[X2Go-Commits] python-paramiko.git - x2go (branch) updated: e0cbe69fdfda2d989a947288d389c36bad0e8bf3

X2Go dev team git-admin at x2go.org
Fri Sep 13 15:50:34 CEST 2013 

The branch, x2go has been updated
       via  e0cbe69fdfda2d989a947288d389c36bad0e8bf3 (commit)
       via  3ec529e80c53f6828f4e3929eff64d1b22c32ec5 (commit)
      from  39aa60e05a848e7f3613422d377c5e3c0a77e764 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e0cbe69fdfda2d989a947288d389c36bad0e8bf3
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Fri Sep 13 15:50:21 2013 +0200

    refresh patch: 004_password-passphrase-auth.patch

commit 3ec529e80c53f6828f4e3929eff64d1b22c32ec5
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Fri Sep 13 15:41:06 2013 +0200

    Add patch: 004_password-passphrase-auth.patch

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                                  |    1 +
 debian/patches/004_password-passphrase-auth.patch |   95 +++++++++++++++++++++
 debian/patches/series                             |    1 +
 3 files changed, 97 insertions(+)
 create mode 100644 debian/patches/004_password-passphrase-auth.patch

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 4d9adca..b5bcc14 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ paramiko (1.11.0-0) UNRELEASED; urgency=low
   * /debian/patches:
     + Add patch: 002_locked-keys-are-valid.patch
     + Add patch: 003_hash-hostnames.patch
+    + Add patch: 004_password-passphrase-auth.patch
 
  -- Mike Gabriel <mike.gabriel at das-netzwerkteam.de>  Mon, 29 Apr 2013 13:08:38 +0200
 
diff --git a/debian/patches/004_password-passphrase-auth.patch b/debian/patches/004_password-passphrase-auth.patch
new file mode 100644
index 0000000..db33a2c
--- /dev/null
+++ b/debian/patches/004_password-passphrase-auth.patch
@@ -0,0 +1,95 @@
+Description: Allow two-factor auth and unlocking of SSH keys at the same time
+Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+Abstract:
+ As of Paramiko 1.11.0 the user can either authenticate against a server with
+ two-factor auth _or_ unlock an encrypted key with a provided password. Also,
+ the user can unlock a private SSH key and perform two-factor auth if the
+ passphrase of the key and the server logon password are identical.
+ .
+ A more generic approach is supporting a passphrase=... and a password=...
+ parameter in paramiko.client.SSHClient().connect(). The passphrase (if
+ given) is used for unlocking a key, the password is used for everything
+ else (i.e. also for unlocking the key in case passphrase is omitted).
+ .
+ If no passphrase is given, the password is used for unlocking the private
+ key (to sustain the behvaiour of earlier paramiko versions).
+--- a/paramiko/client.py
++++ b/paramiko/client.py
+@@ -231,8 +231,8 @@
+         """
+         self._policy = policy
+ 
+-    def connect(self, hostname, port=SSH_PORT, username=None, password=None, pkey=None,
+-                key_filename=None, timeout=None, allow_agent=True, look_for_keys=True,
++    def connect(self, hostname, port=SSH_PORT, username=None, password=None, passphrase=None,
++                pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True,
+                 compress=False, sock=None):
+         """
+         Connect to an SSH server and authenticate to it.  The server's host key
+@@ -262,6 +262,10 @@
+         @param password: a password to use for authentication or for unlocking
+             a private key
+         @type password: str
++        @param passphrase: a passphrase to use for unlocking
++            a private key in case the password is already needed for two-factor
++            authentication
++        @type passphrase: str
+         @param pkey: an optional private key to use for authentication
+         @type pkey: L{PKey}
+         @param key_filename: the filename, or list of filenames, of optional
+@@ -339,7 +343,7 @@
+             key_filenames = [ key_filename ]
+         else:
+             key_filenames = key_filename
+-        self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys)
++        self._auth(username, password, passphrase, pkey, key_filenames, allow_agent, look_for_keys)
+ 
+     def close(self):
+         """
+@@ -429,7 +433,7 @@
+         """
+         return self._transport
+ 
+-    def _auth(self, username, password, pkey, key_filenames, allow_agent, look_for_keys):
++    def _auth(self, username, password, passphrase, pkey, key_filenames, allow_agent, look_for_keys):
+         """
+         Try, in order:
+ 
+@@ -438,12 +442,17 @@
+             - Any "id_rsa" or "id_dsa" key discoverable in ~/.ssh/ (if allowed).
+             - Plain username/password auth, if a password was given.
+ 
+-        (The password might be needed to unlock a private key, or for
+-        two-factor authentication [for which it is required].)
++        The password might be needed to unlock a private key, or for
++        two-factor authentication [for which it is required].
++
++        If the SSH key needs unlocking via passphrase and two-factor
++        auth requires a password, the passphrase is unused for unlocking
++        the key whereas the password is used for server authentication.
+         """
+         saved_exception = None
+         two_factor = False
+         allowed_types = []
++        if passphrase is None: passphrase = password
+ 
+         if pkey is not None:
+             try:
+@@ -459,7 +468,7 @@
+             for key_filename in key_filenames:
+                 for pkey_class in (RSAKey, DSSKey):
+                     try:
+-                        key = pkey_class.from_private_key_file(key_filename, password)
++                        key = pkey_class.from_private_key_file(key_filename, passphrase)
+                         self._log(DEBUG, 'Trying key %s from %s' % (hexlify(key.get_fingerprint()), key_filename))
+                         self._transport.auth_publickey(username, key)
+                         two_factor = (allowed_types == ['password'])
+@@ -509,7 +518,7 @@
+ 
+             for pkey_class, filename in keyfiles:
+                 try:
+-                    key = pkey_class.from_private_key_file(filename, password)
++                    key = pkey_class.from_private_key_file(filename, passphrase)
+                     self._log(DEBUG, 'Trying discovered key %s in %s' % (hexlify(key.get_fingerprint()), filename))
+                     # for 2-factor auth a successfully auth'd key will result in ['password']
+                     allowed_types = self._transport.auth_publickey(username, key)
diff --git a/debian/patches/series b/debian/patches/series
index 52ca39f..099958f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 001_no-upstream-makefile.patch
 002_locked-keys-are-valid.patch
 003_hash-hostnames.patch
+004_password-passphrase-auth.patch


hooks/post-receive
-- 
python-paramiko.git (Debian package python-paramiko)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-paramiko.git" (Debian package python-paramiko).

More information about the x2go-commits mailing list