticate, or + ``AUTH_SUCCESSFUL`` if it's okay for the client to not authenticate. - The default implementation always returns `.AUTH_FAILED`. + The default implementation always returns ``AUTH_FAILED``. :param str username: the username of the client. :return: - `.AUTH_FAILED` if the authentication fails; `.AUTH_SUCCESSFUL` if + ``AUTH_FAILED`` if the authentication fails; ``AUTH_SUCCESSFUL`` if it succeeds. :rtype: int """ @@ -125,21 +125,21 @@ class ServerInterface (object): Determine if a given username and password supplied by the client is acceptable for use in authentication. - Return `.AUTH_FAILED` if the password is not accepted, - `.AUTH_SUCCESSFUL` if the password is accepted and completes - the authentication, or `.AUTH_PARTIALLY_SUCCESSFUL` if your + Return ``AUTH_FAILED`` if the password is not accepted, + ``AUTH_SUCCESSFUL`` if the password is accepted and completes + the authentication, or ``AUTH_PARTIALLY_SUCCESSFUL`` if your authentication is stateful, and this key is accepted for authentication, but more authentication is required. (In this latter case, `get_allowed_auths` will be called to report to the client what options it has for continuing the authentication.) - The default implementation always returns `.AUTH_FAILED`. + The default implementation always returns ``AUTH_FAILED``. :param str username: the username of the authenticating client. :param str password: the password given by the client. :return: - `.AUTH_FAILED` if the authentication fails; `.AUTH_SUCCESSFUL` if - it succeeds; `.AUTH_PARTIALLY_SUCCESSFUL` if the password auth is + ``AUTH_FAILED`` if the authentication fails; ``AUTH_SUCCESSFUL`` if + it succeeds; ``AUTH_PARTIALLY_SUCCESSFUL`` if the password auth is successful, but authentication must continue. :rtype: int """ @@ -152,9 +152,9 @@ class ServerInterface (object): check the username and key and decide if you would accept a signature made using this key. - Return `.AUTH_FAILED` if the key is not accepted, - `.AUTH_SUCCESSFUL` if the key is accepted and completes the - authentication, or `.AUTH_PARTIALLY_SUCCESSFUL` if your + Return ``AUTH_FAILED`` if the key is not accepted, + ``AUTH_SUCCESSFUL`` if the key is accepted and completes the + authentication, or ``AUTH_PARTIALLY_SUCCESSFUL`` if your authentication is stateful, and this password is accepted for authentication, but more authentication is required. (In this latter case, `get_allowed_auths` will be called to report to the client what @@ -164,13 +164,13 @@ class ServerInterface (object): If you're willing to accept the key, Paramiko will do the work of verifying the client's signature. - The default implementation always returns `.AUTH_FAILED`. + The default implementation always returns ``AUTH_FAILED``. :param str username: the username of the authenticating client :param .PKey key: the key object provided by the client :return: - `.AUTH_FAILED` if the client can't authenticate with this key; - `.AUTH_SUCCESSFUL` if it can; `.AUTH_PARTIALLY_SUCCESSFUL` if it + ``AUTH_FAILED`` if the client can't authenticate with this key; + ``AUTH_SUCCESSFUL`` if it can; ``AUTH_PARTIALLY_SUCCESSFUL`` if it can authenticate with this key but must continue with authentication :rtype: int @@ -184,19 +184,19 @@ class ServerInterface (object): ``"keyboard-interactive"`` auth type, which requires you to send a series of questions for the client to answer. - Return `.AUTH_FAILED` if this auth method isn't supported. Otherwise, + Return ``AUTH_FAILED`` if this auth method isn't supported. Otherwise, you should return an `.InteractiveQuery` object containing the prompts and instructions for the user. The response will be sent via a call to `check_auth_interactive_response`. - The default implementation always returns `.AUTH_FAILED`. + The default implementation always returns ``AUTH_FAILED``. :param str username: the username of the authenticating client :param str submethods: a comma-separated list of methods preferred by the client (usually empty) :return: - `.AUTH_FAILED` if this auth method isn't supported; otherwise an + ``AUTH_FAILED`` if this auth method isn't supported; otherwise an object containing queries for the user :rtype: int or `.InteractiveQuery` """ @@ -208,9 +208,9 @@ class ServerInterface (object): supported. You should override this method in server mode if you want to support the ``"keyboard-interactive"`` auth type. - Return `.AUTH_FAILED` if the responses are not accepted, - `.AUTH_SUCCESSFUL` if the responses are accepted and complete - the authentication, or `.AUTH_PARTIALLY_SUCCESSFUL` if your + Return ``AUTH_FAILED`` if the responses are not accepted, + ``AUTH_SUCCESSFUL`` if the responses are accepted and complete + the authentication, or ``AUTH_PARTIALLY_SUCCESSFUL`` if your authentication is stateful, and this set of responses is accepted for authentication, but more authentication is required. (In this latter case, `get_allowed_auths` will be called to report to the client what @@ -221,12 +221,12 @@ class ServerInterface (object): client to respond with more answers, calling this method again. This cycle can continue indefinitely. - The default implementation always returns `.AUTH_FAILED`. + The default implementation always returns ``AUTH_FAILED``. :param list responses: list of `str` responses from the client :return: - `.AUTH_FAILED` if the authentication fails; `.AUTH_SUCCESSFUL` if - it succeeds; `.AUTH_PARTIALLY_SUCCESSFUL` if the interactive auth + ``AUTH_FAILED`` if the authentication fails; ``AUTH_SUCCESSFUL`` if + it succeeds; ``AUTH_PARTIALLY_SUCCESSFUL`` if the interactive auth is successful, but authentication must continue; otherwise an object containing queries for the user :rtype: int or `.InteractiveQuery` @@ -243,8 +243,8 @@ class ServerInterface (object): :param str username: The username of the authenticating client :param int gss_authenticated: The result of the krb5 authentication :param str cc_filename: The krb5 client credentials cache filename - :return: `.AUTH_FAILED` if the user is not authenticated otherwise - `.AUTH_SUCCESSFUL` + :return: ``AUTH_FAILED`` if the user is not authenticated otherwise + ``AUTH_SUCCESSFUL`` :rtype: int :note: Kerberos credential delegation is not supported. :see: `.ssh_gss` @@ -257,7 +257,7 @@ class ServerInterface (object): your local kerberos library to make sure that the krb5_principal has an account on the server and is allowed to log in as a user. - :see: `http://www.unix.com/man-page/all/3/krb5_kuserok/` + :see: http://www.unix.com/man-page/all/3/krb5_kuserok/ """ if gss_authenticated == AUTH_SUCCESSFUL: return AUTH_SUCCESSFUL @@ -275,8 +275,8 @@ class ServerInterface (object): :param str username: The username of the authenticating client :param int gss_authenticated: The result of the krb5 authentication :param str cc_filename: The krb5 client credentials cache filename - :return: `.AUTH_FAILED` if the user is not authenticated otherwise - `.AUTH_SUCCESSFUL` + :return: ``AUTH_FAILED`` if the user is not authenticated otherwise + ``AUTH_SUCCESSFUL`` :rtype: int :note: Kerberos credential delegation is not supported. :see: `.ssh_gss` `.kex_gss` @@ -289,7 +289,7 @@ class ServerInterface (object): your local kerberos library to make sure that the krb5_principal has an account on the server and is allowed to log in as a user. - :see: `http://www.unix.com/man-page/all/3/krb5_kuserok/` + :see: http://www.unix.com/man-page/all/3/krb5_kuserok/ """ if gss_authenticated == AUTH_SUCCESSFUL: return AUTH_SUCCESSFUL @@ -301,9 +301,8 @@ class ServerInterface (object): authentication. The default implementation always returns false. - :return: True if GSSAPI authentication is enabled otherwise false - :rtype: Boolean - :see: : `.ssh_gss` + :returns bool: Whether GSSAPI authentication is enabled. + :see: `.ssh_gss` """ UseGSSAPI = False return UseGSSAPI diff --git a/paramiko/sftp_client.py b/paramiko/sftp_client.py index ea6f88a9..12fccb2f 100644 --- a/paramiko/sftp_client.py +++ b/paramiko/sftp_client.py @@ -83,8 +83,8 @@ class SFTPClient(BaseSFTP, ClosingContextManager): :param .Channel sock: an open `.Channel` using the ``"sftp"`` subsystem - :raises SSHException: if there's an exception while negotiating - sftp + :raises: + `.SSHException` -- if there's an exception while negotiating sftp """ BaseSFTP.__init__(self) self.sock = sock @@ -321,7 +321,7 @@ class SFTPClient(BaseSFTP, ClosingContextManager): :param int bufsize: desired buffering (-1 = default buffer size) :return: an `.SFTPFile` object representing the open file - :raises IOError: if the file could not be opened. + :raises: ``IOError`` -- if the file could not be opened. """ filename = self._adjust_cwd(filename) self._log(DEBUG, 'open(%r, %r)' % (filename, mode)) @@ -356,7 +356,7 @@ class SFTPClient(BaseSFTP, ClosingContextManager): :param str path: path (absolute or relative) of the file to remove - :raises IOError: if the path refers to a folder (directory) + :raises: ``IOError`` -- if the path refers to a folder (directory) """ path = self._adjust_cwd(path) self._log(DEBUG, 'remove(%r)' % path) @@ -371,7 +371,8 @@ class SFTPClient(BaseSFTP, ClosingContextManager): :param str oldpath: existing name of the file or folder :param str newpath: new name for the file or folder - :raises IOError: if ``newpath`` is a folder, or something else goes + :raises: + ``IOError`` -- if ``newpath`` is a folder, or something else goes wrong """ oldpath = self._adjust_cwd(oldpath) @@ -522,8 +523,7 @@ class SFTPClient(BaseSFTP, ClosingContextManager): method on Python file objects. :param str path: path of the file to modify - :param size: the new size of the file - :type size: int or long + :param int size: the new size of the file """ path = self._adjust_cwd(path) self._log(DEBUG, 'truncate(%r, %r)' % (path, size)) @@ -562,7 +562,7 @@ class SFTPClient(BaseSFTP, ClosingContextManager): :param str path: path to be normalized :return: normalized form of the given path (as a `str`) - :raises IOError: if the path can't be resolved on the server + :raises: ``IOError`` -- if the path can't be resolved on the server """ path = self._adjust_cwd(path) self._log(DEBUG, 'normalize(%r)' % path) @@ -585,7 +585,8 @@ class SFTPClient(BaseSFTP, ClosingContextManager): :param str path: new current working directory - :raises IOError: if the requested path doesn't exist on the server + :raises: + ``IOError`` -- if the requested path doesn't exist on the server .. versionadded:: 1.4 """ diff --git a/paramiko/sftp_file.py b/paramiko/sftp_file.py index 58653c79..63ababdb 100644 --- a/paramiko/sftp_file.py +++ b/paramiko/sftp_file.py @@ -251,6 +251,11 @@ class SFTPFile (BufferedFile): return True def seek(self, offset, whence=0): + """ + Set the file’s current position. + + See `file.seek` for details. + """ self.flush() if whence == self.SEEK_SET: self._realpos = self._pos = offset @@ -267,8 +272,8 @@ class SFTPFile (BufferedFile): exactly like `.SFTPClient.stat`, except that it operates on an already-open file. - :return: an `.SFTPAttributes` object containing attributes about this - file. + :returns: + an `.SFTPAttributes` object containing attributes about this file. """ t, msg = self.sftp._request(CMD_FSTAT, self.handle) if t != CMD_ATTRS: @@ -332,7 +337,6 @@ class SFTPFile (BufferedFile): Python file objects. :param size: the new size of the file - :type size: int or long """ self.sftp._log( DEBUG, @@ -370,21 +374,18 @@ class SFTPFile (BufferedFile): :param offset: offset into the file to begin hashing (0 means to start from the beginning) - :type offset: int or long :param length: number of bytes to hash (0 means continue to the end of the file) - :type length: int or long :param int block_size: number of bytes to hash per result (must not be less than 256; 0 means to compute only one hash of the entire segment) - :type block_size: int :return: `str` of bytes representing the hash of each block, concatenated together - :raises IOError: if the server doesn't support the "check-file" - extension, or possibly doesn't support the hash algorithm - requested + :raises: + ``IOError`` -- if the server doesn't support the "check-file" + extension, or possibly doesn't support the hash algorithm requested .. note:: Many (most?) servers don't support this extension yet. @@ -466,9 +467,8 @@ class SFTPFile (BufferedFile): once. :param chunks: - a list of (offset, length) tuples indicating which sections of the - file to read - :type chunks: list(tuple(long, int)) + a list of ``(offset, length)`` tuples indicating which sections of + the file to read :return: a list of blocks read, in the same order as in ``chunks`` .. versionadded:: 1.5.4 diff --git a/paramiko/sftp_handle.py b/paramiko/sftp_handle.py index 2d2e621c..ca473900 100644 --- a/paramiko/sftp_handle.py +++ b/paramiko/sftp_handle.py @@ -77,7 +77,7 @@ class SFTPHandle (ClosingContextManager): to be 64 bits. If the end of the file has been reached, this method may return an - empty string to signify EOF, or it may also return `.SFTP_EOF`. + empty string to signify EOF, or it may also return ``SFTP_EOF``. The default implementation checks for an attribute on ``self`` named ``readfile``, and if present, performs the read operation on the Python @@ -85,7 +85,6 @@ class SFTPHandle (ClosingContextManager): common case where you are wrapping a Python file object.) :param offset: position in the file to start reading from. - :type offset: int or long :param int length: number of bytes to attempt to read. :return: data read from the file, or an SFTP error code, as a `str`. """ @@ -120,9 +119,8 @@ class SFTPHandle (ClosingContextManager): refer to the same file. :param offset: position in the file to start reading from. - :type offset: int or long :param str data: data to write into the file. - :return: an SFTP error code like `.SFTP_OK`. + :return: an SFTP error code like ``SFTP_OK``. """ writefile = getattr(self, 'writefile', None) if writefile is None: @@ -152,7 +150,7 @@ class SFTPHandle (ClosingContextManager): :return: an attributes object for the given file, or an SFTP error code - (like `.SFTP_PERMISSION_DENIED`). + (like ``SFTP_PERMISSION_DENIED``). :rtype: `.SFTPAttributes` or error code """ return SFTP_OP_UNSUPPORTED @@ -164,7 +162,7 @@ class SFTPHandle (ClosingContextManager): check for the presence of fields before using them. :param .SFTPAttributes attr: the attributes to change on this file. - :return: an `int` error code like `.SFTP_OK`. + :return: an `int` error code like ``SFTP_OK``. """ return SFTP_OP_UNSUPPORTED diff --git a/paramiko/sftp_server.py b/paramiko/sftp_server.py index f94c5e39..1cfe286b 100644 --- a/paramiko/sftp_server.py +++ b/paramiko/sftp_server.py @@ -72,7 +72,7 @@ class SFTPServer (BaseSFTP, SubsystemHandler): :param str name: name of the requested subsystem. :param .ServerInterface server: the server object associated with this channel and subsystem - :param class sftp_si: + :param sftp_si: a subclass of `.SFTPServerInterface` to use for handling individual requests. """ diff --git a/paramiko/sftp_si.py b/paramiko/sftp_si.py index c335eaec..09e7025c 100644 --- a/paramiko/sftp_si.py +++ b/paramiko/sftp_si.py @@ -72,7 +72,7 @@ class SFTPServerInterface (object): on that file. On success, a new object subclassed from `.SFTPHandle` should be returned. This handle will be used for future operations on the file (read, write, etc). On failure, an error code such as - `.SFTP_PERMISSION_DENIED` should be returned. + ``SFTP_PERMISSION_DENIED`` should be returned. ``flags`` contains the requested mode for opening (read-only, write-append, etc) as a bitset of flags from the ``os`` module: @@ -120,7 +120,7 @@ class SFTPServerInterface (object): `.SFTPAttributes.from_stat` will usually do what you want. In case of an error, you should return one of the ``SFTP_*`` error - codes, such as `.SFTP_PERMISSION_DENIED`. + codes, such as ``SFTP_PERMISSION_DENIED``. :param str path: the requested path (relative or absolute) to be listed. @@ -150,7 +150,7 @@ class SFTPServerInterface (object): for. :return: an `.SFTPAttributes` object for the given file, or an SFTP error - code (like `.SFTP_PERMISSION_DENIED`). + code (like ``SFTP_PERMISSION_DENIED``). """ return SFTP_OP_UNSUPPORTED @@ -168,7 +168,7 @@ class SFTPServerInterface (object): :type path: str :return: an `.SFTPAttributes` object for the given file, or an SFTP error - code (like `.SFTP_PERMISSION_DENIED`). + code (like ``SFTP_PERMISSION_DENIED``). """ return SFTP_OP_UNSUPPORTED @@ -178,7 +178,7 @@ class SFTPServerInterface (object): :param str path: the requested path (relative or absolute) of the file to delete. - :return: an SFTP error code `int` like `.SFTP_OK`. + :return: an SFTP error code `int` like ``SFTP_OK``. """ return SFTP_OP_UNSUPPORTED @@ -197,7 +197,7 @@ class SFTPServerInterface (object): :param str oldpath: the requested path (relative or absolute) of the existing file. :param str newpath: the requested new path of the file. - :return: an SFTP error code `int` like `.SFTP_OK`. + :return: an SFTP error code `int` like ``SFTP_OK``. """ return SFTP_OP_UNSUPPORTED @@ -214,7 +214,7 @@ class SFTPServerInterface (object): :param str path: requested path (relative or absolute) of the new folder. :param .SFTPAttributes attr: requested attributes of the new folder. - :return: an SFTP error code `int` like `.SFTP_OK`. + :return: an SFTP error code `int` like ``SFTP_OK``. """ return SFTP_OP_UNSUPPORTED @@ -226,7 +226,7 @@ class SFTPServerInterface (object): :param str path: requested path (relative or absolute) of the folder to remove. - :return: an SFTP error code `int` like `.SFTP_OK`. + :return: an SFTP error code `int` like ``SFTP_OK``. """ return SFTP_OP_UNSUPPORTED @@ -241,7 +241,7 @@ class SFTPServerInterface (object): :param attr: requested attributes to change on the file (an `.SFTPAttributes` object) - :return: an error code `int` like `.SFTP_OK`. + :return: an error code `int` like ``SFTP_OK``. """ return SFTP_OP_UNSUPPORTED @@ -277,7 +277,7 @@ class SFTPServerInterface (object): :param str path: path (relative or absolute) of the symbolic link. :return: the target `str` path of the symbolic link, or an error code like - `.SFTP_NO_SUCH_FILE`. + ``SFTP_NO_SUCH_FILE``. """ return SFTP_OP_UNSUPPORTED diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index 280a7f39..e9ab8d66 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -50,12 +50,10 @@ class BadAuthenticationType (AuthenticationException): the server isn't allowing that type. (It may only allow public-key, for example.) - :ivar list allowed_types: - list of allowed authentication types provided by the server (possible - values are: ``"none"``, ``"password"``, and ``"publickey"``). - .. versionadded:: 1.1 """ + #: list of allowed authentication types provided by the server (possible + #: values are: ``"none"``, ``"password"``, and ``"publickey"``). allowed_types = [] def __init__(self, explanation, types): @@ -87,7 +85,7 @@ class ChannelException (SSHException): """ Exception raised when an attempt to open a new `.Channel` fails. - :ivar int code: the error code returned by the server + :param int code: the error code returned by the server .. versionadded:: 1.6 """ @@ -102,9 +100,9 @@ class BadHostKeyException (SSHException): """ The host key given by the SSH server did not match what we were expecting. - :ivar str hostname: the hostname of the SSH server - :ivar PKey got_key: the host key presented by the server - :ivar PKey expected_key: the host key expected + :param str hostname: the hostname of the SSH server + :param PKey got_key: the host key presented by the server + :param PKey expected_key: the host key expected .. versionadded:: 1.6 """ @@ -125,8 +123,8 @@ class ProxyCommandFailure (SSHException): """ The "ProxyCommand" found in the .ssh/config file returned an error. - :ivar str command: The command line that is generating this exception. - :ivar str error: The error captured from the proxy command output. + :param str command: The command line that is generating this exception. + :param str error: The error captured from the proxy command output. """ def __init__(self, command, error): SSHException.__init__(self, diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index 9c88c6fc..414485f9 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -72,9 +72,8 @@ def GSSAuth(auth_method, gss_deleg_creds=True): We delegate credentials by default. :return: Either an `._SSH_GSSAPI` (Unix) object or an `_SSH_SSPI` (Windows) object - :rtype: Object - :raise ImportError: If no GSS-API / SSPI module could be imported. + :raises: ``ImportError`` -- If no GSS-API / SSPI module could be imported. :see: `RFC 4462 `_ :note: Check for the available API and return either an `._SSH_GSSAPI` @@ -131,7 +130,6 @@ class _SSH_GSSAuth(object): as the only service value. :param str service: The desired SSH service - :rtype: Void """ if service.find("ssh-"): self._service = service @@ -142,7 +140,6 @@ class _SSH_GSSAuth(object): username is not set by C{ssh_init_sec_context}. :param str username: The name of the user who attempts to login - :rtype: Void """ self._username = username @@ -155,7 +152,6 @@ class _SSH_GSSAuth(object): :return: A byte sequence containing the number of supported OIDs, the length of the OID and the actual OID encoded with DER - :rtype: Bytes :note: In server mode we just return the OID length and the DER encoded OID. """ @@ -172,7 +168,6 @@ class _SSH_GSSAuth(object): :param str desired_mech: The desired GSS-API mechanism of the client :return: ``True`` if the given OID is supported, otherwise C{False} - :rtype: Boolean """ mech, __ = decoder.decode(desired_mech) if mech.__str__() != self._krb5_mech: @@ -187,7 +182,6 @@ class _SSH_GSSAuth(object): :param int integer: The integer value to convert :return: The byte sequence of an 32 bit integer - :rtype: Bytes """ return struct.pack("!I", integer) @@ -207,7 +201,6 @@ class _SSH_GSSAuth(object): string service (ssh-connection), string authentication-method (gssapi-with-mic or gssapi-keyex) - :rtype: Bytes """ mic = self._make_uint32(len(session_id)) mic += session_id @@ -256,11 +249,11 @@ class _SSH_GSSAPI(_SSH_GSSAuth): ("pseudo negotiated" mechanism, because we support just the krb5 mechanism :-)) :param str recv_token: The GSS-API token received from the Server - :raise SSHException: Is raised if the desired mechanism of the client - is not supported + :raises: + `.SSHException` -- Is raised if the desired mechanism of the client + is not supported :return: A ``String`` if the GSS-API has returned a token or ``None`` if no token was returned - :rtype: String or None """ self._username = username self._gss_host = target @@ -304,8 +297,6 @@ class _SSH_GSSAPI(_SSH_GSSAuth): gssapi-keyex: Returns the MIC token from GSS-API with the SSH session ID as message. - :rtype: String - :see: `._ssh_build_mic` """ self._session_id = session_id if not gss_kex: @@ -329,7 +320,6 @@ class _SSH_GSSAPI(_SSH_GSSAuth): if it's not the initial call. :return: A ``String`` if the GSS-API has returned a token or ``None`` if no token was returned - :rtype: String or None """ # hostname and username are not required for GSSAPI, but for SSPI self._gss_host = hostname @@ -348,7 +338,7 @@ class _SSH_GSSAPI(_SSH_GSSAuth): :param str session_id: The SSH session ID :param str username: The name of the user who attempts to login :return: None if the MIC check was successful - :raises gssapi.GSSException: if the MIC check failed + :raises: ``gssapi.GSSException`` -- if the MIC check failed """ self._session_id = session_id self._username = username @@ -371,7 +361,6 @@ class _SSH_GSSAPI(_SSH_GSSAuth): Checks if credentials are delegated (server mode). :return: ``True`` if credentials are delegated, otherwise ``False`` - :rtype: bool """ if self._gss_srv_ctxt.delegated_cred is not None: return True @@ -384,8 +373,9 @@ class _SSH_GSSAPI(_SSH_GSSAuth): (server mode). :param str client_token: The GSS-API token received form the client - :raise NotImplementedError: Credential delegation is currently not - supported in server mode + :raises: + ``NotImplementedError`` -- Credential delegation is currently not + supported in server mode """ raise NotImplementedError @@ -427,11 +417,11 @@ class _SSH_SSPI(_SSH_GSSAuth): ("pseudo negotiated" mechanism, because we support just the krb5 mechanism :-)) :param recv_token: The SSPI token received from the Server - :raise SSHException: Is raised if the desired mechanism of the client - is not supported + :raises: + `.SSHException` -- Is raised if the desired mechanism of the client + is not supported :return: A ``String`` if the SSPI has returned a token or ``None`` if no token was returned - :rtype: String or None """ self._username = username self._gss_host = target @@ -476,8 +466,6 @@ class _SSH_SSPI(_SSH_GSSAuth): gssapi-keyex: Returns the MIC token from SSPI with the SSH session ID as message. - :rtype: String - :see: `._ssh_build_mic` """ self._session_id = session_id if not gss_kex: @@ -501,7 +489,6 @@ class _SSH_SSPI(_SSH_GSSAuth): if it's not the initial call. :return: A ``String`` if the SSPI has returned a token or ``None`` if no token was returned - :rtype: String or None """ self._gss_host = hostname self._username = username @@ -522,7 +509,7 @@ class _SSH_SSPI(_SSH_GSSAuth): :param str session_id: The SSH session ID :param str username: The name of the user who attempts to login :return: None if the MIC check was successful - :raises sspi.error: if the MIC check failed + :raises: ``sspi.error`` -- if the MIC check failed """ self._session_id = session_id self._username = username @@ -548,7 +535,6 @@ class _SSH_SSPI(_SSH_GSSAuth): Checks if credentials are delegated (server mode). :return: ``True`` if credentials are delegated, otherwise ``False`` - :rtype: Boolean """ return ( self._gss_flags & sspicon.ISC_REQ_DELEGATE and @@ -562,7 +548,8 @@ class _SSH_SSPI(_SSH_GSSAuth): (server mode). :param str client_token: The SSPI token received form the client - :raise NotImplementedError: Credential delegation is currently not - supported in server mode + :raises: + ``NotImplementedError`` -- Credential delegation is currently not + supported in server mode """ raise NotImplementedError diff --git a/paramiko/transport.py b/paramiko/transport.py index a308e0c9..0f3d4426 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -83,7 +83,7 @@ import atexit atexit.register(_join_lingering_threads) -class Transport (threading.Thread, ClosingContextManager): +class Transport(threading.Thread, ClosingContextManager): """ An SSH Transport attaches to a stream (usually a socket), negotiates an encrypted session, authenticates, and then creates stream tunnels, called @@ -459,7 +459,6 @@ class Transport (threading.Thread, ClosingContextManager): :param str gss_host: The targets name in the kerberos database Default: The name of the host to connect to - :rtype: Void """ # We need the FQDN to get this working with SSPI self.gss_host = socket.getfqdn(gss_host) @@ -492,8 +491,9 @@ class Transport (threading.Thread, ClosingContextManager): :param .threading.Event event: an event to trigger when negotiation is complete (optional) - :raises SSHException: if negotiation fails (and no ``event`` was passed - in) + :raises: + `.SSHException` -- if negotiation fails (and no ``event`` was + passed in) """ self.active = True if event is not None: @@ -553,8 +553,9 @@ class Transport (threading.Thread, ClosingContextManager): an object used to perform authentication and create `channels <.Channel>` - :raises SSHException: if negotiation fails (and no ``event`` was passed - in) + :raises: + `.SSHException` -- if negotiation fails (and no ``event`` was + passed in) """ if server is None: server = ServerInterface() @@ -680,7 +681,7 @@ class Transport (threading.Thread, ClosingContextManager): string)``. You can get the same effect by calling `.PKey.get_name` for the key type, and ``str(key)`` for the key string. - :raises SSHException: if no session is currently active. + :raises: `.SSHException` -- if no session is currently active. :return: public key (`.PKey`) of the remote server """ @@ -720,7 +721,8 @@ class Transport (threading.Thread, ClosingContextManager): :return: a new `.Channel` - :raises SSHException: if the request is rejected or the session ends + :raises: + `.SSHException` -- if the request is rejected or the session ends prematurely .. versionchanged:: 1.13.4/1.14.3/1.15.3 @@ -743,7 +745,8 @@ class Transport (threading.Thread, ClosingContextManager): x11 port, ie. 6010) :return: a new `.Channel` - :raises SSHException: if the request is rejected or the session ends + :raises: + `.SSHException` -- if the request is rejected or the session ends prematurely """ return self.open_channel('x11', src_addr=src_addr) @@ -757,7 +760,7 @@ class Transport (threading.Thread, ClosingContextManager): :return: a new `.Channel` - :raises SSHException: + :raises: `.SSHException` -- if the request is rejected or the session ends prematurely """ return self.open_channel('auth-agent@openssh.com') @@ -809,7 +812,8 @@ class Transport (threading.Thread, ClosingContextManager): :return: a new `.Channel` on success - :raises SSHException: if the request is rejected, the session ends + :raises: + `.SSHException` -- if the request is rejected, the session ends prematurely or there is a timeout openning a channel .. versionchanged:: 1.15 @@ -896,7 +900,8 @@ class Transport (threading.Thread, ClosingContextManager): :return: the port number (`int`) allocated by the server - :raises SSHException: if the server refused the TCP forward request + :raises: + `.SSHException` -- if the server refused the TCP forward request """ if not self.active: raise SSHException('SSH session not active') @@ -970,8 +975,9 @@ class Transport (threading.Thread, ClosingContextManager): traffic both ways as the two sides swap keys and do computations. This method returns when the session has switched to new keys. - :raises SSHException: if the key renegotiation failed (which causes the - session to end) + :raises: + `.SSHException` -- if the key renegotiation failed (which causes + the session to end) """ self.completion_event = threading.Event() self._send_kex_init() @@ -1112,7 +1118,7 @@ class Transport (threading.Thread, ClosingContextManager): :param bool gss_deleg_creds: Whether to delegate GSS-API client credentials. - :raises SSHException: if the SSH2 negotiation fails, the host key + :raises: `.SSHException` -- if the SSH2 negotiation fails, the host key supplied by the server is incorrect, or authentication fails. """ if hostkey is not None: @@ -1186,7 +1192,7 @@ class Transport (threading.Thread, ClosingContextManager): passed to the `.SubsystemHandler` constructor later. :param str name: name of the subsystem. - :param class handler: + :param handler: subclass of `.SubsystemHandler` that handles this subsystem. """ try: @@ -1247,9 +1253,11 @@ class Transport (threading.Thread, ClosingContextManager): `list` of auth types permissible for the next stage of authentication (normally empty) - :raises BadAuthenticationType: if "none" authentication isn't allowed + :raises: + `.BadAuthenticationType` -- if "none" authentication isn't allowed by the server for this user - :raises SSHException: if the authentication failed due to a network + :raises: + `.SSHException` -- if the authentication failed due to a network error .. versionadded:: 1.5 @@ -1300,11 +1308,13 @@ class Transport (threading.Thread, ClosingContextManager): `list` of auth types permissible for the next stage of authentication (normally empty) - :raises BadAuthenticationType: if password authentication isn't + :raises: + `.BadAuthenticationType` -- if password authentication isn't allowed by the server for this user (and no event was passed in) - :raises AuthenticationException: if the authentication failed (and no + :raises: + `.AuthenticationException` -- if the authentication failed (and no event was passed in) - :raises SSHException: if there was a network error + :raises: `.SSHException` -- if there was a network error """ if (not self.active) or (not self.initial_kex_done): # we should never try to send the password unless we're on a secure @@ -1369,11 +1379,13 @@ class Transport (threading.Thread, ClosingContextManager): `list` of auth types permissible for the next stage of authentication (normally empty) - :raises BadAuthenticationType: if public-key authentication isn't + :raises: + `.BadAuthenticationType` -- if public-key authentication isn't allowed by the server for this user (and no event was passed in) - :raises AuthenticationException: if the authentication failed (and no + :raises: + `.AuthenticationException` -- if the authentication failed (and no event was passed in) - :raises SSHException: if there was a network error + :raises: `.SSHException` -- if there was a network error """ if (not self.active) or (not self.initial_kex_done): # we should never try to authenticate unless we're on a secure link @@ -1425,10 +1437,10 @@ class Transport (threading.Thread, ClosingContextManager): `list` of auth types permissible for the next stage of authentication (normally empty). - :raises BadAuthenticationType: if public-key authentication isn't + :raises: `.BadAuthenticationType` -- if public-key authentication isn't allowed by the server for this user - :raises AuthenticationException: if the authentication failed - :raises SSHException: if there was a network error + :raises: `.AuthenticationException` -- if the authentication failed + :raises: `.SSHException` -- if there was a network error .. versionadded:: 1.5 """ @@ -1473,11 +1485,12 @@ class Transport (threading.Thread, ClosingContextManager): :return: list of auth types permissible for the next stage of authentication (normally empty) :rtype: list - :raise BadAuthenticationType: if gssapi-with-mic isn't + :raises: `.BadAuthenticationType` -- if gssapi-with-mic isn't allowed by the server (and no event was passed in) - :raise AuthenticationException: if the authentication failed (and no + :raises: + `.AuthenticationException` -- if the authentication failed (and no event was passed in) - :raise SSHException: if there was a network error + :raises: `.SSHException` -- if there was a network error """ if (not self.active) or (not self.initial_kex_done): # we should never try to authenticate unless we're on a secure link @@ -1497,12 +1510,12 @@ class Transport (threading.Thread, ClosingContextManager): :returns: a `list` of auth types permissible for the next stage of authentication (normally empty) - :raises BadAuthenticationType: + :raises: `.BadAuthenticationType` -- if GSS-API Key Exchange was not performed (and no event was passed in) - :raises AuthenticationException: + :raises: `.AuthenticationException` -- if the authentication failed (and no event was passed in) - :raises SSHException: if there was a network error + :raises: `.SSHException` -- if there was a network error """ if (not self.active) or (not self.initial_kex_done): # we should never try to authenticate unless we're on a secure link diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f8b3d328..ebad4f22 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -16,7 +16,7 @@ Changelog (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to Dorian Pula! -* :bug:`683` Make `util.log_to_file()` append instead of replace. Thanks +* :bug:`683` Make ``util.log_to_file`` append instead of replace. Thanks to ``@vlcinsky`` for the report. * :release:`2.0.5 <2017-02-20>` * :release:`1.18.2 <2017-02-20>` @@ -92,7 +92,7 @@ Changelog * :bug:`334 (1.17+)` Make the ``subprocess`` import in ``proxy.py`` lazy so users on platforms without it (such as Google App Engine) can import Paramiko successfully. (Relatedly, make it easier to tweak an active socket check - timeout [in `Transport `] which was previously + timeout [in `Transport `] which was previously hardcoded.) Credit: Shinya Okano. * :support:`854 backported (1.17+)` Fix incorrect docstring/param-list for `Transport.auth_gssapi_keyex @@ -147,10 +147,10 @@ Changelog ``proxycommand`` key in parsed config structures). Thanks to Pat Brisbin for the catch. * :bug:`676` (via :issue:`677`) Fix a backwards incompatibility issue that - cropped up in `SFTPFile.prefetch <~paramiko.sftp_file.prefetch>` re: the - erroneously non-optional ``file_size`` parameter. Should only affect users - who manually call ``prefetch``. Thanks to ``@stevevanhooser`` for catch & - patch. + cropped up in `SFTPFile.prefetch ` re: + the erroneously non-optional ``file_size`` parameter. Should only affect + users who manually call ``prefetch``. Thanks to ``@stevevanhooser`` for catch + & patch. * :feature:`394` Replace PyCrypto with the Python Cryptographic Authority (PyCA) 'Cryptography' library suite. This improves security, installability, and performance; adds PyPy support; and much more. @@ -240,7 +240,7 @@ Changelog * :release:`1.15.4 <2015-11-02>` * :release:`1.14.3 <2015-11-02>` * :release:`1.13.4 <2015-11-02>` -* :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string +* :bug:`366` Fix `~paramiko.sftp_attr.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch by Ulrich Petri. * :bug:`359` Use correct attribute name when trying to use Python 3's @@ -351,8 +351,9 @@ Changelog * :release:`1.15.1 <2014-09-22>` * :bug:`399` SSH agent forwarding (potentially other functionality as well) would hang due to incorrect values passed into the new window size - arguments for `.Transport` (thanks to a botched merge). This has been - corrected. Thanks to Dylan Thacker-Smith for the report & patch. + arguments for `~paramiko.transport.Transport` (thanks to a botched merge). + This has been corrected. Thanks to Dylan Thacker-Smith for the report & + patch. * :feature:`167` Add `~paramiko.config.SSHConfig.get_hostnames` for easier introspection of a loaded SSH config file or object. Courtesy of Søren Løvborg. -- cgit v1.2.3 From 9dadca814288a5c8bb4f5ccd186d854d576e3816 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 5 Jun 2017 23:04:59 -0700 Subject: Changelog because I deserve it --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ebad4f22..8ffde787 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`- backported` A big formatting pass to clean up an enormous number + of invalid Sphinx reference links, discovered by switching to a modern, + rigorous nitpicking doc-building mode. * :bug:`900` (via :issue:`911`) Prefer newer ``ecdsa-sha2-nistp`` keys over RSA and DSA keys during host key selection. This improves compatibility with OpenSSH, both in terms of general behavior, and also re: ability to properly -- cgit v1.2.3 From 9d2af83f1474fd594f3dd1fea20839a9751a6a4b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 12:10:16 -0700 Subject: Changelog re #951 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index c75b4b68..3f45334d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :feature:`951` Add support for ECDH key exchange (kex), specifically the + algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and + ``ecdh-sha2-nistp521``. Thanks to Shashank Veerapaneni for the patch. * :support:`- backported` A big formatting pass to clean up an enormous number of invalid Sphinx reference links, discovered by switching to a modern, rigorous nitpicking doc-building mode. -- cgit v1.2.3 From c87ece67f6663892836f57da0e97cd2cfc1faf2a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 12:27:14 -0700 Subject: Changelog re #857 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3f45334d..0db12afe 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :feature:`857` Allow `SSHClient.set_missing_host_key_policy + ` to accept policy + classes _or_ instances, instead of only instances, thus fixing a + long-standing gotcha for unaware users. * :feature:`951` Add support for ECDH key exchange (kex), specifically the algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and ``ecdh-sha2-nistp521``. Thanks to Shashank Veerapaneni for the patch. -- cgit v1.2.3 From 9db59ac05e03ede7ba5d5059b7e00effca275430 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 12:34:12 -0700 Subject: Changelog re #667 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 8ffde787..ec1c09cb 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`667` The RC4/arcfour family of ciphers has been broken since version + 2.0; but since the algorithm is now known to be completely insecure, we are + opting to remove support outright instead of fixing it. Thanks to Alex Gaynor + for catch & patch. * :support:`- backported` A big formatting pass to clean up an enormous number of invalid Sphinx reference links, discovered by switching to a modern, rigorous nitpicking doc-building mode. -- cgit v1.2.3 From 102c694ca8ae46d384d3a9c4e2e963836d6f1509 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:26:13 -0700 Subject: Partially apply #983 for 2.0+ --- paramiko/transport.py | 2 +- sites/www/changelog.rst | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'sites/www') diff --git a/paramiko/transport.py b/paramiko/transport.py index 4a3ae8f4..802b496f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -113,10 +113,10 @@ class Transport(threading.Thread, ClosingContextManager): _preferred_macs = ( 'hmac-sha2-256', 'hmac-sha2-512', + 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96', - 'hmac-sha1', ) _preferred_keys = ( 'ecdsa-sha2-nistp256', diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ec1c09cb..353e2818 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`-` (partial application of :issue:`983`) Move ``sha1`` above the + now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an + incremental security improvement for users whose target systems offer both. + Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor -- cgit v1.2.3 From d6e57d34bafb65c6ce62a022d1b509f35cf82d49 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:26:13 -0700 Subject: Partially apply #983 for 2.0+ --- paramiko/transport.py | 2 +- sites/www/changelog.rst | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'sites/www') diff --git a/paramiko/transport.py b/paramiko/transport.py index 4a3ae8f4..802b496f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -113,10 +113,10 @@ class Transport(threading.Thread, ClosingContextManager): _preferred_macs = ( 'hmac-sha2-256', 'hmac-sha2-512', + 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96', - 'hmac-sha1', ) _preferred_keys = ( 'ecdsa-sha2-nistp256', diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ec1c09cb..9aead611 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of + preferred MAC algorithms, as an incremental security improvement for users + whose target systems offer both. Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor -- cgit v1.2.3 From 947bd10f451f8a0249fdd8e234429f8a657c60ae Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:30:09 -0700 Subject: Note ecdh-sha2 preferred-kex placement in changelog entry for #951, re #983 --- sites/www/changelog.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index cb36dba1..e4a66356 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -15,7 +15,9 @@ Changelog long-standing gotcha for unaware users. * :feature:`951` Add support for ECDH key exchange (kex), specifically the algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and - ``ecdh-sha2-nistp521``. Thanks to Shashank Veerapaneni for the patch. + ``ecdh-sha2-nistp521``. They now come before the older ``diffie-hellman-*`` + family of kex algorithms in the preferred-kex list. Thanks to Shashank + Veerapaneni for the patch & Pierce Lopez for a follow-up. * :support:`- backported` A big formatting pass to clean up an enormous number of invalid Sphinx reference links, discovered by switching to a modern, rigorous nitpicking doc-building mode. -- cgit v1.2.3 From 2804b79cdeb2c140862d48883b7fdc105f05b95a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:49:29 -0700 Subject: Changelog re #921 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e4a66356..5c0b3552 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`921` Tighten up the ``__hash__`` implementation for various key + classes; less code is good code. Thanks to Francisco Couzo for the patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an incremental security improvement for users whose target systems offer both. Credit: Pierce Lopez. -- cgit v1.2.3