Commit Graph

668 Commits

Author SHA1 Message Date
Robey Pointer aebe186c3e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-68]
added Transport.get_security_options()
just something i wanted to play with:
added Transport.get_security_options() which returns a SecurityOptions object.
this object is a kind of proxy for the 4 "preferred_*" fields in Transport,
and lets me avoid exposing those fields directly in case i change my mind
later about how they should be stored.

added some docs to Channel explaining that the request methods now return
True/False, and fixed up docs in a few other places.
2004-08-30 20:22:10 +00:00
Robey Pointer 5598a8f88f [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-67]
replay patch 63 (missing channel changes)
i'm still getting the hang of tla/arch, obviously.

replay patch 63, which was meant to be part of the later mega-patch, but
apparently when i reversed it, i lost it entirely.
2004-08-28 04:21:12 +00:00
Robey Pointer c86c4f3949 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-66]
new ServerInterface class, outbound rekey works, etc.
a bunch of changes that i'm too lazy to split out into individual patches:
* all the server overrides from transport.py have been moved into a separate
  class ServerInterface, so server code doesn't have to subclass the whole
  paramiko library
* updated demo_server to subclass ServerInterface
* when re-keying during a session, block other messages until the new keys
  are activated (openssh doensn't like any other traffic during a rekey)
* re-key when outbound limits are tripped too (was only counting inbound
  traffic)
* don't log scary things on EOF
2004-08-27 00:57:40 +00:00
Robey Pointer 34d975b972 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-65]
add settimeout/gettimeout/setblocking, some bugfixes.
hide the command and response codes in sftp so they aren't exported.
add settimeout/gettimeout/setblocking that just wrap calls to the underlying
socket or channel.  fix _read_all to not catch timeout exceptions.
2004-08-27 00:28:33 +00:00
Robey Pointer 32afce8d49 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-64]
reverse messed-up patch
Patches applied:

 * robey@lag.net--2003-public/secsh--dev--1.0--base-0
   initial import

 * robey@lag.net--2003-public/secsh--dev--1.0--patch-1
   no changes
2004-08-27 00:26:35 +00:00
Robey Pointer 3eb52a18ab [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-63]
add settimeout/gettimeout/setblocking, some bugfixes.
hide the command and response codes in sftp so they aren't exported.
add settimeout/gettimeout/setblocking that just wrap calls to the underlying
socket or channel.  fix _read_all to not catch timeout exceptions.
2004-08-27 00:06:42 +00:00
Robey Pointer c6a61c2a01 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-62]
version -> horsea
up version to horsea.
2004-06-27 20:14:15 +00:00
Robey Pointer 690a05fff8 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-61]
no more Foobar
fix "Foobar" to be "Paramiko" in the one place i missed it in all the gpl
headers.  sigh. :)
2004-06-10 18:12:00 +00:00
Robey Pointer 146417c56c [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-60]
limit read/write requests to 32KB, advertise 32KB max packet size
one of the unit tests was failing because the openssh sftp server was dropping
the connection without any error.  turns out they have a maximum allowed write
size (possibly around 64KB).  the sftp rfcs have a small hint that some servers
may drop read/write requests of greater than 32KB.

so, all reads are limited to 32KB, and all writes > 32KB are now chopped up
and sent in 32KB chunks.  this seems to keep openssh happy.

also, we now advertise 32KB max packet size instead of 8KB (the speed
improves a lot), and log when we read/write a packet.  and sftp files are
flushed on seek.
2004-06-10 18:08:50 +00:00
Robey Pointer f0ba3c482e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-59]
speed up parts of BufferedFile
BufferedFile uses cStringIO for the write buffer now (i don't actually notice
any speed difference so this might revert later) and the default buffer size
has been upped from 1KB to 8KB.

when scanning for linefeeds (when writing to a line-buffered file), only scan
the newly-written bytes, since we know all the previously buffered data is
linefeed-free.  this was the #1 slowdown on the 1MB-file unit test.

also, limit the buffering on line-buffered files to whatever the default
buffer size is.  there's no reason to buffer 1MB waiting for a linefeed.
2004-06-10 18:02:13 +00:00
Robey Pointer cba104ce3f [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-58]
some Channel fixes for max packet size & blocking on zero window
some clean-ups and fixes to channels:
* when send() is blocked on a zero-width window, check that the channel is
  still open.  this was causing some lockups.
* set a lower bound to the "maximum packet size" we accept from the remote
  host.  if they tell us anything less than 1KB, assume they meant 1KB.  (it's
  not reasonable to fragment below that.)
* leave a little padding instead of cutting right up to the maximum packet
  size: some space will be taken up by protocol overhead.
* turn off some of the debug log lines unless "ultra_debug" is on (nobody
  cares about the feed info)
2004-06-10 17:55:17 +00:00
Robey Pointer 1144a5d3d9 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-57]
more unit tests
add a unit test for sending a large (1MB) file with line buffering but no
linefeeds (this triggered several bugs and inefficiencies), and another test
to verify that the write buffer is flushed on seek.
2004-06-10 17:35:30 +00:00
Robey Pointer 9baa2b361e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-56]
add forward.py demo script; bump to gyarados
add a demo script to show how to do local port forwarding.

add gyarados to all the docs and bump the version number everywhere.
2004-05-31 23:48:10 +00:00
Robey Pointer 4d30633457 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-55]
add an sftp unit test for making 100 files
create 100 files on the remote server, set their mode with chmod, then verify
that they're all there and contain the right data.  valeriy is reporting that
sometimes he's getting stuck after 20 and though i'm not seeing it, i want to
add a test to try to pin it down.
2004-05-29 18:58:11 +00:00
Robey Pointer af8cfeced9 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-54]
add direct-tcpip ability to open_channel
open_channel can now be given a dest_addr and src_addr, which are filled in
if the channel type is "forwarded-tcpip" or "direct-tcpip".  these channel
types are used in remote & local port forwarding, respectively.  i've only
tested "direct-tcpip" but i think if one works, they both should work.

also fixed a bug in connect where it was still assuming the old meaning for
get_remove_server_key() (oops!) and changed the sense of a send() failure
from <= 0 to < 0 since it may be possible for send() to return 0 and it not
be an EOF error.
2004-05-29 18:56:10 +00:00
Robey Pointer 6ea60572af [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-53]
add note about utf8 encodings
add info to the README about what to do if python complains about missing
encodings.  veleriy pogrebitskiy ran into this and had advice.
2004-05-29 18:48:23 +00:00
Robey Pointer ed77581d7a [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-52]
fix deadlock in closing a channel
closing a channel would enter an odd codepath where the lock was grabbed,
some stuff was done, then another function was called where the lock was
grabbed again.  unfortunately python locks aren't monitors so this would
deadlock.  instead, make the smaller function lock-free with an explicit
notice that you must be holding the lock before calling.
2004-05-17 07:41:50 +00:00
Robey Pointer 36a867a017 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-51]
fix utf8, raise packet size, log exceptions, be more lax with sfp servers
explicitly import utf8 encodings for "freezing" (and also because not all
platforms come with utf8, apparently).  raise the max acceptable packet size
to 8kB, cuz 2kB was too low.  log exceptions at error level instead of debug
level.  and don't reject older sftp servers.
2004-05-17 00:43:43 +00:00
Robey Pointer 4d774d62a5 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-50]
fearow date and last-minute fixes
update release date of fearow to 23apr.  fix channel._set_closed() to grab
the lock before notifying the in/out buffers that the channel is closed.
try roger's trick for finding the home folder on windows.
2004-04-23 22:55:16 +00:00
Robey Pointer 2feddf8ef7 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-49]
fix doc typos
2004-04-08 06:31:08 +00:00
Robey Pointer 11799765e2 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-48]
set version number to fearow
set version number to fearow.
2004-04-08 05:48:16 +00:00
Robey Pointer 7a3323118e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-47]
add socket.timeout for py22
oops, forgot this vital part of the py22 patches.  roger binns sent me a
code patch that included this snip.
2004-04-08 05:12:20 +00:00
Robey Pointer 5691415af1 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-46]
README update notes
added notes on what's new, what to watch out for in py22.  added a "since:
fearow" to all the relevant API calls that are new.
2004-04-07 16:05:48 +00:00
Robey Pointer 17acfb5d28 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-45]
add set_keepalive()
add set_keepalive() to set an automatic keepalive mechanism.  (while waiting
for a packet on a connection, we periodically check if it's time to send a
keepalive packet.)
2004-04-07 15:52:07 +00:00
Robey Pointer 1af6360007 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-44]
add get_username() method for remembering who you auth'd as
add get_username() method for remembering who you auth'd as.  also, fix these
bugs:
* "continue" auth response counted as a failure (in server mode).
* try to import 'logging' in py22 before falling back to the fake logger,
  in case they have a backported version of 'logger'
* raise the right exception when told to read a private key from a file that
  isn't a private key file
* tell channels to close when the transport dies
2004-04-07 06:07:29 +00:00
Robey Pointer 68c8a9b2e6 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-43]
fix encrypted private key files
the random byte padding on private key files' BER data was confusing openssh,
so switch to null-byte padding, which is slightly less secure but works with
crappy old openssh.  also, enforce the mode when writing the private key
file.  we really really want it to be 0600.  (python seems to ignore the
mode normally.)
2004-04-06 22:03:21 +00:00
Robey Pointer 945a41dd3d [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-42]
support py22, more or less
add roger binns' patches for supporting python 2.2.  i hedged a bit on the
logging stuff and just added some trickery to let logging be stubbed out for
python 2.2.  this changed a lot of import statements but i managed to avoid
hacking at any of the existing logging.

socket timeouts are required for the threads to notice when they've been
deactivated.  worked around it by using the 'select' module on py22.

also fixed the sftp unit tests to cope with a password-protected private key.
2004-04-06 08:16:02 +00:00
Robey Pointer ed72847ad1 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-41]
make get_remote_server_key() return a PKey object
a good suggestion from roger binns: make get_remote_server_key() just return
a pkey object instead of a tuple of strings.  all the strings can be extracted
from the pkey object, as well as other potentially useful things.
2004-04-05 22:32:03 +00:00
Robey Pointer c6d5ba9c52 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-40]
add dss key generation too, and fix some bugs
added the ability to generate dss keys and write private dss key files,
similar to rsa.  in the process, fixed a couple of bugs with ber encoding
and writing password-encrypted key files.  the key has to be padded to the
iblock size of the cipher -- it's very difficult to determine how the others
do this, so i just add random bytes to the end.

fixed the simple demo to use Transport's (host, port) constructor for
simplicity, and fixed a bug where the standard demo's DSS login wouldn't
work.

also, move the common logfile setup crap into util so all the demos can just
call that one.
2004-04-05 19:36:40 +00:00
Robey Pointer 70faf02f3e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-39]
add global request mechanism
add transport.global_request() to make a global-style request (usually an
extension to the protocol -- like keepalives) and handle requests from the
remote host.  incoming requests are now handled and responded to correctly,
which should make openssh-style keepalives work.  (before, we would silently
ignore them, which was wrong.)
2004-04-05 10:37:18 +00:00
Robey Pointer c9d301b782 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-38]
add common.py file
missing from previous change because tla doesn't like to add files in some
situations. (frown)
2004-04-05 10:24:33 +00:00
Robey Pointer 01bf5477a0 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-37]
can now generate rsa keys (not dss yet)
added functionality to ber to create ber streams.  added some common methods
to PKey to allow dumping the key to base64 (the format used by openssh for
public key files and host key lists), and a factory for creating a key from
a private key file, and a common way to save private keys.  RSAKey luckily
didn't have to change that much.

also added a factory method to RSAKey to generate a new key.
2004-04-05 10:16:31 +00:00
Robey Pointer 8fafd1aa17 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-36]
add common.py for commonly used constants and globals
common.py now stores the constants and globals.
lots of renaming because of this.
2004-04-05 10:12:59 +00:00
Robey Pointer d757f90ac5 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-35]
add send_ignore
add send_ignore() call to allow for sending garbage ignored packets to the
remote side.
2004-04-02 02:41:43 +00:00
Robey Pointer f8a3a62136 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-34]
fix some arcana in unpacking private keys
"!= type([])" is a pretty obscure way to say it.  let's try "is not list"
which is a lot more readable.

(mostly this is a test to make sure tla is working okay on my laptop.)
2004-03-16 07:33:09 +00:00
Robey Pointer 0ae801447e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-33]
include tests in manifest
include the tests in the manifest for dist, and remove some outdated notes in
NOTES about the exported API (this is doc'd wayyy better in epydoc now).
2004-03-09 01:09:17 +00:00
Robey Pointer 14f2193d39 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-32]
add unit tests
add unit tests for BufferedFile and SFTP (it's a start).  remove the demo sftp
client because it was 99% copied from the other demos, which makes it kinda
confusing.  the unit tests are a much better example.
2004-03-08 17:54:19 +00:00
Robey Pointer 7cd7fced6e [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-31]
bump version number to eevee
bump the version number to eevee in a few places and talk about the unit
tests.
2004-03-08 17:52:25 +00:00
Robey Pointer e5193fb23f [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-30]
finish up client sftp support
added 'stat' to SFTPFile and SFTP, documented 'open' and 'listdir', and added
'rmdir', 'lstat', 'symlink', 'chmod', 'chown', 'utime', 'readlink'.

turned off ultra debugging now that the unit tests are all working.
2004-03-08 17:50:49 +00:00
Robey Pointer 9f6bbb6519 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-29]
fix some docs and BufferedFile.readline
fix some documentation and fix readline()'s universal newline support to
always return strings ending with '\n', regardless of how they were in the
original file.  (this is an obvious feature of python's universal newline
support that i somehow missed before.)
2004-03-08 17:45:44 +00:00
Robey Pointer c565d66e39 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-28]
fix lingering thread bug
this bug has been in there forever and i could never figure out a workaround
till now.

when the python interpreter exits, it doesn't necessarily destroy the
remaining objects or call __del__ on anything, and it will lock up until all
threads finish running.  how the threads are supposed to notice the exiting
interpreter has always been sort of a mystery to me.

tonight i figured out how to use the 'atexit' module to register a handler
that runs when the interpreter exits.  now we keep a list of active threads
and ask them all to exit on shutdown.  no more going to another shell to
kill -9 python!  yeah!!
2004-03-08 09:47:47 +00:00
Robey Pointer 3e31771637 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-27]
add BufferedFile abstraction
SFTP client mode is mostly functional.  there are probably still some bugs
but most of the operations on "file" objects have survived my simple tests.

BufferedFile wraps a simpler stream in something that looks like a python
file (and can even handle seeking if the stream underneath supports it).
it's meant to be subclassed.  most of it is ripped out of what used to be
ChannelFile so i can reuse it for sftp -- ChannelFile is now tiny.

SFTP and Message are now exported.

fixed util.format_binary_line to not quote spaces.
2004-03-04 08:21:45 +00:00
Robey Pointer d599570905 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-26]
Transport constructor can take hostname or address tuple
part of an ongoing attempt to make "simple" versions of some of the API calls,
so you can do common-case operations with just a few calls:

Transport's constructor will now let you pass in a string or tuple instead
of a socket-like object.  if you pass in a string, it assumes the string is
a hostname (with optional ":port" segment) and turns that into an address
tuple.  if you pass in a tuple, it assumes it's an address tuple.  in both
cases, it then creates a socket, connects to the given address, and then
continues as if that was the socket passed in.

the idea being that you can call Transport('example.com') and it will do
the right thing.
2004-01-27 02:04:59 +00:00
Robey Pointer 27869f1d7a [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-25]
pkey no longer raises binascii.Error
catch binascii.Error in the private key decoder and convert it into an
SSHException.  there's no reason people should have to care that it was a
decoding error vs. any of the other million things that could be wrong in
a corrupt key file.
2004-01-27 02:00:19 +00:00
Robey Pointer ea8c1378e8 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-24]
document more of Message; add get_int64
all of the get_* methods are now documented, but there's a bit more to do.
get_int64 added for eventual sftp support.
2004-01-27 01:45:44 +00:00
Robey Pointer 35ed103572 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-23]
quick doc fix.
fix broken cross-link in kex_gex docs.
2004-01-04 10:33:05 +00:00
Robey Pointer 02322f6621 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-22]
fix MANIFEST.in, change version numbers to 0.9-doduo, fix LPGL notices
fixed MANIFEST.in to include the demo scripts, LICENSE, and ChangeLog.
upped everything to version 0.9-doduo.

fixed the copyright notice, and added the LGPL banner to the top of every
python file.
2004-01-04 10:26:00 +00:00
Robey Pointer 5470b26a83 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-21]
MANIFEST -> MANIFEST.in, fix setup.py.
out with MANIFEST, in with MANIFEST.in.
2004-01-04 10:07:35 +00:00
Robey Pointer 988c6abda0 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-20]
more docs, and password-protected key files can now be read
lots more documentation, some of it moved out of the README file, which is
now much smaller and less rambling.

repr(Transport) now reports the number of bits used in the cipher.

cleaned up BER to use util functions, and throw a proper exception (the new
BERException) on error.  it doesn't ever have to be a full BER decoder, but
it can at least comb its hair and tuck in its shirt.

lots of stuff added to PKey.read_private_key_file so it can try to decode
password-protected key files.  right now it only understands "DES-EDE3-CBC"
format, but this is the only format i've seen openssh make so far.  if the
key is password-protected, but no password was given, a new exception
(PasswordRequiredException) is raised so an outer layer can ask for a password
and try again.
2004-01-04 09:29:13 +00:00
Robey Pointer 3a8887a420 [project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-19]
renamed auth_key -> auth_publickey; more docs.
renamed Transport.auth_key to auth_publickey for consistency.  and lots more
documentation.
2003-12-31 06:31:43 +00:00