1
# Copyright (C) 2005 Robey Pointer <robey@lag.net>
2
# Copyright (C) 2005, 2006, 2007 Canonical Ltd
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18
"""Foundation SSH support for SFTP and smart server."""
37
except ImportError, e:
38
# If we have an ssh subprocess, we don't strictly need paramiko for all ssh
42
from paramiko.sftp_client import SFTPClient
49
_paramiko_version = getattr(paramiko, '__version_info__', (0, 0, 0))
51
# Paramiko 1.5 tries to open a socket.AF_UNIX in order to connect
52
# to ssh-agent. That attribute doesn't exist on win32 (it does in cygwin)
53
# so we get an AttributeError exception. So we will not try to
54
# connect to an agent if we are on win32 and using Paramiko older than 1.6
55
_use_ssh_agent = (sys.platform != 'win32' or _paramiko_version >= (1, 6, 0))
58
class SSHVendorManager(object):
59
"""Manager for manage SSH vendors."""
61
# Note, although at first sign the class interface seems similar to
62
# bzrlib.registry.Registry it is not possible/convenient to directly use
63
# the Registry because the class just has "get()" interface instead of the
64
# Registry's "get(key)".
67
self._ssh_vendors = {}
68
self._cached_ssh_vendor = None
69
self._default_ssh_vendor = None
71
def register_default_vendor(self, vendor):
72
"""Register default SSH vendor."""
73
self._default_ssh_vendor = vendor
75
def register_vendor(self, name, vendor):
76
"""Register new SSH vendor by name."""
77
self._ssh_vendors[name] = vendor
79
def clear_cache(self):
80
"""Clear previously cached lookup result."""
81
self._cached_ssh_vendor = None
83
def _get_vendor_by_environment(self, environment=None):
84
"""Return the vendor or None based on BZR_SSH environment variable.
86
:raises UnknownSSH: if the BZR_SSH environment variable contains
89
if environment is None:
90
environment = os.environ
91
if 'BZR_SSH' in environment:
92
vendor_name = environment['BZR_SSH']
94
vendor = self._ssh_vendors[vendor_name]
96
raise errors.UnknownSSH(vendor_name)
100
def _get_ssh_version_string(self, args):
101
"""Return SSH version string from the subprocess."""
103
p = subprocess.Popen(args,
104
stdout=subprocess.PIPE,
105
stderr=subprocess.PIPE,
106
**os_specific_subprocess_params())
107
stdout, stderr = p.communicate()
110
return stdout + stderr
112
def _get_vendor_by_version_string(self, version, args):
113
"""Return the vendor or None based on output from the subprocess.
115
:param version: The output of 'ssh -V' like command.
116
:param args: Command line that was run.
119
if 'OpenSSH' in version:
120
trace.mutter('ssh implementation is OpenSSH')
121
vendor = OpenSSHSubprocessVendor()
122
elif 'SSH Secure Shell' in version:
123
trace.mutter('ssh implementation is SSH Corp.')
124
vendor = SSHCorpSubprocessVendor()
125
elif 'plink' in version and args[0] == 'plink':
126
# Checking if "plink" was the executed argument as Windows
127
# sometimes reports 'ssh -V' incorrectly with 'plink' in it's
128
# version. See https://bugs.launchpad.net/bzr/+bug/107155
129
trace.mutter("ssh implementation is Putty's plink.")
130
vendor = PLinkSubprocessVendor()
133
def _get_vendor_by_inspection(self):
134
"""Return the vendor or None by checking for known SSH implementations."""
135
for args in [['ssh', '-V'], ['plink', '-V']]:
136
version = self._get_ssh_version_string(args)
137
vendor = self._get_vendor_by_version_string(version, args)
138
if vendor is not None:
142
def get_vendor(self, environment=None):
143
"""Find out what version of SSH is on the system.
145
:raises SSHVendorNotFound: if no any SSH vendor is found
146
:raises UnknownSSH: if the BZR_SSH environment variable contains
149
if self._cached_ssh_vendor is None:
150
vendor = self._get_vendor_by_environment(environment)
152
vendor = self._get_vendor_by_inspection()
154
trace.mutter('falling back to default implementation')
155
vendor = self._default_ssh_vendor
157
raise errors.SSHVendorNotFound()
158
self._cached_ssh_vendor = vendor
159
return self._cached_ssh_vendor
161
_ssh_vendor_manager = SSHVendorManager()
162
_get_ssh_vendor = _ssh_vendor_manager.get_vendor
163
register_default_ssh_vendor = _ssh_vendor_manager.register_default_vendor
164
register_ssh_vendor = _ssh_vendor_manager.register_vendor
167
def _ignore_sigint():
168
# TODO: This should possibly ignore SIGHUP as well, but bzr currently
169
# doesn't handle it itself.
170
# <https://launchpad.net/products/bzr/+bug/41433/+index>
172
signal.signal(signal.SIGINT, signal.SIG_IGN)
175
class LoopbackSFTP(object):
176
"""Simple wrapper for a socket that pretends to be a paramiko Channel."""
178
def __init__(self, sock):
181
def send(self, data):
182
return self.__socket.send(data)
185
return self.__socket.recv(n)
187
def recv_ready(self):
191
self.__socket.close()
194
class SSHVendor(object):
195
"""Abstract base class for SSH vendor implementations."""
197
def connect_sftp(self, username, password, host, port):
198
"""Make an SSH connection, and return an SFTPClient.
200
:param username: an ascii string
201
:param password: an ascii string
202
:param host: a host name as an ascii string
203
:param port: a port number
206
:raises: ConnectionError if it cannot connect.
208
:rtype: paramiko.sftp_client.SFTPClient
210
raise NotImplementedError(self.connect_sftp)
212
def connect_ssh(self, username, password, host, port, command):
213
"""Make an SSH connection.
215
:returns: something with a `close` method, and a `get_filelike_channels`
216
method that returns a pair of (read, write) filelike objects.
218
raise NotImplementedError(self.connect_ssh)
220
def _raise_connection_error(self, host, port=None, orig_error=None,
221
msg='Unable to connect to SSH host'):
222
"""Raise a SocketConnectionError with properly formatted host.
224
This just unifies all the locations that try to raise ConnectionError,
225
so that they format things properly.
227
raise errors.SocketConnectionError(host=host, port=port, msg=msg,
228
orig_error=orig_error)
231
class LoopbackVendor(SSHVendor):
232
"""SSH "vendor" that connects over a plain TCP socket, not SSH."""
234
def connect_sftp(self, username, password, host, port):
235
sock = socket.socket()
237
sock.connect((host, port))
238
except socket.error, e:
239
self._raise_connection_error(host, port=port, orig_error=e)
240
return SFTPClient(LoopbackSFTP(sock))
242
register_ssh_vendor('loopback', LoopbackVendor())
245
class _ParamikoSSHConnection(object):
246
def __init__(self, channel):
247
self.channel = channel
249
def get_filelike_channels(self):
250
return self.channel.makefile('rb'), self.channel.makefile('wb')
253
return self.channel.close()
256
class ParamikoVendor(SSHVendor):
257
"""Vendor that uses paramiko."""
259
def _connect(self, username, password, host, port):
260
global SYSTEM_HOSTKEYS, BZR_HOSTKEYS
265
t = paramiko.Transport((host, port or 22))
266
t.set_log_channel('bzr.paramiko')
268
except (paramiko.SSHException, socket.error), e:
269
self._raise_connection_error(host, port=port, orig_error=e)
271
server_key = t.get_remote_server_key()
272
server_key_hex = paramiko.util.hexify(server_key.get_fingerprint())
273
keytype = server_key.get_name()
274
if host in SYSTEM_HOSTKEYS and keytype in SYSTEM_HOSTKEYS[host]:
275
our_server_key = SYSTEM_HOSTKEYS[host][keytype]
276
our_server_key_hex = paramiko.util.hexify(
277
our_server_key.get_fingerprint())
278
elif host in BZR_HOSTKEYS and keytype in BZR_HOSTKEYS[host]:
279
our_server_key = BZR_HOSTKEYS[host][keytype]
280
our_server_key_hex = paramiko.util.hexify(
281
our_server_key.get_fingerprint())
283
trace.warning('Adding %s host key for %s: %s'
284
% (keytype, host, server_key_hex))
285
add = getattr(BZR_HOSTKEYS, 'add', None)
286
if add is not None: # paramiko >= 1.X.X
287
BZR_HOSTKEYS.add(host, keytype, server_key)
289
BZR_HOSTKEYS.setdefault(host, {})[keytype] = server_key
290
our_server_key = server_key
291
our_server_key_hex = paramiko.util.hexify(
292
our_server_key.get_fingerprint())
294
if server_key != our_server_key:
295
filename1 = os.path.expanduser('~/.ssh/known_hosts')
296
filename2 = osutils.pathjoin(config.config_dir(), 'ssh_host_keys')
297
raise errors.TransportError(
298
'Host keys for %s do not match! %s != %s' %
299
(host, our_server_key_hex, server_key_hex),
300
['Try editing %s or %s' % (filename1, filename2)])
302
_paramiko_auth(username, password, host, port, t)
305
def connect_sftp(self, username, password, host, port):
306
t = self._connect(username, password, host, port)
308
return t.open_sftp_client()
309
except paramiko.SSHException, e:
310
self._raise_connection_error(host, port=port, orig_error=e,
311
msg='Unable to start sftp client')
313
def connect_ssh(self, username, password, host, port, command):
314
t = self._connect(username, password, host, port)
316
channel = t.open_session()
317
cmdline = ' '.join(command)
318
channel.exec_command(cmdline)
319
return _ParamikoSSHConnection(channel)
320
except paramiko.SSHException, e:
321
self._raise_connection_error(host, port=port, orig_error=e,
322
msg='Unable to invoke remote bzr')
324
if paramiko is not None:
325
vendor = ParamikoVendor()
326
register_ssh_vendor('paramiko', vendor)
327
register_ssh_vendor('none', vendor)
328
register_default_ssh_vendor(vendor)
332
class SubprocessVendor(SSHVendor):
333
"""Abstract base class for vendors that use pipes to a subprocess."""
335
def _connect(self, argv):
336
proc = subprocess.Popen(argv,
337
stdin=subprocess.PIPE,
338
stdout=subprocess.PIPE,
339
**os_specific_subprocess_params())
340
return SSHSubprocess(proc)
342
def connect_sftp(self, username, password, host, port):
344
argv = self._get_vendor_specific_argv(username, host, port,
346
sock = self._connect(argv)
347
return SFTPClient(sock)
348
except (EOFError, paramiko.SSHException), e:
349
self._raise_connection_error(host, port=port, orig_error=e)
350
except (OSError, IOError), e:
351
# If the machine is fast enough, ssh can actually exit
352
# before we try and send it the sftp request, which
353
# raises a Broken Pipe
354
if e.errno not in (errno.EPIPE,):
356
self._raise_connection_error(host, port=port, orig_error=e)
358
def connect_ssh(self, username, password, host, port, command):
360
argv = self._get_vendor_specific_argv(username, host, port,
362
return self._connect(argv)
363
except (EOFError), e:
364
self._raise_connection_error(host, port=port, orig_error=e)
365
except (OSError, IOError), e:
366
# If the machine is fast enough, ssh can actually exit
367
# before we try and send it the sftp request, which
368
# raises a Broken Pipe
369
if e.errno not in (errno.EPIPE,):
371
self._raise_connection_error(host, port=port, orig_error=e)
373
def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
375
"""Returns the argument list to run the subprocess with.
377
Exactly one of 'subsystem' and 'command' must be specified.
379
raise NotImplementedError(self._get_vendor_specific_argv)
382
class OpenSSHSubprocessVendor(SubprocessVendor):
383
"""SSH vendor that uses the 'ssh' executable from OpenSSH."""
385
def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
387
assert subsystem is not None or command is not None, (
388
'Must specify a command or subsystem')
389
if subsystem is not None:
390
assert command is None, (
391
'subsystem and command are mutually exclusive')
393
'-oForwardX11=no', '-oForwardAgent=no',
394
'-oClearAllForwardings=yes', '-oProtocol=2',
395
'-oNoHostAuthenticationForLocalhost=yes']
397
args.extend(['-p', str(port)])
398
if username is not None:
399
args.extend(['-l', username])
400
if subsystem is not None:
401
args.extend(['-s', host, subsystem])
403
args.extend([host] + command)
406
register_ssh_vendor('openssh', OpenSSHSubprocessVendor())
409
class SSHCorpSubprocessVendor(SubprocessVendor):
410
"""SSH vendor that uses the 'ssh' executable from SSH Corporation."""
412
def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
414
assert subsystem is not None or command is not None, (
415
'Must specify a command or subsystem')
416
if subsystem is not None:
417
assert command is None, (
418
'subsystem and command are mutually exclusive')
421
args.extend(['-p', str(port)])
422
if username is not None:
423
args.extend(['-l', username])
424
if subsystem is not None:
425
args.extend(['-s', subsystem, host])
427
args.extend([host] + command)
430
register_ssh_vendor('ssh', SSHCorpSubprocessVendor())
433
class PLinkSubprocessVendor(SubprocessVendor):
434
"""SSH vendor that uses the 'plink' executable from Putty."""
436
def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
438
assert subsystem is not None or command is not None, (
439
'Must specify a command or subsystem')
440
if subsystem is not None:
441
assert command is None, (
442
'subsystem and command are mutually exclusive')
443
args = ['plink', '-x', '-a', '-ssh', '-2']
445
args.extend(['-P', str(port)])
446
if username is not None:
447
args.extend(['-l', username])
448
if subsystem is not None:
449
args.extend(['-s', host, subsystem])
451
args.extend([host] + command)
454
register_ssh_vendor('plink', PLinkSubprocessVendor())
457
def _paramiko_auth(username, password, host, port, paramiko_transport):
458
# paramiko requires a username, but it might be none if nothing was supplied
459
# use the local username, just in case.
460
# We don't override username, because if we aren't using paramiko,
461
# the username might be specified in ~/.ssh/config and we don't want to
462
# force it to something else
463
# Also, it would mess up the self.relpath() functionality
464
auth = config.AuthenticationConfig()
466
username = auth.get_user('ssh', host, port=port)
468
# Default to local user
469
username = getpass.getuser()
472
agent = paramiko.Agent()
473
for key in agent.get_keys():
474
trace.mutter('Trying SSH agent key %s'
475
% paramiko.util.hexify(key.get_fingerprint()))
477
paramiko_transport.auth_publickey(username, key)
479
except paramiko.SSHException, e:
482
# okay, try finding id_rsa or id_dss? (posix only)
483
if _try_pkey_auth(paramiko_transport, paramiko.RSAKey, username, 'id_rsa'):
485
if _try_pkey_auth(paramiko_transport, paramiko.DSSKey, username, 'id_dsa'):
490
paramiko_transport.auth_password(username, password)
492
except paramiko.SSHException, e:
495
# give up and ask for a password
496
password = auth.get_password('ssh', host, username, port=port)
498
paramiko_transport.auth_password(username, password)
499
except paramiko.SSHException, e:
500
raise errors.ConnectionError(
501
'Unable to authenticate to SSH host as %s@%s' % (username, host), e)
504
def _try_pkey_auth(paramiko_transport, pkey_class, username, filename):
505
filename = os.path.expanduser('~/.ssh/' + filename)
507
key = pkey_class.from_private_key_file(filename)
508
paramiko_transport.auth_publickey(username, key)
510
except paramiko.PasswordRequiredException:
511
password = ui.ui_factory.get_password(
512
prompt='SSH %(filename)s password', filename=filename)
514
key = pkey_class.from_private_key_file(filename, password)
515
paramiko_transport.auth_publickey(username, key)
517
except paramiko.SSHException:
518
trace.mutter('SSH authentication via %s key failed.'
519
% (os.path.basename(filename),))
520
except paramiko.SSHException:
521
trace.mutter('SSH authentication via %s key failed.'
522
% (os.path.basename(filename),))
528
def load_host_keys():
530
Load system host keys (probably doesn't work on windows) and any
531
"discovered" keys from previous sessions.
533
global SYSTEM_HOSTKEYS, BZR_HOSTKEYS
535
SYSTEM_HOSTKEYS = paramiko.util.load_host_keys(
536
os.path.expanduser('~/.ssh/known_hosts'))
538
trace.mutter('failed to load system host keys: ' + str(e))
539
bzr_hostkey_path = osutils.pathjoin(config.config_dir(), 'ssh_host_keys')
541
BZR_HOSTKEYS = paramiko.util.load_host_keys(bzr_hostkey_path)
543
trace.mutter('failed to load bzr host keys: ' + str(e))
547
def save_host_keys():
549
Save "discovered" host keys in $(config)/ssh_host_keys/.
551
global SYSTEM_HOSTKEYS, BZR_HOSTKEYS
552
bzr_hostkey_path = osutils.pathjoin(config.config_dir(), 'ssh_host_keys')
553
config.ensure_config_dir_exists()
556
f = open(bzr_hostkey_path, 'w')
557
f.write('# SSH host keys collected by bzr\n')
558
for hostname, keys in BZR_HOSTKEYS.iteritems():
559
for keytype, key in keys.iteritems():
560
f.write('%s %s %s\n' % (hostname, keytype, key.get_base64()))
563
trace.mutter('failed to save bzr host keys: ' + str(e))
566
def os_specific_subprocess_params():
567
"""Get O/S specific subprocess parameters."""
568
if sys.platform == 'win32':
569
# setting the process group and closing fds is not supported on
573
# We close fds other than the pipes as the child process does not need
576
# We also set the child process to ignore SIGINT. Normally the signal
577
# would be sent to every process in the foreground process group, but
578
# this causes it to be seen only by bzr and not by ssh. Python will
579
# generate a KeyboardInterrupt in bzr, and we will then have a chance
580
# to release locks or do other cleanup over ssh before the connection
582
# <https://launchpad.net/products/bzr/+bug/5987>
584
# Running it in a separate process group is not good because then it
585
# can't get non-echoed input of a password or passphrase.
586
# <https://launchpad.net/products/bzr/+bug/40508>
587
return {'preexec_fn': _ignore_sigint,
592
class SSHSubprocess(object):
593
"""A socket-like object that talks to an ssh subprocess via pipes."""
595
def __init__(self, proc):
598
def send(self, data):
599
return os.write(self.proc.stdin.fileno(), data)
601
def recv_ready(self):
602
# TODO: jam 20051215 this function is necessary to support the
603
# pipelined() function. In reality, it probably should use
604
# poll() or select() to actually return if there is data
605
# available, otherwise we probably don't get any benefit
608
def recv(self, count):
609
return os.read(self.proc.stdout.fileno(), count)
612
self.proc.stdin.close()
613
self.proc.stdout.close()
616
def get_filelike_channels(self):
617
return (self.proc.stdout, self.proc.stdin)
added
removed
bzrlib/transport/ssh.py
