Show More
@@ -265,6 +265,8 b' class IPythonConsoleApp(Configurable):' | |||
|
265 | 265 | setattr(self, name, cfg[name]) |
|
266 | 266 | if 'key' in cfg: |
|
267 | 267 | self.config.Session.key = str_to_bytes(cfg['key']) |
|
268 | if 'signature_scheme' in cfg: | |
|
269 | self.config.Session.signature_scheme = cfg['signature_scheme'] | |
|
268 | 270 | |
|
269 | 271 | def init_ssh(self): |
|
270 | 272 | """set up ssh tunnels, if needed.""" |
@@ -50,7 +50,9 b' from IPython.utils.traitlets import (' | |||
|
50 | 50 | #----------------------------------------------------------------------------- |
|
51 | 51 | |
|
52 | 52 | def write_connection_file(fname=None, shell_port=0, iopub_port=0, stdin_port=0, hb_port=0, |
|
53 |
control_port=0, ip=LOCALHOST, key=b'', transport='tcp' |
|
|
53 | control_port=0, ip=LOCALHOST, key=b'', transport='tcp', | |
|
54 | signature_scheme='hmac-sha256', | |
|
55 | ): | |
|
54 | 56 | """Generates a JSON config file, including the selection of random ports. |
|
55 | 57 | |
|
56 | 58 | Parameters |
@@ -78,7 +80,15 b' def write_connection_file(fname=None, shell_port=0, iopub_port=0, stdin_port=0, ' | |||
|
78 | 80 | The ip address the kernel will bind to. |
|
79 | 81 | |
|
80 | 82 | key : str, optional |
|
81 |
The Session key used for |
|
|
83 | The Session key used for message authentication. | |
|
84 | ||
|
85 | signature_scheme : str, optional | |
|
86 | The scheme used for message authentication. | |
|
87 | This has the form 'digest-hash', where 'digest' | |
|
88 | is the scheme used for digests, and 'hash' is the name of the hash function | |
|
89 | used by the digest scheme. | |
|
90 | Currently, 'hmac' is the only supported digest scheme, | |
|
91 | and 'sha256' is the default hash function. | |
|
82 | 92 | |
|
83 | 93 | """ |
|
84 | 94 | # default to temporary connector file |
@@ -129,6 +139,7 b' def write_connection_file(fname=None, shell_port=0, iopub_port=0, stdin_port=0, ' | |||
|
129 | 139 | cfg['ip'] = ip |
|
130 | 140 | cfg['key'] = bytes_to_str(key) |
|
131 | 141 | cfg['transport'] = transport |
|
142 | cfg['signature_scheme'] = signature_scheme | |
|
132 | 143 | |
|
133 | 144 | with open(fname, 'w') as f: |
|
134 | 145 | f.write(json.dumps(cfg, indent=2)) |
@@ -380,6 +391,7 b' class ConnectionFileMixin(HasTraits):' | |||
|
380 | 391 | _connection_file_written = Bool(False) |
|
381 | 392 | |
|
382 | 393 | transport = CaselessStrEnum(['tcp', 'ipc'], default_value='tcp', config=True) |
|
394 | signature_scheme = Unicode('') | |
|
383 | 395 | |
|
384 | 396 | ip = Unicode(LOCALHOST, config=True, |
|
385 | 397 | help="""Set the kernel\'s IP address [default localhost]. |
@@ -427,6 +439,7 b' class ConnectionFileMixin(HasTraits):' | |||
|
427 | 439 | stdin_port=self.stdin_port, |
|
428 | 440 | hb_port=self.hb_port, |
|
429 | 441 | control_port=self.control_port, |
|
442 | signature_scheme=self.signature_scheme, | |
|
430 | 443 | ) |
|
431 | 444 | |
|
432 | 445 | def cleanup_connection_file(self): |
@@ -463,6 +476,7 b' class ConnectionFileMixin(HasTraits):' | |||
|
463 | 476 | stdin_port=self.stdin_port, iopub_port=self.iopub_port, |
|
464 | 477 | shell_port=self.shell_port, hb_port=self.hb_port, |
|
465 | 478 | control_port=self.control_port, |
|
479 | signature_scheme=self.signature_scheme, | |
|
466 | 480 | ) |
|
467 | 481 | # write_connection_file also sets default ports: |
|
468 | 482 | for name in port_names: |
@@ -479,7 +493,10 b' class ConnectionFileMixin(HasTraits):' | |||
|
479 | 493 | self.ip = cfg['ip'] |
|
480 | 494 | for name in port_names: |
|
481 | 495 | setattr(self, name, cfg[name]) |
|
496 | if 'key' in cfg: | |
|
482 | 497 | self.session.key = str_to_bytes(cfg['key']) |
|
498 | if cfg.get('signature_scheme'): | |
|
499 | self.session.signature_scheme = cfg['signature_scheme'] | |
|
483 | 500 | |
|
484 | 501 | #-------------------------------------------------------------------------- |
|
485 | 502 | # Creating connected sockets |
@@ -24,6 +24,7 b' Authors:' | |||
|
24 | 24 | # Imports |
|
25 | 25 | #----------------------------------------------------------------------------- |
|
26 | 26 | |
|
27 | import hashlib | |
|
27 | 28 | import hmac |
|
28 | 29 | import logging |
|
29 | 30 | import os |
@@ -50,7 +51,9 b' from IPython.utils.importstring import import_item' | |||
|
50 | 51 | from IPython.utils.jsonutil import extract_dates, squash_dates, date_default |
|
51 | 52 | from IPython.utils.py3compat import str_to_bytes, str_to_unicode |
|
52 | 53 | from IPython.utils.traitlets import (CBytes, Unicode, Bool, Any, Instance, Set, |
|
53 |
DottedObjectName, CUnicode, Dict, Integer |
|
|
54 | DottedObjectName, CUnicode, Dict, Integer, | |
|
55 | TraitError, | |
|
56 | ) | |
|
54 | 57 | from IPython.kernel.zmq.serialize import MAX_ITEMS, MAX_BYTES |
|
55 | 58 | |
|
56 | 59 | #----------------------------------------------------------------------------- |
@@ -308,10 +311,26 b' class Session(Configurable):' | |||
|
308 | 311 | help="""execution key, for extra authentication.""") |
|
309 | 312 | def _key_changed(self, name, old, new): |
|
310 | 313 | if new: |
|
311 | self.auth = hmac.HMAC(new) | |
|
314 | self.auth = hmac.HMAC(new, digestmod=self.digest_mod) | |
|
312 | 315 | else: |
|
313 | 316 | self.auth = None |
|
314 | 317 | |
|
318 | signature_scheme = Unicode('hmac-sha256', config=True, | |
|
319 | help="""The digest scheme used to construct the message signatures. | |
|
320 | Must have the form 'hmac-HASH'.""") | |
|
321 | def _signature_scheme_changed(self, name, old, new): | |
|
322 | if not new.startswith('hmac-'): | |
|
323 | raise TraitError("signature_scheme must start with 'hmac-', got %r" % new) | |
|
324 | hash_name = new.split('-', 1)[1] | |
|
325 | try: | |
|
326 | self.digest_mod = getattr(hashlib, hash_name) | |
|
327 | except AttributeError: | |
|
328 | raise TraitError("hashlib has no such attribute: %s" % hash_name) | |
|
329 | ||
|
330 | digest_mod = Any() | |
|
331 | def _digest_mod_default(self): | |
|
332 | return hashlib.sha256 | |
|
333 | ||
|
315 | 334 | auth = Instance(hmac.HMAC) |
|
316 | 335 | |
|
317 | 336 | digest_history = Set() |
@@ -387,6 +406,11 b' class Session(Configurable):' | |||
|
387 | 406 | key : bytes |
|
388 | 407 | The key used to initialize an HMAC signature. If unset, messages |
|
389 | 408 | will not be signed or checked. |
|
409 | signature_scheme : str | |
|
410 | The message digest scheme. Currently must be of the form 'hmac-HASH', | |
|
411 | where 'HASH' is a hashing function available in Python's hashlib. | |
|
412 | The default is 'hmac-sha256'. | |
|
413 | This is ignored if 'key' is empty. | |
|
390 | 414 | keyfile : filepath |
|
391 | 415 | The file containing a key. If this is set, `key` will be |
|
392 | 416 | initialized to the contents of the file. |
General Comments 0
You need to be logged in to leave comments.
Login now