Rev 4556: (jam) Bug #375867, in file:///home/pqm/archives/thelove/bzr/%2Btrunk/
Canonical.com Patch Queue Manager
pqm at pqm.ubuntu.com
Mon Jul 20 23:42:45 BST 2009
At file:///home/pqm/archives/thelove/bzr/%2Btrunk/
------------------------------------------------------------
revno: 4556 [merge]
revision-id: pqm at pqm.ubuntu.com-20090720224242-jo0rxbt5f0jecj4d
parent: pqm at pqm.ubuntu.com-20090720145231-zntxtpyaoujmkrsz
parent: john at arbash-meinel.com-20090720212829-ludtl4fohltqilp0
committer: Canonical.com Patch Queue Manager <pqm at pqm.ubuntu.com>
branch nick: +trunk
timestamp: Mon 2009-07-20 23:42:42 +0100
message:
(jam) Bug #375867,
don't prompt for password if ssh host doesn't support password auth.
modified:
NEWS NEWS-20050323055033-4e00b5db738777ff
bzrlib/transport/ssh.py ssh.py-20060824042150-0s9787kng6zv1nwq-1
=== modified file 'NEWS'
--- a/NEWS 2009-07-20 11:27:05 +0000
+++ b/NEWS 2009-07-20 21:21:10 +0000
@@ -22,6 +22,11 @@
Bug Fixes
*********
+* Authenticating against an ssh server now uses ``auth_none`` to determine
+ if password authentication is even supported. This fixes a bug where
+ users would be prompted for a launchpad password, even though launchpad
+ only supports publickey authentication. (John Arbash Meinel, #375867)
+
* BranchBuilder now accepts timezone to avoid test failures in countries far
from GMT. (Vincent Ladeuil, #397716)
=== modified file 'bzrlib/transport/ssh.py'
--- a/bzrlib/transport/ssh.py 2009-04-27 16:10:10 +0000
+++ b/bzrlib/transport/ssh.py 2009-07-20 21:28:29 +0000
@@ -19,6 +19,7 @@
import errno
import getpass
+import logging
import os
import socket
import subprocess
@@ -481,6 +482,30 @@
if _try_pkey_auth(paramiko_transport, paramiko.DSSKey, username, 'id_dsa'):
return
+ # If we have gotten this far, we are about to try for passwords, do an
+ # auth_none check to see if it is even supported.
+ supported_auth_types = []
+ try:
+ # Note that with paramiko <1.7.5 this logs an INFO message:
+ # Authentication type (none) not permitted.
+ # So we explicitly disable the logging level for this action
+ old_level = paramiko_transport.logger.level
+ paramiko_transport.logger.setLevel(logging.WARNING)
+ try:
+ paramiko_transport.auth_none(username)
+ finally:
+ paramiko_transport.logger.setLevel(old_level)
+ except paramiko.BadAuthenticationType, e:
+ # Supported methods are in the exception
+ supported_auth_types = e.allowed_types
+ except paramiko.SSHException, e:
+ # Don't know what happened, but just ignore it
+ pass
+ if 'password' not in supported_auth_types:
+ raise errors.ConnectionError('Unable to authenticate to SSH host as'
+ '\n %s@%s\nsupported auth types: %s'
+ % (username, host, supported_auth_types))
+
if password:
try:
paramiko_transport.auth_password(username, password)
@@ -490,11 +515,17 @@
# give up and ask for a password
password = auth.get_password('ssh', host, username, port=port)
- try:
- paramiko_transport.auth_password(username, password)
- except paramiko.SSHException, e:
- raise errors.ConnectionError(
- 'Unable to authenticate to SSH host as %s@%s' % (username, host), e)
+ # get_password can still return None, which means we should not prompt
+ if password is not None:
+ try:
+ paramiko_transport.auth_password(username, password)
+ except paramiko.SSHException, e:
+ raise errors.ConnectionError(
+ 'Unable to authenticate to SSH host as'
+ '\n %s@%s\n' % (username, host), e)
+ else:
+ raise errors.ConnectionError('Unable to authenticate to SSH host as'
+ ' %s@%s' % (username, host))
def _try_pkey_auth(paramiko_transport, pkey_class, username, filename):
More information about the bazaar-commits
mailing list