switch Transport.connect() to using a Pkey object for the host key
i suddenly realized that passing "hostkeytype" and "hostkey" as strings to
Transport.connect() was pretty silly since i went to all the effort of making
a class specifically for holding keys. so Transport.connect() now just takes
host-key argument: "hostkey" as a PKey object.
updated the demos to use PKey objects when reading the host key file, and to
use the new "hostkey" argument.
fix test.py to use options instead of env vars, sftp tests default off
fix up the test framework so that the sftp unit tests aren't always run (you
have to ask for them explicitly) and they take their configuration from
command-line options. they still require a remote server.
fix __init__
fix __init__ to export BufferedFile and randpool, and to catch up with the
changes from a week or 2 ago where sftp_attr & friends were split off.
add Message.rewind()
add rewind() method to Message, which just resets the pointer so you can
start reading from the beginning again. this is useful for some tests.
clean up pkey interface
change the pkey interface so that it's no longer possible to have a pkey
that doesn't represent a valid key. (ie: no more "blank" key objects.)
also add "get_bits" and "can_sign" methods to determine the key bit length
and whether it can sign things (contains the "private parts") respectively.
unit tests for Message
spanking new unit tests for Message. i'm trying to fix the embarrassment
of having so little of paramiko testable. next up is Transport!
add sftp.normalize
kevin c. dorff pointed out that it would be nice to expose a way to
determine the server's "current working directory", so this new method
(normalize) directly maps to REALPATH.
move SubsystemHandler to server.py
move SubsystemHandler into server.py where it makes more sense (it's part of
the server interface).
also fix up paramiko's "version string" used in ssh2 negotiation to stop
saying "pyssh" and start saying "paramiko". :)
Message.add() can take many args
a bit of cleanup to Message: add() can now take any number of params, and
will add them all in order (using type guessing).
fix rbuffer -> _rbuffer in 3 places i missed
fix 3 places where "rbuffer" hadn't been converted to "_rbuffer". thanks to
kevin c. dorff for the bug report.
add sftp_client.py
i retardedly forgot to import this file a few days ago: it's the split-out
client mode for sftp. it now also has some changes to adapt it to the
improved SFTPAttributes object API.
clean up SFTPAttributes
add english descriptions to the FX_* error codes of sftp. clean up (and
document) SFTPAttributes since it's exported now, and make it simple to
generate one from a python os.stat object. make "_pythonize" the default --
that is, just use the same field names as python does for os.stat. (i'm not
sure why i didn't do it that way in the first place; probably ignorance.)
also add str() method that converts the SFTPAttributes into a string suitable
for use in ls (used in an obscure way in sftp servers).
note pycrypto 2.0 in README
update the README to note that pycrypto 2.0 works (i just tried it). also
fix the name from pyCrypt back to pycrypto -- that project is having trouble
making up its mind about naming. :)
split sftp into sftp, sftp_client; renamed SFTP -> SFTPClient
add sftp_client file, and split out the common code (sftp) from stuff specific
to client mode (sftp_client). renamed SFTP class to SFTPClient, but left an
alias so old code will still work.
renamed a bunch of sftp constants now that they're better hidden from epydoc.
some framework for adding subsystem handlers in server mode
you can now register a subsystem with a Transport by passing in the name
(like "sftp") and a class (like a hypothetical SFTPServer). the default
ServerInterface.check_channel_request_subsystem now checks this table in
Transport, and if it finds a match, it creates a new thread for the handler
and calls into it. a new class SubsystemHandler is added for this purpose
(to be subclassed).
remove redundant 'auth_complete' member
remove the redundant 'auth_complete' field and just use 'authenticated' for
both client and server mode. this makes the repr() string look correct in
server mode instead of always claiming that the transport is un-auth'd.
clean up server interface; no longer need to subclass Channel
- export AUTH_*, OPEN_FAILED_*, and the new OPEN_SUCCEEDED into the paramiko
namespace instead of making people dig into paramiko.Transport.AUTH_* etc.
- move all of the check_* methods from Channel to ServerInterface so apps
don't need to subclass Channel anymore just to run an ssh server
- ServerInterface.check_channel_request() returns an error code now, not a
new Channel object
- fix demo_server.py to follow all these changes
- fix a bunch of places where i used "string" in docstrings but meant "str"
- added Channel.get_id()
clean up SecurityOptions
the preferences are now tuples in Transport, and passed as tuples out of
SecurityOptions, so that the options can't be modified without setting them
back to the options field again. the algorithm lists in Transport are used
to validate the fields.
added Transport.get_security_options()
just something i wanted to play with:
added Transport.get_security_options() which returns a SecurityOptions object.
this object is a kind of proxy for the 4 "preferred_*" fields in Transport,
and lets me avoid exposing those fields directly in case i change my mind
later about how they should be stored.
added some docs to Channel explaining that the request methods now return
True/False, and fixed up docs in a few other places.
replay patch 63 (missing channel changes)
i'm still getting the hang of tla/arch, obviously.
replay patch 63, which was meant to be part of the later mega-patch, but
apparently when i reversed it, i lost it entirely.
new ServerInterface class, outbound rekey works, etc.
a bunch of changes that i'm too lazy to split out into individual patches:
* all the server overrides from transport.py have been moved into a separate
class ServerInterface, so server code doesn't have to subclass the whole
paramiko library
* updated demo_server to subclass ServerInterface
* when re-keying during a session, block other messages until the new keys
are activated (openssh doensn't like any other traffic during a rekey)
* re-key when outbound limits are tripped too (was only counting inbound
traffic)
* don't log scary things on EOF
add settimeout/gettimeout/setblocking, some bugfixes.
hide the command and response codes in sftp so they aren't exported.
add settimeout/gettimeout/setblocking that just wrap calls to the underlying
socket or channel. fix _read_all to not catch timeout exceptions.
add settimeout/gettimeout/setblocking, some bugfixes.
hide the command and response codes in sftp so they aren't exported.
add settimeout/gettimeout/setblocking that just wrap calls to the underlying
socket or channel. fix _read_all to not catch timeout exceptions.
limit read/write requests to 32KB, advertise 32KB max packet size
one of the unit tests was failing because the openssh sftp server was dropping
the connection without any error. turns out they have a maximum allowed write
size (possibly around 64KB). the sftp rfcs have a small hint that some servers
may drop read/write requests of greater than 32KB.
so, all reads are limited to 32KB, and all writes > 32KB are now chopped up
and sent in 32KB chunks. this seems to keep openssh happy.
also, we now advertise 32KB max packet size instead of 8KB (the speed
improves a lot), and log when we read/write a packet. and sftp files are
flushed on seek.
speed up parts of BufferedFile
BufferedFile uses cStringIO for the write buffer now (i don't actually notice
any speed difference so this might revert later) and the default buffer size
has been upped from 1KB to 8KB.
when scanning for linefeeds (when writing to a line-buffered file), only scan
the newly-written bytes, since we know all the previously buffered data is
linefeed-free. this was the #1 slowdown on the 1MB-file unit test.
also, limit the buffering on line-buffered files to whatever the default
buffer size is. there's no reason to buffer 1MB waiting for a linefeed.
some Channel fixes for max packet size & blocking on zero window
some clean-ups and fixes to channels:
* when send() is blocked on a zero-width window, check that the channel is
still open. this was causing some lockups.
* set a lower bound to the "maximum packet size" we accept from the remote
host. if they tell us anything less than 1KB, assume they meant 1KB. (it's
not reasonable to fragment below that.)
* leave a little padding instead of cutting right up to the maximum packet
size: some space will be taken up by protocol overhead.
* turn off some of the debug log lines unless "ultra_debug" is on (nobody
cares about the feed info)
more unit tests
add a unit test for sending a large (1MB) file with line buffering but no
linefeeds (this triggered several bugs and inefficiencies), and another test
to verify that the write buffer is flushed on seek.
add forward.py demo script; bump to gyarados
add a demo script to show how to do local port forwarding.
add gyarados to all the docs and bump the version number everywhere.
add an sftp unit test for making 100 files
create 100 files on the remote server, set their mode with chmod, then verify
that they're all there and contain the right data. valeriy is reporting that
sometimes he's getting stuck after 20 and though i'm not seeing it, i want to
add a test to try to pin it down.
add direct-tcpip ability to open_channel
open_channel can now be given a dest_addr and src_addr, which are filled in
if the channel type is "forwarded-tcpip" or "direct-tcpip". these channel
types are used in remote & local port forwarding, respectively. i've only
tested "direct-tcpip" but i think if one works, they both should work.
also fixed a bug in connect where it was still assuming the old meaning for
get_remove_server_key() (oops!) and changed the sense of a send() failure
from <= 0 to < 0 since it may be possible for send() to return 0 and it not
be an EOF error.
add note about utf8 encodings
add info to the README about what to do if python complains about missing
encodings. veleriy pogrebitskiy ran into this and had advice.
fix deadlock in closing a channel
closing a channel would enter an odd codepath where the lock was grabbed,
some stuff was done, then another function was called where the lock was
grabbed again. unfortunately python locks aren't monitors so this would
deadlock. instead, make the smaller function lock-free with an explicit
notice that you must be holding the lock before calling.
fix utf8, raise packet size, log exceptions, be more lax with sfp servers
explicitly import utf8 encodings for "freezing" (and also because not all
platforms come with utf8, apparently). raise the max acceptable packet size
to 8kB, cuz 2kB was too low. log exceptions at error level instead of debug
level. and don't reject older sftp servers.
fearow date and last-minute fixes
update release date of fearow to 23apr. fix channel._set_closed() to grab
the lock before notifying the in/out buffers that the channel is closed.
try roger's trick for finding the home folder on windows.