Merge pull request #308 from terrafrost/ssh2-connect-after-login

SSH2: connect to server in login() function

* terrafrost/ssh2-connect-after-login:
  SSH2: move _connect() call to _login() from login()
  SSH2: phpdoc updates
  SSH: clarify role of constructor / connection timeout
  SSH1: do fsockopen() call when login has been called
  SSH2: != -> |=
  SSH2: phpdoc changes
  SSH2: syntax error
  SSH2: timeout set in constructor != timeout set by setTimeout()
  SSH2: add phpdoc header
  SSH2: connect to server in login() function
This commit is contained in:
Andreas Fischer 2014-04-10 17:45:54 +02:00
commit 652788ac34
2 changed files with 178 additions and 36 deletions

View File

@ -182,8 +182,9 @@ define('NET_SSH1_RESPONSE_DATA', 2);
* @access private * @access private
*/ */
define('NET_SSH1_MASK_CONSTRUCTOR', 0x00000001); define('NET_SSH1_MASK_CONSTRUCTOR', 0x00000001);
define('NET_SSH1_MASK_LOGIN', 0x00000002); define('NET_SSH1_MASK_CONNECTED', 0x00000002);
define('NET_SSH1_MASK_SHELL', 0x00000004); define('NET_SSH1_MASK_LOGIN', 0x00000004);
define('NET_SSH1_MASK_SHELL', 0x00000008);
/**#@-*/ /**#@-*/
/**#@+ /**#@+
@ -457,6 +458,51 @@ class Net_SSH1
*/ */
var $log_short_width = 16; var $log_short_width = 16;
/**
* Hostname
*
* @see Net_SSH1::Net_SSH1()
* @see Net_SSH1::_connect()
* @var String
* @access private
*/
var $host;
/**
* Port Number
*
* @see Net_SSH1::Net_SSH1()
* @see Net_SSH1::_connect()
* @var Integer
* @access private
*/
var $port;
/**
* Timeout for initial connection
*
* Set by the constructor call. Calling setTimeout() is optional. If it's not called functions like
* exec() won't timeout unless some PHP setting forces it too. The timeout specified in the constructor,
* however, is non-optional. There will be a timeout, whether or not you set it. If you don't it'll be
* 10 seconds. It is used by fsockopen() in that function.
*
* @see Net_SSH1::Net_SSH1()
* @see Net_SSH1::_connect()
* @var Integer
* @access private
*/
var $connectionTimeout;
/**
* Default cipher
*
* @see Net_SSH1::Net_SSH1()
* @see Net_SSH1::_connect()
* @var Integer
* @access private
*/
var $cipher;
/** /**
* Default Constructor. * Default Constructor.
* *
@ -505,10 +551,24 @@ class Net_SSH1
$this->_define_array($this->protocol_flags); $this->_define_array($this->protocol_flags);
$this->fsock = @fsockopen($host, $port, $errno, $errstr, $timeout); $this->host = $host;
$this->port = $port;
$this->connectionTimeout = $timeout;
$this->cipher = $cipher;
}
/**
* Connect to an SSHv1 server
*
* @return Boolean
* @access private
*/
function _connect()
{
$this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $this->connectionTimeout);
if (!$this->fsock) { if (!$this->fsock) {
user_error(rtrim("Cannot connect to $host. Error $errno. $errstr")); user_error(rtrim("Cannot connect to {$this->host}:{$this->port}. Error $errno. $errstr"));
return; return false;
} }
$this->server_identification = $init_line = fgets($this->fsock, 255); $this->server_identification = $init_line = fgets($this->fsock, 255);
@ -520,11 +580,11 @@ class Net_SSH1
if (!preg_match('#SSH-([0-9\.]+)-(.+)#', $init_line, $parts)) { if (!preg_match('#SSH-([0-9\.]+)-(.+)#', $init_line, $parts)) {
user_error('Can only connect to SSH servers'); user_error('Can only connect to SSH servers');
return; return false;
} }
if ($parts[1][0] != 1) { if ($parts[1][0] != 1) {
user_error("Cannot connect to SSH $parts[1] servers"); user_error("Cannot connect to SSH $parts[1] servers");
return; return false;
} }
fputs($this->fsock, $this->identifier."\r\n"); fputs($this->fsock, $this->identifier."\r\n");
@ -532,7 +592,7 @@ class Net_SSH1
$response = $this->_get_binary_packet(); $response = $this->_get_binary_packet();
if ($response[NET_SSH1_RESPONSE_TYPE] != NET_SSH1_SMSG_PUBLIC_KEY) { if ($response[NET_SSH1_RESPONSE_TYPE] != NET_SSH1_SMSG_PUBLIC_KEY) {
user_error('Expected SSH_SMSG_PUBLIC_KEY'); user_error('Expected SSH_SMSG_PUBLIC_KEY');
return; return false;
} }
$anti_spoofing_cookie = $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 8); $anti_spoofing_cookie = $this->_string_shift($response[NET_SSH1_RESPONSE_DATA], 8);
@ -612,12 +672,12 @@ class Net_SSH1
); );
} }
$cipher = isset($this->supported_ciphers[$cipher]) ? $cipher : NET_SSH1_CIPHER_3DES; $cipher = isset($this->supported_ciphers[$this->cipher]) ? $this->cipher : NET_SSH1_CIPHER_3DES;
$data = pack('C2a*na*N', NET_SSH1_CMSG_SESSION_KEY, $cipher, $anti_spoofing_cookie, 8 * strlen($double_encrypted_session_key), $double_encrypted_session_key, 0); $data = pack('C2a*na*N', NET_SSH1_CMSG_SESSION_KEY, $cipher, $anti_spoofing_cookie, 8 * strlen($double_encrypted_session_key), $double_encrypted_session_key, 0);
if (!$this->_send_binary_packet($data)) { if (!$this->_send_binary_packet($data)) {
user_error('Error sending SSH_CMSG_SESSION_KEY'); user_error('Error sending SSH_CMSG_SESSION_KEY');
return; return false;
} }
switch ($cipher) { switch ($cipher) {
@ -656,10 +716,12 @@ class Net_SSH1
if ($response[NET_SSH1_RESPONSE_TYPE] != NET_SSH1_SMSG_SUCCESS) { if ($response[NET_SSH1_RESPONSE_TYPE] != NET_SSH1_SMSG_SUCCESS) {
user_error('Expected SSH_SMSG_SUCCESS'); user_error('Expected SSH_SMSG_SUCCESS');
return; return false;
} }
$this->bitmap = NET_SSH1_MASK_CONSTRUCTOR; $this->bitmap = NET_SSH1_MASK_CONNECTED;
return true;
} }
/** /**
@ -673,6 +735,13 @@ class Net_SSH1
function login($username, $password = '') function login($username, $password = '')
{ {
if (!($this->bitmap & NET_SSH1_MASK_CONSTRUCTOR)) { if (!($this->bitmap & NET_SSH1_MASK_CONSTRUCTOR)) {
$this->bitmap |= NET_SSH1_MASK_CONSTRUCTOR;
if (!$this->_connect()) {
return false;
}
}
if (!($this->bitmap & NET_SSH1_MASK_CONNECTED)) {
return false; return false;
} }

View File

@ -73,10 +73,11 @@
* @access private * @access private
*/ */
define('NET_SSH2_MASK_CONSTRUCTOR', 0x00000001); define('NET_SSH2_MASK_CONSTRUCTOR', 0x00000001);
define('NET_SSH2_MASK_LOGIN_REQ', 0x00000002); define('NET_SSH2_MASK_CONNECTED', 0x00000002);
define('NET_SSH2_MASK_LOGIN', 0x00000004); define('NET_SSH2_MASK_LOGIN_REQ', 0x00000004);
define('NET_SSH2_MASK_SHELL', 0x00000008); define('NET_SSH2_MASK_LOGIN', 0x00000008);
define('NET_SSH2_MASK_WINDOW_ADJUST', 0X00000010); define('NET_SSH2_MASK_SHELL', 0x00000010);
define('NET_SSH2_MASK_WINDOW_ADJUST', 0X00000020);
/**#@-*/ /**#@-*/
/**#@+ /**#@+
@ -669,6 +670,7 @@ class Net_SSH2
/** /**
* Time of first network activity * Time of first network activity
* *
* @var Integer
* @access private * @access private
*/ */
var $last_packet; var $last_packet;
@ -684,6 +686,7 @@ class Net_SSH2
/** /**
* Flag to request a PTY when using exec() * Flag to request a PTY when using exec()
* *
* @var Boolean
* @see Net_SSH2::enablePTY() * @see Net_SSH2::enablePTY()
* @access private * @access private
*/ */
@ -692,6 +695,7 @@ class Net_SSH2
/** /**
* Flag set while exec() is running when using enablePTY() * Flag set while exec() is running when using enablePTY()
* *
* @var Boolean
* @access private * @access private
*/ */
var $in_request_pty_exec = false; var $in_request_pty_exec = false;
@ -699,6 +703,7 @@ class Net_SSH2
/** /**
* Flag set after startSubsystem() is called * Flag set after startSubsystem() is called
* *
* @var Boolean
* @access private * @access private
*/ */
var $in_subsystem; var $in_subsystem;
@ -706,6 +711,7 @@ class Net_SSH2
/** /**
* Contents of stdError * Contents of stdError
* *
* @var String
* @access private * @access private
*/ */
var $stdErrorLog; var $stdErrorLog;
@ -714,6 +720,7 @@ class Net_SSH2
* The Last Interactive Response * The Last Interactive Response
* *
* @see Net_SSH2::_keyboard_interactive_process() * @see Net_SSH2::_keyboard_interactive_process()
* @var String
* @access private * @access private
*/ */
var $last_interactive_response = ''; var $last_interactive_response = '';
@ -722,6 +729,7 @@ class Net_SSH2
* Keyboard Interactive Request / Responses * Keyboard Interactive Request / Responses
* *
* @see Net_SSH2::_keyboard_interactive_process() * @see Net_SSH2::_keyboard_interactive_process()
* @var Array
* @access private * @access private
*/ */
var $keyboard_requests_responses = array(); var $keyboard_requests_responses = array();
@ -734,6 +742,7 @@ class Net_SSH2
* *
* @see Net_SSH2::_filter() * @see Net_SSH2::_filter()
* @see Net_SSH2::getBannerMessage() * @see Net_SSH2::getBannerMessage()
* @var String
* @access private * @access private
*/ */
var $banner_message = ''; var $banner_message = '';
@ -741,7 +750,8 @@ class Net_SSH2
/** /**
* Did read() timeout or return normally? * Did read() timeout or return normally?
* *
* @see Net_SSH2::isTimeout * @see Net_SSH2::isTimeout()
* @var Boolean
* @access private * @access private
*/ */
var $is_timeout = false; var $is_timeout = false;
@ -749,7 +759,8 @@ class Net_SSH2
/** /**
* Log Boundary * Log Boundary
* *
* @see Net_SSH2::_format_log * @see Net_SSH2::_format_log()
* @var String
* @access private * @access private
*/ */
var $log_boundary = ':'; var $log_boundary = ':';
@ -757,7 +768,8 @@ class Net_SSH2
/** /**
* Log Long Width * Log Long Width
* *
* @see Net_SSH2::_format_log * @see Net_SSH2::_format_log()
* @var Integer
* @access private * @access private
*/ */
var $log_long_width = 65; var $log_long_width = 65;
@ -765,19 +777,54 @@ class Net_SSH2
/** /**
* Log Short Width * Log Short Width
* *
* @see Net_SSH2::_format_log * @see Net_SSH2::_format_log()
* @var Integer
* @access private * @access private
*/ */
var $log_short_width = 16; var $log_short_width = 16;
/** /**
* Default Constructor. * Hostname
* *
* Connects to an SSHv2 server * @see Net_SSH2::Net_SSH2()
* @see Net_SSH2::_connect()
* @var String
* @access private
*/
var $host;
/**
* Port Number
*
* @see Net_SSH2::Net_SSH2()
* @see Net_SSH2::_connect()
* @var Integer
* @access private
*/
var $port;
/**
* Timeout for initial connection
*
* Set by the constructor call. Calling setTimeout() is optional. If it's not called functions like
* exec() won't timeout unless some PHP setting forces it too. The timeout specified in the constructor,
* however, is non-optional. There will be a timeout, whether or not you set it. If you don't it'll be
* 10 seconds. It is used by fsockopen() and the initial stream_select in that function.
*
* @see Net_SSH2::Net_SSH2()
* @see Net_SSH2::_connect()
* @var Integer
* @access private
*/
var $connectionTimeout;
/**
* Default Constructor.
* *
* @param String $host * @param String $host
* @param optional Integer $port * @param optional Integer $port
* @param optional Integer $timeout * @param optional Integer $timeout
* @see Net_SSH2::login()
* @return Net_SSH2 * @return Net_SSH2
* @access public * @access public
*/ */
@ -797,7 +844,6 @@ class Net_SSH2
include_once 'Crypt/Hash.php'; include_once 'Crypt/Hash.php';
} }
$this->last_packet = strtok(microtime(), ' ') + strtok(''); // == microtime(true) in PHP5
$this->message_numbers = array( $this->message_numbers = array(
1 => 'NET_SSH2_MSG_DISCONNECT', 1 => 'NET_SSH2_MSG_DISCONNECT',
2 => 'NET_SSH2_MSG_IGNORE', 2 => 'NET_SSH2_MSG_IGNORE',
@ -868,11 +914,29 @@ class Net_SSH2
61 => 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE') 61 => 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE')
); );
$this->host = $host;
$this->port = $port;
$this->connectionTimeout = $timeout;
}
/**
* Connect to an SSHv2 server
*
* @return Boolean
* @access private
*/
function _connect()
{
$timeout = $this->connectionTimeout;
$host = $this->host . ':' . $this->port;
$this->last_packet = strtok(microtime(), ' ') + strtok(''); // == microtime(true) in PHP5
$start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838 $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
$this->fsock = @fsockopen($host, $port, $errno, $errstr, $timeout); $this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $timeout);
if (!$this->fsock) { if (!$this->fsock) {
user_error(rtrim("Cannot connect to $host. Error $errno. $errstr")); user_error(rtrim("Cannot connect to $host. Error $errno. $errstr"));
return; return false;
} }
$elapsed = strtok(microtime(), ' ') + strtok('') - $start; $elapsed = strtok(microtime(), ' ') + strtok('') - $start;
@ -880,7 +944,7 @@ class Net_SSH2
if ($timeout <= 0) { if ($timeout <= 0) {
user_error(rtrim("Cannot connect to $host. Timeout error")); user_error(rtrim("Cannot connect to $host. Timeout error"));
return; return false;
} }
$read = array($this->fsock); $read = array($this->fsock);
@ -893,7 +957,7 @@ class Net_SSH2
// the !count() is done as a workaround for <https://bugs.php.net/42682> // the !count() is done as a workaround for <https://bugs.php.net/42682>
if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) { if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) {
user_error(rtrim("Cannot connect to $host. Banner timeout")); user_error(rtrim("Cannot connect to $host. Banner timeout"));
return; return false;
} }
/* According to the SSH2 specs, /* According to the SSH2 specs,
@ -932,7 +996,7 @@ class Net_SSH2
if ($matches[1] != '1.99' && $matches[1] != '2.0') { if ($matches[1] != '1.99' && $matches[1] != '2.0') {
user_error("Cannot connect to SSH $matches[1] servers"); user_error("Cannot connect to SSH $matches[1] servers");
return; return false;
} }
fputs($this->fsock, $this->identifier . "\r\n"); fputs($this->fsock, $this->identifier . "\r\n");
@ -940,19 +1004,21 @@ class Net_SSH2
$response = $this->_get_binary_packet(); $response = $this->_get_binary_packet();
if ($response === false) { if ($response === false) {
user_error('Connection closed by server'); user_error('Connection closed by server');
return; return false;
} }
if (ord($response[0]) != NET_SSH2_MSG_KEXINIT) { if (ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
user_error('Expected SSH_MSG_KEXINIT'); user_error('Expected SSH_MSG_KEXINIT');
return; return false;
} }
if (!$this->_key_exchange($response)) { if (!$this->_key_exchange($response)) {
return; return false;
} }
$this->bitmap = NET_SSH2_MASK_CONSTRUCTOR; $this->bitmap = NET_SSH2_MASK_CONNECTED;
return true;
} }
/** /**
@ -1710,6 +1776,13 @@ class Net_SSH2
*/ */
function _login($username) function _login($username)
{ {
if (!($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR)) {
$this->bitmap |= NET_SSH2_MASK_CONSTRUCTOR;
if (!$this->_connect()) {
return false;
}
}
$args = array_slice(func_get_args(), 1); $args = array_slice(func_get_args(), 1);
if (empty($args)) { if (empty($args)) {
return $this->_login_helper($username); return $this->_login_helper($username);
@ -1735,7 +1808,7 @@ class Net_SSH2
*/ */
function _login_helper($username, $password = null) function _login_helper($username, $password = null)
{ {
if (!($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR)) { if (!($this->bitmap & NET_SSH2_MASK_CONNECTED)) {
return false; return false;
} }
@ -2687,7 +2760,7 @@ class Net_SSH2
} }
// see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) { if (($this->bitmap & NET_SSH2_MASK_CONNECTED) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
$this->_string_shift($payload, 1); $this->_string_shift($payload, 1);
extract(unpack('Nlength', $this->_string_shift($payload, 4))); extract(unpack('Nlength', $this->_string_shift($payload, 4)));
$this->banner_message = utf8_decode($this->_string_shift($payload, $length)); $this->banner_message = utf8_decode($this->_string_shift($payload, $length));
@ -2695,7 +2768,7 @@ class Net_SSH2
} }
// only called when we've already logged in // only called when we've already logged in
if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && ($this->bitmap & NET_SSH2_MASK_LOGIN)) { if (($this->bitmap & NET_SSH2_MASK_CONNECTED) && ($this->bitmap & NET_SSH2_MASK_LOGIN)) {
switch (ord($payload[0])) { switch (ord($payload[0])) {
case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4 case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
$this->_string_shift($payload, 1); $this->_string_shift($payload, 1);
@ -2907,7 +2980,7 @@ class Net_SSH2
// currently, there's only one possible value for $data_type_code: NET_SSH2_EXTENDED_DATA_STDERR // currently, there's only one possible value for $data_type_code: NET_SSH2_EXTENDED_DATA_STDERR
extract(unpack('Ndata_type_code/Nlength', $this->_string_shift($response, 8))); extract(unpack('Ndata_type_code/Nlength', $this->_string_shift($response, 8)));
$data = $this->_string_shift($response, $length); $data = $this->_string_shift($response, $length);
$this->stdErrorLog .= $data; $this->stdErrorLog.= $data;
if ($skip_extended || $this->quiet_mode) { if ($skip_extended || $this->quiet_mode) {
break; break;
} }