PyPI - asyncssh - Versions diffs - 2.14.2__tar.gz → 2.16.0__tar.gz - Mend

asyncssh 2.14.2tar.gz → 2.16.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

{asyncssh-2.14.2 → asyncssh-2.16.0}/.github/workflows/run_tests.yml RENAMED Viewed

@@ -20,6 +20,10 @@ jobs:
             python-version: "3.12"
             openssl-version: "3"
         exclude:
+          # having trouble with arch arm64 on macos-ltest on Python 3.7
+          - os: macos-latest
+            python-version: "3.7"
           # test hangs on these combination
           - os: windows-latest
             python-version: "3.8"
@@ -39,19 +43,19 @@ jobs:
     steps:
       - name: Checkout asyncssh
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: asyncssh
       - name: Checkout liboqs
         if: ${{ runner.os != 'macOS' }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: open-quantum-safe/liboqs
           ref: ${{ env.liboqs_version }}
           path: liboqs
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           cache: pip
@@ -122,23 +126,34 @@ jobs:
               check=True)
       - name: Upload coverage data
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: coverage
+          name: coverage-${{ matrix.os }}-${{ matrix.python-version }}
           path: asyncssh/.coverage.*
           retention-days: 1
+  merge-coverage:
+    runs-on: ubuntu-latest
+    needs: run-tests
+    if: ${{ always() }}
+    steps:
+      - name: Merge coverage
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: coverage
+          pattern: coverage-*
   report-coverage:
     name: Report coverage
     runs-on: ubuntu-latest
-    needs: run-tests
+    needs: merge-coverage
     if: ${{ always() }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.7"
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: coverage
       - name: Install dependencies
@@ -152,6 +167,7 @@ jobs:
             sqlite3 "$f" "update file set path = replace(path, '\\', '/');"
           done
           tox -e report
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v4
         with:
           files: coverage.xml
+          token: ${{ secrets.CODECOV_TOKEN }}

{asyncssh-2.14.2 → asyncssh-2.16.0}/CONTRIBUTING.rst RENAMED Viewed

@@ -68,19 +68,18 @@ contributors list.
 Branches
 --------
-There are two long-lived branches in AsyncSSH at the moment:
+There are two long-lived branches in AsyncSSH:
 * The master branch is intended to contain the latest stable version
   of the code. All official versions of AsyncSSH are released from
   this branch, and each release has a corresponding tag added
-  matching its release number. Bug fixes and simple improvements
-  may be checked directly into this branch, but most new features
-  will be added to the develop branch first.
-* The develop branch is intended to contain features for developers
-  to test before they are ready to be added to an official release.
-  APIs in the develop branch may be subject to change until they
-  are migrated back to master, and there's no guarantee of backward
+  matching its release number.
+* The develop branch is intended to contain new features and bug fixes
+  ready to be tested before being added to an official release. APIs
+  in the develop branch may be subject to change until they are
+  migrated back to master, and there's no guarantee of backward
   compatibility in this branch. However, pulling from this branch
   will provide early access to new functionality and a chance to
-  influence this functionality before it is released.
+  influence this functionality before it is released. Also, all
+  pull requests should be submitted against this branch.

{asyncssh-2.14.2 → asyncssh-2.16.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: asyncssh
-Version: 2.14.2
+Version: 2.16.0
 Summary: AsyncSSH: Asynchronous SSHv2 client and server library
 Home-page: http://asyncssh.timeheart.net
 Author: Ron Frederick
@@ -27,14 +27,23 @@ Classifier: Topic :: Security :: Cryptography
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: System :: Networking
 Requires-Python: >= 3.6
+License-File: LICENSE
+Requires-Dist: cryptography>=39.0
+Requires-Dist: typing_extensions>=4.0.0
 Provides-Extra: bcrypt
+Requires-Dist: bcrypt>=3.1.3; extra == "bcrypt"
 Provides-Extra: fido2
+Requires-Dist: fido2>=0.9.2; extra == "fido2"
 Provides-Extra: gssapi
+Requires-Dist: gssapi>=1.2.0; extra == "gssapi"
 Provides-Extra: libnacl
+Requires-Dist: libnacl>=1.4.2; extra == "libnacl"
 Provides-Extra: pkcs11
-Provides-Extra: pyOpenSSL
+Requires-Dist: python-pkcs11>=0.7.0; extra == "pkcs11"
+Provides-Extra: pyopenssl
+Requires-Dist: pyOpenSSL>=23.0.0; extra == "pyopenssl"
 Provides-Extra: pywin32
-License-File: LICENSE
+Requires-Dist: pywin32>=227; extra == "pywin32"
 .. image:: https://readthedocs.org/projects/asyncssh/badge/?version=latest
     :target: https://asyncssh.readthedocs.io/en/latest/?badge=latest
@@ -79,6 +88,7 @@ Features
   * Environment variables, terminal type, and window size
   * Direct and forwarded TCP/IP channels
   * OpenSSH-compatible direct and forwarded UNIX domain socket channels
+  * OpenSSH-compatible TUN/TAP channels and packet forwarding
   * Local and remote TCP/IP port forwarding
   * Local and remote UNIX domain socket forwarding
   * Dynamic TCP/IP port forwarding via SOCKS
@@ -266,5 +276,3 @@ Three mailing lists are available for AsyncSSH:
 __ http://groups.google.com/d/forum/asyncssh-announce
 __ http://groups.google.com/d/forum/asyncssh-dev
 __ http://groups.google.com/d/forum/asyncssh-users

{asyncssh-2.14.2 → asyncssh-2.16.0}/README.rst RENAMED Viewed

@@ -41,6 +41,7 @@ Features
   * Environment variables, terminal type, and window size
   * Direct and forwarded TCP/IP channels
   * OpenSSH-compatible direct and forwarded UNIX domain socket channels
+  * OpenSSH-compatible TUN/TAP channels and packet forwarding
   * Local and remote TCP/IP port forwarding
   * Local and remote UNIX domain socket forwarding
   * Dynamic TCP/IP port forwarding via SOCKS

{asyncssh-2.14.2 → asyncssh-2.16.0}/asyncssh/__init__.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2022 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -34,7 +34,7 @@ from .auth_keys import SSHAuthorizedKeys
 from .auth_keys import import_authorized_keys, read_authorized_keys
 from .channel import SSHClientChannel, SSHServerChannel
-from .channel import SSHTCPChannel, SSHUNIXChannel
+from .channel import SSHTCPChannel, SSHUNIXChannel, SSHTunTapChannel
 from .client import SSHClient
@@ -92,7 +92,7 @@ from .rsa import set_default_skip_rsa_key_validation
 from .scp import scp
 from .session import DataType, SSHClientSession, SSHServerSession
-from .session import SSHTCPSession, SSHUNIXSession
+from .session import SSHTCPSession, SSHUNIXSession, SSHTunTapSession
 from .server import SSHServer
@@ -154,18 +154,19 @@ __all__ = [
     'SSHServerSessionFactory', 'SSHSocketSessionFactory',
     'SSHSubprocessProtocol', 'SSHSubprocessReadPipe',
     'SSHSubprocessTransport', 'SSHSubprocessWritePipe', 'SSHTCPChannel',
-    'SSHTCPSession', 'SSHUNIXChannel', 'SSHUNIXSession', 'SSHWriter',
-    'STDOUT', 'ServiceNotAvailable', 'SignalReceived',
-    'TerminalSizeChanged', 'TimeoutError', 'connect', 'connect_agent',
-    'connect_reverse', 'create_connection', 'create_server',
-    'generate_private_key', 'get_server_auth_methods',
-    'get_server_host_key', 'import_authorized_keys', 'import_certificate',
-    'import_known_hosts', 'import_private_key', 'import_public_key',
-    'listen', 'listen_reverse', 'load_certificates', 'load_keypairs',
-    'load_pkcs11_keys', 'load_public_keys', 'load_resident_keys', 'logger',
-    'match_known_hosts', 'read_authorized_keys', 'read_certificate',
-    'read_certificate_list', 'read_known_hosts', 'read_private_key',
-    'read_private_key_list', 'read_public_key', 'read_public_key_list',
-    'run_client', 'run_server', 'scp', 'set_debug_level', 'set_log_level',
-    'set_sftp_log_level', 'set_default_skip_rsa_key_validation',
+    'SSHTCPSession', 'SSHTunTapChannel', 'SSHTunTapSession',
+    'SSHUNIXChannel', 'SSHUNIXSession', 'SSHWriter',
+    'STDOUT', 'ServiceNotAvailable', 'SignalReceived', 'TerminalSizeChanged',
+    'TimeoutError', 'connect', 'connect_agent', 'connect_reverse',
+    'create_connection', 'create_server', 'generate_private_key',
+    'get_server_auth_methods', 'get_server_host_key',
+    'import_authorized_keys', 'import_certificate', 'import_known_hosts',
+    'import_private_key', 'import_public_key', 'listen', 'listen_reverse',
+    'load_certificates', 'load_keypairs', 'load_pkcs11_keys',
+    'load_public_keys', 'load_resident_keys', 'logger', 'match_known_hosts',
+    'read_authorized_keys', 'read_certificate', 'read_certificate_list',
+    'read_known_hosts', 'read_private_key', 'read_private_key_list',
+    'read_public_key', 'read_public_key_list', 'run_client', 'run_server',
+    'scp', 'set_debug_level', 'set_default_skip_rsa_key_validation',
+    'set_log_level', 'set_sftp_log_level'
 ]

{asyncssh-2.14.2 → asyncssh-2.16.0}/asyncssh/agent.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2016-2023 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2016-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -26,7 +26,7 @@ import os
 import sys
 from types import TracebackType
 from typing import TYPE_CHECKING, List, Optional, Sequence, Tuple, Type, Union
-from typing_extensions import Protocol
+from typing_extensions import Protocol, Self
 from .listener import SSHForwardListener
 from .misc import async_context_manager, maybe_wait_closed
@@ -198,7 +198,7 @@ class SSHAgentClient:
         self._writer: Optional[AgentWriter] = None
         self._lock = asyncio.Lock()
-    async def __aenter__(self) -> 'SSHAgentClient':
+    async def __aenter__(self) -> Self:
         """Allow SSHAgentClient to be used as an async context manager"""
         return self

{asyncssh-2.14.2 → asyncssh-2.16.0}/asyncssh/agent_unix.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2016-2021 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2016-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this

{asyncssh-2.14.2 → asyncssh-2.16.0}/asyncssh/agent_win32.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2016-2021 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2016-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this

{asyncssh-2.14.2 → asyncssh-2.16.0}/asyncssh/channel.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2023 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2013-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -46,18 +46,22 @@ from .editor import SSHLineEditorChannel, SSHLineEditorSession
 from .logging import SSHLogger
 from .misc import ChannelOpenError, MaybeAwait, ProtocolError
+from .misc import TermModes, TermSize, TermSizeArg
 from .misc import get_symbol_names, map_handler_name
 from .packet import Boolean, Byte, String, UInt32, SSHPacket, SSHPacketHandler
-from .session import TermModes, TermSize, TermSizeArg
 from .session import SSHSession, SSHClientSession, SSHServerSession
-from .session import SSHTCPSession, SSHUNIXSession
+from .session import SSHTCPSession, SSHUNIXSession, SSHTunTapSession
 from .session import SSHSessionFactory, SSHClientSessionFactory
 from .session import SSHTCPSessionFactory, SSHUNIXSessionFactory
+from .session import SSHTunTapSessionFactory
 from .stream import DataType
+from .tuntap import SSH_TUN_MODE_POINTTOPOINT, SSH_TUN_UNIT_ANY
+from .tuntap import SSH_TUN_AF_INET, SSH_TUN_AF_INET6
 if TYPE_CHECKING:
     # pylint: disable=cyclic-import
@@ -225,7 +229,7 @@ class SSHChannel(Generic[AnyStr], SSHPacketHandler):
         self._close_event.set()
-        if self._conn: # pragma: no branch
+        if self._conn and self._recv_state == 'closed': # pragma: no branch
             self.logger.info('Channel closed%s',
                              ': ' + str(exc) if exc else '')
@@ -259,7 +263,8 @@ class SSHChannel(Generic[AnyStr], SSHPacketHandler):
         # If recv is close_pending, we know send is already closed
         if self._recv_state == 'close_pending':
             self._recv_state = 'closed'
-            self._loop.call_soon(self._cleanup)
+        self._loop.call_soon(self._cleanup)
     async def _start_reading(self) -> None:
         """Start processing data on a new connection"""
@@ -394,19 +399,6 @@ class SSHChannel(Generic[AnyStr], SSHPacketHandler):
         if self._send_state in {'close_pending', 'closed'}:
             return
-        datalen = len(data)
-        if datalen > self._recv_window:
-            raise ProtocolError('Window exceeded')
-        if datatype:
-            typename = ' from %s' % _data_type_names[datatype]
-        else:
-            typename = ''
-        self.logger.debug2('Received %d data byte%s%s', datalen,
-                           's' if datalen > 1 else '', typename)
         if self._recv_paused:
             self._recv_buf.append((data, datatype))
         else:
@@ -579,6 +571,14 @@ class SSHChannel(Generic[AnyStr], SSHPacketHandler):
         data = packet.get_string()
         packet.check_end()
+        datalen = len(data)
+        if datalen > self._recv_window:
+            raise ProtocolError('Window exceeded')
+        self.logger.debug2('Received %d data byte%s', datalen,
+                           's' if datalen > 1 else '')
         self._accept_data(data)
     def _process_extended_data(self, _pkttype: int, _pktid: int,
@@ -595,6 +595,15 @@ class SSHChannel(Generic[AnyStr], SSHPacketHandler):
         if datatype not in self._read_datatypes:
             raise ProtocolError('Invalid extended data type')
+        datalen = len(data)
+        if datalen > self._recv_window:
+            raise ProtocolError('Window exceeded')
+        self.logger.debug2('Received %d data byte%s from %s', datalen,
+                           's' if datalen > 1 else '',
+                           _data_type_names[datatype])
         self._accept_data(data, datatype)
     def _process_eof(self, _pkttype: int, _pktid: int,
@@ -2080,6 +2089,54 @@ class SSHUNIXChannel(SSHForwardChannel, Generic[AnyStr]):
         self.set_extra_info(local_peername=dest_path, remote_peername='')
+class SSHTunTapChannel(SSHForwardChannel[bytes]):
+    """SSH TunTap channel"""
+    def __init__(self, conn: 'SSHConnection',
+                 loop: asyncio.AbstractEventLoop, encoding: Optional[str],
+                 errors: str, window: int, max_pktsize: int):
+        super().__init__(conn, loop, encoding, errors, window, max_pktsize)
+        self._mode: Optional[int] = None
+    def _accept_data(self, data: bytes, datatype: DataType = None) -> None:
+        """Strip off address family on incoming packets in TUN mode"""
+        if self._mode == SSH_TUN_MODE_POINTTOPOINT:
+            data = data[4:]
+        super()._accept_data(data, datatype)
+    def write(self, data: bytes, datatype: DataType = None) -> None:
+        """Add address family in outbound packets in TUN mode"""
+        if self._mode == SSH_TUN_MODE_POINTTOPOINT:
+            version = data[0] >> 4
+            family = SSH_TUN_AF_INET if version == 4 else SSH_TUN_AF_INET6
+            data = UInt32(family) + data
+        super().write(data, datatype)
+    async def open(self, session_factory: SSHTunTapSessionFactory,
+                   mode: int, unit: Optional[int]) -> SSHTunTapSession:
+        """Open a TUN/TAP channel"""
+        self._mode = mode
+        if unit is None:
+            unit = SSH_TUN_UNIT_ANY
+        return cast(SSHTunTapSession,
+                    await self._open_forward(session_factory,
+                                             b'tun@openssh.com',
+                                             UInt32(mode), UInt32(unit)))
+    def set_mode(self, mode: int) -> None:
+        """Set mode for inbound connections"""
+        self._mode = mode
 class SSHX11Channel(SSHForwardChannel[bytes]):
     """SSH X11 channel"""

{asyncssh-2.14.2 → asyncssh-2.16.0}/asyncssh/client.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2013-2021 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2013-2023 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this

{asyncssh-2.14.2 → asyncssh-2.16.0}/asyncssh/config.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# Copyright (c) 2020-2022 by Ron Frederick <ronf@timeheart.net> and others.
+# Copyright (c) 2020-2024 by Ron Frederick <ronf@timeheart.net> and others.
 #
 # This program and the accompanying materials are made available under
 # the terms of the Eclipse Public License v2.0 which accompanies this
@@ -320,11 +320,16 @@ class SSHConfig:
                     self._error(str(exc))
                 args = []
+                loption = ''
+                allow_equal = True
-                for arg in split_args:
+                for i, arg in enumerate(split_args, 1):
                     if arg.startswith('='):
                         if len(arg) > 1:
                             args.append(arg[1:])
+                    elif not allow_equal:
+                        args.extend(split_args[i-1:])
+                        break
                     elif arg.endswith('='):
                         args.append(arg[:-1])
                     elif '=' in arg:
@@ -334,8 +339,9 @@ class SSHConfig:
                     else:
                         args.append(arg)
-                option = args.pop(0)
-                loption = option.lower()
+                    if i == 1:
+                        loption = args.pop(0).lower()
+                        allow_equal = loption in self._conditionals
                 if loption in self._no_split:
                     args = [line.lstrip()[len(loption):].strip()]
@@ -419,7 +425,7 @@ class SSHClientConfig(SSHConfig):
     """Settings from an OpenSSH client config file"""
     _conditionals = {'host', 'match'}
-    _no_split = {'remotecommand'}
+    _no_split = {'proxycommand', 'remotecommand'}
     _percent_expand = {'CertificateFile', 'IdentityAgent',
                        'IdentityFile', 'ProxyCommand', 'RemoteCommand'}
@@ -447,6 +453,8 @@ class SSHClientConfig(SSHConfig):
             return self._local_user
         elif match == 'user':
             return self._options.get('User', self._local_user)
+        elif match == 'tagged':
+            return self._options.get('Tag', '')
         else:
             return None
@@ -551,7 +559,7 @@ class SSHClientConfig(SSHConfig):
         ('PKCS11Provider',                  SSHConfig._set_string),
         ('PreferredAuthentications',        SSHConfig._set_string),
         ('Port',                            SSHConfig._set_int),
-        ('ProxyCommand',                    SSHConfig._set_string_list),
+        ('ProxyCommand',                    SSHConfig._set_string),
         ('ProxyJump',                       SSHConfig._set_string),
         ('PubkeyAuthentication',            SSHConfig._set_bool),
         ('RekeyLimit',                      SSHConfig._set_rekey_limits),
@@ -560,7 +568,8 @@ class SSHClientConfig(SSHConfig):
         ('SendEnv',                         SSHConfig._append_string_list),
         ('ServerAliveCountMax',             SSHConfig._set_int),
         ('ServerAliveInterval',             SSHConfig._set_int),
-        ('SetEnv',                          SSHConfig._append_string_list),
+        ('SetEnv',                          SSHConfig._set_string_list),
+        ('Tag',                             SSHConfig._set_string),
         ('TCPKeepAlive',                    SSHConfig._set_bool),
         ('User',                            SSHConfig._set_string),
         ('UserKnownHostsFile',              SSHConfig._set_string_list)

asyncssh 2.14.2__tar.gz → 2.16.0__tar.gz

asyncssh 2.14.2tar.gz → 2.16.0tar.gz