phpseclib/tests/Functional/Net/SSH2Test.php

673 lines
20 KiB
PHP
Raw Normal View History

<?php
/**
* @author Andreas Fischer <bantu@phpbb.com>
* @copyright 2014 Andreas Fischer
* @license http://www.opensource.org/licenses/mit-license.html MIT License
*/
2022-06-04 15:31:21 +00:00
declare(strict_types=1);
namespace phpseclib3\Tests\Functional\Net;
use phpseclib3\Exception\NoSupportedAlgorithmsException;
use phpseclib3\Net\SSH2;
use phpseclib3\Tests\PhpseclibFunctionalTestCase;
2014-12-10 01:31:41 +00:00
class SSH2Test extends PhpseclibFunctionalTestCase
{
2023-03-16 16:01:21 +00:00
public function getSSH2(): SSH2
{
return new SSH2($this->getEnv('SSH_HOSTNAME'), 22);
}
2023-03-16 16:01:21 +00:00
public function getSSH2Login(): SSH2
{
$ssh = $this->getSSH2();
$username = $this->getEnv('SSH_USERNAME');
$password = $this->getEnv('SSH_PASSWORD');
$this->assertTrue(
$ssh->login($username, $password),
'SSH2 login using password failed.'
);
return $ssh;
}
2022-06-04 15:31:21 +00:00
public function testConstructor(): SSH2
{
$ssh = $this->getSSH2();
2020-12-13 01:34:38 +00:00
$this->assertIsObject(
2017-12-07 20:08:19 +00:00
$ssh,
'Could not construct NET_SSH2 object.'
);
return $ssh;
}
/**
2015-03-29 16:07:17 +00:00
* @depends testConstructor
* @group github408
* @group github412
*/
2022-06-04 15:31:21 +00:00
public function testPreLogin(SSH2 $ssh): SSH2
2014-07-20 20:58:24 +00:00
{
$this->assertFalse(
$ssh->isConnected(),
'Failed asserting that SSH2 is not connected after construction.'
);
$this->assertFalse(
$ssh->isAuthenticated(),
'Failed asserting that SSH2 is not authenticated after construction.'
);
$this->assertFalse(
$ssh->isShellOpen(),
'Failed asserting that SSH2 does not have open shell after construction.'
);
$this->assertEquals(
0,
$ssh->getInteractiveChannelId(),
'Failed asserting that channel identifier 0 is returned.'
);
2014-07-20 20:58:24 +00:00
$this->assertNotEmpty(
$ssh->getServerPublicHostKey(),
'Failed asserting that a non-empty public host key was fetched.'
);
$this->assertTrue(
$ssh->isConnected(),
'Failed asserting that SSH2 is connected after public key fetch.'
);
$this->assertNotEmpty(
$ssh->getServerIdentification(),
'Failed asserting that the server identifier was set after connect.'
);
return $ssh;
}
/**
2015-03-29 16:07:17 +00:00
* @depends testPreLogin
*/
2022-06-04 15:31:21 +00:00
public function testBadPassword(SSH2 $ssh): SSH2
{
$username = $this->getEnv('SSH_USERNAME');
$password = $this->getEnv('SSH_PASSWORD');
$this->assertFalse(
$ssh->login($username, 'zzz' . $password),
'SSH2 login using password succeeded.'
);
$this->assertTrue(
$ssh->isConnected(),
'Failed asserting that SSH2 is connected after bad login attempt.'
);
$this->assertFalse(
$ssh->isAuthenticated(),
'Failed asserting that SSH2 is not authenticated after bad login attempt.'
);
$this->assertFalse(
$ssh->isShellOpen(),
'Failed asserting that SSH2 does not have open shell after bad login attempt.'
);
return $ssh;
}
/**
* @depends testBadPassword
*/
2022-06-04 15:31:21 +00:00
public function testPasswordLogin(SSH2 $ssh): SSH2
{
$username = $this->getEnv('SSH_USERNAME');
$password = $this->getEnv('SSH_PASSWORD');
$this->assertTrue(
$ssh->login($username, $password),
'SSH2 login using password failed.'
);
2014-03-06 10:35:54 +00:00
$this->assertTrue(
$ssh->isAuthenticated(),
'Failed asserting that SSH2 is authenticated after good login attempt.'
);
$this->assertFalse(
$ssh->isShellOpen(),
'Failed asserting that SSH2 does not have open shell after good login attempt.'
);
2014-03-06 10:35:54 +00:00
return $ssh;
}
/**
2015-03-29 16:07:17 +00:00
* @depends testPasswordLogin
* @group github280
2023-02-05 23:33:16 +00:00
* @requires PHPUnit < 10
2015-03-29 16:07:17 +00:00
*/
2022-06-04 15:31:21 +00:00
public function testExecWithMethodCallback(SSH2 $ssh): SSH2
2014-03-06 10:35:54 +00:00
{
2017-12-14 06:31:32 +00:00
$callbackObject = $this->getMockBuilder('stdClass')
2022-01-30 15:34:42 +00:00
->setMethods(['callbackMethod'])
2017-12-14 06:31:32 +00:00
->getMock();
2014-03-06 10:35:54 +00:00
$callbackObject
->expects($this->atLeastOnce())
->method('callbackMethod')
->will($this->returnValue(true));
2017-11-27 08:30:14 +00:00
$ssh->exec('pwd', [$callbackObject, 'callbackMethod']);
2017-05-28 13:58:00 +00:00
$this->assertFalse(
$ssh->isPTYOpen(),
'Failed asserting that SSH2 does not have open exec channel after exec.'
);
$this->assertFalse(
$ssh->isShellOpen(),
'Failed asserting that SSH2 does not have open shell channel after exec.'
);
$this->assertEquals(
0,
$ssh->getInteractiveChannelId(),
'Failed asserting that channel identifier 0 is returned after exec.'
);
2017-05-28 13:58:00 +00:00
return $ssh;
}
2022-06-04 15:31:21 +00:00
public function testGetServerPublicHostKey(): void
{
$ssh = $this->getSSH2();
$this->assertIsString($ssh->getServerPublicHostKey());
}
2022-06-04 15:31:21 +00:00
public function testOpenSocketConnect(): void
{
$fsock = fsockopen($this->getEnv('SSH_HOSTNAME'), 22);
$ssh = new SSH2($fsock);
$username = $this->getEnv('SSH_USERNAME');
$password = $this->getEnv('SSH_PASSWORD');
$this->assertTrue(
$ssh->login($username, $password),
'SSH2 login using an open socket failed.'
);
}
2017-05-28 13:58:00 +00:00
/**
* @depends testExecWithMethodCallback
* @group github1009
*/
2022-06-04 15:31:21 +00:00
public function testDisablePTY(SSH2 $ssh): SSH2
2017-05-28 13:58:00 +00:00
{
$ssh->enablePTY();
$this->assertTrue(
$ssh->isPTYEnabled(),
'Failed asserting that pty was enabled.'
);
$this->assertFalse(
$ssh->isPTYOpen(),
'Failed asserting that pty was not open after enable.'
);
$this->assertEquals(
0,
$ssh->getInteractiveChannelId(),
'Failed asserting that 0 channel identifier is returned prior to opening.'
);
2017-05-28 13:58:00 +00:00
$ssh->exec('ls -latr');
$this->assertTrue(
$ssh->isPTYOpen(),
'Failed asserting that pty was open.'
);
$this->assertFalse(
$ssh->isShellOpen(),
'Failed asserting that shell was not open after pty exec.'
);
$this->assertEquals(
SSH2::CHANNEL_EXEC,
$ssh->getInteractiveChannelId(),
'Failed asserting that exec channel identifier is returned after exec.'
);
2017-05-28 13:58:00 +00:00
$ssh->disablePTY();
$this->assertFalse(
$ssh->isPTYEnabled(),
'Failed asserting that pty was disabled.'
);
$this->assertFalse(
$ssh->isPTYOpen(),
'Failed asserting that pty was not open after disable.'
);
$this->assertEquals(
SSH2::CHANNEL_EXEC,
$ssh->getInteractiveChannelId(),
'Failed asserting that exec channel identifier is returned after pty exec close.'
);
2017-05-28 13:58:00 +00:00
$ssh->exec('pwd');
2017-09-06 05:27:07 +00:00
$this->assertFalse(
$ssh->isPTYOpen(),
'Failed asserting that pty was not open after exec.'
);
2017-09-06 05:27:07 +00:00
return $ssh;
}
/**
* @depends testDisablePTY
* @group github1167
*/
2022-06-04 15:31:21 +00:00
public function testChannelDataAfterOpen(SSH2 $ssh): void
2017-09-06 05:27:07 +00:00
{
// Ubuntu's OpenSSH from 5.8 to 6.9 didn't work with multiple channels. see
// https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1334916 for more info.
// https://lists.ubuntu.com/archives/oneiric-changes/2011-July/005772.html discusses
// when consolekit was incorporated.
// https://marc.info/?l=openssh-unix-dev&m=163409903417589&w=2 discusses some of the
// issues with how Ubuntu incorporated consolekit
2022-03-09 00:59:30 +00:00
$pattern = '#^SSH-2\.0-OpenSSH_([\d.]+)[^ ]* Ubuntu-.*$#';
$match = preg_match($pattern, $ssh->getServerIdentification(), $matches);
$match = $match && version_compare('5.8', $matches[1], '<=');
$match = $match && version_compare('6.9', $matches[1], '>=');
if ($match) {
self::markTestSkipped('Ubuntu\'s OpenSSH >= 5.8 <= 6.9 didn\'t work well with multiple channels');
}
2017-09-06 05:27:07 +00:00
$ssh->write("ping 127.0.0.1\n");
$this->assertTrue(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has open shell after shell read/write.'
);
$this->assertFalse(
$ssh->isPTYOpen(),
'Failed asserting that pty was not open after shell read/write.'
);
$this->assertEquals(
SSH2::CHANNEL_SHELL,
$ssh->getInteractiveChannelId(),
'Failed asserting that shell channel identifier is returned after shell read/write.'
);
2017-09-06 05:27:07 +00:00
$ssh->enablePTY();
$this->assertTrue(
$ssh->exec('bash'),
'Failed asserting exec command succeeded.'
);
$this->assertTrue(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has open shell after pty exec.'
);
$this->assertTrue(
$ssh->isPTYOpen(),
'Failed asserting that pty was not open after exec.'
);
$this->assertEquals(
SSH2::CHANNEL_EXEC,
$ssh->getInteractiveChannelId(),
'Failed asserting that exec channel identifier is returned after pty exec.'
);
2017-09-06 05:27:07 +00:00
$ssh->write("ls -latr\n");
$ssh->setTimeout(1);
2022-03-09 00:59:30 +00:00
$this->assertIsString($ssh->read());
$this->assertTrue(
$ssh->isTimeout(),
'Failed asserting that pty exec read timed out'
);
$this->assertTrue(
$ssh->isShellOpen(),
'Failed asserting that SSH2 shell remains open across pty exec read/write.'
);
$this->assertTrue(
$ssh->isPTYOpen(),
'Failed asserting that pty was open after read timeout.'
);
}
2023-03-16 16:01:21 +00:00
public function testOpenShell(): SSH2
{
$ssh = $this->getSSH2Login();
$this->assertTrue(
$ssh->openShell(),
'SSH2 shell initialization failed.'
);
$this->assertTrue(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has open shell after init.'
);
$this->assertNotFalse(
$ssh->read(),
'Failed asserting that read succeeds.'
);
$ssh->write('hello');
$this->assertTrue(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has open shell after read/write.'
);
$this->assertEquals(
SSH2::CHANNEL_SHELL,
$ssh->getInteractiveChannelId(),
'Failed asserting that shell channel identifier is returned after read/write.'
);
return $ssh;
}
/**
* @depends testOpenShell
*/
2023-03-16 16:01:21 +00:00
public function testResetOpenShell(SSH2 $ssh): void
{
$ssh->reset();
$this->assertFalse(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has open shell after reset.'
);
$this->assertEquals(
SSH2::CHANNEL_SHELL,
$ssh->getInteractiveChannelId(),
'Failed asserting that shell channel identifier is returned after reset.'
);
}
2023-03-16 16:01:21 +00:00
public function testMultipleExecPty(): void
{
$this->expectException(\RuntimeException::class);
$this->expectExceptionMessage('Please close the channel (1) before trying to open it again');
$ssh = $this->getSSH2Login();
$ssh->enablePTY();
$ssh->exec('bash');
$ssh->exec('bash');
}
2023-03-16 16:01:21 +00:00
public function testMultipleInteractiveChannels(): void
{
$ssh = $this->getSSH2Login();
$this->assertTrue(
$ssh->openShell(),
'SSH2 shell initialization failed.'
);
$this->assertEquals(
SSH2::CHANNEL_SHELL,
$ssh->getInteractiveChannelId(),
'Failed asserting that shell channel identifier is returned after open shell.'
);
$ssh->setTimeout(1);
$this->assertIsString(
$ssh->read(),
'Failed asserting that read succeeds after shell init'
);
$directory = $ssh->exec('pwd');
$this->assertFalse(
$ssh->isTimeout(),
'failed'
);
$this->assertIsString(
$directory,
'Failed asserting that exec succeeds after shell read/write'
);
$ssh->write("pwd\n");
$this->assertStringContainsString(
trim($directory),
$ssh->read(),
'Failed asserting that current directory can be read from shell after exec'
);
$ssh->enablePTY();
$this->assertTrue(
$ssh->exec('bash'),
'Failed asserting that pty exec succeeds'
);
$this->assertTrue(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has open shell after pty exec.'
);
$this->assertEquals(
SSH2::CHANNEL_EXEC,
$ssh->getInteractiveChannelId(),
'Failed asserting that exec channel identifier is returned after pty exec.'
);
$ssh->write("pwd\n", SSH2::CHANNEL_SHELL);
$this->assertStringContainsString(
trim($directory),
$ssh->read('', SSH2::READ_SIMPLE, SSH2::CHANNEL_SHELL),
'Failed asserting that current directory can be read from shell after pty exec'
);
$this->assertTrue(
$ssh->isPTYOpen(),
'Failed asserting that SSH2 has open pty exec after shell read/write.'
);
$ssh->write("pwd\n", SSH2::CHANNEL_EXEC);
$this->assertIsString(
$ssh->read('', SSH2::READ_SIMPLE, SSH2::CHANNEL_EXEC),
'Failed asserting that pty exec read succeeds'
);
$ssh->reset(SSH2::CHANNEL_EXEC);
$this->assertFalse(
$ssh->isPTYOpen(),
'Failed asserting that SSH2 has closed pty exec after reset.'
);
$ssh->disablePTY();
$this->assertTrue(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has open shell after pty exec.'
);
$ssh->write("pwd\n", SSH2::CHANNEL_SHELL);
$this->assertStringContainsString(
trim($directory),
$ssh->read('', SSH2::READ_SIMPLE, SSH2::CHANNEL_SHELL),
'Failed asserting that current directory can be read from shell after pty exec'
);
$ssh->reset(SSH2::CHANNEL_SHELL);
$this->assertFalse(
$ssh->isShellOpen(),
'Failed asserting that SSH2 has closed shell after reset.'
);
$this->assertEquals(
SSH2::CHANNEL_EXEC,
$ssh->getInteractiveChannelId(),
'Failed asserting that exec channel identifier is maintained as last opened channel.'
);
2017-05-28 13:58:00 +00:00
}
2023-06-04 16:12:11 +00:00
public function testReadingOfClosedChannel(): void
{
$ssh = $this->getSSH2Login();
$this->assertSame(0, $ssh->getOpenChannelCount());
$ssh->enablePTY();
$ssh->exec('ping -c 3 127.0.0.1; exit');
$ssh->write("ping 127.0.0.2\n", SSH2::CHANNEL_SHELL);
$ssh->setTimeout(3);
$output = $ssh->read('', SSH2::READ_SIMPLE, SSH2::CHANNEL_SHELL);
$this->assertStringContainsString('PING 127.0.0.2', $output);
$output = $ssh->read('', SSH2::READ_SIMPLE, SSH2::CHANNEL_EXEC);
$this->assertStringContainsString('PING 127.0.0.1', $output);
$this->assertSame(1, $ssh->getOpenChannelCount());
$ssh->reset(SSH2::CHANNEL_SHELL);
$this->assertSame(0, $ssh->getOpenChannelCount());
}
2024-05-29 14:37:34 +00:00
public function testPing(): void
{
$ssh = $this->getSSH2();
// assert on unauthenticated ssh2
$this->assertNotEmpty($ssh->getServerIdentification());
$this->assertFalse($ssh->ping());
$this->assertTrue($ssh->isConnected());
$this->assertSame(0, $ssh->getOpenChannelCount());
$ssh = $this->getSSH2Login();
$this->assertTrue($ssh->ping());
$this->assertSame(0, $ssh->getOpenChannelCount());
}
2024-06-28 14:25:07 +00:00
public function testKeepAlive()
{
$ssh = $this->getSSH2();
$username = $this->getEnv('SSH_USERNAME');
$password = $this->getEnv('SSH_PASSWORD');
$ssh->setKeepAlive(1);
$ssh->setTimeout(1);
$this->assertNotEmpty($ssh->getServerIdentification());
$this->assertTrue(
$ssh->login($username, $password),
'SSH2 login using password failed.'
);
$ssh->write("pwd\n");
sleep(1); // permit keep alive to proc on next read
$this->assertNotEmpty($ssh->read('', SSH2::READ_NEXT));
$ssh->disconnect();
}
/**
* @return array
*/
2024-05-28 16:08:32 +00:00
public static function getCryptoAlgorithms()
{
$map = [
'kex' => SSH2::getSupportedKEXAlgorithms(),
'hostkey' => SSH2::getSupportedHostKeyAlgorithms(),
'comp' => SSH2::getSupportedCompressionAlgorithms(),
'crypt' => SSH2::getSupportedEncryptionAlgorithms(),
'mac' => SSH2::getSupportedMACAlgorithms(),
];
$tests = [];
foreach ($map as $type => $algorithms) {
foreach ($algorithms as $algorithm) {
$tests[] = [$type, $algorithm];
}
}
return $tests;
}
/**
* @dataProvider getCryptoAlgorithms
* @param string $type
* @param string $algorithm
*/
2024-05-29 14:37:34 +00:00
public function testCryptoAlgorithms($type, $algorithm): void
{
$ssh = $this->getSSH2();
try {
switch ($type) {
case 'kex':
case 'hostkey':
$ssh->setPreferredAlgorithms([$type => [$algorithm]]);
$this->assertEquals($algorithm, $ssh->getAlgorithmsNegotiated()[$type]);
break;
case 'comp':
case 'crypt':
$ssh->setPreferredAlgorithms([
'client_to_server' => [$type => [$algorithm]],
'server_to_client' => [$type => [$algorithm]],
]);
$this->assertEquals($algorithm, $ssh->getAlgorithmsNegotiated()['client_to_server'][$type]);
$this->assertEquals($algorithm, $ssh->getAlgorithmsNegotiated()['server_to_client'][$type]);
break;
case 'mac':
$macCryptAlgorithms = array_filter(
SSH2::getSupportedEncryptionAlgorithms(),
function ($algorithm) use ($ssh) {
return !self::callFunc($ssh, 'encryption_algorithm_to_crypt_instance', [$algorithm])
->usesNonce();
}
);
$ssh->setPreferredAlgorithms([
'client_to_server' => ['crypt' => $macCryptAlgorithms, 'mac' => [$algorithm]],
'server_to_client' => ['crypt' => $macCryptAlgorithms, 'mac' => [$algorithm]],
]);
$this->assertEquals($algorithm, $ssh->getAlgorithmsNegotiated()['client_to_server']['mac']);
$this->assertEquals($algorithm, $ssh->getAlgorithmsNegotiated()['server_to_client']['mac']);
break;
}
} catch (NoSupportedAlgorithmsException $e) {
self::markTestSkipped("{$type} algorithm {$algorithm} is not supported by server");
}
$username = $this->getEnv('SSH_USERNAME');
$password = $this->getEnv('SSH_PASSWORD');
$this->assertTrue(
$ssh->login($username, $password),
"SSH2 login using {$type} {$algorithm} failed."
);
$ssh->setTimeout(1);
$ssh->write("pwd\n");
$this->assertNotEmpty($ssh->read('', SSH2::READ_NEXT));
$ssh->disconnect();
}
}