if open_channel fails, it now raises ChannelException. added a unit test for that too. renegotiate_keys will also raise an exception now instead of returning a bool.
doing a close() on Transport.__del__ is useless: because a Transport can't go away until all its Channels are collected, it will never make a difference. so don't do it, cuz __del__ is pretty hairy.
remember once a transport is authenticated, so that after rekeying when using openssh-style delayed zlib (zlib@openssh.com), we know it's okay to immediately start new compression
don't attempt to start a rekey negotiation from within send_message -- always do it from the feeder thread. this prevents a situation where more than one thread may decide spontaneously to rekey, sending multiple kexinit messages, which confuses the hell out of the remote host :) also, do some locking around the clear-to-send event, to avoid a race when we first go into rekeying. add some tests for these things too
add auth_none and auth_interactive to support 'no auth' and 'keyboard-interactive auth'; for password auth, add a mode where it will try to fallback to keyboard-interactive in a pinch
smooth BaseTransport and Transport together, and move the auth stuff into AuthHandler -- an improvement i made in jaramiko and decided deserved to be backported
yeah! figured out the last things that were causing GC cycles and got rid of them: Channels, Transports, SFTPClients, and SFTPFiles can all have __del__ methods now, which auto-close themselves :)
oooh maybe i'll test things before checking them in next time: rekeying was a little bit overzealous. now it's careful to only rekey once and reset the counters in sync
split out Packetizer, fix banner detection bug, new unit test
split out a chunk of BaseTransport into a Packetizer class, which handles
the in/out packet data, ciphers, etc. it didn't make the code any smaller
(transport.py is still close to 1500 lines, which is awful) but it did split
out a coherent chunk of functionality into a discrete unit.
in the process, fixed a bug that alain spineux pointed out: the banner
check was too forgiving and would block forever waiting for an SSH banner.
now it waits 5 seconds for the first line, and 2 seconds for each subsequent
line, before giving up.
added a unit test to test keepalive, since i wasn't sure that was still
working after pulling out Packetizer.
change SubsystemHandler/SFTPServerInterface API
change the API of SubsystemHandler to accept a reference to the
ServerInstance object during construction. this will break all code
that currently creates subsystem handlers (like sftp servers) -- sorry!
lots of little doc fixups (mostly indenting).
fix sending of large sftp packet sizes
fix a bug where packets larger than about 12KB would cause the session to
die on platforms other than osx. turns out that on most platforms, setting a
socket timeout also causes timeouts to occur on writes (but not on osx). so
on a huge write, once the os buffers were full, paramiko would get a
socket.timeout exception when writing, and bail.
since the timeout is primarily so we can periodically poll to see if the
session has been killed from elsewhere, do that on a timeout but otherwise
continue trying to write. large packet sizes (in sftp) should now work.
fix race in transport thread startup
set active=True from the methods that start the main transport thread, right
before actually starting the thread. this avoids a race where the main
thread could be started, but the original thread could wake up from the
event.wait(0.1) before the new thread actually set the transport active.
impossible, you say? no machines so slow exist? au contraire, my sad
little linux box faced this problem earlier today.
add thread ids to logs
add a logging filter that reports the thread-id of the logger, and use
that for all paramiko logging. since thread-local stuff didn't appear
until python 2.4, i hacked up my own little version to assign incrementing
numbers to threads as they log.
add methods for sending/receiving a channel's exit status
track a channel's exit status and provide a method (recv_exit_status) to
block waiting for it to arrive. also provide a convenience method for
servers to send it (send_exit_status). add shutdown_read and shutdown_write.
fix a bug in sending window change requests.
misc logging fixes
change the level of some log messages so interesting stuff gets logged at
info instead of debug. fix an oops where channels defaulted to being in
ultra debug mode, and make this mode depend on a new Transport method:
"set_hexdump".
more flexible logging
some tweaks to make channels etc follow the logger setting of their parent
transport, so that setting the log channel for a paramiko transport will
cause all sub-logging to branch out from that channel.
also, close all open file handles when the sftp server ends.
clean up authentication
add new exception "BadAuthenticationType", which is raised when auth fails
because your auth type (password or public-key) isn't valid on the server.
used this as an excuse to clean up auth_password and auth_publickey so their
'event' arg is optional, and if missing, they block until auth is finished,
raising an exception on error.
also, don't close the session on failed auth -- the server may let you try
again.
added some test cases for failed auth.
fix extremely unlikely channel counter wrapping
Transport's channel counter can overflow after 4 billion some channels are
created. make it wrap back around after 16 million instead. also allow the
logging channel to be set manually. fix some comments elsewhere.
better debugging, improve subsytem handler
add a list of ssh packet names for debugging. improve the server-mode
subsystem handler so it can take extra parameters (list or keyword) and
pass them to the subsystem constructor. remove a misleading comment
about rekeying (which was already implemented).
switch Transport.connect() to using a Pkey object for the host key
i suddenly realized that passing "hostkeytype" and "hostkey" as strings to
Transport.connect() was pretty silly since i went to all the effort of making
a class specifically for holding keys. so Transport.connect() now just takes
host-key argument: "hostkey" as a PKey object.
updated the demos to use PKey objects when reading the host key file, and to
use the new "hostkey" argument.
move SubsystemHandler to server.py
move SubsystemHandler into server.py where it makes more sense (it's part of
the server interface).
also fix up paramiko's "version string" used in ssh2 negotiation to stop
saying "pyssh" and start saying "paramiko". :)
some framework for adding subsystem handlers in server mode
you can now register a subsystem with a Transport by passing in the name
(like "sftp") and a class (like a hypothetical SFTPServer). the default
ServerInterface.check_channel_request_subsystem now checks this table in
Transport, and if it finds a match, it creates a new thread for the handler
and calls into it. a new class SubsystemHandler is added for this purpose
(to be subclassed).
clean up server interface; no longer need to subclass Channel
- export AUTH_*, OPEN_FAILED_*, and the new OPEN_SUCCEEDED into the paramiko
namespace instead of making people dig into paramiko.Transport.AUTH_* etc.
- move all of the check_* methods from Channel to ServerInterface so apps
don't need to subclass Channel anymore just to run an ssh server
- ServerInterface.check_channel_request() returns an error code now, not a
new Channel object
- fix demo_server.py to follow all these changes
- fix a bunch of places where i used "string" in docstrings but meant "str"
- added Channel.get_id()
clean up SecurityOptions
the preferences are now tuples in Transport, and passed as tuples out of
SecurityOptions, so that the options can't be modified without setting them
back to the options field again. the algorithm lists in Transport are used
to validate the fields.
added Transport.get_security_options()
just something i wanted to play with:
added Transport.get_security_options() which returns a SecurityOptions object.
this object is a kind of proxy for the 4 "preferred_*" fields in Transport,
and lets me avoid exposing those fields directly in case i change my mind
later about how they should be stored.
added some docs to Channel explaining that the request methods now return
True/False, and fixed up docs in a few other places.
new ServerInterface class, outbound rekey works, etc.
a bunch of changes that i'm too lazy to split out into individual patches:
* all the server overrides from transport.py have been moved into a separate
class ServerInterface, so server code doesn't have to subclass the whole
paramiko library
* updated demo_server to subclass ServerInterface
* when re-keying during a session, block other messages until the new keys
are activated (openssh doensn't like any other traffic during a rekey)
* re-key when outbound limits are tripped too (was only counting inbound
traffic)
* don't log scary things on EOF
limit read/write requests to 32KB, advertise 32KB max packet size
one of the unit tests was failing because the openssh sftp server was dropping
the connection without any error. turns out they have a maximum allowed write
size (possibly around 64KB). the sftp rfcs have a small hint that some servers
may drop read/write requests of greater than 32KB.
so, all reads are limited to 32KB, and all writes > 32KB are now chopped up
and sent in 32KB chunks. this seems to keep openssh happy.
also, we now advertise 32KB max packet size instead of 8KB (the speed
improves a lot), and log when we read/write a packet. and sftp files are
flushed on seek.
add direct-tcpip ability to open_channel
open_channel can now be given a dest_addr and src_addr, which are filled in
if the channel type is "forwarded-tcpip" or "direct-tcpip". these channel
types are used in remote & local port forwarding, respectively. i've only
tested "direct-tcpip" but i think if one works, they both should work.
also fixed a bug in connect where it was still assuming the old meaning for
get_remove_server_key() (oops!) and changed the sense of a send() failure
from <= 0 to < 0 since it may be possible for send() to return 0 and it not
be an EOF error.
fix utf8, raise packet size, log exceptions, be more lax with sfp servers
explicitly import utf8 encodings for "freezing" (and also because not all
platforms come with utf8, apparently). raise the max acceptable packet size
to 8kB, cuz 2kB was too low. log exceptions at error level instead of debug
level. and don't reject older sftp servers.
add set_keepalive()
add set_keepalive() to set an automatic keepalive mechanism. (while waiting
for a packet on a connection, we periodically check if it's time to send a
keepalive packet.)
add get_username() method for remembering who you auth'd as
add get_username() method for remembering who you auth'd as. also, fix these
bugs:
* "continue" auth response counted as a failure (in server mode).
* try to import 'logging' in py22 before falling back to the fake logger,
in case they have a backported version of 'logger'
* raise the right exception when told to read a private key from a file that
isn't a private key file
* tell channels to close when the transport dies
support py22, more or less
add roger binns' patches for supporting python 2.2. i hedged a bit on the
logging stuff and just added some trickery to let logging be stubbed out for
python 2.2. this changed a lot of import statements but i managed to avoid
hacking at any of the existing logging.
socket timeouts are required for the threads to notice when they've been
deactivated. worked around it by using the 'select' module on py22.
also fixed the sftp unit tests to cope with a password-protected private key.
make get_remote_server_key() return a PKey object
a good suggestion from roger binns: make get_remote_server_key() just return
a pkey object instead of a tuple of strings. all the strings can be extracted
from the pkey object, as well as other potentially useful things.
add global request mechanism
add transport.global_request() to make a global-style request (usually an
extension to the protocol -- like keepalives) and handle requests from the
remote host. incoming requests are now handled and responded to correctly,
which should make openssh-style keepalives work. (before, we would silently
ignore them, which was wrong.)
fix lingering thread bug
this bug has been in there forever and i could never figure out a workaround
till now.
when the python interpreter exits, it doesn't necessarily destroy the
remaining objects or call __del__ on anything, and it will lock up until all
threads finish running. how the threads are supposed to notice the exiting
interpreter has always been sort of a mystery to me.
tonight i figured out how to use the 'atexit' module to register a handler
that runs when the interpreter exits. now we keep a list of active threads
and ask them all to exit on shutdown. no more going to another shell to
kill -9 python! yeah!!
Transport constructor can take hostname or address tuple
part of an ongoing attempt to make "simple" versions of some of the API calls,
so you can do common-case operations with just a few calls:
Transport's constructor will now let you pass in a string or tuple instead
of a socket-like object. if you pass in a string, it assumes the string is
a hostname (with optional ":port" segment) and turns that into an address
tuple. if you pass in a tuple, it assumes it's an address tuple. in both
cases, it then creates a socket, connects to the given address, and then
continues as if that was the socket passed in.
the idea being that you can call Transport('example.com') and it will do
the right thing.
fix MANIFEST.in, change version numbers to 0.9-doduo, fix LPGL notices
fixed MANIFEST.in to include the demo scripts, LICENSE, and ChangeLog.
upped everything to version 0.9-doduo.
fixed the copyright notice, and added the LGPL banner to the top of every
python file.
more docs, and password-protected key files can now be read
lots more documentation, some of it moved out of the README file, which is
now much smaller and less rambling.
repr(Transport) now reports the number of bits used in the cipher.
cleaned up BER to use util functions, and throw a proper exception (the new
BERException) on error. it doesn't ever have to be a full BER decoder, but
it can at least comb its hair and tuck in its shirt.
lots of stuff added to PKey.read_private_key_file so it can try to decode
password-protected key files. right now it only understands "DES-EDE3-CBC"
format, but this is the only format i've seen openssh make so far. if the
key is password-protected, but no password was given, a new exception
(PasswordRequiredException) is raised so an outer layer can ask for a password
and try again.
added public-key support to server mode, more docs
added public-key support to server mode (it can now verify a client signature)
and added a demo of that to the demo_server.py script (user_rsa_key). in the
process, cleaned up the API of PKey so that now it only has to know about
signing and verifying ssh2 blobs, and can be hashed and compared with other
keys (comparing & hashing only the public parts of the key). keys can also
be created from strings now too.
some more documentation and hiding private methods.
lots more documentation, and added Transport.connect()
renamed demo_host_key to demo_rsa_key. moved changelog to a separate file,
and indicated that future changelog entries should be fetched from tla.
tried to clean up "__all__" in a way that makes epydoc still work.
added lots more documentation, and renamed many methods and vars to hide
them as private non-exported API.
Transport's ModulusPack is now a static member, so it only has to be loaded
once, and can then be used by any future Transport object.
added Transport.connect(), which tries to wrap all the SSH2 negotiation and
authentication into one method. you should be able to create a Transport,
call connect(), and then create channels.
hook up server-side kex-gex; add more documentation
group-exchange kex should work now on the server side. it will only be
advertised if a "moduli" file has been loaded (see the -gasp- docs) so we
don't spend hours (literally. hours.) computing primes. some of the logic
was previously wrong, too, since it had never been tested.
fixed repr() string for Transport/BaseTransport. moved is_authenticated to
Transport where it belongs.
added lots of documentation (but still only about 10% documented). lots of
methods were made private finally.
fix up new paramiko/ folder.
moved SSHException to a new file (ssh_exception.py) and turned paramiko.py
into an __init__.py file. i'm still not entirely sure how this normally
works, so i may have done something wrong, but it's supposed to work the
same as before.
Robey Pointer
Robey Pointer
Robey Pointer