You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2012/07/10 03:31:07 UTC
[10/18] git commit: [Defect / Enhancement / New Feature] CS-15281 :
Removal of third party dependencies in Citrix code base
[Defect / Enhancement / New Feature] CS-15281 : Removal of third party dependencies in Citrix code base
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/32fef61a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/32fef61a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/32fef61a
Branch: refs/heads/vpc
Commit: 32fef61ac2bf9b3e8e4342cda9f1383b4fbda77b
Parents: 54203f0
Author: Pradeep Soundararajan <pr...@citrix.com>
Authored: Fri Jul 6 17:28:29 2012 -0400
Committer: David Nalley <da...@gnsa.us>
Committed: Fri Jul 6 17:28:29 2012 -0400
----------------------------------------------------------------------
tools/migration/paramiko/__init__.py | 138 --
tools/migration/paramiko/agent.py | 148 --
tools/migration/paramiko/auth_handler.py | 423 -----
tools/migration/paramiko/ber.py | 126 --
tools/migration/paramiko/buffered_pipe.py | 197 ---
tools/migration/paramiko/channel.py | 1231 --------------
tools/migration/paramiko/client.py | 483 ------
tools/migration/paramiko/common.py | 122 --
tools/migration/paramiko/compress.py | 36 -
tools/migration/paramiko/config.py | 107 --
tools/migration/paramiko/dsskey.py | 194 ---
tools/migration/paramiko/file.py | 453 -----
tools/migration/paramiko/hostkeys.py | 313 ----
tools/migration/paramiko/kex_gex.py | 241 ---
tools/migration/paramiko/kex_group1.py | 133 --
tools/migration/paramiko/logging22.py | 63 -
tools/migration/paramiko/message.py | 298 ----
tools/migration/paramiko/packet.py | 485 ------
tools/migration/paramiko/pipe.py | 144 --
tools/migration/paramiko/pkey.py | 377 -----
tools/migration/paramiko/primes.py | 148 --
tools/migration/paramiko/resource.py | 69 -
tools/migration/paramiko/rng.py | 105 --
tools/migration/paramiko/rng_posix.py | 93 --
tools/migration/paramiko/rng_win32.py | 117 --
tools/migration/paramiko/rsakey.py | 183 --
tools/migration/paramiko/server.py | 629 -------
tools/migration/paramiko/sftp.py | 185 ---
tools/migration/paramiko/sftp_attr.py | 220 ---
tools/migration/paramiko/sftp_client.py | 723 --------
tools/migration/paramiko/sftp_file.py | 473 ------
tools/migration/paramiko/sftp_handle.py | 199 ---
tools/migration/paramiko/sftp_server.py | 441 -----
tools/migration/paramiko/sftp_si.py | 307 ----
tools/migration/paramiko/ssh_exception.py | 112 --
tools/migration/paramiko/transport.py | 2096 ------------------------
tools/migration/paramiko/util.py | 299 ----
tools/migration/paramiko/win_pageant.py | 143 --
38 files changed, 0 insertions(+), 12254 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/32fef61a/tools/migration/paramiko/__init__.py
----------------------------------------------------------------------
diff --git a/tools/migration/paramiko/__init__.py b/tools/migration/paramiko/__init__.py
deleted file mode 100644
index f560cc3..0000000
--- a/tools/migration/paramiko/__init__.py
+++ /dev/null
@@ -1,138 +0,0 @@
-# Copyright (C) 2003-2009 Robey Pointer <ro...@gmail.com>
-# Copyright 2012 Citrix Systems, Inc. Licensed under the
-# Apache License, Version 2.0 (the "License"); you may not use this
-# file except in compliance with the License. Citrix Systems, Inc.
-# reserves all rights not expressly granted by the License.
-# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Automatically generated by addcopyright.py at 04/03/2012
-# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
-
-"""
-I{Paramiko} (a combination of the esperanto words for "paranoid" and "friend")
-is a module for python 2.3 or greater that implements the SSH2 protocol for
-secure (encrypted and authenticated) connections to remote machines. Unlike
-SSL (aka TLS), the SSH2 protocol does not require heirarchical certificates
-signed by a powerful central authority. You may know SSH2 as the protocol that
-replaced C{telnet} and C{rsh} for secure access to remote shells, but the
-protocol also includes the ability to open arbitrary channels to remote
-services across an encrypted tunnel. (This is how C{sftp} works, for example.)
-
-The high-level client API starts with creation of an L{SSHClient} object.
-For more direct control, pass a socket (or socket-like object) to a
-L{Transport}, and use L{start_server <Transport.start_server>} or
-L{start_client <Transport.start_client>} to negoatite
-with the remote host as either a server or client. As a client, you are
-responsible for authenticating using a password or private key, and checking
-the server's host key. I{(Key signature and verification is done by paramiko,
-but you will need to provide private keys and check that the content of a
-public key matches what you expected to see.)} As a server, you are
-responsible for deciding which users, passwords, and keys to allow, and what
-kind of channels to allow.
-
-Once you have finished, either side may request flow-controlled L{Channel}s to
-the other side, which are python objects that act like sockets, but send and
-receive data over the encrypted session.
-
-Paramiko is written entirely in python (no C or platform-dependent code) and is
-released under the GNU Lesser General Public License (LGPL).
-
-Website: U{http://www.lag.net/paramiko/}
-
-@version: 1.7.6 (Fanny)
-@author: Robey Pointer
-@contact: robeypointer@gmail.com
-@license: GNU Lesser General Public License (LGPL)
-"""
-
-import sys
-
-if sys.version_info < (2, 2):
- raise RuntimeError('You need python 2.2 for this module.')
-
-
-__author__ = "Robey Pointer <ro...@gmail.com>"
-__date__ = "1 Nov 2009"
-__version__ = "1.7.6 (Fanny)"
-__version_info__ = (1, 7, 6)
-__license__ = "GNU Lesser General Public License (LGPL)"
-
-
-from transport import randpool, SecurityOptions, Transport
-from client import SSHClient, MissingHostKeyPolicy, AutoAddPolicy, RejectPolicy, WarningPolicy
-from auth_handler import AuthHandler
-from channel import Channel, ChannelFile
-from ssh_exception import SSHException, PasswordRequiredException, \
- BadAuthenticationType, ChannelException, BadHostKeyException, \
- AuthenticationException
-from server import ServerInterface, SubsystemHandler, InteractiveQuery
-from rsakey import RSAKey
-from dsskey import DSSKey
-from sftp import SFTPError, BaseSFTP
-from sftp_client import SFTP, SFTPClient
-from sftp_server import SFTPServer
-from sftp_attr import SFTPAttributes
-from sftp_handle import SFTPHandle
-from sftp_si import SFTPServerInterface
-from sftp_file import SFTPFile
-from message import Message
-from packet import Packetizer
-from file import BufferedFile
-from agent import Agent, AgentKey
-from pkey import PKey
-from hostkeys import HostKeys
-from config import SSHConfig
-
-# fix module names for epydoc
-for c in locals().values():
- if issubclass(type(c), type) or type(c).__name__ == 'classobj':
- # classobj for exceptions :/
- c.__module__ = __name__
-del c
-
-from common import AUTH_SUCCESSFUL, AUTH_PARTIALLY_SUCCESSFUL, AUTH_FAILED, \
- OPEN_SUCCEEDED, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED, OPEN_FAILED_CONNECT_FAILED, \
- OPEN_FAILED_UNKNOWN_CHANNEL_TYPE, OPEN_FAILED_RESOURCE_SHORTAGE
-
-from sftp import SFTP_OK, SFTP_EOF, SFTP_NO_SUCH_FILE, SFTP_PERMISSION_DENIED, SFTP_FAILURE, \
- SFTP_BAD_MESSAGE, SFTP_NO_CONNECTION, SFTP_CONNECTION_LOST, SFTP_OP_UNSUPPORTED
-
-__all__ = [ 'Transport',
- 'SSHClient',
- 'MissingHostKeyPolicy',
- 'AutoAddPolicy',
- 'RejectPolicy',
- 'WarningPolicy',
- 'SecurityOptions',
- 'SubsystemHandler',
- 'Channel',
- 'PKey',
- 'RSAKey',
- 'DSSKey',
- 'Message',
- 'SSHException',
- 'AuthenticationException',
- 'PasswordRequiredException',
- 'BadAuthenticationType',
- 'ChannelException',
- 'BadHostKeyException',
- 'SFTP',
- 'SFTPFile',
- 'SFTPHandle',
- 'SFTPClient',
- 'SFTPServer',
- 'SFTPError',
- 'SFTPAttributes',
- 'SFTPServerInterface',
- 'ServerInterface',
- 'BufferedFile',
- 'Agent',
- 'AgentKey',
- 'HostKeys',
- 'SSHConfig',
- 'util' ]
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/32fef61a/tools/migration/paramiko/agent.py
----------------------------------------------------------------------
diff --git a/tools/migration/paramiko/agent.py b/tools/migration/paramiko/agent.py
deleted file mode 100644
index d953d39..0000000
--- a/tools/migration/paramiko/agent.py
+++ /dev/null
@@ -1,148 +0,0 @@
-# Copyright (C) 2003-2007 John Rochester <jo...@jrochester.org>
-# Copyright 2012 Citrix Systems, Inc. Licensed under the
-# Apache License, Version 2.0 (the "License"); you may not use this
-# file except in compliance with the License. Citrix Systems, Inc.
-# reserves all rights not expressly granted by the License.
-# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Automatically generated by addcopyright.py at 04/03/2012
-# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
-
-"""
-SSH Agent interface for Unix clients.
-"""
-
-import os
-import socket
-import struct
-import sys
-
-from paramiko.ssh_exception import SSHException
-from paramiko.message import Message
-from paramiko.pkey import PKey
-
-
-SSH2_AGENTC_REQUEST_IDENTITIES, SSH2_AGENT_IDENTITIES_ANSWER, \
- SSH2_AGENTC_SIGN_REQUEST, SSH2_AGENT_SIGN_RESPONSE = range(11, 15)
-
-
-class Agent:
- """
- Client interface for using private keys from an SSH agent running on the
- local machine. If an SSH agent is running, this class can be used to
- connect to it and retreive L{PKey} objects which can be used when
- attempting to authenticate to remote SSH servers.
-
- Because the SSH agent protocol uses environment variables and unix-domain
- sockets, this probably doesn't work on Windows. It does work on most
- posix platforms though (Linux and MacOS X, for example).
- """
-
- def __init__(self):
- """
- Open a session with the local machine's SSH agent, if one is running.
- If no agent is running, initialization will succeed, but L{get_keys}
- will return an empty tuple.
-
- @raise SSHException: if an SSH agent is found, but speaks an
- incompatible protocol
- """
- self.keys = ()
- if ('SSH_AUTH_SOCK' in os.environ) and (sys.platform != 'win32'):
- conn = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
- try:
- conn.connect(os.environ['SSH_AUTH_SOCK'])
- except:
- # probably a dangling env var: the ssh agent is gone
- return
- self.conn = conn
- elif sys.platform == 'win32':
- import win_pageant
- if win_pageant.can_talk_to_agent():
- self.conn = win_pageant.PageantConnection()
- else:
- return
- else:
- # no agent support
- return
-
- ptype, result = self._send_message(chr(SSH2_AGENTC_REQUEST_IDENTITIES))
- if ptype != SSH2_AGENT_IDENTITIES_ANSWER:
- raise SSHException('could not get keys from ssh-agent')
- keys = []
- for i in range(result.get_int()):
- keys.append(AgentKey(self, result.get_string()))
- result.get_string()
- self.keys = tuple(keys)
-
- def close(self):
- """
- Close the SSH agent connection.
- """
- self.conn.close()
- self.conn = None
- self.keys = ()
-
- def get_keys(self):
- """
- Return the list of keys available through the SSH agent, if any. If
- no SSH agent was running (or it couldn't be contacted), an empty list
- will be returned.
-
- @return: a list of keys available on the SSH agent
- @rtype: tuple of L{AgentKey}
- """
- return self.keys
-
- def _send_message(self, msg):
- msg = str(msg)
- self.conn.send(struct.pack('>I', len(msg)) + msg)
- l = self._read_all(4)
- msg = Message(self._read_all(struct.unpack('>I', l)[0]))
- return ord(msg.get_byte()), msg
-
- def _read_all(self, wanted):
- result = self.conn.recv(wanted)
- while len(result) < wanted:
- if len(result) == 0:
- raise SSHException('lost ssh-agent')
- extra = self.conn.recv(wanted - len(result))
- if len(extra) == 0:
- raise SSHException('lost ssh-agent')
- result += extra
- return result
-
-
-class AgentKey(PKey):
- """
- Private key held in a local SSH agent. This type of key can be used for
- authenticating to a remote server (signing). Most other key operations
- work as expected.
- """
-
- def __init__(self, agent, blob):
- self.agent = agent
- self.blob = blob
- self.name = Message(blob).get_string()
-
- def __str__(self):
- return self.blob
-
- def get_name(self):
- return self.name
-
- def sign_ssh_data(self, randpool, data):
- msg = Message()
- msg.add_byte(chr(SSH2_AGENTC_SIGN_REQUEST))
- msg.add_string(self.blob)
- msg.add_string(data)
- msg.add_int(0)
- ptype, result = self.agent._send_message(msg)
- if ptype != SSH2_AGENT_SIGN_RESPONSE:
- raise SSHException('key cannot be used for signing')
- return result.get_string()
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/32fef61a/tools/migration/paramiko/auth_handler.py
----------------------------------------------------------------------
diff --git a/tools/migration/paramiko/auth_handler.py b/tools/migration/paramiko/auth_handler.py
deleted file mode 100644
index 41cb1f8..0000000
--- a/tools/migration/paramiko/auth_handler.py
+++ /dev/null
@@ -1,423 +0,0 @@
-# Copyright (C) 2003-2007 Robey Pointer <ro...@gmail.com>
-# Copyright 2012 Citrix Systems, Inc. Licensed under the
-# Apache License, Version 2.0 (the "License"); you may not use this
-# file except in compliance with the License. Citrix Systems, Inc.
-# reserves all rights not expressly granted by the License.
-# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Automatically generated by addcopyright.py at 04/03/2012
-# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
-
-"""
-L{AuthHandler}
-"""
-
-import threading
-import weakref
-
-# this helps freezing utils
-import encodings.utf_8
-
-from paramiko.common import *
-from paramiko import util
-from paramiko.message import Message
-from paramiko.ssh_exception import SSHException, AuthenticationException, \
- BadAuthenticationType, PartialAuthentication
-from paramiko.server import InteractiveQuery
-
-
-class AuthHandler (object):
- """
- Internal class to handle the mechanics of authentication.
- """
-
- def __init__(self, transport):
- self.transport = weakref.proxy(transport)
- self.username = None
- self.authenticated = False
- self.auth_event = None
- self.auth_method = ''
- self.password = None
- self.private_key = None
- self.interactive_handler = None
- self.submethods = None
- # for server mode:
- self.auth_username = None
- self.auth_fail_count = 0
-
- def is_authenticated(self):
- return self.authenticated
-
- def get_username(self):
- if self.transport.server_mode:
- return self.auth_username
- else:
- return self.username
-
- def auth_none(self, username, event):
- self.transport.lock.acquire()
- try:
- self.auth_event = event
- self.auth_method = 'none'
- self.username = username
- self._request_auth()
- finally:
- self.transport.lock.release()
-
- def auth_publickey(self, username, key, event):
- self.transport.lock.acquire()
- try:
- self.auth_event = event
- self.auth_method = 'publickey'
- self.username = username
- self.private_key = key
- self._request_auth()
- finally:
- self.transport.lock.release()
-
- def auth_password(self, username, password, event):
- self.transport.lock.acquire()
- try:
- self.auth_event = event
- self.auth_method = 'password'
- self.username = username
- self.password = password
- self._request_auth()
- finally:
- self.transport.lock.release()
-
- def auth_interactive(self, username, handler, event, submethods=''):
- """
- response_list = handler(title, instructions, prompt_list)
- """
- self.transport.lock.acquire()
- try:
- self.auth_event = event
- self.auth_method = 'keyboard-interactive'
- self.username = username
- self.interactive_handler = handler
- self.submethods = submethods
- self._request_auth()
- finally:
- self.transport.lock.release()
-
- def abort(self):
- if self.auth_event is not None:
- self.auth_event.set()
-
-
- ### internals...
-
-
- def _request_auth(self):
- m = Message()
- m.add_byte(chr(MSG_SERVICE_REQUEST))
- m.add_string('ssh-userauth')
- self.transport._send_message(m)
-
- def _disconnect_service_not_available(self):
- m = Message()
- m.add_byte(chr(MSG_DISCONNECT))
- m.add_int(DISCONNECT_SERVICE_NOT_AVAILABLE)
- m.add_string('Service not available')
- m.add_string('en')
- self.transport._send_message(m)
- self.transport.close()
-
- def _disconnect_no_more_auth(self):
- m = Message()
- m.add_byte(chr(MSG_DISCONNECT))
- m.add_int(DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE)
- m.add_string('No more auth methods available')
- m.add_string('en')
- self.transport._send_message(m)
- self.transport.close()
-
- def _get_session_blob(self, key, service, username):
- m = Message()
- m.add_string(self.transport.session_id)
- m.add_byte(chr(MSG_USERAUTH_REQUEST))
- m.add_string(username)
- m.add_string(service)
- m.add_string('publickey')
- m.add_boolean(1)
- m.add_string(key.get_name())
- m.add_string(str(key))
- return str(m)
-
- def wait_for_response(self, event):
- while True:
- event.wait(0.1)
- if not self.transport.is_active():
- e = self.transport.get_exception()
- if (e is None) or issubclass(e.__class__, EOFError):
- e = AuthenticationException('Authentication failed.')
- raise e
- if event.isSet():
- break
- if not self.is_authenticated():
- e = self.transport.get_exception()
- if e is None:
- e = AuthenticationException('Authentication failed.')
- # this is horrible. python Exception isn't yet descended from
- # object, so type(e) won't work. :(
- if issubclass(e.__class__, PartialAuthentication):
- return e.allowed_types
- raise e
- return []
-
- def _parse_service_request(self, m):
- service = m.get_string()
- if self.transport.server_mode and (service == 'ssh-userauth'):
- # accepted
- m = Message()
- m.add_byte(chr(MSG_SERVICE_ACCEPT))
- m.add_string(service)
- self.transport._send_message(m)
- return
- # dunno this one
- self._disconnect_service_not_available()
-
- def _parse_service_accept(self, m):
- service = m.get_string()
- if service == 'ssh-userauth':
- self.transport._log(DEBUG, 'userauth is OK')
- m = Message()
- m.add_byte(chr(MSG_USERAUTH_REQUEST))
- m.add_string(self.username)
- m.add_string('ssh-connection')
- m.add_string(self.auth_method)
- if self.auth_method == 'password':
- m.add_boolean(False)
- password = self.password
- if isinstance(password, unicode):
- password = password.encode('UTF-8')
- m.add_string(password)
- elif self.auth_method == 'publickey':
- m.add_boolean(True)
- m.add_string(self.private_key.get_name())
- m.add_string(str(self.private_key))
- blob = self._get_session_blob(self.private_key, 'ssh-connection', self.username)
- sig = self.private_key.sign_ssh_data(self.transport.randpool, blob)
- m.add_string(str(sig))
- elif self.auth_method == 'keyboard-interactive':
- m.add_string('')
- m.add_string(self.submethods)
- elif self.auth_method == 'none':
- pass
- else:
- raise SSHException('Unknown auth method "%s"' % self.auth_method)
- self.transport._send_message(m)
- else:
- self.transport._log(DEBUG, 'Service request "%s" accepted (?)' % service)
-
- def _send_auth_result(self, username, method, result):
- # okay, send result
- m = Message()
- if result == AUTH_SUCCESSFUL:
- self.transport._log(INFO, 'Auth granted (%s).' % method)
- m.add_byte(chr(MSG_USERAUTH_SUCCESS))
- self.authenticated = True
- else:
- self.transport._log(INFO, 'Auth rejected (%s).' % method)
- m.add_byte(chr(MSG_USERAUTH_FAILURE))
- m.add_string(self.transport.server_object.get_allowed_auths(username))
- if result == AUTH_PARTIALLY_SUCCESSFUL:
- m.add_boolean(1)
- else:
- m.add_boolean(0)
- self.auth_fail_count += 1
- self.transport._send_message(m)
- if self.auth_fail_count >= 10:
- self._disconnect_no_more_auth()
- if result == AUTH_SUCCESSFUL:
- self.transport._auth_trigger()
-
- def _interactive_query(self, q):
- # make interactive query instead of response
- m = Message()
- m.add_byte(chr(MSG_USERAUTH_INFO_REQUEST))
- m.add_string(q.name)
- m.add_string(q.instructions)
- m.add_string('')
- m.add_int(len(q.prompts))
- for p in q.prompts:
- m.add_string(p[0])
- m.add_boolean(p[1])
- self.transport._send_message(m)
-
- def _parse_userauth_request(self, m):
- if not self.transport.server_mode:
- # er, uh... what?
- m = Message()
- m.add_byte(chr(MSG_USERAUTH_FAILURE))
- m.add_string('none')
- m.add_boolean(0)
- self.transport._send_message(m)
- return
- if self.authenticated:
- # ignore
- return
- username = m.get_string()
- service = m.get_string()
- method = m.get_string()
- self.transport._log(DEBUG, 'Auth request (type=%s) service=%s, username=%s' % (method, service, username))
- if service != 'ssh-connection':
- self._disconnect_service_not_available()
- return
- if (self.auth_username is not None) and (self.auth_username != username):
- self.transport._log(WARNING, 'Auth rejected because the client attempted to change username in mid-flight')
- self._disconnect_no_more_auth()
- return
- self.auth_username = username
-
- if method == 'none':
- result = self.transport.server_object.check_auth_none(username)
- elif method == 'password':
- changereq = m.get_boolean()
- password = m.get_string()
- try:
- password = password.decode('UTF-8')
- except UnicodeError:
- # some clients/servers expect non-utf-8 passwords!
- # in this case, just return the raw byte string.
- pass
- if changereq:
- # always treated as failure, since we don't support changing passwords, but collect
- # the list of valid auth types from the callback anyway
- self.transport._log(DEBUG, 'Auth request to change passwords (rejected)')
- newpassword = m.get_string()
- try:
- newpassword = newpassword.decode('UTF-8', 'replace')
- except UnicodeError:
- pass
- result = AUTH_FAILED
- else:
- result = self.transport.server_object.check_auth_password(username, password)
- elif method == 'publickey':
- sig_attached = m.get_boolean()
- keytype = m.get_string()
- keyblob = m.get_string()
- try:
- key = self.transport._key_info[keytype](Message(keyblob))
- except SSHException, e:
- self.transport._log(INFO, 'Auth rejected: public key: %s' % str(e))
- key = None
- except:
- self.transport._log(INFO, 'Auth rejected: unsupported or mangled public key')
- key = None
- if key is None:
- self._disconnect_no_more_auth()
- return
- # first check if this key is okay... if not, we can skip the verify
- result = self.transport.server_object.check_auth_publickey(username, key)
- if result != AUTH_FAILED:
- # key is okay, verify it
- if not sig_attached:
- # client wants to know if this key is acceptable, before it
- # signs anything... send special "ok" message
- m = Message()
- m.add_byte(chr(MSG_USERAUTH_PK_OK))
- m.add_string(keytype)
- m.add_string(keyblob)
- self.transport._send_message(m)
- return
- sig = Message(m.get_string())
- blob = self._get_session_blob(key, service, username)
- if not key.verify_ssh_sig(blob, sig):
- self.transport._log(INFO, 'Auth rejected: invalid signature')
- result = AUTH_FAILED
- elif method == 'keyboard-interactive':
- lang = m.get_string()
- submethods = m.get_string()
- result = self.transport.server_object.check_auth_interactive(username, submethods)
- if isinstance(result, InteractiveQuery):
- # make interactive query instead of response
- self._interactive_query(result)
- return
- else:
- result = self.transport.server_object.check_auth_none(username)
- # okay, send result
- self._send_auth_result(username, method, result)
-
- def _parse_userauth_success(self, m):
- self.transport._log(INFO, 'Authentication (%s) successful!' % self.auth_method)
- self.authenticated = True
- self.transport._auth_trigger()
- if self.auth_event != None:
- self.auth_event.set()
-
- def _parse_userauth_failure(self, m):
- authlist = m.get_list()
- partial = m.get_boolean()
- if partial:
- self.transport._log(INFO, 'Authentication continues...')
- self.transport._log(DEBUG, 'Methods: ' + str(authlist))
- self.transport.saved_exception = PartialAuthentication(authlist)
- elif self.auth_method not in authlist:
- self.transport._log(DEBUG, 'Authentication type (%s) not permitted.' % self.auth_method)
- self.transport._log(DEBUG, 'Allowed methods: ' + str(authlist))
- self.transport.saved_exception = BadAuthenticationType('Bad authentication type', authlist)
- else:
- self.transport._log(INFO, 'Authentication (%s) failed.' % self.auth_method)
- self.authenticated = False
- self.username = None
- if self.auth_event != None:
- self.auth_event.set()
-
- def _parse_userauth_banner(self, m):
- banner = m.get_string()
- lang = m.get_string()
- self.transport._log(INFO, 'Auth banner: ' + banner)
- # who cares.
-
- def _parse_userauth_info_request(self, m):
- if self.auth_method != 'keyboard-interactive':
- raise SSHException('Illegal info request from server')
- title = m.get_string()
- instructions = m.get_string()
- m.get_string() # lang
- prompts = m.get_int()
- prompt_list = []
- for i in range(prompts):
- prompt_list.append((m.get_string(), m.get_boolean()))
- response_list = self.interactive_handler(title, instructions, prompt_list)
-
- m = Message()
- m.add_byte(chr(MSG_USERAUTH_INFO_RESPONSE))
- m.add_int(len(response_list))
- for r in response_list:
- m.add_string(r)
- self.transport._send_message(m)
-
- def _parse_userauth_info_response(self, m):
- if not self.transport.server_mode:
- raise SSHException('Illegal info response from server')
- n = m.get_int()
- responses = []
- for i in range(n):
- responses.append(m.get_string())
- result = self.transport.server_object.check_auth_interactive_response(responses)
- if isinstance(type(result), InteractiveQuery):
- # make interactive query instead of response
- self._interactive_query(result)
- return
- self._send_auth_result(self.auth_username, 'keyboard-interactive', result)
-
-
- _handler_table = {
- MSG_SERVICE_REQUEST: _parse_service_request,
- MSG_SERVICE_ACCEPT: _parse_service_accept,
- MSG_USERAUTH_REQUEST: _parse_userauth_request,
- MSG_USERAUTH_SUCCESS: _parse_userauth_success,
- MSG_USERAUTH_FAILURE: _parse_userauth_failure,
- MSG_USERAUTH_BANNER: _parse_userauth_banner,
- MSG_USERAUTH_INFO_REQUEST: _parse_userauth_info_request,
- MSG_USERAUTH_INFO_RESPONSE: _parse_userauth_info_response,
- }
-
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/32fef61a/tools/migration/paramiko/ber.py
----------------------------------------------------------------------
diff --git a/tools/migration/paramiko/ber.py b/tools/migration/paramiko/ber.py
deleted file mode 100644
index 3265127..0000000
--- a/tools/migration/paramiko/ber.py
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright (C) 2003-2007 Robey Pointer <ro...@gmail.com>
-# Copyright 2012 Citrix Systems, Inc. Licensed under the
-# Apache License, Version 2.0 (the "License"); you may not use this
-# file except in compliance with the License. Citrix Systems, Inc.
-# reserves all rights not expressly granted by the License.
-# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Automatically generated by addcopyright.py at 04/03/2012
-# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
-
-
-import util
-
-
-class BERException (Exception):
- pass
-
-
-class BER(object):
- """
- Robey's tiny little attempt at a BER decoder.
- """
-
- def __init__(self, content=''):
- self.content = content
- self.idx = 0
-
- def __str__(self):
- return self.content
-
- def __repr__(self):
- return 'BER(\'' + repr(self.content) + '\')'
-
- def decode(self):
- return self.decode_next()
-
- def decode_next(self):
- if self.idx >= len(self.content):
- return None
- ident = ord(self.content[self.idx])
- self.idx += 1
- if (ident & 31) == 31:
- # identifier > 30
- ident = 0
- while self.idx < len(self.content):
- t = ord(self.content[self.idx])
- self.idx += 1
- ident = (ident << 7) | (t & 0x7f)
- if not (t & 0x80):
- break
- if self.idx >= len(self.content):
- return None
- # now fetch length
- size = ord(self.content[self.idx])
- self.idx += 1
- if size & 0x80:
- # more complimicated...
- # FIXME: theoretically should handle indefinite-length (0x80)
- t = size & 0x7f
- if self.idx + t > len(self.content):
- return None
- size = util.inflate_long(self.content[self.idx : self.idx + t], True)
- self.idx += t
- if self.idx + size > len(self.content):
- # can't fit
- return None
- data = self.content[self.idx : self.idx + size]
- self.idx += size
- # now switch on id
- if ident == 0x30:
- # sequence
- return self.decode_sequence(data)
- elif ident == 2:
- # int
- return util.inflate_long(data)
- else:
- # 1: boolean (00 false, otherwise true)
- raise BERException('Unknown ber encoding type %d (robey is lazy)' % ident)
-
- def decode_sequence(data):
- out = []
- b = BER(data)
- while True:
- x = b.decode_next()
- if x is None:
- break
- out.append(x)
- return out
- decode_sequence = staticmethod(decode_sequence)
-
- def encode_tlv(self, ident, val):
- # no need to support ident > 31 here
- self.content += chr(ident)
- if len(val) > 0x7f:
- lenstr = util.deflate_long(len(val))
- self.content += chr(0x80 + len(lenstr)) + lenstr
- else:
- self.content += chr(len(val))
- self.content += val
-
- def encode(self, x):
- if type(x) is bool:
- if x:
- self.encode_tlv(1, '\xff')
- else:
- self.encode_tlv(1, '\x00')
- elif (type(x) is int) or (type(x) is long):
- self.encode_tlv(2, util.deflate_long(x))
- elif type(x) is str:
- self.encode_tlv(4, x)
- elif (type(x) is list) or (type(x) is tuple):
- self.encode_tlv(0x30, self.encode_sequence(x))
- else:
- raise BERException('Unknown type for encoding: %s' % repr(type(x)))
-
- def encode_sequence(data):
- b = BER()
- for item in data:
- b.encode(item)
- return str(b)
- encode_sequence = staticmethod(encode_sequence)
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/32fef61a/tools/migration/paramiko/buffered_pipe.py
----------------------------------------------------------------------
diff --git a/tools/migration/paramiko/buffered_pipe.py b/tools/migration/paramiko/buffered_pipe.py
deleted file mode 100644
index 4bd4856..0000000
--- a/tools/migration/paramiko/buffered_pipe.py
+++ /dev/null
@@ -1,197 +0,0 @@
-# Copyright (C) 2006-2007 Robey Pointer <ro...@gmail.com>
-# Copyright 2012 Citrix Systems, Inc. Licensed under the
-# Apache License, Version 2.0 (the "License"); you may not use this
-# file except in compliance with the License. Citrix Systems, Inc.
-# reserves all rights not expressly granted by the License.
-# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Automatically generated by addcopyright.py at 04/03/2012
-# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
-
-"""
-Attempt to generalize the "feeder" part of a Channel: an object which can be
-read from and closed, but is reading from a buffer fed by another thread. The
-read operations are blocking and can have a timeout set.
-"""
-
-import array
-import threading
-import time
-
-
-class PipeTimeout (IOError):
- """
- Indicates that a timeout was reached on a read from a L{BufferedPipe}.
- """
- pass
-
-
-class BufferedPipe (object):
- """
- A buffer that obeys normal read (with timeout) & close semantics for a
- file or socket, but is fed data from another thread. This is used by
- L{Channel}.
- """
-
- def __init__(self):
- self._lock = threading.Lock()
- self._cv = threading.Condition(self._lock)
- self._event = None
- self._buffer = array.array('B')
- self._closed = False
-
- def set_event(self, event):
- """
- Set an event on this buffer. When data is ready to be read (or the
- buffer has been closed), the event will be set. When no data is
- ready, the event will be cleared.
-
- @param event: the event to set/clear
- @type event: Event
- """
- self._event = event
- if len(self._buffer) > 0:
- event.set()
- else:
- event.clear()
-
- def feed(self, data):
- """
- Feed new data into this pipe. This method is assumed to be called
- from a separate thread, so synchronization is done.
-
- @param data: the data to add
- @type data: str
- """
- self._lock.acquire()
- try:
- if self._event is not None:
- self._event.set()
- self._buffer.fromstring(data)
- self._cv.notifyAll()
- finally:
- self._lock.release()
-
- def read_ready(self):
- """
- Returns true if data is buffered and ready to be read from this
- feeder. A C{False} result does not mean that the feeder has closed;
- it means you may need to wait before more data arrives.
-
- @return: C{True} if a L{read} call would immediately return at least
- one byte; C{False} otherwise.
- @rtype: bool
- """
- self._lock.acquire()
- try:
- if len(self._buffer) == 0:
- return False
- return True
- finally:
- self._lock.release()
-
- def read(self, nbytes, timeout=None):
- """
- Read data from the pipe. The return value is a string representing
- the data received. The maximum amount of data to be received at once
- is specified by C{nbytes}. If a string of length zero is returned,
- the pipe has been closed.
-
- The optional C{timeout} argument can be a nonnegative float expressing
- seconds, or C{None} for no timeout. If a float is given, a
- C{PipeTimeout} will be raised if the timeout period value has
- elapsed before any data arrives.
-
- @param nbytes: maximum number of bytes to read
- @type nbytes: int
- @param timeout: maximum seconds to wait (or C{None}, the default, to
- wait forever)
- @type timeout: float
- @return: data
- @rtype: str
-
- @raise PipeTimeout: if a timeout was specified and no data was ready
- before that timeout
- """
- out = ''
- self._lock.acquire()
- try:
- if len(self._buffer) == 0:
- if self._closed:
- return out
- # should we block?
- if timeout == 0.0:
- raise PipeTimeout()
- # loop here in case we get woken up but a different thread has
- # grabbed everything in the buffer.
- while (len(self._buffer) == 0) and not self._closed:
- then = time.time()
- self._cv.wait(timeout)
- if timeout is not None:
- timeout -= time.time() - then
- if timeout <= 0.0:
- raise PipeTimeout()
-
- # something's in the buffer and we have the lock!
- if len(self._buffer) <= nbytes:
- out = self._buffer.tostring()
- del self._buffer[:]
- if (self._event is not None) and not self._closed:
- self._event.clear()
- else:
- out = self._buffer[:nbytes].tostring()
- del self._buffer[:nbytes]
- finally:
- self._lock.release()
-
- return out
-
- def empty(self):
- """
- Clear out the buffer and return all data that was in it.
-
- @return: any data that was in the buffer prior to clearing it out
- @rtype: str
- """
- self._lock.acquire()
- try:
- out = self._buffer.tostring()
- del self._buffer[:]
- if (self._event is not None) and not self._closed:
- self._event.clear()
- return out
- finally:
- self._lock.release()
-
- def close(self):
- """
- Close this pipe object. Future calls to L{read} after the buffer
- has been emptied will return immediately with an empty string.
- """
- self._lock.acquire()
- try:
- self._closed = True
- self._cv.notifyAll()
- if self._event is not None:
- self._event.set()
- finally:
- self._lock.release()
-
- def __len__(self):
- """
- Return the number of bytes buffered.
-
- @return: number of bytes bufferes
- @rtype: int
- """
- self._lock.acquire()
- try:
- return len(self._buffer)
- finally:
- self._lock.release()
-