/brz/remove-bazaar

To get this branch, use:
bzr branch http://gegoxaren.bato24.eu/bzr/brz/remove-bazaar

« back to all changes in this revision

Viewing changes to breezy/transport/ssh.py

  • Committer: Jelmer Vernooij
  • Date: 2017-08-19 14:58:28 UTC
  • mfrom: (6753.1.2 fix-ssh-sec)
  • Revision ID: jelmer@jelmer.uk-20170819145828-qk2p7qlg5j2fbsiz
Merge lp:~jelmer/brz/fix-ssh-sec

Show diffs side-by-side

added added

removed removed

Lines of Context:
breezy/transport/ssh.py
46
46
    from paramiko.sftp_client import SFTPClient
47
47
 
48
48
 
 
49
class StrangeHostname(errors.BzrError):
 
50
    _fmt = "Refusing to connect to strange SSH hostname %(hostname)s"
 
51
 
 
52
 
49
53
SYSTEM_HOSTKEYS = {}
50
54
BRZ_HOSTKEYS = {}
51
55
 
360
364
    # tests, but beware of using PIPE which may hang due to not being read.
361
365
    _stderr_target = None
362
366
 
 
367
    @staticmethod
 
368
    def _check_hostname(arg):
 
369
        if arg.startswith('-'):
 
370
            raise StrangeHostname(hostname=arg)
 
371
 
363
372
    def _connect(self, argv):
364
373
        # Attempt to make a socketpair to use as stdin/stdout for the SSH
365
374
        # subprocess.  We prefer sockets to pipes because they support
424
433
        if username is not None:
425
434
            args.extend(['-l', username])
426
435
        if subsystem is not None:
427
 
            args.extend(['-s', host, subsystem])
 
436
            args.extend(['-s', '--', host, subsystem])
428
437
        else:
429
 
            args.extend([host] + command)
 
438
            args.extend(['--', host] + command)
430
439
        return args
431
440
 
432
441
register_ssh_vendor('openssh', OpenSSHSubprocessVendor())
439
448
 
440
449
    def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
441
450
                                  command=None):
 
451
        self._check_hostname(host)
442
452
        args = [self.executable_path, '-x']
443
453
        if port is not None:
444
454
            args.extend(['-p', str(port)])
460
470
 
461
471
    def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
462
472
                                  command=None):
 
473
        self._check_hostname(host)
463
474
        args = [self.executable_path]
464
475
        if port is not None:
465
476
            args.extend(['-p', str(port)])
481
492
 
482
493
    def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
483
494
                                  command=None):
 
495
        self._check_hostname(host)
484
496
        args = [self.executable_path, '-x', '-a', '-ssh', '-2', '-batch']
485
497
        if port is not None:
486
498
            args.extend(['-P', str(port)])