From ed280d5ac360e2af796e9bd973d7b4df89f0c449 Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Fri, 27 Nov 2009 16:20:12 -0500 Subject: Imported Upstream version 1.7.4 --- docs/paramiko.ServerInterface-class.html | 1244 ++++++++++++++++++++++++++++++ 1 file changed, 1244 insertions(+) create mode 100644 docs/paramiko.ServerInterface-class.html (limited to 'docs/paramiko.ServerInterface-class.html') diff --git a/docs/paramiko.ServerInterface-class.html b/docs/paramiko.ServerInterface-class.html new file mode 100644 index 0000000..06d75de --- /dev/null +++ b/docs/paramiko.ServerInterface-class.html @@ -0,0 +1,1244 @@ + + + + + paramiko.ServerInterface + + + + + + + + + + + + + + + + + + + + + + +
   Home      Trees      Indices      Help   
+ + + + + +
+ + Package paramiko :: + Class ServerInterface + + + + + +
[frames] | no frames]
+
+ +

Class ServerInterface

source code

+
+object --+
+         |
+        ServerInterface
+
+ +
+

This class defines an interface for controlling the behavior of + paramiko in server mode.

+

Methods on this class are called from paramiko's primary thread, so + you shouldn't do too much work in them. (Certainly nothing that blocks + or sleeps.)

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Instance Methods
+   + + + + + + +
cancel_port_forward_request(self, + address, + port)
+ The client would like to cancel a previous port-forwarding request.		 + source code + +
+ +
+ int or InteractiveQuery + + + + + + +
check_auth_interactive(self, + username, + submethods)
+ Begin an interactive authentication challenge, if supported.		 + source code + +
+ +
+ int or InteractiveQuery + + + + + + +
check_auth_interactive_response(self, + responses)
+ Continue or finish an interactive authentication challenge, if + supported.		 + source code + +
+ +
+ int + + + + + + +
check_auth_none(self, + username)
+ Determine if a client may open channels with no (further) + authentication.		 + source code + +
+ +
+ int + + + + + + +
check_auth_password(self, + username, + password)
+ Determine if a given username and password supplied by the client is + acceptable for use in authentication.		 + source code + +
+ +
+ int + + + + + + +
check_auth_publickey(self, + username, + key)
+ Determine if a given key supplied by the client is acceptable for use + in authentication.		 + source code + +
+ +
+ int + + + + + + +
check_channel_direct_tcpip_request(self, + chanid, + origin, + destination)
+ Determine if a local port forwarding channel will be granted, and + return OPEN_SUCCEEDED or an error code.		 + source code + +
+ +
+ bool + + + + + + +
check_channel_exec_request(self, + channel, + command)
+ Determine if a shell command will be executed for the client.		 + source code + +
+ +
+ bool + + + + + + +
check_channel_pty_request(self, + channel, + term, + width, + height, + pixelwidth, + pixelheight, + modes)
+ Determine if a pseudo-terminal of the given dimensions (usually + requested for shell access) can be provided on the given channel.		 + source code + +
+ +
+ int + + + + + + +
check_channel_request(self, + kind, + chanid)
+ Determine if a channel request of a given type will be granted, and + return OPEN_SUCCEEDED or an error code.		 + source code + +
+ +
+ bool + + + + + + +
check_channel_shell_request(self, + channel)
+ Determine if a shell will be provided to the client on the given + channel.		 + source code + +
+ +
+ bool + + + + + + +
check_channel_subsystem_request(self, + channel, + name)
+ Determine if a requested subsystem will be provided to the client on + the given channel.		 + source code + +
+ +
+ bool + + + + + + +
check_channel_window_change_request(self, + channel, + width, + height, + pixelwidth, + pixelheight)
+ Determine if the pseudo-terminal on the given channel can be resized.		 + source code + +
+ +
+ bool + + + + + + +
check_channel_x11_request(self, + channel, + single_connection, + auth_protocol, + auth_cookie, + screen_number)
+ Determine if the client will be provided with an X11 session.		 + source code + +
+ +
+ bool + + + + + + +
check_global_request(self, + kind, + msg)
+ Handle a global request of the given kind.		 + source code + +
+ +
+ int + + + + + + +
check_port_forward_request(self, + address, + port)
+ Handle a request for port forwarding.		 + source code + +
+ +
+ str + + + + + + +
get_allowed_auths(self, + username)
+ Return a list of authentication methods supported by the server.		 + source code + +
+ +
+

Inherited from object: + __delattr__, + __getattribute__, + __hash__, + __init__, + __new__, + __reduce__, + __reduce_ex__, + __repr__, + __setattr__, + __str__ +

+
+ + + + + + + + + +
+ Properties
+

Inherited from object: + __class__ +

+
+ + + + + + +
+ Method Details
+ +
+ +
+ + +
+

cancel_port_forward_request(self, + address, + port) +

+ 		source code  +
+ +

The client would like to cancel a previous port-forwarding request. If + the given address and port is being forwarded across this ssh connection, + the port should be closed.

+
+
Parameters:
+
    +
  • address (str) - the forwarded address
    • +
  • port (int) - the forwarded port
    • +
+
+
+
+ +
+ +
+ + +
+

check_auth_interactive(self, + username, + submethods) +

+ 		source code  +
+ +

Begin an interactive authentication challenge, if supported. You + should override this method in server mode if you want to support the + "keyboard-interactive" auth type, which requires + you to send a series of questions for the client to answer.

+

Return AUTH_FAILED if this auth method isn't supported. Otherwise, + you should return an InteractiveQuery object containing the prompts and + instructions for the user. The response will be sent via a call to check_auth_interactive_response.

+

The default implementation always returns AUTH_FAILED.

+
+
Parameters:
+
    +
  • username (str) - the username of the authenticating client
    • +
  • submethods (str) - a comma-separated list of methods preferred by the client + (usually empty)
    • +
+
Returns: int or InteractiveQuery
+
AUTH_FAILED if this auth method isn't supported; otherwise an + object containing queries for the user
+
+
+
+ +
+ +
+ + +
+

check_auth_interactive_response(self, + responses) +

+ 		source code  +
+ +

Continue or finish an interactive authentication challenge, if + supported. You should override this method in server mode if you want to + support the "keyboard-interactive" auth type.

+

Return AUTH_FAILED if the responses are not accepted, AUTH_SUCCESSFUL + if the responses are accepted and complete the authentication, or + AUTH_PARTIALLY_SUCCESSFUL if your authentication is stateful, and this + set of responses is accepted for authentication, but more authentication + is required. (In this latter case, get_allowed_auths will be called to report to the client + what options it has for continuing the authentication.)

+

If you wish to continue interactive authentication with more + questions, you may return an InteractiveQuery object, which should cause + the client to respond with more answers, calling this method again. This + cycle can continue indefinitely.

+

The default implementation always returns AUTH_FAILED.

+
+
Parameters:
+
    +
  • responses (list(str)) - list of responses from the client
    • +
+
Returns: int or InteractiveQuery
+
AUTH_FAILED if the authentication fails; AUTH_SUCCESSFUL if it + succeeds; AUTH_PARTIALLY_SUCCESSFUL if the interactive auth is + successful, but authentication must continue; otherwise an object + containing queries for the user
+
+
+
+ +
+ +
+ + +
+

check_auth_none(self, + username) +

+ 		source code  +
+ +

Determine if a client may open channels with no (further) + authentication.

+

Return AUTH_FAILED if the client must authenticate, or AUTH_SUCCESSFUL + if it's okay for the client to not authenticate.

+

The default implementation always returns AUTH_FAILED.

+
+
Parameters:
+
    +
  • username (str) - the username of the client.
    • +
+
Returns: int
+
AUTH_FAILED if the authentication fails; AUTH_SUCCESSFUL if it + succeeds.
+
+
+
+ +
+ +
+ + +
+

check_auth_password(self, + username, + password) +

+ 		source code  +
+ +

Determine if a given username and password supplied by the client is + acceptable for use in authentication.

+

Return AUTH_FAILED if the password is not accepted, AUTH_SUCCESSFUL if + the password is accepted and completes the authentication, or + AUTH_PARTIALLY_SUCCESSFUL if your authentication is stateful, and this + key is accepted for authentication, but more authentication is required. + (In this latter case, get_allowed_auths will be called to report to the client + what options it has for continuing the authentication.)

+

The default implementation always returns AUTH_FAILED.

+
+
Parameters:
+
    +
  • username (str) - the username of the authenticating client.
    • +
  • password (str) - the password given by the client.
    • +
+
Returns: int
+
AUTH_FAILED if the authentication fails; AUTH_SUCCESSFUL if it + succeeds; AUTH_PARTIALLY_SUCCESSFUL if the password auth is + successful, but authentication must continue.
+
+
+
+ +
+ +
+ + +
+

check_auth_publickey(self, + username, + key) +

+ 		source code  +
+ +

Determine if a given key supplied by the client is acceptable for use + in authentication. You should override this method in server mode to + check the username and key and decide if you would accept a signature + made using this key.

+

Return AUTH_FAILED if the key is not accepted, AUTH_SUCCESSFUL if the + key is accepted and completes the authentication, or + AUTH_PARTIALLY_SUCCESSFUL if your authentication is stateful, and this + password is accepted for authentication, but more authentication is + required. (In this latter case, get_allowed_auths will be called to report to the client + what options it has for continuing the authentication.)

+

Note that you don't have to actually verify any key signtature here. + If you're willing to accept the key, paramiko will do the work of + verifying the client's signature.

+

The default implementation always returns AUTH_FAILED.

+
+
Parameters:
+
    +
  • username (str) - the username of the authenticating client
    • +
  • key (PKey) - the key object provided by the client
    • +
+
Returns: int
+
AUTH_FAILED if the client can't authenticate with this key; + AUTH_SUCCESSFUL if it can; AUTH_PARTIALLY_SUCCESSFUL if it can + authenticate with this key but must continue with authentication
+
+
+
+ +
+ +
+ + +
+

check_channel_direct_tcpip_request(self, + chanid, + origin, + destination) +

+ 		source code  +
+ +

Determine if a local port forwarding channel will be granted, and + return OPEN_SUCCEEDED or an error code. This method is + called in server mode when the client requests a channel, after + authentication is complete.

+

The chanid parameter is a small number that uniquely + identifies the channel within a Transport. A Channel object is not created unless this method returns + OPEN_SUCCEEDED -- once a Channel object is + created, you can call Channel.get_id to retrieve the channel ID.

+

The origin and destination parameters are (ip_address, port) tuples + that correspond to both ends of the TCP connection in the forwarding + tunnel.

+

The return value should either be OPEN_SUCCEEDED (or + 0) to allow the channel request, or one of the following + error codes to reject it:

+
    +
  • + OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED +
    • +
  • + OPEN_FAILED_CONNECT_FAILED +
    • +
  • + OPEN_FAILED_UNKNOWN_CHANNEL_TYPE +
    • +
  • + OPEN_FAILED_RESOURCE_SHORTAGE +
    • +
+

The default implementation always returns + OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED.

+
+
Parameters:
+
    +
  • chanid (int) - ID of the channel
    • +
  • origin (tuple) - 2-tuple containing the IP address and port of the originator + (client side)
    • +
  • destination (tuple) - 2-tuple containing the IP address and port of the destination + (server side)
    • +
+
Returns: int
+
a success or failure code (listed above)
+
+
+
+ +
+ +
+ + +
+

check_channel_exec_request(self, + channel, + command) +

+ 		source code  +
+ +

Determine if a shell command will be executed for the client. If this + method returns True, the channel should be connected to the + stdin, stdout, and stderr of the shell command.

+

The default implementation always returns False.

+
+
Parameters:
+
    +
  • channel (Channel) - the Channel the request arrived on.
    • +
  • command (str) - the command to execute.
    • +
+
Returns: bool
+
True if this channel is now hooked up to the stdin, + stdout, and stderr of the executing command; False + if the command will not be executed.
+
+

Since: + 1.1 +

+
+
+ +
+ +
+ + +
+

check_channel_pty_request(self, + channel, + term, + width, + height, + pixelwidth, + pixelheight, + modes) +

+ 		source code  +
+ +

Determine if a pseudo-terminal of the given dimensions (usually + requested for shell access) can be provided on the given channel.

+

The default implementation always returns False.

+
+
Parameters:
+
    +
  • channel (Channel) - the Channel the pty request arrived on.
    • +
  • term (str) - type of terminal requested (for example, + "vt100").
    • +
  • width (int) - width of screen in characters.
    • +
  • height (int) - height of screen in characters.
    • +
  • pixelwidth (int) - width of screen in pixels, if known (may be 0 if + unknown).
    • +
  • pixelheight (int) - height of screen in pixels, if known (may be 0 if + unknown).
    • +
+
Returns: bool
+
True if the psuedo-terminal has been allocated; + False otherwise.
+
+
+
+ +
+ +
+ + +
+

check_channel_request(self, + kind, + chanid) +

+ 		source code  +
+ +

Determine if a channel request of a given type will be granted, and + return OPEN_SUCCEEDED or an error code. This method is + called in server mode when the client requests a channel, after + authentication is complete.

+

If you allow channel requests (and an ssh server that didn't would be + useless), you should also override some of the channel request methods + below, which are used to determine which services will be allowed on a + given channel:

+ +

The chanid parameter is a small number that uniquely + identifies the channel within a Transport. A Channel object is not created unless this method returns + OPEN_SUCCEEDED -- once a Channel object is + created, you can call Channel.get_id to retrieve the channel ID.

+

The return value should either be OPEN_SUCCEEDED (or + 0) to allow the channel request, or one of the following + error codes to reject it:

+
    +
  • + OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED +
    • +
  • + OPEN_FAILED_CONNECT_FAILED +
    • +
  • + OPEN_FAILED_UNKNOWN_CHANNEL_TYPE +
    • +
  • + OPEN_FAILED_RESOURCE_SHORTAGE +
    • +
+

The default implementation always returns + OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED.

+
+
Parameters:
+
    +
  • kind (str) - the kind of channel the client would like to open (usually + "session").
    • +
  • chanid (int) - ID of the channel
    • +
+
Returns: int
+
a success or failure code (listed above)
+
+
+
+ +
+ +
+ + +
+

check_channel_shell_request(self, + channel) +

+ 		source code  +
+ +

Determine if a shell will be provided to the client on the given + channel. If this method returns True, the channel should be + connected to the stdin/stdout of a shell (or something that acts like a + shell).

+

The default implementation always returns False.

+
+
Parameters:
+
+
Returns: bool
+
True if this channel is now hooked up to a shell; + False if a shell can't or won't be provided.
+
+
+
+ +
+ +
+ + +
+

check_channel_subsystem_request(self, + channel, + name) +

+ 		source code  +
+ +

Determine if a requested subsystem will be provided to the client on + the given channel. If this method returns True, all future + I/O through this channel will be assumed to be connected to the requested + subsystem. An example of a subsystem is sftp.

+

The default implementation checks for a subsystem handler assigned via + Transport.set_subsystem_handler. If one has been set, + the handler is invoked and this method returns True. + Otherwise it returns False.

+
+
Parameters:
+
    +
  • channel (Channel) - the Channel the pty request arrived on.
    • +
  • name (str) - name of the requested subsystem.
    • +
+
Returns: bool
+
True if this channel is now hooked up to the + requested subsystem; False if that subsystem can't + or won't be provided.
+
+

Note: + Because the default implementation uses the Transport to + identify valid subsystems, you probably won't need to override this + method. +

+
+
+ +
+ +
+ + +
+

check_channel_window_change_request(self, + channel, + width, + height, + pixelwidth, + pixelheight) +

+ 		source code  +
+ +

Determine if the pseudo-terminal on the given channel can be resized. + This only makes sense if a pty was previously allocated on it.

+

The default implementation always returns False.

+
+
Parameters:
+
    +
  • channel (Channel) - the Channel the pty request arrived on.
    • +
  • width (int) - width of screen in characters.
    • +
  • height (int) - height of screen in characters.
    • +
  • pixelwidth (int) - width of screen in pixels, if known (may be 0 if + unknown).
    • +
  • pixelheight (int) - height of screen in pixels, if known (may be 0 if + unknown).
    • +
+
Returns: bool
+
True if the terminal was resized; False + if not.
+
+
+
+ +
+ +
+ + +
+

check_channel_x11_request(self, + channel, + single_connection, + auth_protocol, + auth_cookie, + screen_number) +

+ 		source code  +
+ +

Determine if the client will be provided with an X11 session. If this + method returns True, X11 applications should be routed + through new SSH channels, using Transport.open_x11_channel.

+

The default implementation always returns False.

+
+
Parameters:
+
    +
  • channel (Channel) - the Channel the X11 request arrived on
    • +
  • single_connection (bool) - True if only a single X11 channel should be opened
    • +
  • auth_protocol (str) - the protocol used for X11 authentication
    • +
  • auth_cookie (str) - the cookie used to authenticate to X11
    • +
  • screen_number (int) - the number of the X11 screen to connect to
    • +
+
Returns: bool
+
True if the X11 session was opened; + False if not
+
+
+
+ +
+ +
+ + +
+

check_global_request(self, + kind, + msg) +

+ 		source code  +
+ +

Handle a global request of the given kind. This method + is called in server mode and client mode, whenever the remote host makes + a global request. If there are any arguments to the request, they will + be in msg.

+

There aren't any useful global requests defined, aside from port + forwarding, so usually this type of request is an extension to the + protocol.

+

If the request was successful and you would like to return contextual + data to the remote host, return a tuple. Items in the tuple will be sent + back with the successful result. (Note that the items in the tuple can + only be strings, ints, longs, or bools.)

+

The default implementation always returns False, + indicating that it does not support any global requests.

+
+
Parameters:
+
    +
  • kind (str) - the kind of global request being made.
    • +
  • msg (Message) - any extra arguments to the request.
    • +
+
Returns: bool
+
True or a tuple of data if the request was granted; + False otherwise.
+
+

Note: + Port forwarding requests are handled separately, in check_port_forward_request. +

+
+
+ +
+ +
+ + +
+

check_port_forward_request(self, + address, + port) +

+ 		source code  +
+ +

Handle a request for port forwarding. The client is asking that + connections to the given address and port be forwarded back across this + ssh connection. An address of "0.0.0.0" indicates + a global address (any address associated with this server) and a port of + 0 indicates that no specific port is requested (usually the + OS will pick a port).

+

The default implementation always returns False, + rejecting the port forwarding request. If the request is accepted, you + should return the port opened for listening.

+
+
Parameters:
+
    +
  • address (str) - the requested address
    • +
  • port (int) - the requested port
    • +
+
Returns: int
+
the port number that was opened for listening, or + False to reject
+
+
+
+ +
+ +
+ + +
+

get_allowed_auths(self, + username) +

+ 		source code  +
+ +

Return a list of authentication methods supported by the server. This + list is sent to clients attempting to authenticate, to inform them of + authentication methods that might be successful.

+

The "list" is actually a string of comma-separated names of + types of authentication. Possible values are + "password", "publickey", + and "none".

+

The default implementation always returns + "password".

+
+
Parameters:
+
    +
  • username (str) - the username requesting authentication.
    • +
+
Returns: str
+
a comma-separated list of authentication types
+
+
+
+
+ + + + + + + + + + + + + + + + + +
   Home      Trees      Indices      Help   
+ + + + + +
+ Generated by Epydoc 3.0.1 on Sun Jul 6 18:30:30 2008 + + http://epydoc.sourceforge.net +
+ + + + -- cgit v1.2.3