##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Merge pull request #689 from minrk/auth...
Fernando Perez -
r4565:1d092172 merge
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -121,7 +121,11 b' class Kernel(Configurable):'
121 def do_one_iteration(self):
121 def do_one_iteration(self):
122 """Do one iteration of the kernel's evaluation loop.
122 """Do one iteration of the kernel's evaluation loop.
123 """
123 """
124 ident,msg = self.session.recv(self.shell_socket, zmq.NOBLOCK)
124 try:
125 ident,msg = self.session.recv(self.shell_socket, zmq.NOBLOCK)
126 except Exception:
127 self.log.warn("Invalid Message:", exc_info=True)
128 return
125 if msg is None:
129 if msg is None:
126 return
130 return
127
131
@@ -375,7 +379,11 b' class Kernel(Configurable):'
375
379
376 def _abort_queue(self):
380 def _abort_queue(self):
377 while True:
381 while True:
378 ident,msg = self.session.recv(self.shell_socket, zmq.NOBLOCK)
382 try:
383 ident,msg = self.session.recv(self.shell_socket, zmq.NOBLOCK)
384 except Exception:
385 self.log.warn("Invalid Message:", exc_info=True)
386 continue
379 if msg is None:
387 if msg is None:
380 break
388 break
381 else:
389 else:
@@ -402,7 +410,13 b' class Kernel(Configurable):'
402 msg = self.session.send(self.stdin_socket, u'input_request', content, parent)
410 msg = self.session.send(self.stdin_socket, u'input_request', content, parent)
403
411
404 # Await a response.
412 # Await a response.
405 ident, reply = self.session.recv(self.stdin_socket, 0)
413 while True:
414 try:
415 ident, reply = self.session.recv(self.stdin_socket, 0)
416 except Exception:
417 self.log.warn("Invalid Message:", exc_info=True)
418 else:
419 break
406 try:
420 try:
407 value = reply['content']['value']
421 value = reply['content']['value']
408 except:
422 except:
Show file before | Show file after | Hide comments
@@ -588,7 +588,6 b' class Session(Configurable):'
588 try:
588 try:
589 return idents, self.unserialize(msg_list, content=content, copy=copy)
589 return idents, self.unserialize(msg_list, content=content, copy=copy)
590 except Exception as e:
590 except Exception as e:
591 print (idents, msg_list)
592 # TODO: handle it
591 # TODO: handle it
593 raise e
592 raise e
594
593
@@ -661,6 +660,8 b' class Session(Configurable):'
661 msg_list[i] = msg_list[i].bytes
660 msg_list[i] = msg_list[i].bytes
662 if self.auth is not None:
661 if self.auth is not None:
663 signature = msg_list[0]
662 signature = msg_list[0]
663 if not signature:
664 raise ValueError("Unsigned Message")
664 if signature in self.digest_history:
665 if signature in self.digest_history:
665 raise ValueError("Duplicate Signature: %r"%signature)
666 raise ValueError("Duplicate Signature: %r"%signature)
666 self.digest_history.add(signature)
667 self.digest_history.add(signature)
Show file before | Show file after | Hide comments
@@ -132,11 +132,10 b" owner, just as is common practice with a user's keys in their `.ssh` directory."
132
132
133 .. warning::
133 .. warning::
134
134
135 It is important to note that the key authentication, as emphasized by the use of
135 It is important to note that the signatures protect against unauthorized messages,
136 a uuid rather than generating a key with a cryptographic library, provides a
136 but, as there is no encryption, provide exactly no protection of data privacy. It is
137 defense against *accidental* messages more than it does against malicious attacks.
137 possible, however, to use a custom serialization scheme (via Session.packer/unpacker
138 If loopback is compromised, it would be trivial for an attacker to intercept messages
138 traits) that does incorporate your own encryption scheme.
139 and deduce the key, as there is no encryption.
140
139
141
140
142
141
General Comments 0
You need to be logged in to leave comments. Login now