Commit Graph

843 Commits

Author SHA1 Message Date
Robey Pointer 68c8a9b2e6 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-43]
fix encrypted private key files
the random byte padding on private key files' BER data was confusing openssh,
so switch to null-byte padding, which is slightly less secure but works with
crappy old openssh.  also, enforce the mode when writing the private key
file.  we really really want it to be 0600.  (python seems to ignore the
mode normally.)
2004-04-06 22:03:21 +00:00
Robey Pointer 945a41dd3d [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-42]
support py22, more or less
add roger binns' patches for supporting python 2.2.  i hedged a bit on the
logging stuff and just added some trickery to let logging be stubbed out for
python 2.2.  this changed a lot of import statements but i managed to avoid
hacking at any of the existing logging.

socket timeouts are required for the threads to notice when they've been
deactivated.  worked around it by using the 'select' module on py22.

also fixed the sftp unit tests to cope with a password-protected private key.
2004-04-06 08:16:02 +00:00
Robey Pointer ed72847ad1 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-41]
make get_remote_server_key() return a PKey object
a good suggestion from roger binns: make get_remote_server_key() just return
a pkey object instead of a tuple of strings.  all the strings can be extracted
from the pkey object, as well as other potentially useful things.
2004-04-05 22:32:03 +00:00
Robey Pointer c6d5ba9c52 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-40]
add dss key generation too, and fix some bugs
added the ability to generate dss keys and write private dss key files,
similar to rsa.  in the process, fixed a couple of bugs with ber encoding
and writing password-encrypted key files.  the key has to be padded to the
iblock size of the cipher -- it's very difficult to determine how the others
do this, so i just add random bytes to the end.

fixed the simple demo to use Transport's (host, port) constructor for
simplicity, and fixed a bug where the standard demo's DSS login wouldn't
work.

also, move the common logfile setup crap into util so all the demos can just
call that one.
2004-04-05 19:36:40 +00:00
Robey Pointer 70faf02f3e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-39]
add global request mechanism
add transport.global_request() to make a global-style request (usually an
extension to the protocol -- like keepalives) and handle requests from the
remote host.  incoming requests are now handled and responded to correctly,
which should make openssh-style keepalives work.  (before, we would silently
ignore them, which was wrong.)
2004-04-05 10:37:18 +00:00
Robey Pointer c9d301b782 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-38]
add common.py file
missing from previous change because tla doesn't like to add files in some
situations. (frown)
2004-04-05 10:24:33 +00:00
Robey Pointer 01bf5477a0 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-37]
can now generate rsa keys (not dss yet)
added functionality to ber to create ber streams.  added some common methods
to PKey to allow dumping the key to base64 (the format used by openssh for
public key files and host key lists), and a factory for creating a key from
a private key file, and a common way to save private keys.  RSAKey luckily
didn't have to change that much.

also added a factory method to RSAKey to generate a new key.
2004-04-05 10:16:31 +00:00
Robey Pointer 8fafd1aa17 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-36]
add common.py for commonly used constants and globals
common.py now stores the constants and globals.
lots of renaming because of this.
2004-04-05 10:12:59 +00:00
Robey Pointer d757f90ac5 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-35]
add send_ignore
add send_ignore() call to allow for sending garbage ignored packets to the
remote side.
2004-04-02 02:41:43 +00:00
Robey Pointer f8a3a62136 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-34]
fix some arcana in unpacking private keys
"!= type([])" is a pretty obscure way to say it.  let's try "is not list"
which is a lot more readable.

(mostly this is a test to make sure tla is working okay on my laptop.)
2004-03-16 07:33:09 +00:00
Robey Pointer 0ae801447e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-33]
include tests in manifest
include the tests in the manifest for dist, and remove some outdated notes in
NOTES about the exported API (this is doc'd wayyy better in epydoc now).
2004-03-09 01:09:17 +00:00
Robey Pointer 14f2193d39 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-32]
add unit tests
add unit tests for BufferedFile and SFTP (it's a start).  remove the demo sftp
client because it was 99% copied from the other demos, which makes it kinda
confusing.  the unit tests are a much better example.
2004-03-08 17:54:19 +00:00
Robey Pointer 7cd7fced6e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-31]
bump version number to eevee
bump the version number to eevee in a few places and talk about the unit
tests.
2004-03-08 17:52:25 +00:00
Robey Pointer e5193fb23f [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-30]
finish up client sftp support
added 'stat' to SFTPFile and SFTP, documented 'open' and 'listdir', and added
'rmdir', 'lstat', 'symlink', 'chmod', 'chown', 'utime', 'readlink'.

turned off ultra debugging now that the unit tests are all working.
2004-03-08 17:50:49 +00:00
Robey Pointer 9f6bbb6519 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-29]
fix some docs and BufferedFile.readline
fix some documentation and fix readline()'s universal newline support to
always return strings ending with '\n', regardless of how they were in the
original file.  (this is an obvious feature of python's universal newline
support that i somehow missed before.)
2004-03-08 17:45:44 +00:00
Robey Pointer c565d66e39 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-28]
fix lingering thread bug
this bug has been in there forever and i could never figure out a workaround
till now.

when the python interpreter exits, it doesn't necessarily destroy the
remaining objects or call __del__ on anything, and it will lock up until all
threads finish running.  how the threads are supposed to notice the exiting
interpreter has always been sort of a mystery to me.

tonight i figured out how to use the 'atexit' module to register a handler
that runs when the interpreter exits.  now we keep a list of active threads
and ask them all to exit on shutdown.  no more going to another shell to
kill -9 python!  yeah!!
2004-03-08 09:47:47 +00:00
Robey Pointer 3e31771637 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-27]
add BufferedFile abstraction
SFTP client mode is mostly functional.  there are probably still some bugs
but most of the operations on "file" objects have survived my simple tests.

BufferedFile wraps a simpler stream in something that looks like a python
file (and can even handle seeking if the stream underneath supports it).
it's meant to be subclassed.  most of it is ripped out of what used to be
ChannelFile so i can reuse it for sftp -- ChannelFile is now tiny.

SFTP and Message are now exported.

fixed util.format_binary_line to not quote spaces.
2004-03-04 08:21:45 +00:00
Robey Pointer d599570905 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-26]
Transport constructor can take hostname or address tuple
part of an ongoing attempt to make "simple" versions of some of the API calls,
so you can do common-case operations with just a few calls:

Transport's constructor will now let you pass in a string or tuple instead
of a socket-like object.  if you pass in a string, it assumes the string is
a hostname (with optional ":port" segment) and turns that into an address
tuple.  if you pass in a tuple, it assumes it's an address tuple.  in both
cases, it then creates a socket, connects to the given address, and then
continues as if that was the socket passed in.

the idea being that you can call Transport('example.com') and it will do
the right thing.
2004-01-27 02:04:59 +00:00
Robey Pointer 27869f1d7a [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-25]
pkey no longer raises binascii.Error
catch binascii.Error in the private key decoder and convert it into an
SSHException.  there's no reason people should have to care that it was a
decoding error vs. any of the other million things that could be wrong in
a corrupt key file.
2004-01-27 02:00:19 +00:00
Robey Pointer ea8c1378e8 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-24]
document more of Message; add get_int64
all of the get_* methods are now documented, but there's a bit more to do.
get_int64 added for eventual sftp support.
2004-01-27 01:45:44 +00:00
Robey Pointer 35ed103572 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-23]
quick doc fix.
fix broken cross-link in kex_gex docs.
2004-01-04 10:33:05 +00:00
Robey Pointer 02322f6621 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-22]
fix MANIFEST.in, change version numbers to 0.9-doduo, fix LPGL notices
fixed MANIFEST.in to include the demo scripts, LICENSE, and ChangeLog.
upped everything to version 0.9-doduo.

fixed the copyright notice, and added the LGPL banner to the top of every
python file.
2004-01-04 10:26:00 +00:00
Robey Pointer 5470b26a83 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-21]
MANIFEST -> MANIFEST.in, fix setup.py.
out with MANIFEST, in with MANIFEST.in.
2004-01-04 10:07:35 +00:00
Robey Pointer 988c6abda0 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-20]
more docs, and password-protected key files can now be read
lots more documentation, some of it moved out of the README file, which is
now much smaller and less rambling.

repr(Transport) now reports the number of bits used in the cipher.

cleaned up BER to use util functions, and throw a proper exception (the new
BERException) on error.  it doesn't ever have to be a full BER decoder, but
it can at least comb its hair and tuck in its shirt.

lots of stuff added to PKey.read_private_key_file so it can try to decode
password-protected key files.  right now it only understands "DES-EDE3-CBC"
format, but this is the only format i've seen openssh make so far.  if the
key is password-protected, but no password was given, a new exception
(PasswordRequiredException) is raised so an outer layer can ask for a password
and try again.
2004-01-04 09:29:13 +00:00
Robey Pointer 3a8887a420 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-19]
renamed auth_key -> auth_publickey; more docs.
renamed Transport.auth_key to auth_publickey for consistency.  and lots more
documentation.
2003-12-31 06:31:43 +00:00
Robey Pointer daa8a2ec0d [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-18]
added public-key support to server mode, more docs
added public-key support to server mode (it can now verify a client signature)
and added a demo of that to the demo_server.py script (user_rsa_key).  in the
process, cleaned up the API of PKey so that now it only has to know about
signing and verifying ssh2 blobs, and can be hashed and compared with other
keys (comparing & hashing only the public parts of the key).  keys can also
be created from strings now too.

some more documentation and hiding private methods.
2003-12-30 22:24:21 +00:00
Robey Pointer 48c7d888a2 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-17]
lots more documentation, and added Transport.connect()
renamed demo_host_key to demo_rsa_key.  moved changelog to a separate file,
and indicated that future changelog entries should be fetched from tla.
tried to clean up "__all__" in a way that makes epydoc still work.

added lots more documentation, and renamed many methods and vars to hide
them as private non-exported API.

Transport's ModulusPack is now a static member, so it only has to be loaded
once, and can then be used by any future Transport object.

added Transport.connect(), which tries to wrap all the SSH2 negotiation and
authentication into one method.  you should be able to create a Transport,
call connect(), and then create channels.
2003-12-30 07:18:20 +00:00
Robey Pointer 36d6d95dc6 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-16]
hook up server-side kex-gex; add more documentation
group-exchange kex should work now on the server side.  it will only be
advertised if a "moduli" file has been loaded (see the -gasp- docs) so we
don't spend hours (literally. hours.) computing primes.  some of the logic
was previously wrong, too, since it had never been tested.

fixed repr() string for Transport/BaseTransport.  moved is_authenticated to
Transport where it belongs.

added lots of documentation (but still only about 10% documented).  lots of
methods were made private finally.
2003-12-28 03:20:42 +00:00
Robey Pointer eb4c279ec4 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-15]
fix up new paramiko/ folder.
moved SSHException to a new file (ssh_exception.py) and turned paramiko.py
into an __init__.py file.  i'm still not entirely sure how this normally
works, so i may have done something wrong, but it's supposed to work the
same as before.
2003-12-27 02:03:44 +00:00
Robey Pointer 877cd974b8 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-14]
move the paramiko files into a paramiko/ folder.
just moving the files into a folder.  it won't build this way yet.
2003-12-27 01:49:19 +00:00
Robey Pointer f6e1e84d60 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-13]
fix a deadlock/race in handle_eof & close
(patch from fred gansevles)
add locking around the eof handler and the close() call, so we can't be in
both simultaneously.
2003-12-24 22:09:43 +00:00
Robey Pointer 02319afd5a [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-12]
fix dss key signing
(expanded on a patch from fred gansevles)
add a demo dss key for server mode, and fix some bugs that had caused the dss
signing stuff to never work before.  the demo_server is a bit more verbose
now, too.  both key types (RSAKey & DSSKey) now have a function to return the
fingerprint of the key, and both versions of read_private_key_file() now raise
exceptions on failure, instead of just silently setting "valid" to false.
2003-12-24 20:49:38 +00:00
Robey Pointer e7715095b6 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-11]
in server mode, don't offer keys we don't have
(from Paolo Losi) in server mode, when advertising which key methods we
support, don't list methods that we don't have any existing keys for.
2003-12-23 06:44:56 +00:00
Robey Pointer 11815d4d83 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-9]
rename secsh -> paramiko
also, rename SecshException back to SSHException.  sigh. :)
2003-11-10 08:49:50 +00:00
Robey Pointer 2ff9f46751 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-8]
doc changes
2003-11-10 06:52:35 +00:00
Robey Pointer aad7b859f1 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-7]
cleaned up server code, renamed some files & classes
renamed demo-server.py and demo-host-key to demo_server.py and
demo_host_key, just to be consistent.

renamed SSHException -> SecshException.

generalized the mechanism where Channel decides whether to allow
different channel requests: 4 of the main ones (pty, window-change,
shell, and subsystem) go through easily override-able methods now.
you could probably make an actual ssh shell server.

gave ChannelFile a repr().

turned off ultra debugging in the demos.  demo_server creates a
subclass of Channel to allow pty/shell and sets an event when the
shell request is made, so that it knows when it can start sending
the fake bbs.

renamed to charmander and updated some of the distutils files.
2003-11-10 04:54:02 +00:00
Robey Pointer 0e1ef2c65c [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-6]
notes about the exported api
just wrote some quick notes (for a few of the classes) about which
methods are intended to be the exported API.  python has no decent
way of distinguishing private vs public.
2003-11-09 21:16:35 +00:00
Robey Pointer 5a48714394 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-5]
big chunk of work which makes server code 95% done
fixed auth check methods to return just a result (failed, succeeded,
partially succeeded) and always use get_allowed_auths to determine the
list of allowed auth methods to return.

channel's internal API changed a bit to allow for client-side vs.
server-side channels.  we now honor the "want-reply" bit from channel
requests.  in server mode (for now), we automatically allow pty-req
and shell requests without doing anything.

ChannelFile was fixed up a bit to support universal newlines.  readline
got rewritten: the old way used the "greedy" read call from ChannelFile,
which won't work if the socket doesn't have that much data buffered and
ready.  now it uses recv directly, and tracks the different newlines.

demo-server.py now answers to a single shell request (like a CLI ssh
tool will make) and does a very simple demo pretending to be a BBS.

transport: fixed a bug with parsing the remote side's banner.  channel
requests are passed to another method in server mode, to determine if
we should allow it.  new allowed channels are added to an accept queue,
and a new method 'accept' (with timeout) will block until the next
incoming channel is ready.
2003-11-09 21:14:21 +00:00
Robey Pointer 79fecc4564 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-4]
change kex-gex server code to generate primes by hand
added a util function "generate_prime" to compare to the incredibly slow C
version, but it's no faster of course.  i think kex-gex from the server is
just not going to be feasible without having a separate thread generate some
primes in the background to have handy when a request comes in.  so in short,
this still doesn't work.

also i put bit_length into util and a tb_strings function which gets stack
traceback info and splits it into a list of strings.
2003-11-09 20:59:51 +00:00
Robey Pointer 7d4d90a8c5 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-3]
remove some leftover garbage from dsskey
leftover from a cut & paste i was doing a few days ago.  bad robey.
2003-11-07 10:36:42 +00:00
Robey Pointer 14d7a745a7 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-2]
add a demo host key and point demo-server at it.
also, temporarily comment out the nonfunctional kex-gex method.
2003-11-06 07:34:27 +00:00
Robey Pointer 3b9901a602 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-1]
no changes
why aren't my log messages kept?
2003-11-04 08:50:22 +00:00
Robey Pointer 51607386c7 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--base-0]
initial import

(automatically generated log message)
2003-11-04 08:34:24 +00:00