From 3e1f9f09b1da0397f82e4ee9e1886f5271705e29 Mon Sep 17 00:00:00 2001 From: Sebastian Deiss Date: Tue, 11 Feb 2014 13:08:11 +0100 Subject: GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication with Python 3 support Add Python 3 support for the GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication. This patch supersedes pull request #250. --- sites/_shared_static/logo.png | Bin 0 -> 6401 bytes sites/shared_conf.py | 41 ++++++++++++ sites/www/_templates/rss.xml | 19 ++++++ sites/www/blog.py | 140 +++++++++++++++++++++++++++++++++++++++++ sites/www/blog.rst | 16 +++++ sites/www/blog/first-post.rst | 7 +++ sites/www/blog/second-post.rst | 7 +++ sites/www/changelog.rst | 114 +++++++++++++++++++++++++++++++++ sites/www/conf.py | 35 +++++++++++ sites/www/contact.rst | 11 ++++ sites/www/contributing.rst | 19 ++++++ sites/www/index.rst | 38 +++++++++++ sites/www/installing.rst | 105 +++++++++++++++++++++++++++++++ 13 files changed, 552 insertions(+) create mode 100644 sites/_shared_static/logo.png create mode 100644 sites/shared_conf.py create mode 100644 sites/www/_templates/rss.xml create mode 100644 sites/www/blog.py create mode 100644 sites/www/blog.rst create mode 100644 sites/www/blog/first-post.rst create mode 100644 sites/www/blog/second-post.rst create mode 100644 sites/www/changelog.rst create mode 100644 sites/www/conf.py create mode 100644 sites/www/contact.rst create mode 100644 sites/www/contributing.rst create mode 100644 sites/www/index.rst create mode 100644 sites/www/installing.rst (limited to 'sites') diff --git a/sites/_shared_static/logo.png b/sites/_shared_static/logo.png new file mode 100644 index 00000000..bc76697e Binary files /dev/null and b/sites/_shared_static/logo.png differ diff --git a/sites/shared_conf.py b/sites/shared_conf.py new file mode 100644 index 00000000..86ecdfe8 --- /dev/null +++ b/sites/shared_conf.py @@ -0,0 +1,41 @@ +from datetime import datetime +import os +import sys + +import alabaster + + +# Alabaster theme + mini-extension +html_theme_path = [alabaster.get_path()] +extensions = ['alabaster'] +# Paths relative to invoking conf.py - not this shared file +html_static_path = ['../_shared_static'] +html_theme = 'alabaster' +html_theme_options = { + 'description': "A Python implementation of SSHv2.", + 'github_user': 'paramiko', + 'github_repo': 'paramiko', + 'gittip_user': 'bitprophet', + 'analytics_id': 'UA-18486793-2', + + 'link': '#3782BE', + 'link_hover': '#3782BE', +} +html_sidebars = { + '**': [ + 'about.html', + 'navigation.html', + 'searchbox.html', + 'donate.html', + ] +} + +# Regular settings +project = u'Paramiko' +year = datetime.now().year +copyright = u'%d Jeff Forcier' % year +master_doc = 'index' +templates_path = ['_templates'] +exclude_trees = ['_build'] +source_suffix = '.rst' +default_role = 'obj' diff --git a/sites/www/_templates/rss.xml b/sites/www/_templates/rss.xml new file mode 100644 index 00000000..f6f9cbd1 --- /dev/null +++ b/sites/www/_templates/rss.xml @@ -0,0 +1,19 @@ + + + + + {{ title }} + {{ link }} + {{ description }} + {{ date }} + {% for link, title, desc, date in posts %} + + {{ link }} + {{ link }} + <![CDATA[{{ title }}]]> + + {{ date }} + + {% endfor %} + + diff --git a/sites/www/blog.py b/sites/www/blog.py new file mode 100644 index 00000000..3b129ebf --- /dev/null +++ b/sites/www/blog.py @@ -0,0 +1,140 @@ +from collections import namedtuple +from datetime import datetime +import time +import email.utils + +from sphinx.util.compat import Directive +from docutils import nodes + + +class BlogDateDirective(Directive): + """ + Used to parse/attach date info to blog post documents. + + No nodes generated, since none are needed. + """ + has_content = True + + def run(self): + # Tag parent document with parsed date value. + self.state.document.blog_date = datetime.strptime( + self.content[0], "%Y-%m-%d" + ) + # Don't actually insert any nodes, we're already done. + return [] + +class blog_post_list(nodes.General, nodes.Element): + pass + +class BlogPostListDirective(Directive): + """ + Simply spits out a 'blog_post_list' temporary node for replacement. + + Gets replaced at doctree-resolved time - only then will all blog post + documents be written out (& their date directives executed). + """ + def run(self): + return [blog_post_list('')] + + +Post = namedtuple('Post', 'name doc title date opener') + +def get_posts(app): + # Obtain blog posts + post_names = filter(lambda x: x.startswith('blog/'), app.env.found_docs) + posts = map(lambda x: (x, app.env.get_doctree(x)), post_names) + # Obtain common data used for list page & RSS + data = [] + for post, doc in sorted(posts, key=lambda x: x[1].blog_date, reverse=True): + # Welp. No "nice" way to get post title. Thanks Sphinx. + title = doc[0][0][0] + # Date. This may or may not end up reflecting the required + # *input* format, but doing it here gives us flexibility. + date = doc.blog_date + # 1st paragraph as opener. TODO: allow a role or something marking + # where to actually pull from? + opener = doc.traverse(nodes.paragraph)[0] + data.append(Post(post, doc, title, date, opener)) + return data + +def replace_blog_post_lists(app, doctree, fromdocname): + """ + Replace blog_post_list nodes with ordered list-o-links to posts. + """ + # Obtain blog posts + post_names = filter(lambda x: x.startswith('blog/'), app.env.found_docs) + posts = map(lambda x: (x, app.env.get_doctree(x)), post_names) + # Build "list" of links/etc + post_links = [] + for post, doc, title, date, opener in get_posts(app): + # Link itself + uri = app.builder.get_relative_uri(fromdocname, post) + link = nodes.reference('', '', refdocname=post, refuri=uri) + # Title, bolded. TODO: use 'topic' or something maybe? + link.append(nodes.strong('', title)) + date = date.strftime("%Y-%m-%d") + # Meh @ not having great docutils nodes which map to this. + html = '
%s
' % date + timestamp = nodes.raw(text=html, format='html') + # NOTE: may group these within another element later if styling + # necessitates it + group = [timestamp, nodes.paragraph('', '', link), opener] + post_links.extend(group) + + # Replace temp node(s) w/ expanded list-o-links + for node in doctree.traverse(blog_post_list): + node.replace_self(post_links) + +def rss_timestamp(timestamp): + # Use horribly inappropriate module for its magical daylight-savings-aware + # timezone madness. Props to Tinkerer for the idea. + return email.utils.formatdate( + time.mktime(timestamp.timetuple()), + localtime=True + ) + +def generate_rss(app): + # Meh at having to run this subroutine like 3x per build. Not worth trying + # to be clever for now tho. + posts_ = get_posts(app) + # LOL URLs + root = app.config.rss_link + if not root.endswith('/'): + root += '/' + # Oh boy + posts = [ + ( + root + app.builder.get_target_uri(x.name), + x.title, + str(x.opener[0]), # Grab inner text element from paragraph + rss_timestamp(x.date), + ) + for x in posts_ + ] + location = 'blog/rss.xml' + context = { + 'title': app.config.project, + 'link': root, + 'atom': root + location, + 'description': app.config.rss_description, + # 'posts' is sorted by date already + 'date': rss_timestamp(posts_[0].date), + 'posts': posts, + } + yield (location, context, 'rss.xml') + +def setup(app): + # Link in RSS feed back to main website, e.g. 'http://paramiko.org' + app.add_config_value('rss_link', None, '') + # Ditto for RSS description field + app.add_config_value('rss_description', None, '') + # Interprets date metadata in blog post documents + app.add_directive('date', BlogDateDirective) + # Inserts blog post list node (in e.g. a listing page) for replacement + # below + app.add_node(blog_post_list) + app.add_directive('blog-posts', BlogPostListDirective) + # Performs abovementioned replacement + app.connect('doctree-resolved', replace_blog_post_lists) + # Generates RSS page from whole cloth at page generation step + app.connect('html-collect-pages', generate_rss) diff --git a/sites/www/blog.rst b/sites/www/blog.rst new file mode 100644 index 00000000..af9651e4 --- /dev/null +++ b/sites/www/blog.rst @@ -0,0 +1,16 @@ +==== +Blog +==== + +.. blog-posts directive gets replaced with an ordered list of blog posts. + +.. blog-posts:: + + +.. The following toctree ensures blog posts get processed. + +.. toctree:: + :hidden: + :glob: + + blog/* diff --git a/sites/www/blog/first-post.rst b/sites/www/blog/first-post.rst new file mode 100644 index 00000000..7b075073 --- /dev/null +++ b/sites/www/blog/first-post.rst @@ -0,0 +1,7 @@ +=========== +First post! +=========== + +A blog post. + +.. date:: 2013-12-04 diff --git a/sites/www/blog/second-post.rst b/sites/www/blog/second-post.rst new file mode 100644 index 00000000..c4463f33 --- /dev/null +++ b/sites/www/blog/second-post.rst @@ -0,0 +1,7 @@ +=========== +Another one +=========== + +.. date:: 2013-12-05 + +Indeed! diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst new file mode 100644 index 00000000..2680086e --- /dev/null +++ b/sites/www/changelog.rst @@ -0,0 +1,114 @@ +========= +Changelog +========= + +* :feature:`250` GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication. +* :bug:`193` (and its attentant PRs :issue:`230` & :issue:`253`): Fix SSH agent + problems present on Windows. Thanks to David Hobbs for initial report and to + Aarni Koskela & Olle Lundberg for the patches. +* :release:`1.12.1 <2014-01-08>` +* :release:`1.11.3 <2014-01-08>` 176 +* :release:`1.10.5 <2014-01-08>` 176 +* :bug:`225` Note ecdsa requirement in README. Thanks to Amaury Rodriguez for + the catch. +* :bug:`176` Fix AttributeError bugs in known_hosts file (re)loading. Thanks + to Nathan Scowcroft for the patch & Martin Blumenstingl for the initial test + case. +* :release:`1.12.0 <2013-09-27>` +* :release:`1.11.2 <2013-09-27>` +* :release:`1.10.4 <2013-09-27>` 199, 200, 179 +* :feature:`152` Add tentative support for ECDSA keys. *This adds the ecdsa + module as a new dependency of Paramiko.* The module is available at + [warner/python-ecdsa on Github](https://github.com/warner/python-ecdsa) and + [ecdsa on PyPI](https://pypi.python.org/pypi/ecdsa). + + * Note that you might still run into problems with key negotiation -- + Paramiko picks the first key that the server offers, which might not be + what you have in your known_hosts file. + * Mega thanks to Ethan Glasser-Camp for the patch. + +* :feature:`136` Add server-side support for the SSH protocol's 'env' command. + Thanks to Benjamin Pollack for the patch. +* :bug:`156` Fix potential deadlock condition when using Channel objects as + sockets (e.g. when using SSH gatewaying). Thanks to Steven Noonan and Frank + Arnold for catch & patch. +* :bug:`179` Fix a missing variable causing errors when an ssh_config file has + a non-default AddressFamily set. Thanks to Ed Marshall & Tomaz Muraus for + catch & patch. +* :bug:`200` Fix an exception-causing typo in ``demo_simple.py``. Thanks to Alex + Buchanan for catch & Dave Foster for patch. +* :bug:`199` Typo fix in the license header cross-project. Thanks to Armin + Ronacher for catch & patch. +* :release:`1.11.1 <2013-09-20>` +* :release:`1.10.3 <2013-09-20>` +* :bug:`162` Clean up HMAC module import to avoid deadlocks in certain uses of + SSHClient. Thanks to Gernot Hillier for the catch & suggested fix. +* :bug:`36` Fix the port-forwarding demo to avoid file descriptor errors. + Thanks to Jonathan Halcrow for catch & patch. +* :bug:`168` Update config handling to properly handle multiple 'localforward' + and 'remoteforward' keys. Thanks to Emre Yılmaz for the patch. +* :release:`1.11.0 <2013-07-26>` +* :release:`1.10.2 <2013-07-26>` +* :bug:`98 major` On Windows, when interacting with the PuTTY PAgeant, Paramiko + now creates the shared memory map with explicit Security Attributes of the + user, which is the same technique employed by the canonical PuTTY library to + avoid permissions issues when Paramiko is running under a different UAC + context than the PuTTY Ageant process. Thanks to Jason R. Coombs for the + patch. +* :support:`100` Remove use of PyWin32 in ``win_pageant`` module. Module was + already dependent on ctypes for constructing appropriate structures and had + ctypes implementations of all functionality. Thanks to Jason R. Coombs for + the patch. +* :bug:`87 major` Ensure updates to ``known_hosts`` files account for any + updates to said files after Paramiko initially read them. (Includes related + fix to guard against duplicate entries during subsequent ``known_hosts`` + loads.) Thanks to ``@sunweaver`` for the contribution. +* :bug:`153` (also :issue:`67`) Warn on parse failure when reading known_hosts + file. Thanks to ``@glasserc`` for patch. +* :bug:`146` Indentation fixes for readability. Thanks to Abhinav Upadhyay for + catch & patch. +* :release:`1.10.1 <2013-04-05>` +* :bug:`142` (`Fabric #811 `_) + SFTP put of empty file will still return the attributes of the put file. + Thanks to Jason R. Coombs for the patch. +* :bug:`154` (`Fabric #876 `_) + Forwarded SSH agent connections left stale local pipes lying around, which + could cause local (and sometimes remote or network) resource starvation when + running many agent-using remote commands. Thanks to Kevin Tegtmeier for catch + & patch. +* :release:`1.10.0 <2013-03-01>` +* :feature:`66` Batch SFTP writes to help speed up file transfers. Thanks to + Olle Lundberg for the patch. +* :bug:`133 major` Fix handling of window-change events to be on-spec and not + attempt to wait for a response from the remote sshd; this fixes problems with + less common targets such as some Cisco devices. Thanks to Phillip Heller for + catch & patch. +* :feature:`93` Overhaul SSH config parsing to be in line with ``man + ssh_config`` (& the behavior of ``ssh`` itself), including addition of parameter + expansion within config values. Thanks to Olle Lundberg for the patch. +* :feature:`110` Honor SSH config ``AddressFamily`` setting when looking up + local host's FQDN. Thanks to John Hensley for the patch. +* :feature:`128` Defer FQDN resolution until needed, when parsing SSH config + files. Thanks to Parantapa Bhattacharya for catch & patch. +* :bug:`102 major` Forego random padding for packets when running under + ``*-ctr`` ciphers. This corrects some slowdowns on platforms where random + byte generation is inefficient (e.g. Windows). Thanks to ``@warthog618`` for + catch & patch, and Michael van der Kolff for code/technique review. +* :feature:`127` Turn ``SFTPFile`` into a context manager. Thanks to Michael + Williamson for the patch. +* :feature:`116` Limit ``Message.get_bytes`` to an upper bound of 1MB to protect + against potential DoS vectors. Thanks to ``@mvschaik`` for catch & patch. +* :feature:`115` Add convenience ``get_pty`` kwarg to ``Client.exec_command`` so + users not manually controlling a channel object can still toggle PTY + creation. Thanks to Michael van der Kolff for the patch. +* :feature:`71` Add ``SFTPClient.putfo`` and ``.getfo`` methods to allow direct + uploading/downloading of file-like objects. Thanks to Eric Buehl for the + patch. +* :feature:`113` Add ``timeout`` parameter to ``SSHClient.exec_command`` for + easier setting of the command's internal channel object's timeout. Thanks to + Cernov Vladimir for the patch. +* :support:`94` Remove duplication of SSH port constant. Thanks to Olle + Lundberg for the catch. +* :feature:`80` Expose the internal "is closed" property of the file transfer + class ``BufferedFile`` as ``.closed``, better conforming to Python's file + interface. Thanks to ``@smunaut`` and James Hiscock for catch & patch. diff --git a/sites/www/conf.py b/sites/www/conf.py new file mode 100644 index 00000000..481acdff --- /dev/null +++ b/sites/www/conf.py @@ -0,0 +1,35 @@ +# Obtain shared config values +import sys +import os +from os.path import abspath, join, dirname + +sys.path.append(abspath(join(dirname(__file__), '..'))) +from shared_conf import * + +# Local blog extension +sys.path.append(abspath('.')) +extensions.append('blog') +rss_link = 'http://paramiko.org' +rss_description = 'Paramiko project news' + +# Releases changelog extension +extensions.append('releases') +releases_release_uri = "https://github.com/paramiko/paramiko/tree/%s" +releases_issue_uri = "https://github.com/paramiko/paramiko/issues/%s" + +# Intersphinx for referencing API/usage docs +extensions.append('sphinx.ext.intersphinx') +# Default is 'local' building, but reference the public docs site when building +# under RTD. +target = join(dirname(__file__), '..', 'docs', '_build') +if os.environ.get('READTHEDOCS') == 'True': + # TODO: switch to docs.paramiko.org post go-live of sphinx API docs + target = 'http://paramiko-docs.readthedocs.org/en/latest/' +#intersphinx_mapping = { +# 'docs': (target, None), +#} + +# Sister-site links to API docs +html_theme_options['extra_nav_links'] = { + "API Docs": 'http://docs.paramiko.org', +} diff --git a/sites/www/contact.rst b/sites/www/contact.rst new file mode 100644 index 00000000..2b6583f5 --- /dev/null +++ b/sites/www/contact.rst @@ -0,0 +1,11 @@ +======= +Contact +======= + +You can get in touch with the developer & user community in any of the +following ways: + +* IRC: ``#paramiko`` on Freenode +* Mailing list: ``paramiko@librelist.com`` (see `the LibreList homepage + `_ for usage details). +* This website - a blog section is forthcoming. diff --git a/sites/www/contributing.rst b/sites/www/contributing.rst new file mode 100644 index 00000000..2b752cc5 --- /dev/null +++ b/sites/www/contributing.rst @@ -0,0 +1,19 @@ +============ +Contributing +============ + +How to get the code +=================== + +Our primary Git repository is on Github at `paramiko/paramiko +`_; please follow their instructions for +cloning to your local system. (If you intend to submit patches/pull requests, +we recommend forking first, then cloning your fork. Github has excellent +documentation for all this.) + + +How to submit bug reports or new code +===================================== + +Please see `this project-agnostic contribution guide +`_ - we follow it explicitly. diff --git a/sites/www/index.rst b/sites/www/index.rst new file mode 100644 index 00000000..7fefedd2 --- /dev/null +++ b/sites/www/index.rst @@ -0,0 +1,38 @@ +Welcome to Paramiko! +==================== + +Paramiko is a Python (2.5+) implementation of the SSHv2 protocol [#]_, +providing both client and server functionality. While it leverages a Python C +extension for low level cryptography (`PyCrypto `_), +Paramiko itself is a pure Python interface around SSH networking concepts. + +This website covers project information for Paramiko such as the changelog, +contribution guidelines, development roadmap, news/blog, and so forth. Detailed +usage and API documentation can be found at our code documentation site, +`docs.paramiko.org `_. + +.. toctree:: + changelog + installing + contributing + contact + +.. Hide blog in hidden toctree for now (to avoid warnings.) + +.. toctree:: + :hidden: + + blog + + +.. rubric:: Footnotes + +.. [#] + SSH is defined in RFCs + `4251 `_, + `4252 `_, + `4253 `_, and + `4254 `_; + the primary working implementation of the protocol is the `OpenSSH project + `_. Paramiko implements a large portion of the SSH + feature set, but there are occasional gaps. diff --git a/sites/www/installing.rst b/sites/www/installing.rst new file mode 100644 index 00000000..0d4dc1ac --- /dev/null +++ b/sites/www/installing.rst @@ -0,0 +1,105 @@ +========== +Installing +========== + +Paramiko itself +=============== + +The recommended way to get Invoke is to **install the latest stable release** +via `pip `_:: + + $ pip install paramiko + +.. note:: + Users who want the bleeding edge can install the development version via + ``pip install paramiko==dev``. + +We currently support **Python 2.5/2.6/2.7**, with support for Python 3 coming +soon. Users on Python 2.4 or older are urged to upgrade. Paramiko *may* work on +Python 2.4 still, but there is no longer any support guarantee. + +Paramiko has two dependencies: the pure-Python ECDSA module `ecdsa`, and the +PyCrypto C extension. `ecdsa` is easily installable from wherever you +obtained Paramiko's package; PyCrypto may require more work. Read on for +details. + +PyCrypto +======== + +`PyCrypto `_ provides the low-level +(C-based) encryption algorithms we need to implement the SSH protocol. There +are a couple gotchas associated with installing PyCrypto: its compatibility +with Python's package tools, and the fact that it is a C-based extension. + +.. _pycrypto-and-pip: + +Possible gotcha on older Python and/or pip versions +--------------------------------------------------- + +We strongly recommend using ``pip`` to as it is newer and generally better than +``easy_install``. However, a combination of bugs in specific (now rather old) +versions of Python, ``pip`` and PyCrypto can prevent installation of PyCrypto. +Specifically: + +* Python = 2.5.x +* PyCrypto >= 2.1 (required for most modern versions of Paramiko) +* ``pip`` < 0.8.1 + +When all three criteria are met, you may encounter ``No such file or +directory`` IOErrors when trying to ``pip install paramiko`` or ``pip install +PyCrypto``. + +The fix is to make sure at least one of the above criteria is not met, by doing +the following (in order of preference): + +* Upgrade to ``pip`` 0.8.1 or above, e.g. by running ``pip install -U pip``. +* Upgrade to Python 2.6 or above. +* Downgrade to Paramiko 1.7.6 or 1.7.7, which do not require PyCrypto >= 2.1, + and install PyCrypto 2.0.1 (the oldest version on PyPI which works with + Paramiko 1.7.6/1.7.7) + + +C extension +----------- + +Unless you are installing from a precompiled source such as a Debian apt +repository or RedHat RPM, or using :ref:`pypm `, you will also need the +ability to build Python C-based modules from source in order to install +PyCrypto. Users on **Unix-based platforms** such as Ubuntu or Mac OS X will +need the traditional C build toolchain installed (e.g. Developer Tools / XCode +Tools on the Mac, or the ``build-essential`` package on Ubuntu or Debian Linux +-- basically, anything with ``gcc``, ``make`` and so forth) as well as the +Python development libraries, often named ``python-dev`` or similar. + +For **Windows** users we recommend using :ref:`pypm`, installing a C +development environment such as `Cygwin `_ or obtaining a +precompiled Win32 PyCrypto package from `voidspace's Python modules page +`_. + +.. note:: + Some Windows users whose Python is 64-bit have found that the PyCrypto + dependency ``winrandom`` may not install properly, leading to ImportErrors. + In this scenario, you'll probably need to compile ``winrandom`` yourself + via e.g. MS Visual Studio. See `Fabric #194 + `_ for info. + + +.. _pypm: + +ActivePython and PyPM +===================== + +Windows users who already have ActiveState's `ActivePython +`_ distribution installed +may find Paramiko is best installed with `its package manager, PyPM +`_. Below is example output from an +installation of Paramiko via ``pypm``:: + + C:\> pypm install paramiko + The following packages will be installed into "%APPDATA%\Python" (2.7): + paramiko-1.7.8 pycrypto-2.4 + Get: [pypm-free.activestate.com] paramiko 1.7.8 + Get: [pypm-free.activestate.com] pycrypto 2.4 + Installing paramiko-1.7.8 + Installing pycrypto-2.4 + C:\> -- cgit v1.2.3 From b0b6a827b96453cfe9bddb343f94c5c2f4243f7b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 13 Mar 2014 21:05:32 -0700 Subject: Update docs to reflect Python 2.6+, 3.3+ compat --- sites/www/index.rst | 2 +- sites/www/installing.rst | 34 +++------------------------------- 2 files changed, 4 insertions(+), 32 deletions(-) (limited to 'sites') diff --git a/sites/www/index.rst b/sites/www/index.rst index 7fefedd2..a8e72624 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -1,7 +1,7 @@ Welcome to Paramiko! ==================== -Paramiko is a Python (2.5+) implementation of the SSHv2 protocol [#]_, +Paramiko is a Python (2.6+, 3.3+) implementation of the SSHv2 protocol [#]_, providing both client and server functionality. While it leverages a Python C extension for low level cryptography (`PyCrypto `_), Paramiko itself is a pure Python interface around SSH networking concepts. diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 0d4dc1ac..955a0a59 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -14,9 +14,9 @@ via `pip `_:: Users who want the bleeding edge can install the development version via ``pip install paramiko==dev``. -We currently support **Python 2.5/2.6/2.7**, with support for Python 3 coming -soon. Users on Python 2.4 or older are urged to upgrade. Paramiko *may* work on -Python 2.4 still, but there is no longer any support guarantee. +We currently support **Python 2.6, 2.7 and 3.3** (Python **3.2** should also +work but has a less-strong compatibility guarantee from us.) Users on Python +2.5 or older are urged to upgrade. Paramiko has two dependencies: the pure-Python ECDSA module `ecdsa`, and the PyCrypto C extension. `ecdsa` is easily installable from wherever you @@ -31,34 +31,6 @@ PyCrypto are a couple gotchas associated with installing PyCrypto: its compatibility with Python's package tools, and the fact that it is a C-based extension. -.. _pycrypto-and-pip: - -Possible gotcha on older Python and/or pip versions ---------------------------------------------------- - -We strongly recommend using ``pip`` to as it is newer and generally better than -``easy_install``. However, a combination of bugs in specific (now rather old) -versions of Python, ``pip`` and PyCrypto can prevent installation of PyCrypto. -Specifically: - -* Python = 2.5.x -* PyCrypto >= 2.1 (required for most modern versions of Paramiko) -* ``pip`` < 0.8.1 - -When all three criteria are met, you may encounter ``No such file or -directory`` IOErrors when trying to ``pip install paramiko`` or ``pip install -PyCrypto``. - -The fix is to make sure at least one of the above criteria is not met, by doing -the following (in order of preference): - -* Upgrade to ``pip`` 0.8.1 or above, e.g. by running ``pip install -U pip``. -* Upgrade to Python 2.6 or above. -* Downgrade to Paramiko 1.7.6 or 1.7.7, which do not require PyCrypto >= 2.1, - and install PyCrypto 2.0.1 (the oldest version on PyPI which works with - Paramiko 1.7.6/1.7.7) - - C extension ----------- -- cgit v1.2.3 From 6fac5df53598e6dedb806121ae40261d7491a341 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 21 Mar 2014 17:28:19 -0700 Subject: Start an FAQ and answer it with a new install section --- sites/www/faq.rst | 9 +++++++++ sites/www/index.rst | 1 + sites/www/installing.rst | 24 ++++++++++++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 sites/www/faq.rst (limited to 'sites') diff --git a/sites/www/faq.rst b/sites/www/faq.rst new file mode 100644 index 00000000..a7e80014 --- /dev/null +++ b/sites/www/faq.rst @@ -0,0 +1,9 @@ +=================================== +Frequently Asked/Answered Questions +=================================== + +Which version should I use? I see multiple active releases. +=========================================================== + +Please see :ref:`the installation docs ` which have an explicit +section about this topic. diff --git a/sites/www/index.rst b/sites/www/index.rst index a8e72624..0864decd 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -13,6 +13,7 @@ usage and API documentation can be found at our code documentation site, .. toctree:: changelog + faq installing contributing contact diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 955a0a59..7d61632d 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -2,6 +2,8 @@ Installing ========== +.. _paramiko-itself: + Paramiko itself =============== @@ -23,6 +25,28 @@ PyCrypto C extension. `ecdsa` is easily installable from wherever you obtained Paramiko's package; PyCrypto may require more work. Read on for details. +.. _release-lines: + +Release lines +------------- + +Users desiring stability may wish to pin themselves to a specific release line +once they first start using Paramiko; to assist in this, we guarantee bugfixes +for at least the last 2-3 releases including the latest stable one. This currently means Paramiko **1.11** through **1.13**. + +If you're unsure which version to install, we have suggestions: + +* **Completely new users** should always default to the **latest stable + release** (as above, whatever is newest / whatever shows up with ``pip + install paramiko``.) +* **Users upgrading from a much older version** (e.g. the 1.7.x line) should + probably get the **oldest actively supported line** (see the paragraph above + this list for what that currently is.) +* **Everybody else** is hopefully already "on" a given version and can + carefully upgrade to whichever version they care to, when their release line + stops being supported. + + PyCrypto ======== -- cgit v1.2.3 From 7feeb272a059ac189de1c2c375baca0916c6fc54 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 21 Mar 2014 17:28:25 -0700 Subject: Uggh how did this slip in --- sites/www/installing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 7d61632d..74c5c6e8 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -7,7 +7,7 @@ Installing Paramiko itself =============== -The recommended way to get Invoke is to **install the latest stable release** +The recommended way to get Paramiko is to **install the latest stable release** via `pip `_:: $ pip install paramiko -- cgit v1.2.3 From a8110d8006f8ee3e520c2ee4c3ef1133b0fedf15 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 21 Mar 2014 17:32:36 -0700 Subject: Real title too large for sidebar --- sites/www/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/index.rst b/sites/www/index.rst index 0864decd..cb3961ce 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -13,7 +13,7 @@ usage and API documentation can be found at our code documentation site, .. toctree:: changelog - faq + FAQs installing contributing contact -- cgit v1.2.3 From a935505b0ad0664f74d07433db40449592a86bf6 Mon Sep 17 00:00:00 2001 From: Sebastian Deiss Date: Thu, 27 Mar 2014 11:14:54 +0100 Subject: Change GSS-API epydoc docstrings to Sphinx --- paramiko/auth_handler.py | 6 +- paramiko/kex_gss.py | 100 +++++++-------- paramiko/server.py | 80 ++++++------ paramiko/ssh_gss.py | 295 +++++++++++++++++++-------------------------- paramiko/transport.py | 43 +++---- sites/docs/api/kex_gss.rst | 5 + sites/docs/api/ssh_gss.rst | 14 +++ sites/docs/index.rst | 2 + 8 files changed, 248 insertions(+), 297 deletions(-) create mode 100644 sites/docs/api/kex_gss.rst create mode 100644 sites/docs/api/ssh_gss.rst (limited to 'sites') diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py index 9c431c45..8532d1f9 100644 --- a/paramiko/auth_handler.py +++ b/paramiko/auth_handler.py @@ -295,7 +295,7 @@ class AuthHandler (object): """ RFC 4462 says we are not required to implement GSS-API error messages. - @see: U{RFC 4462 Section 3.8} + :see: `RFC 4462 Section 3.8 `_ """ raise SSHException("Server returned an error token") elif ptype == MSG_USERAUTH_GSSAPI_ERROR: @@ -481,7 +481,7 @@ class AuthHandler (object): """ RFC 4462 says we are not required to implement GSS-API error messages. - @see: U{RFC 4462 Section 3.8 } + :see: `RFC 4462 Section 3.8 `_ """ while True: m = Message() @@ -524,7 +524,7 @@ class AuthHandler (object): raise if retval == 0: """ - @todo: Implement client credential saving + :todo: Implement client credential saving The OpenSSH server is able to create a TGT with the delegated client credentials, but this is not supported by GSS-API. """ diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index 1a810b8b..02f943ba 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -25,20 +25,20 @@ This module provides GSS-API / SSPI Key Exchange for Paramiko as defined in RFC 4462 with the following restrictions: Credential delegation is not supported in server mode, To Use this module, you need the following additional python packages: -U{pyasn1 >= 0.1.7 }, -U{python-gssapi >= 0.4.0 (Unix) }, -U{pywin32 2.1.8 (Windows) }. - -@summary: SSH2 GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange Module -@version: 0.1 -@author: Sebastian Deiss -@contact: U{https://github.com/SebastianDeiss/paramiko/issues} -@organization: science + computing ag - (U{EMail}) -@copyright: (C) 2003-2007 Robey Pointer, (C) 2013-2014 U{science + computing ag - } -@license: GNU Lesser General Public License (LGPL) -@see: L{ssh_gss} +`pyasn1 >= 0.1.7 `_, +`python-gssapi >= 0.4.0 (Unix) `_, +`pywin32 2.1.8 (Windows) `_. + +:summary: SSH2 GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange Module +:version: 0.1 +:author: Sebastian Deiss +:contact: https://github.com/SebastianDeiss/paramiko/issues +:organization: science + computing ag + `EMail `_ +:copyright: (C) 2003-2007 Robey Pointer, (C) 2013-2014 `science + computing ag + `_ +:license: GNU Lesser General Public License (LGPL) +:see: `.ssh_gss` Created on 12.12.2013 """ @@ -63,13 +63,13 @@ c_MSG_KEXGSS_GROUPREQ, c_MSG_KEXGSS_GROUP = [byte_chr(c) for c in range(40, 42)] class KexGSSGroup1(object): """ GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange - as defined in U{RFC 4462 Section 2 } + as defined in `RFC 4462 Section 2 `_ - @note: RFC 4462 says we are not required to implement GSS-API error + :note: RFC 4462 says we are not required to implement GSS-API error messages. If an error occurs an exception will be thrown and the connection will be terminated. - @see: U{RFC 4462 Section 2.2 } + :see: `RFC 4462 Section 2.2 `_ """ # draft-ietf-secsh-transport-09.txt, page 17 P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF @@ -115,10 +115,8 @@ class KexGSSGroup1(object): """ Parse the next packet. - @param ptype: The type of the incomming packet - @type ptype: Char - @param m: The paket content - @type m: L{Message} + :param char ptype: The type of the incomming packet + :param `.Message` m: The paket content """ if self.transport.server_mode and (ptype == MSG_KEXGSS_INIT): return self._parse_kexgss_init(m) @@ -155,8 +153,7 @@ class KexGSSGroup1(object): """ Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). - @param m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message - @type m: L{Message} + :param `.Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message """ # client mode host_key = m.get_string() @@ -170,8 +167,7 @@ class KexGSSGroup1(object): """ Parse the SSH2_MSG_KEXGSS_CONTINUE message. - @param m: The content of the SSH2_MSG_KEXGSS_CONTINUE message - @type m: L{Message} + :param `.Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message """ if not self.transport.server_mode: srv_token = m.get_string() @@ -190,8 +186,7 @@ class KexGSSGroup1(object): """ Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). - @param m: The content of the SSH2_MSG_KEXGSS_COMPLETE message - @type m: L{Message} + :param `.Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message """ # client mode if self.transport.host_key is None: @@ -232,8 +227,7 @@ class KexGSSGroup1(object): """ Parse the SSH2_MSG_KEXGSS_INIT message (server mode). - @param m: The content of the SSH2_MSG_KEXGSS_INIT message - @type m: L{Message} + :param `.Message` m: The content of the SSH2_MSG_KEXGSS_INIT message """ # server mode client_token = m.get_string() @@ -283,9 +277,8 @@ class KexGSSGroup1(object): The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). - @param m: The content of the SSH2_MSG_KEXGSS_ERROR message - @type m: L{Message} - @raise SSHException: Contains GSS-API major and minor status as well as + :param `.Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message + :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message """ @@ -302,13 +295,13 @@ class KexGSSGroup1(object): class KexGSSGroup14(KexGSSGroup1): """ GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange - as defined in U{RFC 4462 Section 2 } + as defined in `RFC 4462 Section 2 `_ - @note: RFC 4462 says we are not required to implement GSS-API error + :note: RFC 4462 says we are not required to implement GSS-API error messages. If an error occurs an exception will be thrown and the connection will be terminated. - @see: U{RFC 4462 Section 2.2 } + :see: `RFC 4462 Section 2.2 `_ """ P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF G = 2 @@ -318,13 +311,13 @@ class KexGSSGroup14(KexGSSGroup1): class KexGSSGex(object): """ GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange - as defined in U{RFC 4462 Section 2 } + as defined in `RFC 4462 Section 2 `_ - @note: RFC 4462 says we are not required to implement GSS-API error + :note: RFC 4462 says we are not required to implement GSS-API error messages. If an error occurs an exception will be thrown and the connection will be terminated. - @see: U{RFC 4462 Section 2.2 } + :see: `RFC 4462 Section 2.2 `_ """ NAME = "gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" min_bits = 1024 @@ -367,10 +360,8 @@ class KexGSSGex(object): """ Parse the next packet. - @param ptype: The type of the incomming packet - @type ptype: Char - @param m: The paket content - @type m: L{Message} + :param char ptype: The type of the incomming packet + :param `.Message` m: The paket content """ if ptype == MSG_KEXGSS_GROUPREQ: return self._parse_kexgss_groupreq(m) @@ -412,8 +403,7 @@ class KexGSSGex(object): """ Parse the SSH2_MSG_KEXGSS_GROUPREQ message (server mode). - @param m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message - @type m: L{Message} + :param `.Message` m: The content of the SSH2_MSG_KEXGSS_GROUPREQ message """ minbits = m.get_int() preferredbits = m.get_int() @@ -451,8 +441,7 @@ class KexGSSGex(object): """ Parse the SSH2_MSG_KEXGSS_GROUP message (client mode). - @param m: The content of the SSH2_MSG_KEXGSS_GROUP message - @type m: L{Message} + :param `Message` m: The content of the SSH2_MSG_KEXGSS_GROUP message """ self.p = m.get_mpint() self.g = m.get_mpint() @@ -478,8 +467,7 @@ class KexGSSGex(object): """ Parse the SSH2_MSG_KEXGSS_INIT message (server mode). - @param m: The content of the SSH2_MSG_KEXGSS_INIT message - @type m: L{Message} + :param `Message` m: The content of the SSH2_MSG_KEXGSS_INIT message """ client_token = m.get_string() self.e = m.get_mpint() @@ -533,8 +521,7 @@ class KexGSSGex(object): """ Parse the SSH2_MSG_KEXGSS_HOSTKEY message (client mode). - @param m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message - @type m: L{Message} + :param `Message` m: The content of the SSH2_MSG_KEXGSS_HOSTKEY message """ # client mode host_key = m.get_string() @@ -548,8 +535,7 @@ class KexGSSGex(object): """ Parse the SSH2_MSG_KEXGSS_CONTINUE message. - @param m: The content of the SSH2_MSG_KEXGSS_CONTINUE message - @type m: L{Message} + :param `Message` m: The content of the SSH2_MSG_KEXGSS_CONTINUE message """ if not self.transport.server_mode: srv_token = m.get_string() @@ -568,8 +554,7 @@ class KexGSSGex(object): """ Parse the SSH2_MSG_KEXGSS_COMPLETE message (client mode). - @param m: The content of the SSH2_MSG_KEXGSS_COMPLETE message - @type m: L{Message} + :param `Message` m: The content of the SSH2_MSG_KEXGSS_COMPLETE message """ if self.transport.host_key is None: self.transport.host_key = NullHostKey() @@ -619,9 +604,8 @@ class KexGSSGex(object): The server may send a GSS-API error message. if it does, we display the error by throwing an exception (client mode). - @param m: The content of the SSH2_MSG_KEXGSS_ERROR message - @type m: L{Message} - @raise SSHException: Contains GSS-API major and minor status as well as + :param `Message` m: The content of the SSH2_MSG_KEXGSS_ERROR message + :raise SSHException: Contains GSS-API major and minor status as well as the error message and the language tag of the message """ @@ -638,7 +622,7 @@ class KexGSSGex(object): class NullHostKey(object): """ This class represents the Null Host Key for GSS-API Key Exchange - as defined in U{RFC 4462 Section 5 } + as defined in `RFC 4462 Section 5 `_ """ def __init__(self): self.key = "" diff --git a/paramiko/server.py b/paramiko/server.py index 25c39063..cf396b15 100644 --- a/paramiko/server.py +++ b/paramiko/server.py @@ -237,26 +237,23 @@ class ServerInterface (object): Authenticate the given user to the server if he is a valid krb5 principal. - @param username: The username of the authenticating client - @type username: String - @param gss_authenticated: The result of the krb5 authentication - @type gss_authenticated: Integer - @param cc_filename: The krb5 client credentials cache filename - @type cc_filename: String - @return: L{AUTH_FAILED} if the user is not authenticated otherwise - L{AUTH_SUCCESSFUL} - @rtype: Integer - @note: Kerberos credential delegation is not supported. - @see: L{ssh_gss} - @note: We are just checking in L{AuthHandler} that the given user is - a valid krb5 principal! - We don't check if the krb5 principal is allowed to log in on - the server, because there is no way to do that in python. So - if you develop your own SSH server with paramiko for a cetain - plattform like Linux, you should call C{krb5_kuserok()} in your - local kerberos library to make sure that the krb5_principal has - an account on the server and is allowed to log in as a user. - @see: U{http://www.unix.com/man-page/all/3/krb5_kuserok/} + :param str username: The username of the authenticating client + :param int gss_authenticated: The result of the krb5 authentication + :param str cc_filename: The krb5 client credentials cache filename + :return: `.AUTH_FAILED` if the user is not authenticated otherwise + `.AUTH_SUCCESSFUL` + :rtype: int + :note: Kerberos credential delegation is not supported. + :see: `.ssh_gss` + :note: : We are just checking in L{AuthHandler} that the given user is + a valid krb5 principal! + We don't check if the krb5 principal is allowed to log in on + the server, because there is no way to do that in python. So + if you develop your own SSH server with paramiko for a cetain + plattform like Linux, you should call C{krb5_kuserok()} in your + local kerberos library to make sure that the krb5_principal has + an account on the server and is allowed to log in as a user. + :see: `http://www.unix.com/man-page/all/3/krb5_kuserok/` """ if gss_authenticated == AUTH_SUCCESSFUL: return AUTH_SUCCESSFUL @@ -271,26 +268,23 @@ class ServerInterface (object): If GSS-API Key Exchange was not performed, this authentication method won't be available. - @param username: The username of the authenticating client - @type username: String - @param gss_authenticated: The result of the krb5 authentication - @type gss_authenticated: Integer - @param cc_filename: The krb5 client credentials cache filename - @type cc_filename: String - @return: L{AUTH_FAILED} if the user is not authenticated otherwise - L{AUTH_SUCCESSFUL} - @rtype: Integer - @note: Kerberos credential delegation is not supported. - @see: L{ssh_gss}, L{kex_gss} - @note: We are just checking in L{AuthHandler} that the given user is - a valid krb5 principal! - We don't check if the krb5 principal is allowed to log in on - the server, because there is no way to do that in python. So - if you develop your own SSH server with paramiko for a certain - platform like Linux, you should call C{krb5_kuserok()} in your - local kerberos library to make sure that the krb5_principal has - an account on the server and is allowed to log in as a user. - @see: U{http://www.unix.com/man-page/all/3/krb5_kuserok/} + :param str username: The username of the authenticating client + :param int gss_authenticated: The result of the krb5 authentication + :param str cc_filename: The krb5 client credentials cache filename + :return: `.AUTH_FAILED` if the user is not authenticated otherwise + `.AUTH_SUCCESSFUL` + :rtype: int + :note: Kerberos credential delegation is not supported. + :see: `.ssh_gss` `.kex_gss` + :note: : We are just checking in L{AuthHandler} that the given user is + a valid krb5 principal! + We don't check if the krb5 principal is allowed to log in on + the server, because there is no way to do that in python. So + if you develop your own SSH server with paramiko for a cetain + plattform like Linux, you should call C{krb5_kuserok()} in your + local kerberos library to make sure that the krb5_principal has + an account on the server and is allowed to log in as a user. + :see: `http://www.unix.com/man-page/all/3/krb5_kuserok/` """ if gss_authenticated == AUTH_SUCCESSFUL: return AUTH_SUCCESSFUL @@ -302,9 +296,9 @@ class ServerInterface (object): authentication. The default implementation always returns false. - @return: True if GSSAPI authentication is enabled otherwise false - @rtype: Boolean - @see: ssh_gss + :return: True if GSSAPI authentication is enabled otherwise false + :rtype: Boolean + :see: : `.ssh_gss` """ UseGSSAPI = False GSSAPICleanupCredentials = False diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index 35d654af..4dfdec11 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -24,20 +24,20 @@ RFC 4462 with the following restrictions: Credential delegation is not supported in server mode, GSS-API key exchange is supported, but not implemented in Paramiko. To Use this module, you need the following additional python packages: -U{pyasn1 >= 0.1.7 }, -U{python-gssapi >= 0.4.0 (Unix) }, -U{pywin32 2.1.8 (Windows) }. - -@summary: SSH2 GSS-API / SSPI authentication module -@version: 0.1 -@author: Sebastian Deiss -@contact: U{https://github.com/SebastianDeiss/paramiko/issues} -@organization: science + computing ag - (U{EMail}) -@copyright: (C) 2013-2014 U{science + computing ag - } -@license: GNU Lesser General Public License (LGPL) -@see: L{kex_gss} +`pyasn1 >= 0.1.7 `_, +`python-gssapi >= 0.4.0 (Unix) `_, +`pywin32 2.1.8 (Windows) `_. + +:summary: SSH2 GSS-API / SSPI authentication module +:version: 0.1 +:author: Sebastian Deiss +:contact: https://github.com/SebastianDeiss/paramiko/issues +:organization: science + computing ag + `EMail `_ +:copyright: (C) 2013-2014 `science + computing ag + `_ +:license: GNU Lesser General Public License (LGPL) +:see: `.kex_gss` Created on 07.11.2013 """ @@ -47,9 +47,8 @@ import os import sys ''' -@var GSS_AUTH_AVAILABLE: Constraint that indicates if GSS-API / SSPI is +:var bool GSS_AUTH_AVAILABLE: Constraint that indicates if GSS-API / SSPI is Available. -@type GSS_AUTH_AVAILABLE: Boolean ''' GSS_AUTH_AVAILABLE = True @@ -74,8 +73,7 @@ from paramiko.common import MSG_USERAUTH_REQUEST from paramiko.ssh_exception import SSHException """ -@var _API: Constraint for the used API -@type _API: String +:var str _API: Constraint for the used API """ _API = "MIT" @@ -95,25 +93,23 @@ def GSSAuth(auth_method, gss_deleg_creds=True): """ Provide SSH2 GSS-API / SSPI authentication for Paramiko. - @param auth_method: The name of the SSH authentication mechanism - (gssapi-with-mic or gss-keyex) - @type auth_method: String - @param gss_deleg_creds: Delegate client credentials or not. - We delegate credentials by default. - @type gss_deleg_creds: Boolean - @return: Either an L{_SSH_GSSAPI} (Unix) object or an - L{_SSH_SSPI} (Windows) object - @rtype: Object - - @raise ImportError: If no GSS-API / SSPI module could be imported. - - @see: U{RFC 4462 } - @note: Check for the available API and return either an L{_SSH_GSSAPI} - (MIT GSSAPI) object or an L{_SSH_SSPI} (MS SSPI) object. If you + :param str auth_method: The name of the SSH authentication mechanism + (gssapi-with-mic or gss-keyex) + :param bool gss_deleg_creds: Delegate client credentials or not. + We delegate credentials by default. + :return: Either an `._SSH_GSSAPI` (Unix) object or an + `_SSH_SSPI` (Windows) object + :rtype: Object + + :raise ImportError: If no GSS-API / SSPI module could be imported. + + :see: `RFC 4462 `_ + :note: Check for the available API and return either an `._SSH_GSSAPI` + (MIT GSSAPI) object or an `._SSH_SSPI` (MS SSPI) object. If you get python-gssapi working on Windows, python-gssapi - will be used and a L{_SSH_GSSAPI} object will be returned. + will be used and a `._SSH_GSSAPI` object will be returned. If there is no supported API available, - C{None} will be returned. + ``None`` will be returned. """ if _API == "MIT": return _SSH_GSSAPI(auth_method, gss_deleg_creds) @@ -125,16 +121,14 @@ def GSSAuth(auth_method, gss_deleg_creds=True): class _SSH_GSSAuth(object): """ - Contains the shared variables and methods of L{_SSH_GSSAPI} and - L{_SSH_SSPI}. + Contains the shared variables and methods of `._SSH_GSSAPI` and + `._SSH_SSPI`. """ def __init__(self, auth_method, gss_deleg_creds): """ - @param auth_method: The name of the SSH authentication mechanism - (gssapi-with-mic or gss-keyex) - @type auth_method: String - @param gss_deleg_creds: Delegate client credentials or not - @type gss_deleg_creds: Boolean + :param str auth_method: The name of the SSH authentication mechanism + (gssapi-with-mic or gss-keyex) + :param bool gss_deleg_creds: Delegate client credentials or not """ self._auth_method = auth_method self._gss_deleg_creds = gss_deleg_creds @@ -163,9 +157,8 @@ class _SSH_GSSAuth(object): I added this method, because RFC 4462 doesn't specify "ssh-connection" as the only service value. - @param service: The desired SSH service - @type service: String - @rtype: Void + :param str service: The desired SSH service + :rtype: Void """ if service.find("ssh-"): self._service = service @@ -175,9 +168,8 @@ class _SSH_GSSAuth(object): Setter for C{username}. If GSS-API Key Exchange is performed, the username is not set by C{ssh_init_sec_context}. - @param username: The name of the user who attempts to login - @type username: String - @rtype: Void + :param str username: The name of the user who attempts to login + :rtype: Void """ self._username = username @@ -186,14 +178,13 @@ class _SSH_GSSAuth(object): This method returns a single OID, because we only support the Kerberos V5 mechanism. - @param mode: Client for client mode and server for server mode - @param mode: String - @return: A byte sequence containing the number of supported + :param str mode: Client for client mode and server for server mode + :return: A byte sequence containing the number of supported OIDs, the length of the OID and the actual OID encoded with DER - @note: In server mode we just return the OID length and the DER encoded + :rtype: Bytes + :note: In server mode we just return the OID length and the DER encoded OID. - @rtype: Bytes """ OIDs = self._make_uint32(1) krb5_OID = encoder.encode(ObjectIdentifier(self._krb5_mech)) @@ -206,10 +197,9 @@ class _SSH_GSSAuth(object): """ Check if the given OID is the Kerberos V5 OID (server mode). - @param desired_mech: The desired GSS-API mechanism of the client - @type desired_mech: String - @return: C{True} if the given OID is supported, otherwise C{False} - @rtype: Boolean + :param str desired_mech: The desired GSS-API mechanism of the client + :return: ``True`` if the given OID is supported, otherwise C{False} + :rtype: Boolean """ mech, __ = decoder.decode(desired_mech) if mech.__str__() != self._krb5_mech: @@ -222,10 +212,9 @@ class _SSH_GSSAuth(object): """ Create a 32 bit unsigned integer (The byte sequence of an integer). - @param integer: The integer value to convert - @type integer: Integer - @return: The byte sequence of an 32 bit integer - @rtype: Bytes + :param int integer: The integer value to convert + :return: The byte sequence of an 32 bit integer + :rtype: Bytes """ return struct.pack("!I", integer) @@ -233,15 +222,11 @@ class _SSH_GSSAuth(object): """ Create the SSH2 MIC filed for gssapi-with-mic. - @param session_id: The SSH session ID - @type session_id: String - @param username: The name of the user who attempts to login - @type username: String - @param service: The requested SSH service - @type service: String - @param auth_method: The requested SSH authentication mechanism - @type auth_method: String - @return: The MIC as defined in RFC 4462. The contents of the + :param str session_id: The SSH session ID + :param str username: The name of the user who attempts to login + :param str service: The requested SSH service + :param str auth_method: The requested SSH authentication mechanism + :return: The MIC as defined in RFC 4462. The contents of the MIC field are: string session_identifier, byte SSH_MSG_USERAUTH_REQUEST, @@ -249,7 +234,7 @@ class _SSH_GSSAuth(object): string service (ssh-connection), string authentication-method (gssapi-with-mic or gssapi-keyex) - @rtype: Bytes + :rtype: Bytes """ mic = self._make_uint32(len(session_id)) mic += session_id @@ -267,15 +252,13 @@ class _SSH_GSSAPI(_SSH_GSSAuth): """ Implementation of the GSS-API MIT Kerberos Authentication for SSH2. - @see: L{GSSAuth} + :see: `.GSSAuth` """ def __init__(self, auth_method, gss_deleg_creds): """ - @param auth_method: The name of the SSH authentication mechanism - (gssapi-with-mic or gss-keyex) - @type auth_method: String - @param gss_deleg_creds: Delegate client credentials or not - @type gss_deleg_creds: Boolean + :param str auth_method: The name of the SSH authentication mechanism + (gssapi-with-mic or gss-keyex) + :param bool gss_deleg_creds: Delegate client credentials or not """ _SSH_GSSAuth.__init__(self, auth_method, gss_deleg_creds) @@ -294,21 +277,17 @@ class _SSH_GSSAPI(_SSH_GSSAuth): """ Initialize a GSS-API context. - @param username: The name of the user who attempts to login - @type username: String - @param target: The hostname of the target to connect to - @type target: String - @param desired_mech: The negotiated GSS-API mechanism - ("pseudo negotiated" mechanism, because we - support just the krb5 mechanism :-)) - @type desired_mech: String - @param recv_token: The GSS-API token received from the Server - @type recv_token: String - @raise SSHException: Is raised if the desired mechanism of the client + :param str username: The name of the user who attempts to login + :param str target: The hostname of the target to connect to + :param str desired_mech: The negotiated GSS-API mechanism + ("pseudo negotiated" mechanism, because we + support just the krb5 mechanism :-)) + :param str recv_token: The GSS-API token received from the Server + :raise SSHException: Is raised if the desired mechanism of the client is not supported - @return: A C{String} if the GSS-API has returned a token or C{None} if + :return: A ``String`` if the GSS-API has returned a token or ``None`` if no token was returned - @rtype: String or None + :rtype: String or None """ self._username = username self._gss_host = target @@ -343,18 +322,16 @@ class _SSH_GSSAPI(_SSH_GSSAuth): """ Create the MIC token for a SSH2 message. - @param session_id: The SSH session ID - @type session_id: String - @param gss_kex: Generate the MIC for GSS-API Key Exchange or not - @type gss_kex: Boolean - @return: gssapi-with-mic: + :param str session_id: The SSH session ID + :param bool gss_kex: Generate the MIC for GSS-API Key Exchange or not + :return: gssapi-with-mic: Returns the MIC token from GSS-API for the message we created - with C{_ssh_build_mic}. + with ``_ssh_build_mic``. gssapi-keyex: Returns the MIC token from GSS-API with the SSH session ID as message. - @rtype: String - @see: L{_ssh_build_mic} + :rtype: String + :see: `._ssh_build_mic` """ self._session_id = session_id if not gss_kex: @@ -372,16 +349,13 @@ class _SSH_GSSAPI(_SSH_GSSAuth): """ Accept a GSS-API context (server mode). - @param hostname: The servers hostname - @type hostname: String - @param username: The name of the user who attempts to login - @type username: String - @param recv_token: The GSS-API Token received from the server, if it's - not the initial call - @type recv_token: String - @return: A C{String} if the GSS-API has returned a token or C{None} if - no token was returned - @rtype: String or None + :param str hostname: The servers hostname + :param str username: The name of the user who attempts to login + :param str recv_token: The GSS-API Token received from the server, + if it's not the initial call. + :return: A ``String`` if the GSS-API has returned a token or ``None`` + if no token was returned + :rtype: String or None """ # hostname and username are not required for GSSAPI, but for SSPI self._gss_host = hostname @@ -396,14 +370,11 @@ class _SSH_GSSAPI(_SSH_GSSAuth): """ Verify the MIC token for a SSH2 message. - @param mic_token: The MIC token received from the client - @type mic_token: String - @param session_id: The SSH session ID - @type session_id: String - @param username: The name of the user who attempts to login - @type username: String - @return: 0 if the MIC check was successful and 1 if it fails - @rtype: Integer + :param str mic_token: The MIC token received from the client + :param str session_id: The SSH session ID + :param str username: The name of the user who attempts to login + :return: 0 if the MIC check was successful and 1 if it fails + :rtype: int """ self._session_id = session_id self._username = username @@ -427,8 +398,8 @@ class _SSH_GSSAPI(_SSH_GSSAuth): """ Checks if credentials are delegated (server mode). - @return: C{True} if credentials are delegated, otherwise C{False} - @rtype: Boolean + :return: ``True`` if credentials are delegated, otherwise ``False`` + :rtype: bool """ if self._gss_srv_ctxt.delegated_cred is not None: return True @@ -440,9 +411,8 @@ class _SSH_GSSAPI(_SSH_GSSAuth): to store the client credentials if credentials are delegated (server mode). - @param client_token: The GSS-API token received form the client - @type client_token: String - @raise NotImplementedError: Credential delegation is currently not + :param str client_token: The GSS-API token received form the client + :raise NotImplementedError: Credential delegation is currently not supported in server mode """ raise NotImplementedError @@ -452,15 +422,13 @@ class _SSH_SSPI(_SSH_GSSAuth): """ Implementation of the Microsoft SSPI Kerberos Authentication for SSH2. - @see: L{GSSAuth} + :see: `.GSSAuth` """ def __init__(self, auth_method, gss_deleg_creds): """ - @param auth_method: The name of the SSH authentication mechanism - (gssapi-with-mic or gss-keyex) - @type auth_method: String - @param gss_deleg_creds: Delegate client credentials or not - @type gss_deleg_creds: Boolean + :param str auth_method: The name of the SSH authentication mechanism + (gssapi-with-mic or gss-keyex) + :param bool gss_deleg_creds: Delegate client credentials or not """ _SSH_GSSAuth.__init__(self, auth_method, gss_deleg_creds) @@ -477,21 +445,17 @@ class _SSH_SSPI(_SSH_GSSAuth): """ Initialize a SSPI context. - @param username: The name of the user who attempts to login - @type username: String - @param target: The FQDN of the target to connect to - @type target: String - @param desired_mech: The negotiated SSPI mechanism - ("pseudo negotiated" mechanism, because we - support just the krb5 mechanism :-)) - @type desired_mech: String - @param recv_token: The SSPI token received from the Server - @type recv_token: String - @raise SSHException: Is raised if the desired mechanism of the client + :param str username: The name of the user who attempts to login + :param str target: The FQDN of the target to connect to + :param str desired_mech: The negotiated SSPI mechanism + ("pseudo negotiated" mechanism, because we + support just the krb5 mechanism :-)) + :param recv_token: The SSPI token received from the Server + :raise SSHException: Is raised if the desired mechanism of the client is not supported - @return: A C{String} if the SSPI has returned a token or C{None} if + :return: A ``String`` if the SSPI has returned a token or ``None`` if no token was returned - @rtype: String or None + :rtype: String or None """ self._username = username self._gss_host = target @@ -528,18 +492,16 @@ class _SSH_SSPI(_SSH_GSSAuth): """ Create the MIC token for a SSH2 message. - @param session_id: The SSH session ID - @type session_id: String - @param gss_kex: Generate the MIC for Key Exchange with SSPI or not - @type gss_kex: Boolean - @return: gssapi-with-mic: + :param str session_id: The SSH session ID + :param bool gss_kex: Generate the MIC for Key Exchange with SSPI or not + :return: gssapi-with-mic: Returns the MIC token from SSPI for the message we created - with C{_ssh_build_mic}. + with ``_ssh_build_mic``. gssapi-keyex: Returns the MIC token from SSPI with the SSH session ID as message. - @rtype: String - @see: L{_ssh_build_mic} + :rtype: String + :see: `._ssh_build_mic` """ self._session_id = session_id if not gss_kex: @@ -557,16 +519,13 @@ class _SSH_SSPI(_SSH_GSSAuth): """ Accept a SSPI context (server mode). - @param hostname: The servers FQDN - @type hostname: String - @param username: The name of the user who attempts to login - @type username: String - @param recv_token: The SSPI Token received from the server, if it's not - the initial call - @type recv_token: String - @return: A C{String} if the SSPI has returned a token or C{None} if + :param str hostname: The servers FQDN + :param str username: The name of the user who attempts to login + :param str recv_token: The SSPI Token received from the server, + if it's not the initial call. + :return: A ``String`` if the SSPI has returned a token or ``None`` if no token was returned - @rtype: String or None + :rtype: String or None """ self._gss_host = hostname self._username = username @@ -583,14 +542,11 @@ class _SSH_SSPI(_SSH_GSSAuth): """ Verify the MIC token for a SSH2 message. - @param mic_token: The MIC token received from the client - @type mic_token: String - @param session_id: The SSH session ID - @type session_id: String - @param username: The name of the user who attempts to login - @type username: String - @return: 0 if the MIC check was successful - @rtype: Integer + :param str mic_token: The MIC token received from the client + :param str session_id: The SSH session ID + :param str username: The name of the user who attempts to login + :return: 0 if the MIC check was successful + :rtype: int """ self._session_id = session_id self._username = username @@ -620,8 +576,8 @@ class _SSH_SSPI(_SSH_GSSAuth): """ Checks if credentials are delegated (server mode). - @return: C{True} if credentials are delegated, otherwise C{False} - @rtype: Boolean + :return: ``True`` if credentials are delegated, otherwise ``False`` + :rtype: Boolean """ return ( self._gss_flags & sspicon.ISC_REQ_DELEGATE @@ -635,9 +591,8 @@ class _SSH_SSPI(_SSH_GSSAuth): to store the client credentails if credentials are delegated (server mode). - @param client_token: The SSPI token received form the client - @type client_token: String - @raise NotImplementedError: Credential delegation is currently not + :param str client_token: The SSPI token received form the client + :raise NotImplementedError: Credential delegation is currently not supported in server mode """ raise NotImplementedError diff --git a/paramiko/transport.py b/paramiko/transport.py index 393b1d35..86b5e7e4 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -326,10 +326,9 @@ class Transport (threading.Thread): """ Setter for C{gss_host} if GSS-API Key Exchange is performed. - @param gss_host: The targets name in the kerberos database - Default: The name of the host to connect to - @type gss_host: String - @rtype: Void + :param str gss_host: The targets name in the kerberos database + Default: The name of the host to connect to + :rtype: Void """ # We need the FQDN to get this working with SSPI self.gss_host = socket.getfqdn(gss_host) @@ -1226,20 +1225,17 @@ class Transport (threading.Thread): """ Authenticate to the Server using GSS-API / SSPI. - @param username: The username to authenticate as - @type username: String - @param gss_host: The target host - @type gss_host: String - @param gss_deleg_creds: Delegate credentials or not - @type gss_deleg_creds: Boolean - @return: list of auth types permissible for the next stage of + :param str username: The username to authenticate as + :param str gss_host: The target host + :param bool gss_deleg_creds: Delegate credentials or not + :return: list of auth types permissible for the next stage of authentication (normally empty) - @rtype: list - @raise BadAuthenticationType: if gssapi-with-mic isn't + :rtype: list + :raise BadAuthenticationType: if gssapi-with-mic isn't allowed by the server (and no event was passed in) - @raise AuthenticationException: if the authentication failed (and no + :raise AuthenticationException: if the authentication failed (and no event was passed in) - @raise SSHException: if there was a network error + :raise SSHException: if there was a network error """ if (not self.active) or (not self.initial_kex_done): # we should never try to authenticate unless we're on a secure link @@ -1254,16 +1250,17 @@ class Transport (threading.Thread): Authenticate to the Server with GSS-API / SSPI if GSS-API Key Exchange was the used key exchange method. - @param username: The username to authenticate as - @type username: String - @return: list of auth types permissible for the next stage of - authentication (normally empty) - @rtype: list - @raise BadAuthenticationType: if GSS-API Key Exchange was not performed + :param str username: The username to authenticate as + :param str gss_host: The target host + :param bool gss_deleg_creds: Delegate credentials or not + :return: list of auth types permissible for the next stage of + authentication (normally empty) + :rtype: list + :raise BadAuthenticationType: if GSS-API Key Exchange was not performed (and no event was passed in) - @raise AuthenticationException: if the authentication failed (and no + :raise AuthenticationException: if the authentication failed (and no event was passed in) - @raise SSHException: if there was a network error + :raise SSHException: if there was a network error """ if (not self.active) or (not self.initial_kex_done): # we should never try to authenticate unless we're on a secure link diff --git a/sites/docs/api/kex_gss.rst b/sites/docs/api/kex_gss.rst new file mode 100644 index 00000000..a662be01 --- /dev/null +++ b/sites/docs/api/kex_gss.rst @@ -0,0 +1,5 @@ +GSS-API Key Exchange Module +=========================== + +.. automodule:: paramiko.kex_gss + :member-order: bysource diff --git a/sites/docs/api/ssh_gss.rst b/sites/docs/api/ssh_gss.rst new file mode 100644 index 00000000..1b08c7f8 --- /dev/null +++ b/sites/docs/api/ssh_gss.rst @@ -0,0 +1,14 @@ +Paramiko GSS-API Interface +========================== + +.. automodule:: paramiko.ssh_gss + :member-order: bysource + +.. autoclass:: _SSH_GSSAuth + :member-order: bysource + +.. autoclass:: _SSH_GSSAPI + :member-order: bysource + +.. autoclass:: _SSH_SSPI + :member-order: bysource diff --git a/sites/docs/index.rst b/sites/docs/index.rst index f336b393..87265d95 100644 --- a/sites/docs/index.rst +++ b/sites/docs/index.rst @@ -50,6 +50,8 @@ Authentication & keys api/agent api/hostkeys api/keys + api/ssh_gss + api/kex_gss Other primary functions -- cgit v1.2.3 From 5a430def22aa5cbd755f347c8714e4140d6cdcab Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 27 Mar 2014 14:02:03 -0700 Subject: Forgot to explicitly note python 2.5 drop in changelog for py3 --- sites/www/changelog.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 02fee80b..4563877d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -15,7 +15,8 @@ Changelog * :release:`1.11.5 <2014-03-13>` * :release:`1.10.7 <2014-03-13>` * :feature:`16` **Python 3 support!** Our test suite passes under Python 3, and - it (& Fabric's test suite) continues to pass under Python 2. + it (& Fabric's test suite) continues to pass under Python 2. **Python 2.5 is + no longer supported with this change!** The merged code was built on many contributors' efforts, both code & feedback. In no particular order, we thank Daniel Goertzen, Ivan Kolodyazhny, -- cgit v1.2.3 From 80aff93d3f0040f5886e983a6ce781717f7703a4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 1 Apr 2014 12:36:21 -0700 Subject: Fix broken tag-tree links in changelog --- sites/www/conf.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/conf.py b/sites/www/conf.py index 1c6c9254..0c8af16c 100644 --- a/sites/www/conf.py +++ b/sites/www/conf.py @@ -14,7 +14,8 @@ rss_description = 'Paramiko project news' # Releases changelog extension extensions.append('releases') -releases_release_uri = "https://github.com/paramiko/paramiko/tree/%s" +# Paramiko 1.x tags start with 'v'. Meh. +releases_release_uri = "https://github.com/paramiko/paramiko/tree/v%s" releases_issue_uri = "https://github.com/paramiko/paramiko/issues/%s" # Intersphinx for referencing API/usage docs -- cgit v1.2.3 From b85a09673a31719b76b3998270137f0189c226e5 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 6 Apr 2014 16:19:03 -0700 Subject: Use newer alabaster w/ showhidden in sidebar TOC Lets us not have 2x TOCs on landing page --- dev-requirements.txt | 2 +- sites/www/index.rst | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/dev-requirements.txt b/dev-requirements.txt index 5744f331..91ae8549 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -5,5 +5,5 @@ tox>=1.4,<1.5 invoke>=0.7.0 invocations>=0.5.0 sphinx>=1.1.3 -alabaster>=0.3.1 +alabaster>=0.4.0 releases>=0.5.2 diff --git a/sites/www/index.rst b/sites/www/index.rst index cb3961ce..03189cfa 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -12,6 +12,8 @@ usage and API documentation can be found at our code documentation site, `docs.paramiko.org `_. .. toctree:: + :hidden: + changelog FAQs installing -- cgit v1.2.3 From 1103416d8386e7965bae0d51d596efc4f5a75670 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 6 Apr 2014 16:24:16 -0700 Subject: Put blog into a branch --- sites/www/blog.py | 140 ----------------------------------------- sites/www/blog.rst | 16 ----- sites/www/blog/first-post.rst | 7 --- sites/www/blog/second-post.rst | 7 --- sites/www/conf.py | 6 -- sites/www/index.rst | 9 +-- 6 files changed, 2 insertions(+), 183 deletions(-) delete mode 100644 sites/www/blog.py delete mode 100644 sites/www/blog.rst delete mode 100644 sites/www/blog/first-post.rst delete mode 100644 sites/www/blog/second-post.rst (limited to 'sites') diff --git a/sites/www/blog.py b/sites/www/blog.py deleted file mode 100644 index 3b129ebf..00000000 --- a/sites/www/blog.py +++ /dev/null @@ -1,140 +0,0 @@ -from collections import namedtuple -from datetime import datetime -import time -import email.utils - -from sphinx.util.compat import Directive -from docutils import nodes - - -class BlogDateDirective(Directive): - """ - Used to parse/attach date info to blog post documents. - - No nodes generated, since none are needed. - """ - has_content = True - - def run(self): - # Tag parent document with parsed date value. - self.state.document.blog_date = datetime.strptime( - self.content[0], "%Y-%m-%d" - ) - # Don't actually insert any nodes, we're already done. - return [] - -class blog_post_list(nodes.General, nodes.Element): - pass - -class BlogPostListDirective(Directive): - """ - Simply spits out a 'blog_post_list' temporary node for replacement. - - Gets replaced at doctree-resolved time - only then will all blog post - documents be written out (& their date directives executed). - """ - def run(self): - return [blog_post_list('')] - - -Post = namedtuple('Post', 'name doc title date opener') - -def get_posts(app): - # Obtain blog posts - post_names = filter(lambda x: x.startswith('blog/'), app.env.found_docs) - posts = map(lambda x: (x, app.env.get_doctree(x)), post_names) - # Obtain common data used for list page & RSS - data = [] - for post, doc in sorted(posts, key=lambda x: x[1].blog_date, reverse=True): - # Welp. No "nice" way to get post title. Thanks Sphinx. - title = doc[0][0][0] - # Date. This may or may not end up reflecting the required - # *input* format, but doing it here gives us flexibility. - date = doc.blog_date - # 1st paragraph as opener. TODO: allow a role or something marking - # where to actually pull from? - opener = doc.traverse(nodes.paragraph)[0] - data.append(Post(post, doc, title, date, opener)) - return data - -def replace_blog_post_lists(app, doctree, fromdocname): - """ - Replace blog_post_list nodes with ordered list-o-links to posts. - """ - # Obtain blog posts - post_names = filter(lambda x: x.startswith('blog/'), app.env.found_docs) - posts = map(lambda x: (x, app.env.get_doctree(x)), post_names) - # Build "list" of links/etc - post_links = [] - for post, doc, title, date, opener in get_posts(app): - # Link itself - uri = app.builder.get_relative_uri(fromdocname, post) - link = nodes.reference('', '', refdocname=post, refuri=uri) - # Title, bolded. TODO: use 'topic' or something maybe? - link.append(nodes.strong('', title)) - date = date.strftime("%Y-%m-%d") - # Meh @ not having great docutils nodes which map to this. - html = '
%s
' % date - timestamp = nodes.raw(text=html, format='html') - # NOTE: may group these within another element later if styling - # necessitates it - group = [timestamp, nodes.paragraph('', '', link), opener] - post_links.extend(group) - - # Replace temp node(s) w/ expanded list-o-links - for node in doctree.traverse(blog_post_list): - node.replace_self(post_links) - -def rss_timestamp(timestamp): - # Use horribly inappropriate module for its magical daylight-savings-aware - # timezone madness. Props to Tinkerer for the idea. - return email.utils.formatdate( - time.mktime(timestamp.timetuple()), - localtime=True - ) - -def generate_rss(app): - # Meh at having to run this subroutine like 3x per build. Not worth trying - # to be clever for now tho. - posts_ = get_posts(app) - # LOL URLs - root = app.config.rss_link - if not root.endswith('/'): - root += '/' - # Oh boy - posts = [ - ( - root + app.builder.get_target_uri(x.name), - x.title, - str(x.opener[0]), # Grab inner text element from paragraph - rss_timestamp(x.date), - ) - for x in posts_ - ] - location = 'blog/rss.xml' - context = { - 'title': app.config.project, - 'link': root, - 'atom': root + location, - 'description': app.config.rss_description, - # 'posts' is sorted by date already - 'date': rss_timestamp(posts_[0].date), - 'posts': posts, - } - yield (location, context, 'rss.xml') - -def setup(app): - # Link in RSS feed back to main website, e.g. 'http://paramiko.org' - app.add_config_value('rss_link', None, '') - # Ditto for RSS description field - app.add_config_value('rss_description', None, '') - # Interprets date metadata in blog post documents - app.add_directive('date', BlogDateDirective) - # Inserts blog post list node (in e.g. a listing page) for replacement - # below - app.add_node(blog_post_list) - app.add_directive('blog-posts', BlogPostListDirective) - # Performs abovementioned replacement - app.connect('doctree-resolved', replace_blog_post_lists) - # Generates RSS page from whole cloth at page generation step - app.connect('html-collect-pages', generate_rss) diff --git a/sites/www/blog.rst b/sites/www/blog.rst deleted file mode 100644 index af9651e4..00000000 --- a/sites/www/blog.rst +++ /dev/null @@ -1,16 +0,0 @@ -==== -Blog -==== - -.. blog-posts directive gets replaced with an ordered list of blog posts. - -.. blog-posts:: - - -.. The following toctree ensures blog posts get processed. - -.. toctree:: - :hidden: - :glob: - - blog/* diff --git a/sites/www/blog/first-post.rst b/sites/www/blog/first-post.rst deleted file mode 100644 index 7b075073..00000000 --- a/sites/www/blog/first-post.rst +++ /dev/null @@ -1,7 +0,0 @@ -=========== -First post! -=========== - -A blog post. - -.. date:: 2013-12-04 diff --git a/sites/www/blog/second-post.rst b/sites/www/blog/second-post.rst deleted file mode 100644 index c4463f33..00000000 --- a/sites/www/blog/second-post.rst +++ /dev/null @@ -1,7 +0,0 @@ -=========== -Another one -=========== - -.. date:: 2013-12-05 - -Indeed! diff --git a/sites/www/conf.py b/sites/www/conf.py index 0c8af16c..5047fa67 100644 --- a/sites/www/conf.py +++ b/sites/www/conf.py @@ -6,12 +6,6 @@ from os.path import abspath, join, dirname sys.path.append(abspath(join(dirname(__file__), '..'))) from shared_conf import * -# Local blog extension -sys.path.append(abspath('.')) -extensions.append('blog') -rss_link = 'http://paramiko.org' -rss_description = 'Paramiko project news' - # Releases changelog extension extensions.append('releases') # Paramiko 1.x tags start with 'v'. Meh. diff --git a/sites/www/index.rst b/sites/www/index.rst index 03189cfa..77e5fcbb 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -11,6 +11,8 @@ contribution guidelines, development roadmap, news/blog, and so forth. Detailed usage and API documentation can be found at our code documentation site, `docs.paramiko.org `_. +Please see the sidebar to the left to bebin. + .. toctree:: :hidden: @@ -20,13 +22,6 @@ usage and API documentation can be found at our code documentation site, contributing contact -.. Hide blog in hidden toctree for now (to avoid warnings.) - -.. toctree:: - :hidden: - - blog - .. rubric:: Footnotes -- cgit v1.2.3 From 8b9e60f4ce66c913cd7a8371349b07e476e0e6e6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 6 Apr 2014 16:25:02 -0700 Subject: Wow. Just wow. --- sites/www/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/index.rst b/sites/www/index.rst index 77e5fcbb..1b609709 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -11,7 +11,7 @@ contribution guidelines, development roadmap, news/blog, and so forth. Detailed usage and API documentation can be found at our code documentation site, `docs.paramiko.org `_. -Please see the sidebar to the left to bebin. +Please see the sidebar to the left to begin. .. toctree:: :hidden: -- cgit v1.2.3 From 57e647341f416c879ae3841c9a7be50c52a21327 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 6 Apr 2014 18:52:58 -0700 Subject: Nuke Fab-oriented link color override --- sites/shared_conf.py | 3 --- 1 file changed, 3 deletions(-) (limited to 'sites') diff --git a/sites/shared_conf.py b/sites/shared_conf.py index c61ca638..c265fc49 100644 --- a/sites/shared_conf.py +++ b/sites/shared_conf.py @@ -14,9 +14,6 @@ html_theme_options = { 'github_repo': 'paramiko', 'gittip_user': 'bitprophet', 'analytics_id': 'UA-18486793-2', - - 'link': '#3782BE', - 'link_hover': '#3782BE', } html_sidebars = { '**': [ -- cgit v1.2.3 From be7c679942b9b3a1838cce692f87e1c3d45092cf Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 10:48:33 -0400 Subject: Errything uses intersphinx to Python --- sites/docs/conf.py | 7 +------ sites/shared_conf.py | 7 ++++++- sites/www/conf.py | 4 +--- 3 files changed, 8 insertions(+), 10 deletions(-) (limited to 'sites') diff --git a/sites/docs/conf.py b/sites/docs/conf.py index f9355715..5674fed1 100644 --- a/sites/docs/conf.py +++ b/sites/docs/conf.py @@ -5,16 +5,11 @@ sys.path.append(os.path.abspath('../..')) from shared_conf import * # Enable autodoc, intersphinx -extensions.extend(['sphinx.ext.autodoc', 'sphinx.ext.intersphinx']) +extensions.extend(['sphinx.ext.autodoc']) # Autodoc settings autodoc_default_flags = ['members', 'special-members'] -# Intersphinx connection to stdlib -intersphinx_mapping = { - 'python': ('http://docs.python.org/2.6', None), -} - # Sister-site links to WWW html_theme_options['extra_nav_links'] = { "Main website": 'http://www.paramiko.org', diff --git a/sites/shared_conf.py b/sites/shared_conf.py index c265fc49..e0afe92e 100644 --- a/sites/shared_conf.py +++ b/sites/shared_conf.py @@ -5,7 +5,7 @@ import alabaster # Alabaster theme + mini-extension html_theme_path = [alabaster.get_path()] -extensions = ['alabaster'] +extensions = ['alabaster', 'sphinx.ext.intersphinx'] # Paths relative to invoking conf.py - not this shared file html_theme = 'alabaster' html_theme_options = { @@ -24,6 +24,11 @@ html_sidebars = { ] } +# Everything intersphinx's to Python +intersphinx_mapping = { + 'python': ('http://docs.python.org/2.6', None), +} + # Regular settings project = 'Paramiko' year = datetime.now().year diff --git a/sites/www/conf.py b/sites/www/conf.py index 5047fa67..bdb5929a 100644 --- a/sites/www/conf.py +++ b/sites/www/conf.py @@ -20,9 +20,7 @@ target = join(dirname(__file__), '..', 'docs', '_build') if os.environ.get('READTHEDOCS') == 'True': # TODO: switch to docs.paramiko.org post go-live of sphinx API docs target = 'http://docs.paramiko.org/en/latest/' -intersphinx_mapping = { - 'docs': (target, None), -} +intersphinx_mapping['docs'] = (target, None) # Sister-site links to API docs html_theme_options['extra_nav_links'] = { -- cgit v1.2.3 From 160e2c08e0b7652a92d879c0e481ce72cddafef7 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 10:48:55 -0400 Subject: Changelog, closes #295 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 4563877d..eff8c2e8 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`295` Swap out a bunch of PyCrypto hash functions with use of + `hashlib` * :support:`290` (also :issue:`292`) Add support for building universal (Python 2+3 compatible) wheel files during the release process. Courtesy of Alex Gaynor. -- cgit v1.2.3 From 1e0e296b05a3e63b33291cfe3d688a435f592c3c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 10:50:12 -0400 Subject: Derp --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index eff8c2e8..5f019bb8 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -3,7 +3,7 @@ Changelog ========= * :support:`295` Swap out a bunch of PyCrypto hash functions with use of - `hashlib` + `hashlib`. Thanks to Alex Gaynor. * :support:`290` (also :issue:`292`) Add support for building universal (Python 2+3 compatible) wheel files during the release process. Courtesy of Alex Gaynor. -- cgit v1.2.3 From 9e2e9812247adbedf0eab84ad5cdd80c458d68f9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 11:05:25 -0400 Subject: Changelog, closes #297 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5f019bb8..653502ca 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`297` Replace PyCrypto's ``Random`` with `os.urandom` for improved + speed and security. Thanks again to Alex. * :support:`295` Swap out a bunch of PyCrypto hash functions with use of `hashlib`. Thanks to Alex Gaynor. * :support:`290` (also :issue:`292`) Add support for building universal -- cgit v1.2.3 From e96e2653a2ca0a465d2773b1fe468c0f87e758bc Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 11:29:41 -0400 Subject: Changelog, closes #299 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 653502ca..2c4c1cf7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`299` Use deterministic signatures for ECDSA keys for improved + security. Thanks to Alex Gaynor. * :support:`297` Replace PyCrypto's ``Random`` with `os.urandom` for improved speed and security. Thanks again to Alex. * :support:`295` Swap out a bunch of PyCrypto hash functions with use of -- cgit v1.2.3 From d02ae566014c6d79f61f7538c979d6560c1de629 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 18:28:03 -0400 Subject: Note changelog location in contribution docs --- sites/www/contributing.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/contributing.rst b/sites/www/contributing.rst index 2b752cc5..634c2b26 100644 --- a/sites/www/contributing.rst +++ b/sites/www/contributing.rst @@ -17,3 +17,6 @@ How to submit bug reports or new code Please see `this project-agnostic contribution guide `_ - we follow it explicitly. + +Our current changelog is located in ``sites/www/changelog.rst`` - the top +level files like ``ChangeLog.*`` and ``NEWS`` are historical only. -- cgit v1.2.3 From c14de1d93516c9aec18749cb501febf0b2cee530 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 15 Apr 2014 15:04:46 -0400 Subject: Show Travis status in website sidebar --- sites/shared_conf.py | 1 + 1 file changed, 1 insertion(+) (limited to 'sites') diff --git a/sites/shared_conf.py b/sites/shared_conf.py index e0afe92e..69908388 100644 --- a/sites/shared_conf.py +++ b/sites/shared_conf.py @@ -14,6 +14,7 @@ html_theme_options = { 'github_repo': 'paramiko', 'gittip_user': 'bitprophet', 'analytics_id': 'UA-18486793-2', + 'travis_button': True, } html_sidebars = { '**': [ -- cgit v1.2.3 From 951faed80b017e553a27c4cb98f210df44341f8f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 7 May 2014 16:13:33 -0700 Subject: Cut 1.14 --- paramiko/__init__.py | 2 +- setup.py | 2 +- sites/www/changelog.rst | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) (limited to 'sites') diff --git a/paramiko/__init__.py b/paramiko/__init__.py index 22f1bc21..4c62ad4a 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -23,7 +23,7 @@ if sys.version_info < (2, 6): __author__ = "Jeff Forcier " -__version__ = "1.13.1" +__version__ = "1.14.0" __version_info__ = tuple([ int(d) for d in __version__.split(".") ]) __license__ = "GNU Lesser General Public License (LGPL)" diff --git a/setup.py b/setup.py index 05dc98d5..c0f1e579 100644 --- a/setup.py +++ b/setup.py @@ -56,7 +56,7 @@ if sys.platform == 'darwin': setup( name = "paramiko", - version = "1.13.1", + version = "1.14.0", description = "SSH2 protocol library", long_description = longdesc, author = "Jeff Forcier", diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 52fe4ff3..f8a4d2c1 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.0 <2014-05-07>` * :release:`1.13.1 <2014-05-07>` * :release:`1.12.4 <2014-05-07>` * :release:`1.11.6 <2014-05-07>` -- cgit v1.2.3 From 6d48018d11a2058213481fdfeed8887fccc31854 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 11 Aug 2014 10:31:02 -0700 Subject: Add FAQ about nonstandard SSH implementations --- sites/www/faq.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'sites') diff --git a/sites/www/faq.rst b/sites/www/faq.rst index a7e80014..bf450f63 100644 --- a/sites/www/faq.rst +++ b/sites/www/faq.rst @@ -7,3 +7,20 @@ Which version should I use? I see multiple active releases. Please see :ref:`the installation docs ` which have an explicit section about this topic. + +Paramiko doesn't work with my Cisco, Windows or other non-Unix system! +====================================================================== + +In an ideal world, the developers would love to support every possible target +system. Unfortunately, volunteer development time and access to non-mainstream +platforms are limited, meaning that we can only fully support standard OpenSSH +implementations such as those found on the average Linux distribution (as well +as on Mac OS X and \*BSD.) + +Because of this, **we typically close bug reports for nonstandard SSH +implementations**. + +However, **closed does not imply locked** - affected users can still post +comments on such tickets - and **we will always consider actual patch +submissions for these issues**, provided they can get +1s from similarly +affected users and are proven to not break existing functionality. -- cgit v1.2.3 From dac6952331109bdab441040cc8b0136697252297 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 11 Aug 2014 10:55:46 -0700 Subject: Make links to Github more explicit --- sites/www/contact.rst | 1 + sites/www/contributing.rst | 16 ++++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'sites') diff --git a/sites/www/contact.rst b/sites/www/contact.rst index 2b6583f5..7e6c947e 100644 --- a/sites/www/contact.rst +++ b/sites/www/contact.rst @@ -9,3 +9,4 @@ following ways: * Mailing list: ``paramiko@librelist.com`` (see `the LibreList homepage `_ for usage details). * This website - a blog section is forthcoming. +* Submit contributions on Github - see the :doc:`contributing` page. diff --git a/sites/www/contributing.rst b/sites/www/contributing.rst index 634c2b26..a44414e8 100644 --- a/sites/www/contributing.rst +++ b/sites/www/contributing.rst @@ -5,18 +5,22 @@ Contributing How to get the code =================== -Our primary Git repository is on Github at `paramiko/paramiko -`_; please follow their instructions for -cloning to your local system. (If you intend to submit patches/pull requests, -we recommend forking first, then cloning your fork. Github has excellent -documentation for all this.) +Our primary Git repository is on Github at `paramiko/paramiko`_; +please follow their instructions for cloning to your local system. (If you +intend to submit patches/pull requests, we recommend forking first, then +cloning your fork. Github has excellent documentation for all this.) How to submit bug reports or new code ===================================== Please see `this project-agnostic contribution guide -`_ - we follow it explicitly. +`_ - we follow it explicitly. Again, our code +repository and bug tracker is `on Github`_. Our current changelog is located in ``sites/www/changelog.rst`` - the top level files like ``ChangeLog.*`` and ``NEWS`` are historical only. + + +.. _paramiko/paramiko: +.. _on Github: https://github.com/paramiko/paramiko -- cgit v1.2.3 From 991d56bad32c1ea4eda6c86771a4a4b7bef00475 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 11 Aug 2014 11:40:20 -0700 Subject: Clarify FAQ --- sites/www/faq.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/faq.rst b/sites/www/faq.rst index bf450f63..a5d9b383 100644 --- a/sites/www/faq.rst +++ b/sites/www/faq.rst @@ -18,7 +18,7 @@ implementations such as those found on the average Linux distribution (as well as on Mac OS X and \*BSD.) Because of this, **we typically close bug reports for nonstandard SSH -implementations**. +implementations or host systems**. However, **closed does not imply locked** - affected users can still post comments on such tickets - and **we will always consider actual patch -- cgit v1.2.3 From d8a71fcdf0b57837632ccfa806386443fdb6dcc2 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 18 Aug 2014 18:36:59 -0700 Subject: Sphinx conf cleanup --- sites/www/conf.py | 3 --- 1 file changed, 3 deletions(-) (limited to 'sites') diff --git a/sites/www/conf.py b/sites/www/conf.py index bdb5929a..0b0fb85c 100644 --- a/sites/www/conf.py +++ b/sites/www/conf.py @@ -12,13 +12,10 @@ extensions.append('releases') releases_release_uri = "https://github.com/paramiko/paramiko/tree/v%s" releases_issue_uri = "https://github.com/paramiko/paramiko/issues/%s" -# Intersphinx for referencing API/usage docs -extensions.append('sphinx.ext.intersphinx') # Default is 'local' building, but reference the public docs site when building # under RTD. target = join(dirname(__file__), '..', 'docs', '_build') if os.environ.get('READTHEDOCS') == 'True': - # TODO: switch to docs.paramiko.org post go-live of sphinx API docs target = 'http://docs.paramiko.org/en/latest/' intersphinx_mapping['docs'] = (target, None) -- cgit v1.2.3 From 178e43060c52b9f65026a5ec57bbe5fae166ba4e Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 21 Aug 2014 09:28:58 -0700 Subject: This isn't worth having and then always forgetting about --- sites/www/installing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/installing.rst b/sites/www/installing.rst index a28ce6cd..546aad9d 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -32,7 +32,7 @@ Release lines Users desiring stability may wish to pin themselves to a specific release line once they first start using Paramiko; to assist in this, we guarantee bugfixes -for at least the last 2-3 releases including the latest stable one. This currently means Paramiko **1.11** through **1.13**. +for at least the last 2-3 releases including the latest stable one. If you're unsure which version to install, we have suggestions: -- cgit v1.2.3 From e941d56e8a385f4f2ef5c0e9a77e66c844b5a729 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 21 Aug 2014 09:30:12 -0700 Subject: More tweaks - don't make it sound like we routinely support >3, we don't --- sites/www/installing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 546aad9d..729147c5 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -32,7 +32,7 @@ Release lines Users desiring stability may wish to pin themselves to a specific release line once they first start using Paramiko; to assist in this, we guarantee bugfixes -for at least the last 2-3 releases including the latest stable one. +for the last 2-3 releases including the latest stable one. If you're unsure which version to install, we have suggestions: -- cgit v1.2.3 From 2a88241ea7ed3facf730678ef28a8281903cf9a9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 16:27:15 -0700 Subject: Add a plus to our 3.3 support to denote 3.4 and on --- sites/www/installing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 729147c5..052825c4 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -16,7 +16,7 @@ via `pip `_:: Users who want the bleeding edge can install the development version via ``pip install paramiko==dev``. -We currently support **Python 2.6, 2.7 and 3.3** (Python **3.2** should also +We currently support **Python 2.6, 2.7 and 3.3+** (Python **3.2** should also work but has a less-strong compatibility guarantee from us.) Users on Python 2.5 or older are urged to upgrade. -- cgit v1.2.3 From 5d010cd8c496e1ed7e13e7110f7fca9632c08e47 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 16:28:02 -0700 Subject: Changelog re #371 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f8a4d2c1..5ed0c961 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`371` Add Travis support & docs update for Python 3.4. Thanks to + Olle Lundberg. * :release:`1.14.0 <2014-05-07>` * :release:`1.13.1 <2014-05-07>` * :release:`1.12.4 <2014-05-07>` -- cgit v1.2.3 From fd1e162243898e34545ef5c1985bedee16174981 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 21:59:59 -0700 Subject: Changelog re #285, re #352 --- sites/www/changelog.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5ed0c961..2e2d2f63 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,12 @@ Changelog ========= +* :bug:`285` (also :issue:`352`) Update our Python 3 ``b()`` compatibility shim + to handle ``buffer`` objects correctly; this fixes a frequently reported + issue affecting many users, including users of the ``bzr`` software suite. + Thanks to ``@basictheprogram`` for the initial report, Jelmer Vernooij for + the fix and Andrew Starr-Bochicchio & Jeremy T. Bouse (among others) for + discussion & feedback. * :support:`371` Add Travis support & docs update for Python 3.4. Thanks to Olle Lundberg. * :release:`1.14.0 <2014-05-07>` -- cgit v1.2.3 From d7b93df7aaf9f409da7578a107829c138d042121 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 23:43:48 -0700 Subject: Cut 1.14.1 --- paramiko/__init__.py | 2 +- setup.py | 2 +- sites/www/changelog.rst | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) (limited to 'sites') diff --git a/paramiko/__init__.py b/paramiko/__init__.py index 4c62ad4a..2ebc8a65 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -23,7 +23,7 @@ if sys.version_info < (2, 6): __author__ = "Jeff Forcier " -__version__ = "1.14.0" +__version__ = "1.14.1" __version_info__ = tuple([ int(d) for d in __version__.split(".") ]) __license__ = "GNU Lesser General Public License (LGPL)" diff --git a/setup.py b/setup.py index c0f1e579..38e444f5 100644 --- a/setup.py +++ b/setup.py @@ -56,7 +56,7 @@ if sys.platform == 'darwin': setup( name = "paramiko", - version = "1.14.0", + version = "1.14.1", description = "SSH2 protocol library", long_description = longdesc, author = "Jeff Forcier", diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index c4c1e698..0fcde10f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.1 <2014-08-25>` * :release:`1.13.2 <2014-08-25>` * :bug:`376` Be less aggressive about expanding variables in ``ssh_config`` files, which results in a speedup of SSH config parsing. Credit to Olle -- cgit v1.2.3 From 28b7db145fed32840f8d2edea8fdce27dc00ca26 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 23:48:28 -0700 Subject: Consolidate version info. Closes #249 --- paramiko/__init__.py | 3 +-- paramiko/_version.py | 2 ++ setup.py | 9 ++++++++- sites/www/changelog.rst | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 paramiko/_version.py (limited to 'sites') diff --git a/paramiko/__init__.py b/paramiko/__init__.py index 2ebc8a65..65f6f8a2 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -17,14 +17,13 @@ # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. import sys +from paramiko._version import __version__, __version_info__ if sys.version_info < (2, 6): raise RuntimeError('You need Python 2.6+ for this module.') __author__ = "Jeff Forcier " -__version__ = "1.14.1" -__version_info__ = tuple([ int(d) for d in __version__.split(".") ]) __license__ = "GNU Lesser General Public License (LGPL)" diff --git a/paramiko/_version.py b/paramiko/_version.py new file mode 100644 index 00000000..a7857b09 --- /dev/null +++ b/paramiko/_version.py @@ -0,0 +1,2 @@ +__version_info__ = (1, 15, 0) +__version__ = '.'.join(map(str, __version_info__)) diff --git a/setup.py b/setup.py index 3d8268d1..13386c8e 100644 --- a/setup.py +++ b/setup.py @@ -54,9 +54,16 @@ if sys.platform == 'darwin': setup_helper.install_custom_make_tarball() +# Version info -- read without importing +_locals = {} +with open('paramiko/_version.py') as fp: + exec(fp.read(), None, _locals) +version = _locals['__version__'] + + setup( name = "paramiko", - version = "1.14.1", + version = version, description = "SSH2 protocol library", long_description = longdesc, author = "Jeff Forcier", diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 089ec30e..b6fa7ccc 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`249` Consolidate version information into one spot. Thanks to Gabi + Davar for the reminder. * :release:`1.14.1 <2014-08-25>` * :release:`1.13.2 <2014-08-25>` * :bug:`376` Be less aggressive about expanding variables in ``ssh_config`` -- cgit v1.2.3 From 35b9d1540bd98af39e133960c61b06aba621f30d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 11:44:22 -0700 Subject: Changelog re #131 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 24679d5f..e18b5368 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :feature:`131` Add a `~paramiko.sftp_client.SFTPClient.listdir_iter` method + to `~paramiko.sftp_client.SFTPClient` allowing for more efficient, + async/generator based file listings. Thanks to John Begeman. * :support:`378 backported` Minor code cleanup in the SSH config module courtesy of Olle Lundberg. * :support:`249` Consolidate version information into one spot. Thanks to Gabi -- cgit v1.2.3 From b8022866fac62d1757aa730d5991030f223088fd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 13:27:22 -0700 Subject: Changelog re #184 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e18b5368..57f00f12 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`184` Support quoted values in SSH config file parsing. Credit to + Yan Kalchevskiy. * :feature:`131` Add a `~paramiko.sftp_client.SFTPClient.listdir_iter` method to `~paramiko.sftp_client.SFTPClient` allowing for more efficient, async/generator based file listings. Thanks to John Begeman. -- cgit v1.2.3 From 286b5fb7088b11efcbe6c1b452a1d1785890ac3f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 14:26:27 -0700 Subject: Changelog re #335 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 57f00f12..f1215f62 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :bug:`335 major` Fix ECDSA key generation (generation of brand new ECDSA keys + was broken previously). Thanks to ``@solarw`` for catch & patch. * :feature:`184` Support quoted values in SSH config file parsing. Credit to Yan Kalchevskiy. * :feature:`131` Add a `~paramiko.sftp_client.SFTPClient.listdir_iter` method -- cgit v1.2.3 From 89a8ef55a662883239102c802cd637c56fcaebd5 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 19:49:32 -0700 Subject: Changelog re #218 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f1215f62..f04e338b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`218` Add support for ECDSA private keys on the client side. Thanks + to ``@aszlig`` for the patch. * :bug:`335 major` Fix ECDSA key generation (generation of brand new ECDSA keys was broken previously). Thanks to ``@solarw`` for catch & patch. * :feature:`184` Support quoted values in SSH config file parsing. Credit to -- cgit v1.2.3 From ec9f8a26d4ea77ce6e4a1afe1a9e3b29dbf002bf Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 6 Sep 2014 16:09:16 -0700 Subject: Changelog re #234 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f04e338b..44bd61e9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`234 major` Lower logging levels for a few overly-noisy log messages + about secure channels. Thanks to David Pursehouse for noticing & contributing + the fix. * :feature:`218` Add support for ECDSA private keys on the client side. Thanks to ``@aszlig`` for the patch. * :bug:`335 major` Fix ECDSA key generation (generation of brand new ECDSA keys -- cgit v1.2.3 From b36b87ceefd50fa691eb5b46865d0c28a8c511dd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 10:48:33 -0700 Subject: Changelog re #298 --- sites/www/changelog.rst | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 44bd61e9..2f23d0fc 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,15 @@ Changelog ========= +* :bug:`298 major` Don't perform point validation on ECDSA keys in + ``known_hosts`` files, since a) this can cause significant slowdown when such + keys exist, and b) ``known_hosts`` files are implicitly trustworthy. Thanks + to Kieran Spear for catch & patch. + + .. note:: + This change bumps up the version requirement for the ``ecdsa`` library to + ``0.11``. + * :bug:`234 major` Lower logging levels for a few overly-noisy log messages about secure channels. Thanks to David Pursehouse for noticing & contributing the fix. -- cgit v1.2.3 From 76aba9dbda5d5cad6b3c092e943c538079fcc7f0 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 11:01:47 -0700 Subject: Changelog re #377 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 2f23d0fc..afe3b78d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`377` Factor `~paramiko.channel.Channel` openness sanity check into + a decorator. Thanks to Olle Lundberg for original patch. * :bug:`298 major` Don't perform point validation on ECDSA keys in ``known_hosts`` files, since a) this can cause significant slowdown when such keys exist, and b) ``known_hosts`` files are implicitly trustworthy. Thanks -- cgit v1.2.3 From a0f854d17fc59f0279d4d2b07d3fd810dfb1894e Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 11:10:30 -0700 Subject: Changelog re #374, #375 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index afe3b78d..41e8310d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`374` (also :issue:`375`) Old code cleanup courtesy of Olle + Lundberg. * :support:`377` Factor `~paramiko.channel.Channel` openness sanity check into a decorator. Thanks to Olle Lundberg for original patch. * :bug:`298 major` Don't perform point validation on ECDSA keys in -- cgit v1.2.3 From 24e022bdf656f272b4dafb76df1a7739965be2f9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 12:50:03 -0700 Subject: Changelog re #373 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 41e8310d..87f54e4e 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`373 major` Attempt to fix a handful of issues (such as :issue:`354`) + related to infinite loops and threading deadlocks. Thanks to Olle Lundberg as + well as a handful of community members who provided advice & feedback via + IRC. * :support:`374` (also :issue:`375`) Old code cleanup courtesy of Olle Lundberg. * :support:`377` Factor `~paramiko.channel.Channel` openness sanity check into -- cgit v1.2.3 From 88d932f2bbab907879639122969fb1f763258d29 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 14:58:45 -0700 Subject: Changelog re #372 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 87f54e4e..9dfb254f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :feature:`372` Update default window & packet sizes to more closely adhere to + the pertinent RFC; also expose these settings in the public API so they may + be overridden by client code. This should address some general speed issues + such as :issue:`175`. Big thanks to Olle Lundberg for the update. * :bug:`373 major` Attempt to fix a handful of issues (such as :issue:`354`) related to infinite loops and threading deadlocks. Thanks to Olle Lundberg as well as a handful of community members who provided advice & feedback via -- cgit v1.2.3 From 9c9dcaf4885653f4dcd100b2724199976a20c21e Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 15:04:41 -0700 Subject: Changelog re #362 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9dfb254f..879483a4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`362` Allow users to control the SSH banner timeout. Thanks to Cory + Benfield. * :feature:`372` Update default window & packet sizes to more closely adhere to the pertinent RFC; also expose these settings in the public API so they may be overridden by client code. This should address some general speed issues -- cgit v1.2.3 From de391e88e0a7e75cd977f162a883aa5ffdbdc591 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 15:41:46 -0700 Subject: Changelog re #346 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 879483a4..e111aab4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`346 major` Fix an issue in private key files' encryption salts that + could cause tracebacks and file corruption if keys were re-encrypted. Credit + to Xavier Nunn. * :feature:`362` Allow users to control the SSH banner timeout. Thanks to Cory Benfield. * :feature:`372` Update default window & packet sizes to more closely adhere to -- cgit v1.2.3 From d992118747e2f1dab247bd4e3d78b55d9b99c759 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 15:59:40 -0700 Subject: Update changelog re #267, #250 --- sites/www/changelog.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f97b4970..a42cfb3d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,8 +2,9 @@ Changelog ========= -* :feature:`250` GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and - user authentication. +* :feature:`250` (also :issue:`267`) Add GSS-API / SSPI (e.g. Kerberos) key + exchange and authentication support. Mega thanks to Sebastian Deiß, with + assist by Torsten Landschoff. * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. -- cgit v1.2.3 From 150b0797e935ebf2f62e86ae1c08a1a1ab94c459 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:36:33 -0700 Subject: Update README, docs, changelog re #267 --- README | 16 +++------------- sites/www/changelog.rst | 4 ++-- sites/www/installing.rst | 28 +++++++++++++++++++++++++++- 3 files changed, 32 insertions(+), 16 deletions(-) (limited to 'sites') diff --git a/README b/README index ceb3598a..b5ccb697 100644 --- a/README +++ b/README @@ -75,19 +75,9 @@ Please file bug reports at https://github.com/paramiko/paramiko/. There is curre Kerberos Support ---------------- -If you want paramiko to do kerberos authentication or key exchange using GSS-API or SSPI, you -need the following python packages: - -- pyasn1 0.1.7 or better -- python-gssapi 0.6.1 or better (Unix) -- pywin32 2.1.8 or better (Windows) - -So you have to install pyasn1 and python-gssapi on Unix or pywin32 on Windows. -To enable GSS-API / SSPI authentication or key exchange see the demos or paramiko docs. -Note: If you use Microsoft SSPI for kerberos authentication and credential -delegation in paramiko, make sure that the target host is trusted for -delegation in the active directory configuration. For details see: -http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx +Paramiko ships with optional Kerberos/GSSAPI support; for info on the extra +dependencies for this, see the 'GSS-API' section on the 'Installation' page of +our main website, http://paramiko.org . Demo diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index a42cfb3d..3be56890 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -3,8 +3,8 @@ Changelog ========= * :feature:`250` (also :issue:`267`) Add GSS-API / SSPI (e.g. Kerberos) key - exchange and authentication support. Mega thanks to Sebastian Deiß, with - assist by Torsten Landschoff. + exchange and authentication support (:ref:`installation docs here `). + Mega thanks to Sebastian Deiß, with assist by Torsten Landschoff. * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 052825c4..5528b28a 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -20,11 +20,14 @@ We currently support **Python 2.6, 2.7 and 3.3+** (Python **3.2** should also work but has a less-strong compatibility guarantee from us.) Users on Python 2.5 or older are urged to upgrade. -Paramiko has two dependencies: the pure-Python ECDSA module ``ecdsa``, and the +Paramiko has two hard dependencies: the pure-Python ECDSA module ``ecdsa``, and the PyCrypto C extension. ``ecdsa`` is easily installable from wherever you obtained Paramiko's package; PyCrypto may require more work. Read on for details. +If you need GSS-API / SSPI support, see :ref:`the below subsection on it +` for details on additional dependencies. + .. _release-lines: Release lines @@ -99,3 +102,26 @@ installation of Paramiko via ``pypm``:: Installing paramiko-1.7.8 Installing pycrypto-2.4 C:\> + + +.. _gssapi: + +Optional dependencies for GSS-API / SSPI / Kerberos +=================================================== + +In order to use Kerberos & related functionality, a couple of additional +dependencies are required (these are not listed in our ``setup.py`` due to +their infrequent utility & non-platform-agnostic requirements): + +* **All platforms** need `pyasn1 `_ + ``0.1.7`` or better. +* **Unix** needs `python-gssapi `_ + ``0.6.1`` or better. +* **Windows** needs `pywin32 `_ ``2.1.8`` + or better. + +.. note:: + If you use Microsoft SSPI for kerberos authentication and credential + delegation, make sure that the target host is trusted for delegation in the + active directory configuration. For details see: + http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx -- cgit v1.2.3 From e05f3bce49c38b2b861bda4a96b0b8f19a84863a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:37:57 -0700 Subject: Tweak changelog again for more tickets, use actually-merged PR as main issue number --- sites/www/changelog.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3be56890..1dab5219 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,9 +2,10 @@ Changelog ========= -* :feature:`250` (also :issue:`267`) Add GSS-API / SSPI (e.g. Kerberos) key - exchange and authentication support (:ref:`installation docs here `). - Mega thanks to Sebastian Deiß, with assist by Torsten Landschoff. +* :feature:`267` (also :issue:`250`, :issue:`241`, :issue:`228`) Add GSS-API / + SSPI (e.g. Kerberos) key exchange and authentication support + (:ref:`installation docs here `). Mega thanks to Sebastian Deiß, with + assist by Torsten Landschoff. * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. -- cgit v1.2.3 From 6b580b9feb54e1c73325e0c915021649ea8d479f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:45:59 -0700 Subject: Tighten up module docstrings of GSSAPI API files. * We don't use this style of header anywhere else * Links to the original author's website/links aren't going to help; users rarely observe such info in practice :( * The core info (credit, authorship, license) is retained elsewhere, either in this file, the changelog, or Git history --- paramiko/kex_gss.py | 23 +++-------------------- paramiko/ssh_gss.py | 25 ++++--------------------- sites/docs/api/kex_gss.rst | 4 ++-- 3 files changed, 9 insertions(+), 43 deletions(-) (limited to 'sites') diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index 02f943ba..9669f86a 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -21,26 +21,9 @@ """ -This module provides GSS-API / SSPI Key Exchange for Paramiko as defined in -RFC 4462 with the following restrictions: -Credential delegation is not supported in server mode, -To Use this module, you need the following additional python packages: -`pyasn1 >= 0.1.7 `_, -`python-gssapi >= 0.4.0 (Unix) `_, -`pywin32 2.1.8 (Windows) `_. - -:summary: SSH2 GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange Module -:version: 0.1 -:author: Sebastian Deiss -:contact: https://github.com/SebastianDeiss/paramiko/issues -:organization: science + computing ag - `EMail `_ -:copyright: (C) 2003-2007 Robey Pointer, (C) 2013-2014 `science + computing ag - `_ -:license: GNU Lesser General Public License (LGPL) -:see: `.ssh_gss` - -Created on 12.12.2013 +This module provides GSS-API / SSPI Key Exchange as defined in RFC 4462. + +.. note:: Credential delegation is not supported in server mode. """ diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index 03c5dcc0..1d179025 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -18,28 +18,11 @@ # along with Paramiko; if not, write to the Free Software Foundation, Inc., # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + """ -This module provides GSS-API / SSPI authentication for Paramiko as defined in -RFC 4462 with the following restrictions: -Credential delegation is not supported in server mode, -GSS-API key exchange is supported, but not implemented in Paramiko. -To Use this module, you need the following additional python packages: -`pyasn1 >= 0.1.7 `_, -`python-gssapi >= 0.4.0 (Unix) `_, -`pywin32 2.1.8 (Windows) `_. - -:summary: SSH2 GSS-API / SSPI authentication module -:version: 0.1 -:author: Sebastian Deiss -:contact: https://github.com/SebastianDeiss/paramiko/issues -:organization: science + computing ag - `EMail `_ -:copyright: (C) 2013-2014 `science + computing ag - `_ -:license: GNU Lesser General Public License (LGPL) -:see: `.kex_gss` - -Created on 07.11.2013 +This module provides GSS-API / SSPI authentication as defined in RFC 4462. + +.. note:: Credential delegation is not supported in server mode. """ import struct diff --git a/sites/docs/api/kex_gss.rst b/sites/docs/api/kex_gss.rst index a662be01..67c7a9a4 100644 --- a/sites/docs/api/kex_gss.rst +++ b/sites/docs/api/kex_gss.rst @@ -1,5 +1,5 @@ -GSS-API Key Exchange Module -=========================== +GSS-API Key Exchange +==================== .. automodule:: paramiko.kex_gss :member-order: bysource -- cgit v1.2.3 From 67810da14504bd4b4be60f8cb3067d4d6b46abdf Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:48:47 -0700 Subject: Tweak API stub titles --- sites/docs/api/kex_gss.rst | 2 +- sites/docs/api/ssh_gss.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'sites') diff --git a/sites/docs/api/kex_gss.rst b/sites/docs/api/kex_gss.rst index 67c7a9a4..9fd09221 100644 --- a/sites/docs/api/kex_gss.rst +++ b/sites/docs/api/kex_gss.rst @@ -1,4 +1,4 @@ -GSS-API Key Exchange +GSS-API key exchange ==================== .. automodule:: paramiko.kex_gss diff --git a/sites/docs/api/ssh_gss.rst b/sites/docs/api/ssh_gss.rst index 1b08c7f8..1ce9daf7 100644 --- a/sites/docs/api/ssh_gss.rst +++ b/sites/docs/api/ssh_gss.rst @@ -1,5 +1,5 @@ -Paramiko GSS-API Interface -========================== +GSS-API interface +================= .. automodule:: paramiko.ssh_gss :member-order: bysource -- cgit v1.2.3 From 0010903c45cebd7b7d995d80de763147b5c7151f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:49:33 -0700 Subject: Match rest of API stubs --- sites/docs/api/agent.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/docs/api/agent.rst b/sites/docs/api/agent.rst index 3b614a82..f01ad972 100644 --- a/sites/docs/api/agent.rst +++ b/sites/docs/api/agent.rst @@ -1,4 +1,4 @@ -SSH Agents +SSH agents ========== .. automodule:: paramiko.agent -- cgit v1.2.3 From 6e91d103e8e6c618f1c514638bd2e7243e0e3767 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:50:47 -0700 Subject: Reinstate working seealso's --- paramiko/kex_gss.py | 2 ++ paramiko/ssh_gss.py | 2 ++ sites/docs/api/ssh_gss.rst | 4 ++-- 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'sites') diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index 9669f86a..cdb18496 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -24,6 +24,8 @@ This module provides GSS-API / SSPI Key Exchange as defined in RFC 4462. .. note:: Credential delegation is not supported in server mode. + +.. seealso:: :doc:`/api/ssh_gss` """ diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index 1d179025..2fdde227 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -23,6 +23,8 @@ This module provides GSS-API / SSPI authentication as defined in RFC 4462. .. note:: Credential delegation is not supported in server mode. + +.. seealso:: :doc:`/api/kex_gss` """ import struct diff --git a/sites/docs/api/ssh_gss.rst b/sites/docs/api/ssh_gss.rst index 1ce9daf7..7a687e11 100644 --- a/sites/docs/api/ssh_gss.rst +++ b/sites/docs/api/ssh_gss.rst @@ -1,5 +1,5 @@ -GSS-API interface -================= +GSS-API authentication +====================== .. automodule:: paramiko.ssh_gss :member-order: bysource -- cgit v1.2.3 From 8df6f80337208374304085dbc9408aa1bae5f1e9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Sep 2014 15:19:01 -0700 Subject: Install docs tweak re: GSSAPI req --- sites/www/installing.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'sites') diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 5528b28a..486ed7e3 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -109,10 +109,12 @@ installation of Paramiko via ``pypm``:: Optional dependencies for GSS-API / SSPI / Kerberos =================================================== -In order to use Kerberos & related functionality, a couple of additional -dependencies are required (these are not listed in our ``setup.py`` due to -their infrequent utility & non-platform-agnostic requirements): +In order to use GSS-API/Kerberos & related functionality, a couple of +additional dependencies are required (these are not listed in our ``setup.py`` +due to their infrequent utility & non-platform-agnostic requirements): +* It hopefully goes without saying but **all platforms** need **a working + installation of GSS-API itself**, e.g. Heimdal. * **All platforms** need `pyasn1 `_ ``0.1.7`` or better. * **Unix** needs `python-gssapi `_ -- cgit v1.2.3 From 8bdd921d4c5c607b7c1f568df27f5460acd5a548 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Sep 2014 15:34:48 -0700 Subject: Note how python-gssapi only works on 2.7+ --- sites/www/changelog.rst | 6 ++++++ sites/www/installing.rst | 3 +++ 2 files changed, 9 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1dab5219..a40338b0 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -6,6 +6,12 @@ Changelog SSPI (e.g. Kerberos) key exchange and authentication support (:ref:`installation docs here `). Mega thanks to Sebastian Deiß, with assist by Torsten Landschoff. + + .. note:: + Unix users should be aware that the ``python-gssapi`` library (a + requirement for using this functionality) only appears to support + Python 2.7 and up at this time. + * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 486ed7e3..a657c3fc 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -119,6 +119,9 @@ due to their infrequent utility & non-platform-agnostic requirements): ``0.1.7`` or better. * **Unix** needs `python-gssapi `_ ``0.6.1`` or better. + + .. note:: This library appears to only function on Python 2.7 and up. + * **Windows** needs `pywin32 `_ ``2.1.8`` or better. -- cgit v1.2.3 From 381e86171e28ebfaa64c3dabe0e394448eb03aa3 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Sep 2014 16:26:54 -0700 Subject: Changelog re #393 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index a40338b0..38a56101 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the + stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. * :feature:`267` (also :issue:`250`, :issue:`241`, :issue:`228`) Add GSS-API / SSPI (e.g. Kerberos) key exchange and authentication support (:ref:`installation docs here `). Mega thanks to Sebastian Deiß, with -- cgit v1.2.3 From 35cb81b307ed44b5fe5f212a6f488f96364f954f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Sep 2014 16:56:37 -0700 Subject: Cut 1.15 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 38a56101..d0bd481c 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.0 <2014-09-18>` * :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. * :feature:`267` (also :issue:`250`, :issue:`241`, :issue:`228`) Add GSS-API / -- cgit v1.2.3 From 84995f99a9528b84bd1666060c832ca673641a53 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Sep 2014 12:26:48 -0700 Subject: Changelog re #167 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d0bd481c..49067855 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`167` Add `.SSHConfig.get_hostnames` for easier introspection of a + loaded SSH config file or object. Courtesy of Søren Løvborg. * :release:`1.15.0 <2014-09-18>` * :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. -- cgit v1.2.3 From 8bc2e827cffa7efce074404f71ad62ac028c5c84 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 22 Sep 2014 09:53:33 -0700 Subject: Changelog re #399 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d0bd481c..43988826 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`399` SSH agent forwarding (potentially other functionality as + well) would hang due to incorrect values passed into the new window size + arguments for `.Transport` (thanks to a botched merge). This has been + corrected. Thanks to Dylan Thacker-Smith for the report & patch. * :release:`1.15.0 <2014-09-18>` * :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. -- cgit v1.2.3 From af9f16f9a03bede1c5af84d00bc73097f6b45b54 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 22 Sep 2014 11:31:58 -0700 Subject: Cut 1.15.1 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/paramiko/_version.py b/paramiko/_version.py index a7857b09..d9f78740 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 0) +__version_info__ = (1, 15, 1) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 43988826..3e654f69 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.1 <2014-09-22>` * :bug:`399` SSH agent forwarding (potentially other functionality as well) would hang due to incorrect values passed into the new window size arguments for `.Transport` (thanks to a botched merge). This has been -- cgit v1.2.3 From 14b517d3c131fd508e287fee1e09c632b6faa615 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 14:45:02 -0800 Subject: Changelog re #419, closes #419 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 79cf318b..e8f103a9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`419` Modernize a bunch of the codebase internals to leverage + decorators. Props to ``@beckjake`` for realizing we're no longer on Python + 2.2 :D * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to -- cgit v1.2.3 From e07dbc9cd7dcf6ebaa9315ad9d4a44eb5ed20e5b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 14:59:43 -0800 Subject: Changelog re #421, closes #421 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e8f103a9..de432870 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`421` Modernize threading calls to user newer API. Thanks to Olle + Lundberg. * :support:`419` Modernize a bunch of the codebase internals to leverage decorators. Props to ``@beckjake`` for realizing we're no longer on Python 2.2 :D -- cgit v1.2.3 From c0520adbe5905af2befc85064b25f3ba0a39b019 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:10:12 -0800 Subject: Changelog closes #413 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1c312ba2..68f5e910 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`413` Replace handrolled ``ssh_config`` parsing code with use of the + ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :support:`421` Modernize threading calls to user newer API. Thanks to Olle Lundberg. -- cgit v1.2.3 From e5b105ca57b21b3142a80f29ee07e2a5e87ac547 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:13:31 -0800 Subject: Dyslexia strikes again. Actually close #431, not #413 --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 68f5e910..d35ad788 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,7 +2,7 @@ Changelog ========= -* :support:`413` Replace handrolled ``ssh_config`` parsing code with use of the +* :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :support:`421` Modernize threading calls to user newer API. Thanks to Olle -- cgit v1.2.3 From 0a73a54c745c2102b74f0e40514692448e942fec Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:35:09 -0800 Subject: Changelog re #415 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d35ad788..9c2e2a0f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`415` Fix ``ssh_config`` parsing to correctly interpret ``ProxyCommand + none`` as the lack of a proxy command, instead of as a literal command string + of ``"none"``. Thanks to Richard Spiers for the catch & Sean Johnson for the + fix. * :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. -- cgit v1.2.3 From 681f32583fe052c0516a2fda67e163169676ad11 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 16:07:13 -0800 Subject: Changelog closes #455 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9603e6d5..4e56ad1f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`455` Tweak packet size handling to conform better to the OpenSSH RFCs; + this helps address issues with interactive program cursors. Courtesy of Jeff + Quast. * :bug:`428` Fix an issue in `~paramiko.file.BufferedFile` (primarily used in the SFTP modules) concerning incorrect behavior by `~paramiko.file.BufferedFile.readlines` on files whose size exceeds the -- cgit v1.2.3 From 5601bf0928e2e738917320d83f8302703a62091b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Dec 2014 14:02:28 -0800 Subject: Mark more backported support issues as such --- sites/www/changelog.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f6f2bb28..e5adbd22 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -18,15 +18,15 @@ Changelog none`` as the lack of a proxy command, instead of as a literal command string of ``"none"``. Thanks to Richard Spiers for the catch & Sean Johnson for the fix. -* :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the - ``shlex`` module. Thanks to Yan Kalchevskiy. +* :support:`431 backported` Replace handrolled ``ssh_config`` parsing code with + use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422 backported` Clean up some unused imports. Courtesy of Olle Lundberg. -* :support:`421` Modernize threading calls to user newer API. Thanks to Olle - Lundberg. -* :support:`419` Modernize a bunch of the codebase internals to leverage - decorators. Props to ``@beckjake`` for realizing we're no longer on Python - 2.2 :D +* :support:`421 backported` Modernize threading calls to user newer API. Thanks + to Olle Lundberg. +* :support:`419 backported` Modernize a bunch of the codebase internals to + leverage decorators. Props to ``@beckjake`` for realizing we're no longer on + Python 2.2 :D * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to -- cgit v1.2.3 From ccdfd02c047d5588b6bebdc501a766271a009493 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Dec 2014 14:55:15 -0800 Subject: Cut 1.14.2 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 8ad82a71..695149de 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly smarter about polling & timing behavior when running proxy commands, to avoid -- cgit v1.2.3 From 424ba615c2a94d3b059e7f24db1a1093a92d8d22 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Dec 2014 14:55:48 -0800 Subject: Cut 1.15.2 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/paramiko/_version.py b/paramiko/_version.py index d9f78740..3bf9dac7 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 1) +__version_info__ = (1, 15, 2) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f5348e5b..bb93f885 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly -- cgit v1.2.3 From c5d0d6a2919ca2158b3f6271f7449faeeb3c865f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 4 Feb 2015 16:00:50 -0800 Subject: Changelog fixes #402, closes #479 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index bb93f885..6520dde4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`402` Check to see if an SSH agent is actually present before trying to + forward it to the remote end. This replaces what was usually a useless + ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken + Jordan for the fix and Yvan Marques for original report. * :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` -- cgit v1.2.3 From d1f72859c76beda46a072cdc75b2e19e4418275a Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Tue, 24 Feb 2015 14:49:36 +0100 Subject: Expose handshake timeout in the transport API. This is a reimplementation of #62. --- paramiko/transport.py | 9 +++++++++ sites/www/changelog.rst | 5 +++++ tests/test_transport.py | 17 +++++++++++++++++ 3 files changed, 31 insertions(+) (limited to 'sites') diff --git a/paramiko/transport.py b/paramiko/transport.py index 36da3043..6047fb99 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -295,6 +295,8 @@ class Transport (threading.Thread, ClosingContextManager): self.global_response = None # response Message from an arbitrary global request self.completion_event = None # user-defined event callbacks self.banner_timeout = 15 # how long (seconds) to wait for the SSH banner + self.handshake_timeout = 15 # how long (seconds) to wait for the handshake to finish after SSH banner sent. + # server mode: self.server_mode = False @@ -1582,6 +1584,12 @@ class Transport (threading.Thread, ClosingContextManager): try: self.packetizer.write_all(b(self.local_version + '\r\n')) self._check_banner() + # The above is actually very much part of the handshake, but sometimes the banner can be read + # but the machine is not responding, for example when the remote ssh daemon is loaded in to memory + # but we can not read from the disk/spawn a new shell. + # Make sure we can specify a timeout for the initial handshake. + # Re-use the banner timeout for now. + self.packetizer.start_handshake(self.handshake_timeout) self._send_kex_init() self._expect_packet(MSG_KEXINIT) @@ -1631,6 +1639,7 @@ class Transport (threading.Thread, ClosingContextManager): msg.add_byte(cMSG_UNIMPLEMENTED) msg.add_int(m.seqno) self._send_message(msg) + self.packetizer.complete_handshake() except SSHException as e: self._log(ERROR, 'Exception: ' + str(e)) self._log(ERROR, util.tb_strings()) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..f9900327 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`62` Add timeout for handshake completion. + This adds a mechanism for timing out a connection if the ssh handshake + never completes. + Credit to ``@dacut`` for initial report and patch and to Olle Lundberg for + re-implementation. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken diff --git a/tests/test_transport.py b/tests/test_transport.py index 5cf9a867..3c8ad81e 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -792,3 +792,20 @@ class TransportTest(unittest.TestCase): (None, DEFAULT_WINDOW_SIZE), (2**32, MAX_WINDOW_SIZE)]: self.assertEqual(self.tc._sanitize_window_size(val), correct) + + def test_L_handshake_timeout(self): + """ + verify that we can get a hanshake timeout. + """ + host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) + public_host_key = RSAKey(data=host_key.asbytes()) + self.ts.add_server_key(host_key) + event = threading.Event() + server = NullServer() + self.assertTrue(not event.is_set()) + self.tc.handshake_timeout = 0.000000000001 + self.ts.start_server(event, server) + self.assertRaises(EOFError, self.tc.connect, + hostkey=public_host_key, + username='slowdive', + password='pygmalion') -- cgit v1.2.3 From 6ba6ccda7bb34f16e92aa1acfb430055f264bd41 Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Tue, 24 Feb 2015 15:14:51 +0100 Subject: Patch resolving the timeout issue on lost conection. (This rolls in patch in #439) --- paramiko/client.py | 2 +- paramiko/transport.py | 18 +++++++++++++----- sites/www/changelog.rst | 3 +++ 3 files changed, 17 insertions(+), 6 deletions(-) (limited to 'sites') diff --git a/paramiko/client.py b/paramiko/client.py index 393e3e09..9ee30287 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -338,7 +338,7 @@ class SSHClient (ClosingContextManager): :raises SSHException: if the server fails to execute the command """ - chan = self._transport.open_session() + chan = self._transport.open_session(timeout=timeout) if get_pty: chan.get_pty() chan.settimeout(timeout) diff --git a/paramiko/transport.py b/paramiko/transport.py index 6047fb99..31c27a2f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -589,7 +589,7 @@ class Transport (threading.Thread, ClosingContextManager): """ return self.active - def open_session(self, window_size=None, max_packet_size=None): + def open_session(self, window_size=None, max_packet_size=None, timeout=None): """ Request a new channel to the server, of type ``"session"``. This is just an alias for calling `open_channel` with an argument of @@ -614,7 +614,8 @@ class Transport (threading.Thread, ClosingContextManager): """ return self.open_channel('session', window_size=window_size, - max_packet_size=max_packet_size) + max_packet_size=max_packet_size, + timeout=timeout) def open_x11_channel(self, src_addr=None): """ @@ -661,7 +662,8 @@ class Transport (threading.Thread, ClosingContextManager): dest_addr=None, src_addr=None, window_size=None, - max_packet_size=None): + max_packet_size=None, + timeout=None): """ Request a new channel to the server. `Channels <.Channel>` are socket-like objects used for the actual transfer of data across the @@ -685,17 +687,20 @@ class Transport (threading.Thread, ClosingContextManager): optional window size for this session. :param int max_packet_size: optional max packet size for this session. + :param float timeout: + optional timeout opening a channel, default 3600s (1h) :return: a new `.Channel` on success - :raises SSHException: if the request is rejected or the session ends - prematurely + :raises SSHException: if the request is rejected, the session ends + prematurely or there is a timeout openning a channel .. versionchanged:: 1.15 Added the ``window_size`` and ``max_packet_size`` arguments. """ if not self.active: raise SSHException('SSH session not active') + timeout = 3600 if timeout is None else timeout self.lock.acquire() try: window_size = self._sanitize_window_size(window_size) @@ -724,6 +729,7 @@ class Transport (threading.Thread, ClosingContextManager): finally: self.lock.release() self._send_user_message(m) + start_ts = time.time() while True: event.wait(0.1) if not self.active: @@ -733,6 +739,8 @@ class Transport (threading.Thread, ClosingContextManager): raise e if event.is_set(): break + elif start_ts + timeout < time.time(): + raise SSHException('Timeout openning channel.') chan = self._channels.get(chanid) if chan is not None: return chan diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f9900327..16a60a68 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`439` Resolve the timeout issue on lost conection. + When the destination disappears on an established session paramiko will hang on trying to open a channel. + Credit to ``@vazir`` for patch. * :bug:`62` Add timeout for handshake completion. This adds a mechanism for timing out a connection if the ssh handshake never completes. -- cgit v1.2.3 From 4ca8d68c0443c4e5e17ae4fcee39dd6f2507c7cd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 27 Feb 2015 13:19:35 -0800 Subject: Changelog closes #22 --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..0e8f92c4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 + vs IPv6) in case of connection issues; this helps with problems such as hosts + which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. + Thanks to Dries Desmet for original report and Torsten Landschoff for the + foundational patchset. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken -- cgit v1.2.3 From ca0fd1024ecf61b1758bdd38350fbd4c4ccaaefb Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 28 Feb 2015 19:54:52 -0800 Subject: Replace/add RFC links using ``:rfc:``, /ht @sigmavirus24 --- paramiko/channel.py | 2 +- paramiko/kex_gss.py | 27 +++++++++++++++------------ paramiko/ssh_gss.py | 2 +- sites/www/index.rst | 8 ++------ 4 files changed, 19 insertions(+), 20 deletions(-) (limited to 'sites') diff --git a/paramiko/channel.py b/paramiko/channel.py index 8a97c974..7e39a15b 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -337,7 +337,7 @@ class Channel (ClosingContextManager): further x11 requests can be made from the server to the client, when an x11 application is run in a shell session. - From RFC4254:: + From :rfc:`4254`:: It is RECOMMENDED that the 'x11 authentication cookie' that is sent be a fake, random cookie, and that the cookie be checked and diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index 4e8380ef..d026807c 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -21,14 +21,15 @@ """ -This module provides GSS-API / SSPI Key Exchange as defined in RFC 4462. +This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. .. note:: - `RFC 4462 Section 2.2 `_ says we are - not required to implement GSS-API error messages. Thus, in many methods - within this module, if an error occurs an exception will be thrown and the + `RFC 4462 Section 2.2 + `_ says we are not + required to implement GSS-API error messages. Thus, in many methods within + this module, if an error occurs an exception will be thrown and the connection will be terminated. .. seealso:: :doc:`/api/ssh_gss` @@ -55,8 +56,8 @@ c_MSG_KEXGSS_GROUPREQ, c_MSG_KEXGSS_GROUP = [byte_chr(c) for c in range(40, 42)] class KexGSSGroup1(object): """ - GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange - as defined in `RFC 4462 Section 2 `_ + GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC + 4462 Section 2 `_ """ # draft-ietf-secsh-transport-09.txt, page 17 P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF @@ -278,8 +279,9 @@ class KexGSSGroup1(object): class KexGSSGroup14(KexGSSGroup1): """ - GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange - as defined in `RFC 4462 Section 2 `_ + GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined + in `RFC 4462 Section 2 + `_ """ P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF G = 2 @@ -288,8 +290,8 @@ class KexGSSGroup14(KexGSSGroup1): class KexGSSGex(object): """ - GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange - as defined in `RFC 4462 Section 2 `_ + GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in + `RFC 4462 Section 2 `_ """ NAME = "gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" min_bits = 1024 @@ -590,8 +592,9 @@ class KexGSSGex(object): class NullHostKey(object): """ - This class represents the Null Host Key for GSS-API Key Exchange - as defined in `RFC 4462 Section 5 `_ + This class represents the Null Host Key for GSS-API Key Exchange as defined + in `RFC 4462 Section 5 + `_ """ def __init__(self): self.key = "" diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index ebf2cc80..aa28e2ec 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -20,7 +20,7 @@ """ -This module provides GSS-API / SSPI authentication as defined in RFC 4462. +This module provides GSS-API / SSPI authentication as defined in :rfc:`4462`. .. note:: Credential delegation is not supported in server mode. diff --git a/sites/www/index.rst b/sites/www/index.rst index 1b609709..8e7562af 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -26,11 +26,7 @@ Please see the sidebar to the left to begin. .. rubric:: Footnotes .. [#] - SSH is defined in RFCs - `4251 `_, - `4252 `_, - `4253 `_, and - `4254 `_; - the primary working implementation of the protocol is the `OpenSSH project + SSH is defined in :rfc:`4251`, :rfc:`4252`, :rfc:`4253` and :rfc:`4254`. The + primary working implementation of the protocol is the `OpenSSH project `_. Paramiko implements a large portion of the SSH feature set, but there are occasional gaps. -- cgit v1.2.3 From 063c394633567e8afd8980113690311337108c3c Mon Sep 17 00:00:00 2001 From: Anselm Kruis Date: Fri, 20 Mar 2015 12:59:48 +0100 Subject: Changelog for pull request #502. --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9ce2eded..50447c04 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :bug:`502` Fix an issue in server mode, when processing an exec request. + A command that is not a valid UTF-8 string, caused an UnicodeDecodeError. * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly smarter about polling & timing behavior when running proxy commands, to avoid -- cgit v1.2.3 From 97e134aa43c9632f34be278ca1d08f56cc83993a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 10 Sep 2015 14:09:13 -0700 Subject: Changelog fixes #582 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0e8f92c4..6379dba9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`582` Fix some old ``setup.py`` related helper code which was + breaking ``bdist_dumb`` on Mac OS X. Thanks to Peter Odding for the patch. * :bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 vs IPv6) in case of connection issues; this helps with problems such as hosts which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. -- cgit v1.2.3 From 7b33770b4786af2508fab11cebe934584fe19ca6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 21 Sep 2015 17:19:40 -0700 Subject: gratipay no more :( --- sites/shared_conf.py | 1 - 1 file changed, 1 deletion(-) (limited to 'sites') diff --git a/sites/shared_conf.py b/sites/shared_conf.py index 4a6a5c4e..99fab315 100644 --- a/sites/shared_conf.py +++ b/sites/shared_conf.py @@ -12,7 +12,6 @@ html_theme_options = { 'description': "A Python implementation of SSHv2.", 'github_user': 'paramiko', 'github_repo': 'paramiko', - 'gratipay_user': 'bitprophet', 'analytics_id': 'UA-18486793-2', 'travis_button': True, } -- cgit v1.2.3 From aef405c9adc3ca087b21836d4a2ee56e05a2b3c4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:02:27 -0700 Subject: Changelog closes #353 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..be3f5da7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port + which caused ``OverFlowError`` (and other symptoms) in SFTP functionality. + Thanks to ``@dboreham`` for leading the troubleshooting charge, and to + Scott Maxwell for the final patch. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken -- cgit v1.2.3 From e9d65f4199bb6a8589c9a89f8a8d68edd66ac6d0 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:09:15 -0700 Subject: Changelog closes #488 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index be3f5da7..7e8c02fe 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a + typo introduced in the 1.15 release which broke WinPageant support. Thanks to + everyone who submitted patches, and to Steve Cohen who was the lucky winner + of the cherry-pick lottery. * :bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port which caused ``OverFlowError`` (and other symptoms) in SFTP functionality. Thanks to ``@dboreham`` for leading the troubleshooting charge, and to -- cgit v1.2.3 From 48dc72b87567152ac8d45b4bad2bdd0d4ad3ac8b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:14:27 -0700 Subject: Changelog closes #404 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 7e8c02fe..3c11ff87 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`404` Print details when displaying `BadHostKeyException` objects + (expected vs received data) instead of just "hey shit broke". Patch credit: + Loic Dachary. * :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner -- cgit v1.2.3 From fb258f88b4b61627a51f30f9a21fcbc7ec35c1e6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:18:24 -0700 Subject: Changelog closes #490, closes #500 (cherry-pick) --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3c11ff87..5f6a16f9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead + of raising `SSHException`. This brings Paramiko's behavior more in line with + OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin + Topholm. * :bug:`404` Print details when displaying `BadHostKeyException` objects (expected vs received data) instead of just "hey shit broke". Patch credit: Loic Dachary. -- cgit v1.2.3 From 57106d04def84ca1d9dd23c4d85b2ba9242556ff Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:53:02 -0700 Subject: Rework changelog entries re #491 a bit Closes #491, closes #62, closes #439 --- sites/www/changelog.rst | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 97b6fe9c..764c8801 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,14 +2,10 @@ Changelog ========= -* :bug:`439` Resolve the timeout issue on lost conection. - When the destination disappears on an established session paramiko will hang on trying to open a channel. - Credit to ``@vazir`` for patch. -* :bug:`62` Add timeout for handshake completion. - This adds a mechanism for timing out a connection if the ssh handshake - never completes. - Credit to ``@dacut`` for initial report and patch and to Olle Lundberg for - re-implementation. +* :bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout + functionality to address hangs from dropped network connections and/or failed + handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and + to Olle Lundberg for reimplementation. * :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead of raising `SSHException`. This brings Paramiko's behavior more in line with OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin -- cgit v1.2.3 From 8bf03014128b074bf6988100f18e48a94671cca2 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 15:43:59 -0700 Subject: Changelog re #496 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 764c8801..5b900c61 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI + support (note: this includes switching from PyCrypo's Random to + `os.urandom`). Thanks to Anselm Kruis for catch & patch. * :bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout functionality to address hangs from dropped network connections and/or failed handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and -- cgit v1.2.3 From b67ee80ba6cbb985a537123a0ae099b81ddfc999 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 15:59:04 -0700 Subject: Changelog closes #516 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5b900c61..b7f19d63 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. + Thanks to ``@toejough`` for report & suggestions. * :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI support (note: this includes switching from PyCrypo's Random to `os.urandom`). Thanks to Anselm Kruis for catch & patch. -- cgit v1.2.3 From a8ac9e6441030f2cc49de579c3d598e5f05ca331 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:23:16 -0700 Subject: Changelog closes #554 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index b7f19d63..1d3debb7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key + class. Thanks to Jared Hance for the patch. * :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. Thanks to ``@toejough`` for report & suggestions. * :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI -- cgit v1.2.3 From 9a5fbad601d7567cde59071f36ba6a34d6bcf696 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:56:28 -0700 Subject: Fix some typos/bad doc references in changelog --- sites/www/changelog.rst | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1d3debb7..9a4e6c76 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -14,12 +14,12 @@ Changelog handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and to Olle Lundberg for reimplementation. * :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead - of raising `SSHException`. This brings Paramiko's behavior more in line with - OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin - Topholm. -* :bug:`404` Print details when displaying `BadHostKeyException` objects - (expected vs received data) instead of just "hey shit broke". Patch credit: - Loic Dachary. + of raising `~paramiko.ssh_exception.SSHException`. This brings Paramiko's + behavior more in line with OpenSSH, which silently ignores such input. Catch + & patch courtesy of Martin Topholm. +* :bug:`404` Print details when displaying + `~paramiko.ssh_exception.BadHostKeyException` objects (expected vs received + data) instead of just "hey shit broke". Patch credit: Loic Dachary. * :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner @@ -30,8 +30,9 @@ Changelog Scott Maxwell for the final patch. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless - ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken - Jordan for the fix and Yvan Marques for original report. + ``TypeError`` with a human-readable + `~paramiko.ssh_exception.AuthenticationException`. Credit to Ken Jordan for + the fix and Yvan Marques for original report. * :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` -- cgit v1.2.3 From 5b1b13c2fb48ac55d64022212bf132b8c01ce0c7 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:59:15 -0700 Subject: Cut 1.15.3 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/paramiko/_version.py b/paramiko/_version.py index 3bf9dac7..25aac14f 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 2) +__version_info__ = (1, 15, 3) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9a4e6c76..d94d5bc2 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.3 <2015-10-02>` * :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch. * :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. -- cgit v1.2.3 From 66ff4deabbd1c14df3fd2d8729107d904c30c7d5 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 1 Nov 2015 16:04:58 -0800 Subject: Changelog closes #356, closes #596. Will expand to include SHA512 stuff if I merge that prior to release. --- sites/www/changelog.rst | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ff05365c..833560af 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,15 @@ Changelog ========= +* :feature:`356` (also :issue:`596`, :issue:`365`, :issue:`341`, :issue:`164`, + and a bunch of other duplicates besides) Add support for 256-bit SHA-2 based + key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` and + (H)MAC algorithm ``hmac-sha2-256``. + + Thanks to the many people who submitted patches for this functionality and/or + assisted in testing those patches. That list includes but is not limited to, + and in no particular order: Matthias Witte, Dag Wieers, Ash Berlin, Etienne + Perot, Gert van Dijk, ``@GuyShaanan``, Aaron Bieber, and ``@cyphase``. * :release:`1.15.3 <2015-10-02>` * :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch. -- cgit v1.2.3 From 5a89ea28105ea7e6caad861e64b8aa4f2ffc7394 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 1 Nov 2015 18:19:16 -0800 Subject: Update changelog closing #581 --- sites/www/changelog.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 833560af..f1e33bcf 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -3,14 +3,15 @@ Changelog ========= * :feature:`356` (also :issue:`596`, :issue:`365`, :issue:`341`, :issue:`164`, - and a bunch of other duplicates besides) Add support for 256-bit SHA-2 based - key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` and - (H)MAC algorithm ``hmac-sha2-256``. + :issue:`581`, and a bunch of other duplicates besides) Add support for SHA-2 + based key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` + and (H)MAC algorithms ``hmac-sha2-256`` and ``hmac-sha2-512``. Thanks to the many people who submitted patches for this functionality and/or assisted in testing those patches. That list includes but is not limited to, and in no particular order: Matthias Witte, Dag Wieers, Ash Berlin, Etienne - Perot, Gert van Dijk, ``@GuyShaanan``, Aaron Bieber, and ``@cyphase``. + Perot, Gert van Dijk, ``@GuyShaanan``, Aaron Bieber, ``@cyphase``, and Eric + Brown. * :release:`1.15.3 <2015-10-02>` * :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch. -- cgit v1.2.3 From 9c12f12a08f25a2135e0f17832d2acdc8bafbf1b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 1 Nov 2015 18:24:37 -0800 Subject: Add note re: logging tweaks to changelog. Better safe than sorry. --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f1e33bcf..3aa2b84b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -6,6 +6,10 @@ Changelog :issue:`581`, and a bunch of other duplicates besides) Add support for SHA-2 based key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` and (H)MAC algorithms ``hmac-sha2-256`` and ``hmac-sha2-512``. + + This change includes tweaks to debug-level logging regarding + algorithm-selection handshakes; the old all-in-one log line is now multiple + easier-to-read, printed-at-handshake-time log lines. Thanks to the many people who submitted patches for this functionality and/or assisted in testing those patches. That list includes but is not limited to, -- cgit v1.2.3 From 9a091e0494269ae5e6074877fb0b335181ad28ae Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 10:24:48 -0800 Subject: Changelog closes #604 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3aa2b84b..9c94002d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :feature:`604` Add support for the ``aes192-ctr`` and ``aes192-cbc`` ciphers. + Thanks to Michiel Tiller for noticing it was as easy as tweaking some key + sizes :D * :feature:`356` (also :issue:`596`, :issue:`365`, :issue:`341`, :issue:`164`, :issue:`581`, and a bunch of other duplicates besides) Add support for SHA-2 based key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` -- cgit v1.2.3 From fcacbe4620a867acedf33da7a069b09e4a8d370d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 12:52:24 -0800 Subject: Changelog closes #565 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9ce2eded..7c6b74e4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`565` Don't explode with ``IndexError`` when reading private key files + lacking an ``-----END PRIVATE KEY-----`` footer. Patch courtesy of + Prasanna Santhanam. * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly smarter about polling & timing behavior when running proxy commands, to avoid -- cgit v1.2.3 From 3e08a40e9aee4aa289e9704c115773e1596d7f5d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 12:55:36 -0800 Subject: Changelog closes #594 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 7c6b74e4..e81327fc 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`594 backported` Correct some post-Python3-port docstrings to + specify ``bytes`` type instead of ``str``. Credit to ``@redixin``. * :bug:`565` Don't explode with ``IndexError`` when reading private key files lacking an ``-----END PRIVATE KEY-----`` footer. Patch courtesy of Prasanna Santhanam. -- cgit v1.2.3 From 7611c57910f49aadf8caafbc7970bc3d991382d8 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 13:07:02 -0800 Subject: Changelog closes #359 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e81327fc..5dc877c4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`359` Use correct attribute name when trying to use Python 3's + ``int.bit_length`` method; prior to fix, the Python 2 custom fallback + implementation was always used, even on Python 3. Thanks to Alex Gaynor. * :support:`594 backported` Correct some post-Python3-port docstrings to specify ``bytes`` type instead of ``str``. Credit to ``@redixin``. * :bug:`565` Don't explode with ``IndexError`` when reading private key files -- cgit v1.2.3 From f3649c0d7d9d6d46269c5ad05ef88383cf50180f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 13:12:39 -0800 Subject: Changelog closes #366 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5dc877c4..831d425b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string + representation doesn't raise exceptions on empty/initialized instances. Patch + by Ulrich Petri. * :bug:`359` Use correct attribute name when trying to use Python 3's ``int.bit_length`` method; prior to fix, the Python 2 custom fallback implementation was always used, even on Python 3. Thanks to Alex Gaynor. -- cgit v1.2.3 From 0a57d0337778d99066688e310c81d449c64c9bb6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 17:57:45 -0800 Subject: Cut 1.13.4 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/paramiko/_version.py b/paramiko/_version.py index 0402fcf2..63bba727 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 13, 3) +__version_info__ = (1, 13, 4) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 831d425b..e435c65e 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch by Ulrich Petri. -- cgit v1.2.3 From 79bdefe35610b651566bb7422518fb60b3f72bdd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 17:59:40 -0800 Subject: Cut 1.14.3 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/paramiko/_version.py b/paramiko/_version.py index f941ac22..871565d3 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 14, 2) +__version_info__ = (1, 14, 3) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 484e7be9..7a140e38 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.3 <2015-11-02>` * :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch -- cgit v1.2.3 From d37c68673396b247c08d0d5122bb012e9c3c46c3 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 18:01:15 -0800 Subject: Cut 1.15.4 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/paramiko/_version.py b/paramiko/_version.py index 25aac14f..3b9c059e 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 3) +__version_info__ = (1, 15, 4) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index a7824175..fe4b2b2d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.4 <2015-11-02>` * :release:`1.14.3 <2015-11-02>` * :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string -- cgit v1.2.3 From 6f773cef69f2a70e51d44affd0e592edc099cc11 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 3 Nov 2015 12:57:14 -0800 Subject: Changelog re #525 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e435c65e..cbecabea 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`525 backported` Update the vendored Windows API addon to a more + recent edition. Also fixes :issue:`193`, :issue:`488`, :issue:`498`. Thanks + to Jason Coombs. * :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch -- cgit v1.2.3 From 3a5227c477295c8e14e395d3ac66e9a58db0ebc8 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 3 Nov 2015 13:31:13 -0800 Subject: Changelog closes #401 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index cbecabea..278f7450 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`401` Fix line number reporting in log output regarding invalid + ``known_hosts`` line entries. Thanks to Dylan Thacker-Smith for catch & + patch. * :support:`525 backported` Update the vendored Windows API addon to a more recent edition. Also fixes :issue:`193`, :issue:`488`, :issue:`498`. Thanks to Jason Coombs. -- cgit v1.2.3 From 4565fb517ceb54aa994ff96380b2c8f24df43968 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 3 Nov 2015 16:23:38 -0800 Subject: Reword changelog re #502 & add attribution --- sites/www/changelog.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index bd890b4e..3310eb32 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,8 +2,9 @@ Changelog ========= -* :bug:`502` Fix an issue in server mode, when processing an exec request. - A command that is not a valid UTF-8 string, caused an UnicodeDecodeError. +* :bug:`502 major` Fix 'exec' requests in server mode to use ``get_string`` + instead of ``get_text`` to avoid ``UnicodeDecodeError`` on non-UTF-8 input. + Thanks to Anselm Kruis for the patch & discussion. * :bug:`401` Fix line number reporting in log output regarding invalid ``known_hosts`` line entries. Thanks to Dylan Thacker-Smith for catch & patch. -- cgit v1.2.3 From 2a99a8c9a4bde66720e9357963ce1896830528a1 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 4 Nov 2015 12:51:16 -0800 Subject: Changelog closes #467 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3310eb32..6ea85c45 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :feature:`467` (also :issue:`139`, :issue:`412`) Fully enable two-factor + authentication (e.g. when a server requires ``AuthenticationMethods + pubkey,keyboard-interactive``). Thanks to ``@perryjrandall`` for the patch + and to ``@nevins-b`` and Matt Robenolt for additional support. * :bug:`502 major` Fix 'exec' requests in server mode to use ``get_string`` instead of ``get_text`` to avoid ``UnicodeDecodeError`` on non-UTF-8 input. Thanks to Anselm Kruis for the patch & discussion. -- cgit v1.2.3 From 935711b5a17370494a7b2b8b4587f5466badf1e8 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 4 Nov 2015 14:53:41 -0800 Subject: Changelog closes #194 --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6ea85c45..304f10a6 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`194 major` (also :issue:`562`, :issue:`530`, :issue:`576`) Streamline + use of ``stat`` when downloading SFTP files via `SFTPClient.get + `; this avoids triggering bugs in some + off-spec SFTP servers such as IBM Sterling. Thanks to ``@muraleee`` for the + initial report and to Torkil Gustavsen for the patch. * :feature:`467` (also :issue:`139`, :issue:`412`) Fully enable two-factor authentication (e.g. when a server requires ``AuthenticationMethods pubkey,keyboard-interactive``). Thanks to ``@perryjrandall`` for the patch -- cgit v1.2.3 From 1fe8c0de7fc6d6dce3b6ece69be10972480dad8f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 5 Nov 2015 14:46:29 -0800 Subject: Typo fix --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 304f10a6..9c4ee012 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -113,7 +113,7 @@ Changelog use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422 backported` Clean up some unused imports. Courtesy of Olle Lundberg. -* :support:`421 backported` Modernize threading calls to user newer API. Thanks +* :support:`421 backported` Modernize threading calls to use newer API. Thanks to Olle Lundberg. * :support:`419 backported` Modernize a bunch of the codebase internals to leverage decorators. Props to ``@beckjake`` for realizing we're no longer on -- cgit v1.2.3 From 96705e26cf9ac7c9c3f6e8cd28e7e408dc5b856a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 5 Nov 2015 14:48:19 -0800 Subject: Cut 1.16 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9c4ee012..084d13de 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.16.0 <2015-11-04>` * :bug:`194 major` (also :issue:`562`, :issue:`530`, :issue:`576`) Streamline use of ``stat`` when downloading SFTP files via `SFTPClient.get `; this avoids triggering bugs in some -- cgit v1.2.3 From 8ca9a1d56447a4b42d5847161c3214ffa17cbfe6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 10 Dec 2015 18:19:26 -0800 Subject: Changelog re #636 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 278f7450..0eaa3f25 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`636` Clean up and enhance the README (and rename it to + ``README.rst`` from just ``README``). Thanks to ``@LucasRMehl``. * :bug:`401` Fix line number reporting in log output regarding invalid ``known_hosts`` line entries. Thanks to Dylan Thacker-Smith for catch & patch. -- cgit v1.2.3 From 38cc76f8586ef141fdd051a97a65dc0c7e93f645 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 1 Jan 2016 15:30:47 -0800 Subject: Changelog re #652 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 2798891f..972b8d43 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`652` Fix behavior of ``gssapi-with-mic`` auth requests so they fail + gracefully (allowing followup via other auth methods) instead of raising an + exception. Patch courtesy of ``@jamercee``. * :support:`636` Clean up and enhance the README (and rename it to ``README.rst`` from just ``README``). Thanks to ``@LucasRMehl``. * :bug:`401` Fix line number reporting in log output regarding invalid -- cgit v1.2.3 From 1919014fa649d32dec4039f2b8c115233c082418 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 19 Jan 2016 14:46:39 -0800 Subject: Changelog re #499, re #656 Closes #499 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0eaa3f25..234a8c8a 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`499` Strip trailing/leading whitespace from lines when parsing SSH + config files - this brings things in line with OpenSSH behavior. Thanks to + Alfredo Esteban for the original report and Nick Pillitteri for the patch. * :support:`636` Clean up and enhance the README (and rename it to ``README.rst`` from just ``README``). Thanks to ``@LucasRMehl``. * :bug:`401` Fix line number reporting in log output regarding invalid -- cgit v1.2.3 From 6e1b0e74ddec41a95e0db4c0a60d81176e9de429 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 27 Feb 2016 17:21:51 -0800 Subject: Changelog re #697 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 234a8c8a..2f0ce535 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`697` Remove whitespace in our ``setup.py``'s ``install_requires`` + as it triggers occasional bugs in some versions of ``setuptools``. Thanks to + Justin Lecher for catch & original patch. * :bug:`499` Strip trailing/leading whitespace from lines when parsing SSH config files - this brings things in line with OpenSSH behavior. Thanks to Alfredo Esteban for the original report and Nick Pillitteri for the patch. -- cgit v1.2.3 From bf52180fef7b5266fbe727e2b659686da2c39b9b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 22 Apr 2016 23:37:03 -0700 Subject: Hack in a sleep() to avoid race conditions during timeout test. (HOPEFULLY) closes #612 --- sites/www/changelog.rst | 4 ++++ tests/test_transport.py | 18 +++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6c772355..18c7ce5e 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :support:`612` Identify & work around a race condition in the test for + handshake timeouts, which was causing frequent test failures for a subset of + contributors as well as Travis-CI (usually, but not always, limited to Python + 3.5). Props to Ed Kellett for assistance during some of the troubleshooting. * :support:`697` Remove whitespace in our ``setup.py``'s ``install_requires`` as it triggers occasional bugs in some versions of ``setuptools``. Thanks to Justin Lecher for catch & original patch. diff --git a/tests/test_transport.py b/tests/test_transport.py index 3c8ad81e..bf4bac5c 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -31,7 +31,7 @@ import random import unittest from paramiko import Transport, SecurityOptions, ServerInterface, RSAKey, DSSKey, \ - SSHException, ChannelException + SSHException, ChannelException, Packetizer from paramiko import AUTH_FAILED, AUTH_SUCCESSFUL from paramiko import OPEN_SUCCEEDED, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED from paramiko.common import MSG_KEXINIT, cMSG_CHANNEL_WINDOW_ADJUST, \ @@ -797,6 +797,22 @@ class TransportTest(unittest.TestCase): """ verify that we can get a hanshake timeout. """ + # Tweak client Transport instance's Packetizer instance so + # its read_message() sleeps a bit. This helps prevent race conditions + # where the client Transport's timeout timer thread doesn't even have + # time to get scheduled before the main client thread finishes + # handshaking with the server. + # (Doing this on the server's transport *sounds* more 'correct' but + # actually doesn't work nearly as well for whatever reason.) + class SlowPacketizer(Packetizer): + def read_message(self): + time.sleep(1) + return super(SlowPacketizer, self).read_message() + # NOTE: prettttty sure since the replaced .packetizer Packetizer is now + # no longer doing anything with its copy of the socket...everything'll + # be fine. Even tho it's a bit squicky. + self.tc.packetizer = SlowPacketizer(self.tc.sock) + # Continue with regular test red tape. host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) -- cgit v1.2.3 From f9404c52c0a5899f9b998e2b52d2316b65202414 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 23 Apr 2016 16:17:16 -0700 Subject: Fix broken changelog doc link --- sites/www/changelog.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 18c7ce5e..135bb839 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -115,8 +115,9 @@ Changelog well) would hang due to incorrect values passed into the new window size arguments for `.Transport` (thanks to a botched merge). This has been corrected. Thanks to Dylan Thacker-Smith for the report & patch. -* :feature:`167` Add `.SSHConfig.get_hostnames` for easier introspection of a - loaded SSH config file or object. Courtesy of Søren Løvborg. +* :feature:`167` Add `~paramiko.config.SSHConfig.get_hostnames` for easier + introspection of a loaded SSH config file or object. Courtesy of Søren + Løvborg. * :release:`1.15.0 <2014-09-18>` * :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. -- cgit v1.2.3 From 3f151d44b95a414918237be91ae0fba8b167faa2 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 23 Apr 2016 18:36:27 -0700 Subject: Changelog closes #632 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 135bb839..9989fa35 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`632` Fix logic bug in the SFTP client's callback-calling functionality; + previously there was a chance the given callback would fire twice at the end + of a transfer. Thanks to ``@ab9-er`` for catch & patch. * :support:`612` Identify & work around a race condition in the test for handshake timeouts, which was causing frequent test failures for a subset of contributors as well as Travis-CI (usually, but not always, limited to Python -- cgit v1.2.3 From c312b620e7945797468702aeb27cb58def3f0f80 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 23 Apr 2016 18:55:19 -0700 Subject: Meh --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9989fa35..ce984035 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -4,7 +4,7 @@ Changelog * :bug:`632` Fix logic bug in the SFTP client's callback-calling functionality; previously there was a chance the given callback would fire twice at the end - of a transfer. Thanks to ``@ab9-er`` for catch & patch. + of a transfer. Thanks to ``@ab9-er`` for catch & original patch. * :support:`612` Identify & work around a race condition in the test for handshake timeouts, which was causing frequent test failures for a subset of contributors as well as Travis-CI (usually, but not always, limited to Python -- cgit v1.2.3 From 2d4ad462d58370dcf498b56b567f3babca0052d6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 24 Apr 2016 12:12:47 -0700 Subject: Expose some effectively-public Channel attributes in API docs. Closes #621 --- paramiko/channel.py | 5 +++++ sites/www/changelog.rst | 3 +++ 2 files changed, 8 insertions(+) (limited to 'sites') diff --git a/paramiko/channel.py b/paramiko/channel.py index 44a4b291..f4540bcd 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -88,15 +88,20 @@ class Channel (ClosingContextManager): :param int chanid: the ID of this channel, as passed by an existing `.Transport`. """ + #: Channel ID self.chanid = chanid + #: Remote channel ID self.remote_chanid = 0 + #: `.Transport` managing this channel self.transport = None + #: Whether the connection is presently active self.active = False self.eof_received = 0 self.eof_sent = 0 self.in_buffer = BufferedPipe() self.in_stderr_buffer = BufferedPipe() self.timeout = None + #: Whether the connection has been closed self.closed = False self.ultra_debug = False self.lock = threading.Lock() diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ce984035..feef1c9b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`621 backported` Annotate some public attributes on + `~paramiko.channel.Channel` such as ``.closed``. Thanks to Sergey Vasilyev + for the report. * :bug:`632` Fix logic bug in the SFTP client's callback-calling functionality; previously there was a chance the given callback would fire twice at the end of a transfer. Thanks to ``@ab9-er`` for catch & original patch. -- cgit v1.2.3