octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-09-29 15:39:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into php5

Browse Source
This commit is contained in:
terrafrost 2013-12-27 10:25:19 -06:00
commit a1b749a0a0
11 changed files with 350 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
phpseclib/Crypt/Hash.php
View File

@ -12,7 +12,7 @@
* *
* PHP versions 4 and 5 * PHP versions 4 and 5
* *
* {@internal The variable names are the same as those in * {@internal The variable names are the same as those in
* {@link http://tools.ietf.org/html/rfc2104#section-2 RFC2104}.}} * {@link http://tools.ietf.org/html/rfc2104#section-2 RFC2104}.}}
* *
* Here's a short example of how to use this library: * Here's a short example of how to use this library:
@ -34,10 +34,10 @@
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -589,11 +589,11 @@ class Crypt_Hash
if (!isset($k)) { if (!isset($k)) {
// Initialize variables // Initialize variables
$init384 = array( // initial values for SHA384 $init384 = array( // initial values for SHA384
'cbbb9d5dc1059ed8', '629a292a367cd507', '9159015a3070dd17', '152fecd8f70e5939', 'cbbb9d5dc1059ed8', '629a292a367cd507', '9159015a3070dd17', '152fecd8f70e5939',
'67332667ffc00b31', '8eb44a8768581511', 'db0c2e0d64f98fa7', '47b5481dbefa4fa4' '67332667ffc00b31', '8eb44a8768581511', 'db0c2e0d64f98fa7', '47b5481dbefa4fa4'
); );
$init512 = array( // initial values for SHA512 $init512 = array( // initial values for SHA512
'6a09e667f3bcc908', 'bb67ae8584caa73b', '3c6ef372fe94f82b', 'a54ff53a5f1d36f1', '6a09e667f3bcc908', 'bb67ae8584caa73b', '3c6ef372fe94f82b', 'a54ff53a5f1d36f1',
'510e527fade682d1', '9b05688c2b3e6c1f', '1f83d9abfb41bd6b', '5be0cd19137e2179' '510e527fade682d1', '9b05688c2b3e6c1f', '1f83d9abfb41bd6b', '5be0cd19137e2179'
); );

47
phpseclib/Crypt/RSA.php
View File

@ -47,10 +47,10 @@
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -144,7 +144,7 @@ define('CRYPT_RSA_ASN1_INTEGER', 2);
/** /**
* ASN1 Bit String * ASN1 Bit String
*/ */
define('CRYPT_RSA_ASN1_BITSTRING', 3); define('CRYPT_RSA_ASN1_BITSTRING', 3);
/** /**
* ASN1 Sequence (with the constucted bit set) * ASN1 Sequence (with the constucted bit set)
*/ */
@ -984,7 +984,7 @@ class Crypt_RSA
DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell. DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell.
DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation
function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's
own implementation. ie. the implementation *is* the standard and any bugs that may exist in that own implementation. ie. the implementation *is* the standard and any bugs that may exist in that
implementation are part of the standard, as well. implementation are part of the standard, as well.
* OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */ * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */
@ -992,8 +992,9 @@ class Crypt_RSA
$iv = pack('H*', trim($matches[2])); $iv = pack('H*', trim($matches[2]));
$symkey = pack('H*', md5($this->password . substr($iv, 0, 8))); // symkey is short for symmetric key $symkey = pack('H*', md5($this->password . substr($iv, 0, 8))); // symkey is short for symmetric key
$symkey.= pack('H*', md5($symkey . $this->password . substr($iv, 0, 8))); $symkey.= pack('H*', md5($symkey . $this->password . substr($iv, 0, 8)));
$ciphertext = preg_replace('#.+(\r|\n|\r\n)\1|[\r\n]|-.+-| #s', '', $key); // remove the Proc-Type / DEK-Info sections as they're no longer needed
$ciphertext = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $ciphertext) ? base64_decode($ciphertext) : false; $key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key);
$ciphertext = $this->_extractBER($key);
if ($ciphertext === false) { if ($ciphertext === false) {
$ciphertext = $key; $ciphertext = $key;
} }
@ -1037,8 +1038,7 @@ class Crypt_RSA
$crypto->setIV($iv); $crypto->setIV($iv);
$decoded = $crypto->decrypt($ciphertext); $decoded = $crypto->decrypt($ciphertext);
} else { } else {
$decoded = preg_replace('#-.+-|[\r\n]| #', '', $key); $decoded = $this->_extractBER($key);
$decoded = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $decoded) ? base64_decode($decoded) : false;
} }
if ($decoded !== false) { if ($decoded !== false) {
@ -1452,7 +1452,7 @@ class Crypt_RSA
break; break;
} }
} }
} else { } else {
$components = $this->_parseKey($key, $type); $components = $this->_parseKey($key, $type);
} }
@ -2152,7 +2152,7 @@ class Crypt_RSA
* *
* See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error * See {@link http://tools.ietf.org/html/rfc3447#section-7.1.2 RFC3447#section-7.1.2}. The fact that the error
* messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2: * messages aren't distinguishable from one another hinders debugging, but, to quote from RFC3447#section-7.1.2:
* *
* Note. Care must be taken to ensure that an opponent cannot * Note. Care must be taken to ensure that an opponent cannot
* distinguish the different error conditions in Step 3.g, whether by * distinguish the different error conditions in Step 3.g, whether by
* error message or timing, or, more generally, learn partial * error message or timing, or, more generally, learn partial
@ -2781,4 +2781,31 @@ class Crypt_RSA
return $this->_rsassa_pss_verify($message, $signature); return $this->_rsassa_pss_verify($message, $signature);
} }
} }
/**
* Extract raw BER from Base64 encoding
*
* @access private
* @param String $str
* @return String
*/
function _extractBER($str)
{
/* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them
* above and beyond the ceritificate.
* ie. some may have the following preceding the -----BEGIN CERTIFICATE----- line:
*
* Bag Attributes
* localKeyID: 01 00 00 00
* subject=/O=organization/OU=org unit/CN=common name
* issuer=/O=organization/CN=common name
*/
$temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
// remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
$temp = preg_replace('#-+[^-]+-+#', '', $temp);
// remove new lines
$temp = str_replace(array("\r", "\n", ' '), '', $temp);
$temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false;
return $temp != false ? $temp : $str;
}
} }

6
phpseclib/Crypt/Random.php
View File

@ -131,9 +131,7 @@ function crypt_random_string($length)
$old_session_id = session_id(); $old_session_id = session_id();
$old_use_cookies = ini_get('session.use_cookies'); $old_use_cookies = ini_get('session.use_cookies');
$old_session_cache_limiter = session_cache_limiter(); $old_session_cache_limiter = session_cache_limiter();
if (isset($_SESSION)) { $_OLD_SESSION = isset($_SESSION) ? $_SESSION : false;
$_OLD_SESSION = $_SESSION;
}
if ($old_session_id != '') { if ($old_session_id != '') {
session_write_close(); session_write_close();
} }
@ -166,7 +164,7 @@ function crypt_random_string($length)
ini_set('session.use_cookies', $old_use_cookies); ini_set('session.use_cookies', $old_use_cookies);
session_cache_limiter($old_session_cache_limiter); session_cache_limiter($old_session_cache_limiter);
} else { } else {
if (isset($_OLD_SESSION)) { if ($_OLD_SESSION !== false) {
$_SESSION = $_OLD_SESSION; $_SESSION = $_OLD_SESSION;
unset($_OLD_SESSION); unset($_OLD_SESSION);
} else { } else {

10
phpseclib/File/ASN1.php
View File

@ -19,10 +19,10 @@
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -317,7 +317,7 @@ class File_ASN1
$length = ord($this->_string_shift($encoded)); $length = ord($this->_string_shift($encoded));
$start++; $start++;
if ( $length == 0x80 ) { // indefinite length if ( $length == 0x80 ) { // indefinite length
// "[A sender shall] use the indefinite form (see 8.1.3.6) if the encoding is constructed and is not all // "[A sender shall] use the indefinite form (see 8.1.3.6) if the encoding is constructed and is not all
// immediately available." -- paragraph 8.1.3.2.c // immediately available." -- paragraph 8.1.3.2.c
//if ( !$constructed ) { //if ( !$constructed ) {
// return false; // return false;
@ -420,7 +420,7 @@ class File_ASN1
//} //}
$current['content'].= $temp[$i]['content']; $current['content'].= $temp[$i]['content'];
} }
// $length = // $length =
} }
break; break;
case FILE_ASN1_TYPE_NULL: case FILE_ASN1_TYPE_NULL:
@ -457,7 +457,7 @@ class File_ASN1
-- X.690-0207.pdf#page=23 (paragraph 8.21.3) -- X.690-0207.pdf#page=23 (paragraph 8.21.3)
Per that, we're not going to do any validation. If there are any illegal characters in the string, Per that, we're not going to do any validation. If there are any illegal characters in the string,
we don't really care */ we don't really care */
case FILE_ASN1_TYPE_NUMERIC_STRING: case FILE_ASN1_TYPE_NUMERIC_STRING:
// 0,1,2,3,4,5,6,7,8,9, and space // 0,1,2,3,4,5,6,7,8,9, and space

18
phpseclib/File/X509.php
View File

@ -4413,15 +4413,15 @@ class File_X509
*/ */
function _extractBER($str) function _extractBER($str)
{ {
/* /* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them
X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie. * above and beyond the ceritificate.
some may have the following preceding the -----BEGIN CERTIFICATE----- line: * ie. some may have the following preceding the -----BEGIN CERTIFICATE----- line:
*
Bag Attributes * Bag Attributes
localKeyID: 01 00 00 00 * localKeyID: 01 00 00 00
subject=/O=organization/OU=org unit/CN=common name * subject=/O=organization/OU=org unit/CN=common name
issuer=/O=organization/CN=common name * issuer=/O=organization/CN=common name
*/ */
$temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1); $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
// remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
$temp = preg_replace('#-+[^-]+-+#', '', $temp); $temp = preg_replace('#-+[^-]+-+#', '', $temp);

36
phpseclib/Math/BigInteger.php
View File

@ -8,7 +8,7 @@
* *
* PHP versions 4 and 5 * PHP versions 4 and 5
* *
* {@internal (all DocBlock comments regarding implementation - such as the one that follows - refer to the * {@internal (all DocBlock comments regarding implementation - such as the one that follows - refer to the
* {@link MATH_BIGINTEGER_MODE_INTERNAL MATH_BIGINTEGER_MODE_INTERNAL} mode) * {@link MATH_BIGINTEGER_MODE_INTERNAL MATH_BIGINTEGER_MODE_INTERNAL} mode)
* *
* Math_BigInteger uses base-2**26 to perform operations such as multiplication and division and * Math_BigInteger uses base-2**26 to perform operations such as multiplication and division and
@ -52,10 +52,10 @@
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -223,7 +223,7 @@ class Math_BigInteger
/** /**
* Mode independent value used for serialization. * Mode independent value used for serialization.
* *
* If the bcmath or gmp extensions are installed $this->value will be a non-serializable resource, hence the need for * If the bcmath or gmp extensions are installed $this->value will be a non-serializable resource, hence the need for
* a variable that'll be serializable regardless of whether or not extensions are being used. Unlike $this->value, * a variable that'll be serializable regardless of whether or not extensions are being used. Unlike $this->value,
* however, $this->hex is only calculated when $this->__sleep() is called. * however, $this->hex is only calculated when $this->__sleep() is called.
* *
@ -797,7 +797,7 @@ class Math_BigInteger
$vars[] = 'precision'; $vars[] = 'precision';
} }
return $vars; return $vars;
} }
/** /**
@ -2279,7 +2279,7 @@ class Math_BigInteger
/** /**
* Montgomery Multiply * Montgomery Multiply
* *
* Interleaves the montgomery reduction and long multiplication algorithms together as described in * Interleaves the montgomery reduction and long multiplication algorithms together as described in
* {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36} * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf#page=13 HAC 14.36}
* *
* @see _prepMontgomery() * @see _prepMontgomery()
@ -2359,7 +2359,7 @@ class Math_BigInteger
* {@link http://groups.google.com/group/sci.crypt/msg/7a137205c1be7d85} * {@link http://groups.google.com/group/sci.crypt/msg/7a137205c1be7d85}
* *
* As for why we do all the bitmasking... strange things can happen when converting from floats to ints. For * As for why we do all the bitmasking... strange things can happen when converting from floats to ints. For
* instance, on some computers, var_dump((int) -4294967297) yields int(-1) and on others, it yields * instance, on some computers, var_dump((int) -4294967297) yields int(-1) and on others, it yields
* int(-2147483648). To avoid problems stemming from this, we use bitmasks to guarantee that ints aren't * int(-2147483648). To avoid problems stemming from this, we use bitmasks to guarantee that ints aren't
* auto-converted to floats. The outermost bitmask is present because without it, there's no guarantee that * auto-converted to floats. The outermost bitmask is present because without it, there's no guarantee that
* the "residue" returned would be the so-called "common residue". We use fmod, in the last step, because the * the "residue" returned would be the so-called "common residue". We use fmod, in the last step, because the
@ -3290,7 +3290,7 @@ class Math_BigInteger
* @return Boolean * @return Boolean
* @access public * @access public
* @internal Uses the * @internal Uses the
* {@link http://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test Miller-Rabin primality test}. See * {@link http://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test Miller-Rabin primality test}. See
* {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=8 HAC 4.24}. * {@link http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf#page=8 HAC 4.24}.
*/ */
function isPrime($t = false) function isPrime($t = false)
@ -3341,16 +3341,16 @@ class Math_BigInteger
if (!isset($primes)) { if (!isset($primes)) {
$primes = array( $primes = array(
3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59,
61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137,
139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227,
229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313,
317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419,
421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509,
521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617,
619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727,
733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829,
839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947,
953, 967, 971, 977, 983, 991, 997 953, 967, 971, 977, 983, 991, 997
); );

28
phpseclib/Net/SFTP.php
View File

@ -33,10 +33,10 @@
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -233,7 +233,7 @@ class Net_SFTP extends Net_SSH2
* Directory Cache * Directory Cache
* *
* Rather than always having to open a directory and close it immediately there after to see if a file is a directory or * Rather than always having to open a directory and close it immediately there after to see if a file is a directory or
* rather than always * rather than always
* *
* @see Net_SFTP::_save_dir() * @see Net_SFTP::_save_dir()
* @see Net_SFTP::_remove_dir() * @see Net_SFTP::_remove_dir()
@ -347,7 +347,7 @@ class Net_SFTP extends Net_SSH2
0x00000004 => 'NET_SFTP_ATTR_PERMISSIONS', 0x00000004 => 'NET_SFTP_ATTR_PERMISSIONS',
0x00000008 => 'NET_SFTP_ATTR_ACCESSTIME', 0x00000008 => 'NET_SFTP_ATTR_ACCESSTIME',
// 0x80000000 will yield a floating point on 32-bit systems and converting floating points to integers // 0x80000000 will yield a floating point on 32-bit systems and converting floating points to integers
// yields inconsistent behavior depending on how php is compiled. so we left shift -1 (which, in // yields inconsistent behavior depending on how php is compiled. so we left shift -1 (which, in
// two's compliment, consists of all 1 bits) by 31. on 64-bit systems this'll yield 0xFFFFFFFF80000000. // two's compliment, consists of all 1 bits) by 31. on 64-bit systems this'll yield 0xFFFFFFFF80000000.
// that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored. // that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored.
-1 << 31 => 'NET_SFTP_ATTR_EXTENDED' -1 << 31 => 'NET_SFTP_ATTR_EXTENDED'
@ -402,7 +402,7 @@ class Net_SFTP extends Net_SSH2
function login($username) function login($username)
{ {
$args = func_get_args(); $args = func_get_args();
if (!call_user_func_array(array('Net_SSH2', 'login'), $args)) { if (!call_user_func_array(array(&$this, '_login'), $args)) {
return false; return false;
} }
@ -1042,7 +1042,7 @@ class Net_SFTP extends Net_SSH2
*/ */
function truncate($filename, $new_size) function truncate($filename, $new_size)
{ {
$attr = pack('N3', NET_SFTP_ATTR_SIZE, $new_size / 0x100000000, $new_size); $attr = pack('N3', NET_SFTP_ATTR_SIZE, $new_size / 4294967296, $new_size); // 4294967296 == 0x100000000 == 1<<32
return $this->_setstat($filename, $attr, false); return $this->_setstat($filename, $attr, false);
} }
@ -1220,7 +1220,7 @@ class Net_SFTP extends Net_SSH2
} }
/* /*
"Because some systems must use separate system calls to set various attributes, it is possible that a failure "Because some systems must use separate system calls to set various attributes, it is possible that a failure
response will be returned, but yet some of the attributes may be have been successfully modified. If possible, response will be returned, but yet some of the attributes may be have been successfully modified. If possible,
servers SHOULD avoid this situation; however, clients MUST be aware that this is possible." servers SHOULD avoid this situation; however, clients MUST be aware that this is possible."
@ -1330,7 +1330,7 @@ class Net_SFTP extends Net_SSH2
} }
$dir = $this->_realpath($dir); $dir = $this->_realpath($dir);
// by not providing any permissions, hopefully the server will use the logged in users umask - their // by not providing any permissions, hopefully the server will use the logged in users umask - their
// default permissions. // default permissions.
$attr = $mode == -1 ? "\0\0\0\0" : pack('N2', NET_SFTP_ATTR_PERMISSIONS, $mode & 07777); $attr = $mode == -1 ? "\0\0\0\0" : pack('N2', NET_SFTP_ATTR_PERMISSIONS, $mode & 07777);
@ -1428,7 +1428,7 @@ class Net_SFTP extends Net_SSH2
* So, for example, if you set $data to 'filename.ext' and then do Net_SFTP::get(), you will get a file, twelve bytes * So, for example, if you set $data to 'filename.ext' and then do Net_SFTP::get(), you will get a file, twelve bytes
* long, containing 'filename.ext' as its contents. * long, containing 'filename.ext' as its contents.
* *
* Setting $mode to NET_SFTP_LOCAL_FILE will change the above behavior. With NET_SFTP_LOCAL_FILE, $remote_file will * Setting $mode to NET_SFTP_LOCAL_FILE will change the above behavior. With NET_SFTP_LOCAL_FILE, $remote_file will
* contain as many bytes as filename.ext does on your local filesystem. If your filename.ext is 1MB then that is how * contain as many bytes as filename.ext does on your local filesystem. If your filename.ext is 1MB then that is how
* large $remote_file will be, as well. * large $remote_file will be, as well.
* *
@ -1539,7 +1539,7 @@ class Net_SFTP extends Net_SSH2
while ($sent < $size) { while ($sent < $size) {
$temp = $mode & NET_SFTP_LOCAL_FILE ? fread($fp, $sftp_packet_size) : substr($data, $sent, $sftp_packet_size); $temp = $mode & NET_SFTP_LOCAL_FILE ? fread($fp, $sftp_packet_size) : substr($data, $sent, $sftp_packet_size);
$subtemp = $offset + $sent; $subtemp = $offset + $sent;
$packet = pack('Na*N3a*', strlen($handle), $handle, $subtemp / 0x100000000, $subtemp, strlen($temp), $temp); $packet = pack('Na*N3a*', strlen($handle), $handle, $subtemp / 4294967296, $subtemp, strlen($temp), $temp);
if (!$this->_send_sftp_packet(NET_SFTP_WRITE, $packet)) { if (!$this->_send_sftp_packet(NET_SFTP_WRITE, $packet)) {
fclose($fp); fclose($fp);
return false; return false;
@ -1687,7 +1687,7 @@ class Net_SFTP extends Net_SSH2
$size = $this->max_sftp_packet < $length || $length < 0 ? $this->max_sftp_packet : $length; $size = $this->max_sftp_packet < $length || $length < 0 ? $this->max_sftp_packet : $length;
while (true) { while (true) {
$packet = pack('Na*N3', strlen($handle), $handle, $offset / 0x100000000, $offset, $size); $packet = pack('Na*N3', strlen($handle), $handle, $offset / 4294967296, $offset, $size);
if (!$this->_send_sftp_packet(NET_SFTP_READ, $packet)) { if (!$this->_send_sftp_packet(NET_SFTP_READ, $packet)) {
if ($local_file !== false) { if ($local_file !== false) {
fclose($fp); fclose($fp);
@ -1925,7 +1925,7 @@ class Net_SFTP extends Net_SSH2
// (0xFFFFFFFF bytes), anyway. as such, we'll just represent all file sizes that are bigger than // (0xFFFFFFFF bytes), anyway. as such, we'll just represent all file sizes that are bigger than
// 4GB as being 4GB. // 4GB as being 4GB.
extract(unpack('Nupper/Nsize', $this->_string_shift($response, 8))); extract(unpack('Nupper/Nsize', $this->_string_shift($response, 8)));
$attr['size'] = $upper ? 0x100000000 * $upper : 0; $attr['size'] = $upper ? 4294967296 * $upper : 0;
$attr['size']+= $size < 0 ? ($size & 0x7FFFFFFF) + 0x80000000 : $size; $attr['size']+= $size < 0 ? ($size & 0x7FFFFFFF) + 0x80000000 : $size;
break; break;
case NET_SFTP_ATTR_UIDGID: // 0x00000002 (SFTPv3 only) case NET_SFTP_ATTR_UIDGID: // 0x00000002 (SFTPv3 only)
@ -2056,7 +2056,7 @@ class Net_SFTP extends Net_SSH2
$stop = strtok(microtime(), ' ') + strtok(''); $stop = strtok(microtime(), ' ') + strtok('');
if (defined('NET_SFTP_LOGGING')) { if (defined('NET_SFTP_LOGGING')) {
$packet_type = '-> ' . $this->packet_types[$type] . $packet_type = '-> ' . $this->packet_types[$type] .
' (' . round($stop - $start, 4) . 's)'; ' (' . round($stop - $start, 4) . 's)';
if (NET_SFTP_LOGGING == NET_SFTP_LOG_REALTIME) { if (NET_SFTP_LOGGING == NET_SFTP_LOG_REALTIME) {
echo "<pre>\r\n" . $this->_format_log(array($data), array($packet_type)) . "\r\n</pre>\r\n"; echo "<pre>\r\n" . $this->_format_log(array($data), array($packet_type)) . "\r\n</pre>\r\n";
@ -2132,7 +2132,7 @@ class Net_SFTP extends Net_SSH2
$packet = $this->_string_shift($this->packet_buffer, $length); $packet = $this->_string_shift($this->packet_buffer, $length);
if (defined('NET_SFTP_LOGGING')) { if (defined('NET_SFTP_LOGGING')) {
$packet_type = '<- ' . $this->packet_types[$this->packet_type] . $packet_type = '<- ' . $this->packet_types[$this->packet_type] .
' (' . round($stop - $start, 4) . 's)'; ' (' . round($stop - $start, 4) . 's)';
if (NET_SFTP_LOGGING == NET_SFTP_LOG_REALTIME) { if (NET_SFTP_LOGGING == NET_SFTP_LOG_REALTIME) {
echo "<pre>\r\n" . $this->_format_log(array($packet), array($packet_type)) . "\r\n</pre>\r\n"; echo "<pre>\r\n" . $this->_format_log(array($packet), array($packet_type)) . "\r\n</pre>\r\n";

168
phpseclib/Net/SSH1.php
View File

@ -35,7 +35,7 @@
* ?> * ?>
* </code> * </code>
* *
* More information on the SSHv1 specification can be found by reading * More information on the SSHv1 specification can be found by reading
* {@link http://www.snailbook.com/docs/protocol-1.5.txt protocol-1.5.txt}. * {@link http://www.snailbook.com/docs/protocol-1.5.txt protocol-1.5.txt}.
* *
* LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
@ -44,10 +44,10 @@
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -201,11 +201,11 @@ define('NET_SSH1_LOG_COMPLEX', 2);
/** /**
* Outputs the content real-time * Outputs the content real-time
*/ */
define('NET_SSH2_LOG_REALTIME', 3); define('NET_SSH1_LOG_REALTIME', 3);
/** /**
* Dumps the content real-time to a file * Dumps the content real-time to a file
*/ */
define('NET_SSH2_LOG_REALTIME_FILE', 4); define('NET_SSH1_LOG_REALTIME_FILE', 4);
/**#@-*/ /**#@-*/
/**#@+ /**#@+
@ -429,11 +429,35 @@ class Net_SSH1
/** /**
* Current Timeout * Current Timeout
* *
* @see Net_SSH2::_get_channel_packet() * @see Net_SSH1::_get_channel_packet()
* @access private * @access private
*/ */
var $curTimeout; var $curTimeout;
/**
* Log Boundary
*
* @see Net_SSH1::_format_log
* @access private
*/
var $log_boundary = ':';
/**
* Log Long Width
*
* @see Net_SSH1::_format_log
* @access private
*/
var $log_long_width = 65;
/**
* Log Short Width
*
* @see Net_SSH1::_format_log
* @access private
*/
var $log_short_width = 16;
/** /**
* Default Constructor. * Default Constructor.
* *
@ -1318,7 +1342,7 @@ class Net_SSH1
/** /**
* Returns a log of the packets that have been sent and received. * Returns a log of the packets that have been sent and received.
* *
* Returns a string if NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX, an array if NET_SSH2_LOGGING == NET_SSH2_LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING') * Returns a string if NET_SSH1_LOGGING == NET_SSH1_LOG_COMPLEX, an array if NET_SSH1_LOGGING == NET_SSH1_LOG_SIMPLE and false if !defined('NET_SSH1_LOGGING')
* *
* @access public * @access public
* @return String or Array * @return String or Array
@ -1351,8 +1375,6 @@ class Net_SSH1
*/ */
function _format_log($message_log, $message_number_log) function _format_log($message_log, $message_number_log)
{ {
static $boundary = ':', $long_width = 65, $short_width = 16;
$output = ''; $output = '';
for ($i = 0; $i < count($message_log); $i++) { for ($i = 0; $i < count($message_log); $i++) {
$output.= $message_number_log[$i] . "\r\n"; $output.= $message_number_log[$i] . "\r\n";
@ -1362,19 +1384,13 @@ class Net_SSH1
if (strlen($current_log)) { if (strlen($current_log)) {
$output.= str_pad(dechex($j), 7, '0', STR_PAD_LEFT) . '0 '; $output.= str_pad(dechex($j), 7, '0', STR_PAD_LEFT) . '0 ';
} }
$fragment = $this->_string_shift($current_log, $short_width); $fragment = $this->_string_shift($current_log, $this->log_short_width);
$hex = substr( $hex = substr(preg_replace_callback('#.#s', array($this, '_format_log_helper'), $fragment), strlen($this->log_boundary));
preg_replace(
'#(.)#es',
'"' . $boundary . '" . str_pad(dechex(ord(substr("\\1", -1))), 2, "0", STR_PAD_LEFT)',
$fragment),
strlen($boundary)
);
// replace non ASCII printable characters with dots // replace non ASCII printable characters with dots
// http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters // http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters
// also replace < with a . since < messes up the output on web browsers // also replace < with a . since < messes up the output on web browsers
$raw = preg_replace('#[^\x20-\x7E]|<#', '.', $fragment); $raw = preg_replace('#[^\x20-\x7E]|<#', '.', $fragment);
$output.= str_pad($hex, $long_width - $short_width, ' ') . $raw . "\r\n"; $output.= str_pad($hex, $this->log_long_width - $this->log_short_width, ' ') . $raw . "\r\n";
$j++; $j++;
} while (strlen($current_log)); } while (strlen($current_log));
$output.= "\r\n"; $output.= "\r\n";
@ -1383,6 +1399,20 @@ class Net_SSH1
return $output; return $output;
} }
/**
* Helper function for _format_log
*
* For use with preg_replace_callback()
*
* @param Array $matches
* @access private
* @return String
*/
function _format_log_helper($matches)
{
return $this->log_boundary . str_pad(dechex(ord($matches[0])), 2, '0', STR_PAD_LEFT);
}
/** /**
* Return the server key public exponent * Return the server key public exponent
* *
@ -1496,57 +1526,57 @@ class Net_SSH1
*/ */
function _append_log($protocol_flags, $message) function _append_log($protocol_flags, $message)
{ {
switch (NET_SSH1_LOGGING) { switch (NET_SSH1_LOGGING) {
// useful for benchmarks // useful for benchmarks
case NET_SSH1_LOG_SIMPLE: case NET_SSH1_LOG_SIMPLE:
$this->protocol_flags_log[] = $protocol_flags; $this->protocol_flags_log[] = $protocol_flags;
break;
// the most useful log for SSH1
case NET_SSH1_LOG_COMPLEX:
$this->protocol_flags_log[] = $protocol_flags;
$this->_string_shift($message);
$this->log_size+= strlen($message);
$this->message_log[] = $message;
while ($this->log_size > NET_SSH1_LOG_MAX_SIZE) {
$this->log_size-= strlen(array_shift($this->message_log));
array_shift($this->protocol_flags_log);
}
break;
// dump the output out realtime; packets may be interspersed with non packets,
// passwords won't be filtered out and select other packets may not be correctly
// identified
case NET_SSH1_LOG_REALTIME:
echo "<pre>\r\n" . $this->_format_log(array($message), array($protocol_flags)) . "\r\n</pre>\r\n";
@flush();
@ob_flush();
break;
// basically the same thing as NET_SSH1_LOG_REALTIME with the caveat that NET_SSH1_LOG_REALTIME_FILE
// needs to be defined and that the resultant log file will be capped out at NET_SSH1_LOG_MAX_SIZE.
// the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily
// at the beginning of the file
case NET_SSH1_LOG_REALTIME_FILE:
if (!isset($this->realtime_log_file)) {
// PHP doesn't seem to like using constants in fopen()
$filename = NET_SSH1_LOG_REALTIME_FILE;
$fp = fopen($filename, 'w');
$this->realtime_log_file = $fp;
}
if (!is_resource($this->realtime_log_file)) {
break; break;
// the most useful log for SSH1 }
case NET_SSH1_LOG_COMPLEX: $entry = $this->_format_log(array($message), array($protocol_flags));
$this->protocol_flags_log[] = $protocol_flags; if ($this->realtime_log_wrap) {
$this->_string_shift($message); $temp = "<<< START >>>\r\n";
$this->log_size+= strlen($message); $entry.= $temp;
$this->message_log[] = $message; fseek($this->realtime_log_file, ftell($this->realtime_log_file) - strlen($temp));
while ($this->log_size > NET_SSH2_LOG_MAX_SIZE) { }
$this->log_size-= strlen(array_shift($this->message_log)); $this->realtime_log_size+= strlen($entry);
array_shift($this->protocol_flags_log); if ($this->realtime_log_size > NET_SSH1_LOG_MAX_SIZE) {
} fseek($this->realtime_log_file, 0);
break; $this->realtime_log_size = strlen($entry);
// dump the output out realtime; packets may be interspersed with non packets, $this->realtime_log_wrap = true;
// passwords won't be filtered out and select other packets may not be correctly }
// identified fputs($this->realtime_log_file, $entry);
case NET_SSH1_LOG_REALTIME: }
echo "<pre>\r\n" . $this->_format_log(array($message), array($protocol_flags)) . "\r\n</pre>\r\n";
@flush();
@ob_flush();
break;
// basically the same thing as NET_SSH1_LOG_REALTIME with the caveat that NET_SSH1_LOG_REALTIME_FILE
// needs to be defined and that the resultant log file will be capped out at NET_SSH1_LOG_MAX_SIZE.
// the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily
// at the beginning of the file
case NET_SSH1_LOG_REALTIME_FILE:
if (!isset($this->realtime_log_file)) {
// PHP doesn't seem to like using constants in fopen()
$filename = NET_SSH2_LOG_REALTIME_FILE;
$fp = fopen($filename, 'w');
$this->realtime_log_file = $fp;
}
if (!is_resource($this->realtime_log_file)) {
break;
}
$entry = $this->_format_log(array($message), array($protocol_flags));
if ($this->realtime_log_wrap) {
$temp = "<<< START >>>\r\n";
$entry.= $temp;
fseek($this->realtime_log_file, ftell($this->realtime_log_file) - strlen($temp));
}
$this->realtime_log_size+= strlen($entry);
if ($this->realtime_log_size > NET_SSH1_LOG_MAX_SIZE) {
fseek($this->realtime_log_file, 0);
$this->realtime_log_size = strlen($entry);
$this->realtime_log_wrap = true;
}
fputs($this->realtime_log_file, $entry);
}
} }
} }

191
phpseclib/Net/SSH2.php
View File

@ -46,10 +46,10 @@
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is * copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in * The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -1247,23 +1247,23 @@ class Net_SSH2
} }
switch ($kex_algorithms[$i]) { switch ($kex_algorithms[$i]) {
// see http://tools.ietf.org/html/rfc2409#section-6.2 and // see http://tools.ietf.org/html/rfc2409#section-6.2 and
// http://tools.ietf.org/html/rfc2412, appendex E // http://tools.ietf.org/html/rfc2412, appendex E
case 'diffie-hellman-group1-sha1': case 'diffie-hellman-group1-sha1':
$prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' .
'020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' .
'4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' .
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF'; 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF';
break; break;
// see http://tools.ietf.org/html/rfc3526#section-3 // see http://tools.ietf.org/html/rfc3526#section-3
case 'diffie-hellman-group14-sha1': case 'diffie-hellman-group14-sha1':
$prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . $prime = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' .
'020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' .
'4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' .
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' .
'98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' .
'9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' .
'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' .
'3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF'; '3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF';
break; break;
} }
@ -1284,7 +1284,8 @@ class Net_SSH2
-- http://tools.ietf.org/html/rfc4419#section-6.2 */ -- http://tools.ietf.org/html/rfc4419#section-6.2 */
$one = new Math_BigInteger(1); $one = new Math_BigInteger(1);
$keyLength = min($keyLength, $kexHash->getLength()); $keyLength = min($keyLength, $kexHash->getLength());
$max = $one->bitwise_leftShift(16 * $keyLength)->subtract($one); // 2 * 8 * $keyLength $max = $one->bitwise_leftShift(16 * $keyLength); // 2 * 8 * $keyLength
$max = $max->subtract($one);
$x = $one->random($one, $max); $x = $one->random($one, $max);
$e = $g->modPow($x, $prime); $e = $g->modPow($x, $prime);
@ -1671,10 +1672,26 @@ class Net_SSH2
* @param Mixed $password * @param Mixed $password
* @param Mixed $... * @param Mixed $...
* @return Boolean * @return Boolean
* @see _login_helper * @see _login
* @access public * @access public
*/ */
function login($username) function login($username)
{
$args = func_get_args();
return call_user_func_array(array(&$this, '_login'), $args);
}
/**
* Login Helper
*
* @param String $username
* @param Mixed $password
* @param Mixed $...
* @return Boolean
* @see _login_helper
* @access private
*/
function _login($username)
{ {
$args = array_slice(func_get_args(), 1); $args = array_slice(func_get_args(), 1);
if (empty($args)) { if (empty($args)) {
@ -1845,7 +1862,7 @@ class Net_SSH2
*/ */
function _keyboard_interactive_login($username, $password) function _keyboard_interactive_login($username, $password)
{ {
$packet = pack('CNa*Na*Na*Na*Na*', $packet = pack('CNa*Na*Na*Na*Na*',
NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection', NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
strlen('keyboard-interactive'), 'keyboard-interactive', 0, '', 0, '' strlen('keyboard-interactive'), 'keyboard-interactive', 0, '', 0, ''
); );
@ -2080,7 +2097,7 @@ class Net_SSH2
/** /**
* Get the output from stdError * Get the output from stdError
* *
* @access public * @access public
*/ */
function getStdError() function getStdError()
@ -2110,7 +2127,7 @@ class Net_SSH2
} }
// RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to
// be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but, // be adjusted". 0x7FFFFFFF is, at 2GB, the max size. technically, it should probably be decremented, but,
// honestly, if you're transfering more than 2GB, you probably shouldn't be using phpseclib, anyway. // honestly, if you're transfering more than 2GB, you probably shouldn't be using phpseclib, anyway.
// see http://tools.ietf.org/html/rfc4254#section-5.2 for more info // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info
$this->window_size_server_to_client[NET_SSH2_CHANNEL_EXEC] = 0x7FFFFFFF; $this->window_size_server_to_client[NET_SSH2_CHANNEL_EXEC] = 0x7FFFFFFF;
@ -2167,7 +2184,7 @@ class Net_SSH2
// neither will your script. // neither will your script.
// although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by // although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by
// SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the
// "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA. RFC4254#section-5.2 corroborates. // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA. RFC4254#section-5.2 corroborates.
$packet = pack('CNNa*CNa*', $packet = pack('CNNa*CNa*',
NET_SSH2_MSG_CHANNEL_REQUEST, $this->server_channels[NET_SSH2_CHANNEL_EXEC], strlen('exec'), 'exec', 1, strlen($command), $command); NET_SSH2_MSG_CHANNEL_REQUEST, $this->server_channels[NET_SSH2_CHANNEL_EXEC], strlen('exec'), 'exec', 1, strlen($command), $command);
@ -2823,7 +2840,7 @@ class Net_SSH2
/* /*
if ($channel == NET_SSH2_CHANNEL_EXEC) { if ($channel == NET_SSH2_CHANNEL_EXEC) {
// SCP requires null packets, such as this, be sent. further, in the case of the ssh.com SSH server // SCP requires null packets, such as this, be sent. further, in the case of the ssh.com SSH server
// this actually seems to make things twice as fast. more to the point, the message right after // this actually seems to make things twice as fast. more to the point, the message right after
// SSH_MSG_CHANNEL_DATA (usually SSH_MSG_IGNORE) won't block for as long as it would have otherwise. // SSH_MSG_CHANNEL_DATA (usually SSH_MSG_IGNORE) won't block for as long as it would have otherwise.
// in OpenSSH it slows things down but only by a couple thousandths of a second. // in OpenSSH it slows things down but only by a couple thousandths of a second.
$this->_send_channel_packet($channel, chr(0)); $this->_send_channel_packet($channel, chr(0));
@ -2989,70 +3006,70 @@ class Net_SSH2
*/ */
function _append_log($message_number, $message) function _append_log($message_number, $message)
{ {
// remove the byte identifying the message type from all but the first two messages (ie. the identification strings) // remove the byte identifying the message type from all but the first two messages (ie. the identification strings)
if (strlen($message_number) > 2) { if (strlen($message_number) > 2) {
$this->_string_shift($message); $this->_string_shift($message);
} }
switch (NET_SSH2_LOGGING) { switch (NET_SSH2_LOGGING) {
// useful for benchmarks // useful for benchmarks
case NET_SSH2_LOG_SIMPLE: case NET_SSH2_LOG_SIMPLE:
$this->message_number_log[] = $message_number; $this->message_number_log[] = $message_number;
break; break;
// the most useful log for SSH2 // the most useful log for SSH2
case NET_SSH2_LOG_COMPLEX: case NET_SSH2_LOG_COMPLEX:
$this->message_number_log[] = $message_number; $this->message_number_log[] = $message_number;
$this->log_size+= strlen($message); $this->log_size+= strlen($message);
$this->message_log[] = $message; $this->message_log[] = $message;
while ($this->log_size > NET_SSH2_LOG_MAX_SIZE) { while ($this->log_size > NET_SSH2_LOG_MAX_SIZE) {
$this->log_size-= strlen(array_shift($this->message_log)); $this->log_size-= strlen(array_shift($this->message_log));
array_shift($this->message_number_log); array_shift($this->message_number_log);
} }
break; break;
// dump the output out realtime; packets may be interspersed with non packets, // dump the output out realtime; packets may be interspersed with non packets,
// passwords won't be filtered out and select other packets may not be correctly // passwords won't be filtered out and select other packets may not be correctly
// identified // identified
case NET_SSH2_LOG_REALTIME: case NET_SSH2_LOG_REALTIME:
switch (PHP_SAPI) { switch (PHP_SAPI) {
case 'cli': case 'cli':
$start = $stop = "\r\n"; $start = $stop = "\r\n";
break;
default:
$start = '<pre>';
$stop = '</pre>';
}
echo $start . $this->_format_log(array($message), array($message_number)) . $stop;
@flush();
@ob_flush();
break;
// basically the same thing as NET_SSH2_LOG_REALTIME with the caveat that NET_SSH2_LOG_REALTIME_FILE
// needs to be defined and that the resultant log file will be capped out at NET_SSH2_LOG_MAX_SIZE.
// the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily
// at the beginning of the file
case NET_SSH2_LOG_REALTIME_FILE:
if (!isset($this->realtime_log_file)) {
// PHP doesn't seem to like using constants in fopen()
$filename = NET_SSH2_LOG_REALTIME_FILENAME;
$fp = fopen($filename, 'w');
$this->realtime_log_file = $fp;
}
if (!is_resource($this->realtime_log_file)) {
break; break;
} default:
$entry = $this->_format_log(array($message), array($message_number)); $start = '<pre>';
if ($this->realtime_log_wrap) { $stop = '</pre>';
$temp = "<<< START >>>\r\n"; }
$entry.= $temp; echo $start . $this->_format_log(array($message), array($message_number)) . $stop;
fseek($this->realtime_log_file, ftell($this->realtime_log_file) - strlen($temp)); @flush();
} @ob_flush();
$this->realtime_log_size+= strlen($entry); break;
if ($this->realtime_log_size > NET_SSH2_LOG_MAX_SIZE) { // basically the same thing as NET_SSH2_LOG_REALTIME with the caveat that NET_SSH2_LOG_REALTIME_FILE
fseek($this->realtime_log_file, 0); // needs to be defined and that the resultant log file will be capped out at NET_SSH2_LOG_MAX_SIZE.
$this->realtime_log_size = strlen($entry); // the earliest part of the log file is denoted by the first <<< START >>> and is not going to necessarily
$this->realtime_log_wrap = true; // at the beginning of the file
} case NET_SSH2_LOG_REALTIME_FILE:
fputs($this->realtime_log_file, $entry); if (!isset($this->realtime_log_file)) {
} // PHP doesn't seem to like using constants in fopen()
$filename = NET_SSH2_LOG_REALTIME_FILENAME;
$fp = fopen($filename, 'w');
$this->realtime_log_file = $fp;
}
if (!is_resource($this->realtime_log_file)) {
break;
}
$entry = $this->_format_log(array($message), array($message_number));
if ($this->realtime_log_wrap) {
$temp = "<<< START >>>\r\n";
$entry.= $temp;
fseek($this->realtime_log_file, ftell($this->realtime_log_file) - strlen($temp));
}
$this->realtime_log_size+= strlen($entry);
if ($this->realtime_log_size > NET_SSH2_LOG_MAX_SIZE) {
fseek($this->realtime_log_file, 0);
$this->realtime_log_size = strlen($entry);
$this->realtime_log_wrap = true;
}
fputs($this->realtime_log_file, $entry);
}
} }
/** /**
@ -3607,7 +3624,15 @@ class Net_SSH2
*/ */
function _is_includable($suffix) function _is_includable($suffix)
{ {
foreach (explode(PATH_SEPARATOR, get_include_path()) as $prefix) { // stream_resolve_include_path was introduced in PHP 5.3.2
if (function_exists('stream_resolve_include_path')) {
return stream_resolve_include_path($suffix) !== false;
}
$paths = PATH_SEPARATOR == ':' ?
preg_split('#(?<!phar):#', get_include_path()) :
explode(PATH_SEPARATOR, get_include_path());
foreach ($paths as $prefix) {
$ds = substr($prefix, -1) == DIRECTORY_SEPARATOR ? '' : DIRECTORY_SEPARATOR; $ds = substr($prefix, -1) == DIRECTORY_SEPARATOR ? '' : DIRECTORY_SEPARATOR;
$file = $prefix . $ds . $suffix; $file = $prefix . $ds . $suffix;

41
tests/Net/SSH1Test.php Normal file
View File

@ -0,0 +1,41 @@
<?php
/**
* @author Marc Scholten <marc@pedigital.de>
* @copyright MMXIII Marc Scholten
* @license http://www.opensource.org/licenses/mit-license.html MIT License
*/
class Net_SSH1Test extends PhpseclibTestCase
{
public function formatLogDataProvider()
{
return array(
array(
array('hello world'),
array('<--'),
"<--\r\n00000000 68:65:6c:6c:6f:20:77:6f:72:6c:64 hello world\r\n\r\n"
),
array(
array('hello', 'world'),
array('<--', '<--'),
"<--\r\n00000000 68:65:6c:6c:6f hello\r\n\r\n" .
"<--\r\n00000000 77:6f:72:6c:64 world\r\n\r\n"
),
);
}
/**
* @dataProvider formatLogDataProvider
*/
public function testFormatLog(array $message_log, array $message_number_log, $expected)
{
$ssh = $this->getMockBuilder('Net_SSH1')
->disableOriginalConstructor()
->setMethods(null)
->getMock();
$result = $ssh->_format_log($message_log, $message_number_log);
$this->assertEquals($expected, $result);
}
}

12
tests/code_sniffer_ruleset.xml
View File

@ -56,6 +56,18 @@
</rule> </rule>
<rule ref="Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterHint" /> <rule ref="Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterHint" />
<!-- There MUST NOT be trailing whitespace at the end of lines. -->
<rule ref="Squiz.WhiteSpace.SuperfluousWhitespace" />
<!-- There MUST NOT be whitespace before the first content of a file -->
<rule ref="Squiz.WhiteSpace.SuperfluousWhitespace.StartFile" />
<!-- There MUST NOT be whitespace after the last content of a file -->
<rule ref="Squiz.WhiteSpace.SuperfluousWhitespace.EndFile" />
<!-- Functions MUST NOT contain multiple empty lines in a row -->
<rule ref="Squiz.WhiteSpace.SuperfluousWhitespace.EmptyLines" />
<!-- The ?> closing tag MUST be omitted from files containing only PHP. --> <!-- The ?> closing tag MUST be omitted from files containing only PHP. -->
<rule ref="Zend.Files.ClosingTag" /> <rule ref="Zend.Files.ClosingTag" />