From 924014fe72fca1dff4172f0ab7bf1ab8b51c315e Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 30 Mar 2014 08:49:22 -0500 Subject: [PATCH 1/4] SSH_Agent: mv SSH_Agent to SSH/Agent and create SSH_Agent for BC --- phpseclib/System/SSH/Agent.php | 313 +++++++++++++++++++++++++++++++++ phpseclib/System/SSH_Agent.php | 313 +-------------------------------- 2 files changed, 314 insertions(+), 312 deletions(-) create mode 100644 phpseclib/System/SSH/Agent.php diff --git a/phpseclib/System/SSH/Agent.php b/phpseclib/System/SSH/Agent.php new file mode 100644 index 00000000..3973a9b0 --- /dev/null +++ b/phpseclib/System/SSH/Agent.php @@ -0,0 +1,313 @@ + + * login('username', $agent)) { + * exit('Login Failed'); + * } + * + * echo $ssh->exec('pwd'); + * echo $ssh->exec('ls -la'); + * ?> + * + * + * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @category System + * @package System_SSH_Agent + * @author Jim Wigginton + * @copyright MMXIV Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + * @internal See http://api.libssh.org/rfc/PROTOCOL.agent + */ + +/**#@+ + * Message numbers + * + * @access private + */ +// to request SSH1 keys you have to use SSH_AGENTC_REQUEST_RSA_IDENTITIES (1) +define('SYSTEM_SSH_AGENTC_REQUEST_IDENTITIES', 11); +// this is the SSH2 response; the SSH1 response is SSH_AGENT_RSA_IDENTITIES_ANSWER (2). +define('SYSTEM_SSH_AGENT_IDENTITIES_ANSWER', 12); +define('SYSTEM_SSH_AGENT_FAILURE', 5); +// the SSH1 request is SSH_AGENTC_RSA_CHALLENGE (3) +define('SYSTEM_SSH_AGENTC_SIGN_REQUEST', 13); +// the SSH1 response is SSH_AGENT_RSA_RESPONSE (4) +define('SYSTEM_SSH_AGENT_SIGN_RESPONSE', 14); +/**#@-*/ + +/** + * Pure-PHP ssh-agent client identity object + * + * Instantiation should only be performed by System_SSH_Agent class. + * This could be thought of as implementing an interface that Crypt_RSA + * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something. + * The methods in this interface would be getPublicKey, setSignatureMode + * and sign since those are the methods phpseclib looks for to perform + * public key authentication. + * + * @package System_SSH_Agent + * @author Jim Wigginton + * @access internal + */ +class System_SSH_Agent_Identity +{ + /** + * Key Object + * + * @var Crypt_RSA + * @access private + * @see System_SSH_Agent_Identity::getPublicKey() + */ + var $key; + + /** + * Key Blob + * + * @var String + * @access private + * @see System_SSH_Agent_Identity::sign() + */ + var $key_blob; + + /** + * Socket Resource + * + * @var Resource + * @access private + * @see System_SSH_Agent_Identity::sign() + */ + var $fsock; + + /** + * Default Constructor. + * + * @param Resource $fsock + * @return System_SSH_Agent_Identity + * @access private + */ + function System_SSH_Agent_Identity($fsock) + { + $this->fsock = $fsock; + } + + /** + * Set Public Key + * + * Called by System_SSH_Agent::requestIdentities() + * + * @param Crypt_RSA $key + * @access private + */ + function setPublicKey($key) + { + $this->key = $key; + $this->key->setPublicKey(); + } + + /** + * Set Public Key + * + * Called by System_SSH_Agent::requestIdentities(). The key blob could be extracted from $this->key + * but this saves a small amount of computation. + * + * @param String $key_blob + * @access private + */ + function setPublicKeyBlob($key_blob) + { + $this->key_blob = $key_blob; + } + + /** + * Get Public Key + * + * Wrapper for $this->key->getPublicKey() + * + * @param Integer $format optional + * @return Mixed + * @access public + */ + function getPublicKey($format = null) + { + return !isset($format) ? $this->key->getPublicKey() : $this->key->getPublicKey($format); + } + + /** + * Set Signature Mode + * + * Doesn't do anything as ssh-agent doesn't let you pick and choose the signature mode. ie. + * ssh-agent's only supported mode is CRYPT_RSA_SIGNATURE_PKCS1 + * + * @param Integer $mode + * @access public + */ + function setSignatureMode($mode) + { + } + + /** + * Create a signature + * + * See "2.6.2 Protocol 2 private key signature request" + * + * @param String $message + * @return String + * @access public + */ + function sign($message) + { + // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE + $packet = pack('CNa*Na*N', SYSTEM_SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0); + $packet = pack('Na*', strlen($packet), $packet); + if (strlen($packet) != fputs($this->fsock, $packet)) { + user_error('Connection closed during signing'); + } + + $length = current(unpack('N', fread($this->fsock, 4))); + $type = ord(fread($this->fsock, 1)); + if ($type != SYSTEM_SSH_AGENT_SIGN_RESPONSE) { + user_error('Unable to retreive signature'); + } + + $signature_blob = fread($this->fsock, $length - 1); + // the only other signature format defined - ssh-dss - is the same length as ssh-rsa + // the + 12 is for the other various SSH added length fields + return substr($signature_blob, strlen('ssh-rsa') + 12); + } +} + +/** + * Pure-PHP ssh-agent client identity factory + * + * requestIdentities() method pumps out System_SSH_Agent_Identity objects + * + * @package System_SSH_Agent + * @author Jim Wigginton + * @access internal + */ +class System_SSH_Agent +{ + /** + * Socket Resource + * + * @var Resource + * @access private + */ + var $fsock; + + /** + * Default Constructor + * + * @return System_SSH_Agent + * @access public + */ + function System_SSH_Agent() + { + switch (true) { + case isset($_SERVER['SSH_AUTH_SOCK']): + $address = $_SERVER['SSH_AUTH_SOCK']; + break; + case isset($_ENV['SSH_AUTH_SOCK']): + $address = $_ENV['SSH_AUTH_SOCK']; + break; + default: + user_error('SSH_AUTH_SOCK not found'); + return false; + } + + $this->fsock = fsockopen('unix://' . $address, 0, $errno, $errstr); + if (!$this->fsock) { + user_error("Unable to connect to ssh-agent (Error $errno: $errstr)"); + } + } + + /** + * Request Identities + * + * See "2.5.2 Requesting a list of protocol 2 keys" + * Returns an array containing zero or more System_SSH_Agent_Identity objects + * + * @return Array + * @access public + */ + function requestIdentities() + { + if (!$this->fsock) { + return array(); + } + + $packet = pack('NC', 1, SYSTEM_SSH_AGENTC_REQUEST_IDENTITIES); + if (strlen($packet) != fputs($this->fsock, $packet)) { + user_error('Connection closed while requesting identities'); + } + + $length = current(unpack('N', fread($this->fsock, 4))); + $type = ord(fread($this->fsock, 1)); + if ($type != SYSTEM_SSH_AGENT_IDENTITIES_ANSWER) { + user_error('Unable to request identities'); + } + + $identities = array(); + $keyCount = current(unpack('N', fread($this->fsock, 4))); + for ($i = 0; $i < $keyCount; $i++) { + $length = current(unpack('N', fread($this->fsock, 4))); + $key_blob = fread($this->fsock, $length); + $length = current(unpack('N', fread($this->fsock, 4))); + $key_comment = fread($this->fsock, $length); + $length = current(unpack('N', substr($key_blob, 0, 4))); + $key_type = substr($key_blob, 4, $length); + switch ($key_type) { + case 'ssh-rsa': + if (!class_exists('Crypt_RSA')) { + include_once 'Crypt/RSA.php'; + } + $key = new Crypt_RSA(); + $key->loadKey('ssh-rsa ' . base64_encode($key_blob) . ' ' . $key_comment); + break; + case 'ssh-dss': + // not currently supported + break; + } + // resources are passed by reference by default + if (isset($key)) { + $identity = new System_SSH_Agent_Identity($this->fsock); + $identity->setPublicKey($key); + $identity->setPublicKeyBlob($key_blob); + $identities[] = $identity; + unset($key); + } + } + + return $identities; + } +} diff --git a/phpseclib/System/SSH_Agent.php b/phpseclib/System/SSH_Agent.php index 3973a9b0..11554622 100644 --- a/phpseclib/System/SSH_Agent.php +++ b/phpseclib/System/SSH_Agent.php @@ -1,313 +1,2 @@ - * login('username', $agent)) { - * exit('Login Failed'); - * } - * - * echo $ssh->exec('pwd'); - * echo $ssh->exec('ls -la'); - * ?> - * - * - * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - * - * @category System - * @package System_SSH_Agent - * @author Jim Wigginton - * @copyright MMXIV Jim Wigginton - * @license http://www.opensource.org/licenses/mit-license.html MIT License - * @link http://phpseclib.sourceforge.net - * @internal See http://api.libssh.org/rfc/PROTOCOL.agent - */ - -/**#@+ - * Message numbers - * - * @access private - */ -// to request SSH1 keys you have to use SSH_AGENTC_REQUEST_RSA_IDENTITIES (1) -define('SYSTEM_SSH_AGENTC_REQUEST_IDENTITIES', 11); -// this is the SSH2 response; the SSH1 response is SSH_AGENT_RSA_IDENTITIES_ANSWER (2). -define('SYSTEM_SSH_AGENT_IDENTITIES_ANSWER', 12); -define('SYSTEM_SSH_AGENT_FAILURE', 5); -// the SSH1 request is SSH_AGENTC_RSA_CHALLENGE (3) -define('SYSTEM_SSH_AGENTC_SIGN_REQUEST', 13); -// the SSH1 response is SSH_AGENT_RSA_RESPONSE (4) -define('SYSTEM_SSH_AGENT_SIGN_RESPONSE', 14); -/**#@-*/ - -/** - * Pure-PHP ssh-agent client identity object - * - * Instantiation should only be performed by System_SSH_Agent class. - * This could be thought of as implementing an interface that Crypt_RSA - * implements. ie. maybe a Net_SSH_Auth_PublicKey interface or something. - * The methods in this interface would be getPublicKey, setSignatureMode - * and sign since those are the methods phpseclib looks for to perform - * public key authentication. - * - * @package System_SSH_Agent - * @author Jim Wigginton - * @access internal - */ -class System_SSH_Agent_Identity -{ - /** - * Key Object - * - * @var Crypt_RSA - * @access private - * @see System_SSH_Agent_Identity::getPublicKey() - */ - var $key; - - /** - * Key Blob - * - * @var String - * @access private - * @see System_SSH_Agent_Identity::sign() - */ - var $key_blob; - - /** - * Socket Resource - * - * @var Resource - * @access private - * @see System_SSH_Agent_Identity::sign() - */ - var $fsock; - - /** - * Default Constructor. - * - * @param Resource $fsock - * @return System_SSH_Agent_Identity - * @access private - */ - function System_SSH_Agent_Identity($fsock) - { - $this->fsock = $fsock; - } - - /** - * Set Public Key - * - * Called by System_SSH_Agent::requestIdentities() - * - * @param Crypt_RSA $key - * @access private - */ - function setPublicKey($key) - { - $this->key = $key; - $this->key->setPublicKey(); - } - - /** - * Set Public Key - * - * Called by System_SSH_Agent::requestIdentities(). The key blob could be extracted from $this->key - * but this saves a small amount of computation. - * - * @param String $key_blob - * @access private - */ - function setPublicKeyBlob($key_blob) - { - $this->key_blob = $key_blob; - } - - /** - * Get Public Key - * - * Wrapper for $this->key->getPublicKey() - * - * @param Integer $format optional - * @return Mixed - * @access public - */ - function getPublicKey($format = null) - { - return !isset($format) ? $this->key->getPublicKey() : $this->key->getPublicKey($format); - } - - /** - * Set Signature Mode - * - * Doesn't do anything as ssh-agent doesn't let you pick and choose the signature mode. ie. - * ssh-agent's only supported mode is CRYPT_RSA_SIGNATURE_PKCS1 - * - * @param Integer $mode - * @access public - */ - function setSignatureMode($mode) - { - } - - /** - * Create a signature - * - * See "2.6.2 Protocol 2 private key signature request" - * - * @param String $message - * @return String - * @access public - */ - function sign($message) - { - // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE - $packet = pack('CNa*Na*N', SYSTEM_SSH_AGENTC_SIGN_REQUEST, strlen($this->key_blob), $this->key_blob, strlen($message), $message, 0); - $packet = pack('Na*', strlen($packet), $packet); - if (strlen($packet) != fputs($this->fsock, $packet)) { - user_error('Connection closed during signing'); - } - - $length = current(unpack('N', fread($this->fsock, 4))); - $type = ord(fread($this->fsock, 1)); - if ($type != SYSTEM_SSH_AGENT_SIGN_RESPONSE) { - user_error('Unable to retreive signature'); - } - - $signature_blob = fread($this->fsock, $length - 1); - // the only other signature format defined - ssh-dss - is the same length as ssh-rsa - // the + 12 is for the other various SSH added length fields - return substr($signature_blob, strlen('ssh-rsa') + 12); - } -} - -/** - * Pure-PHP ssh-agent client identity factory - * - * requestIdentities() method pumps out System_SSH_Agent_Identity objects - * - * @package System_SSH_Agent - * @author Jim Wigginton - * @access internal - */ -class System_SSH_Agent -{ - /** - * Socket Resource - * - * @var Resource - * @access private - */ - var $fsock; - - /** - * Default Constructor - * - * @return System_SSH_Agent - * @access public - */ - function System_SSH_Agent() - { - switch (true) { - case isset($_SERVER['SSH_AUTH_SOCK']): - $address = $_SERVER['SSH_AUTH_SOCK']; - break; - case isset($_ENV['SSH_AUTH_SOCK']): - $address = $_ENV['SSH_AUTH_SOCK']; - break; - default: - user_error('SSH_AUTH_SOCK not found'); - return false; - } - - $this->fsock = fsockopen('unix://' . $address, 0, $errno, $errstr); - if (!$this->fsock) { - user_error("Unable to connect to ssh-agent (Error $errno: $errstr)"); - } - } - - /** - * Request Identities - * - * See "2.5.2 Requesting a list of protocol 2 keys" - * Returns an array containing zero or more System_SSH_Agent_Identity objects - * - * @return Array - * @access public - */ - function requestIdentities() - { - if (!$this->fsock) { - return array(); - } - - $packet = pack('NC', 1, SYSTEM_SSH_AGENTC_REQUEST_IDENTITIES); - if (strlen($packet) != fputs($this->fsock, $packet)) { - user_error('Connection closed while requesting identities'); - } - - $length = current(unpack('N', fread($this->fsock, 4))); - $type = ord(fread($this->fsock, 1)); - if ($type != SYSTEM_SSH_AGENT_IDENTITIES_ANSWER) { - user_error('Unable to request identities'); - } - - $identities = array(); - $keyCount = current(unpack('N', fread($this->fsock, 4))); - for ($i = 0; $i < $keyCount; $i++) { - $length = current(unpack('N', fread($this->fsock, 4))); - $key_blob = fread($this->fsock, $length); - $length = current(unpack('N', fread($this->fsock, 4))); - $key_comment = fread($this->fsock, $length); - $length = current(unpack('N', substr($key_blob, 0, 4))); - $key_type = substr($key_blob, 4, $length); - switch ($key_type) { - case 'ssh-rsa': - if (!class_exists('Crypt_RSA')) { - include_once 'Crypt/RSA.php'; - } - $key = new Crypt_RSA(); - $key->loadKey('ssh-rsa ' . base64_encode($key_blob) . ' ' . $key_comment); - break; - case 'ssh-dss': - // not currently supported - break; - } - // resources are passed by reference by default - if (isset($key)) { - $identity = new System_SSH_Agent_Identity($this->fsock); - $identity->setPublicKey($key); - $identity->setPublicKeyBlob($key_blob); - $identities[] = $identity; - unset($key); - } - } - - return $identities; - } -} +@include_once 'SSH/Agent.php'; From 50b250ce69d66abdd49f18246d28b267125bc189 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 30 Mar 2014 16:32:05 -0500 Subject: [PATCH 2/4] SSH_Agent: CS updates --- phpseclib/System/SSH/Agent.php | 2 +- phpseclib/System/SSH_Agent.php | 39 +++++++++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/phpseclib/System/SSH/Agent.php b/phpseclib/System/SSH/Agent.php index 3973a9b0..6d1882f0 100644 --- a/phpseclib/System/SSH/Agent.php +++ b/phpseclib/System/SSH/Agent.php @@ -7,7 +7,7 @@ * Here are some examples of how to use this library: * * + * @copyright MMXIV Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + * @link http://phpseclib.sourceforge.net + * @internal See http://api.libssh.org/rfc/PROTOCOL.agent + */ + +include_once 'SSH/Agent.php'; \ No newline at end of file From 1694012f78b97652260a95c43d102477b59e0394 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 30 Mar 2014 16:37:11 -0500 Subject: [PATCH 3/4] SSH_Agent: another CS update --- phpseclib/System/SSH_Agent.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/System/SSH_Agent.php b/phpseclib/System/SSH_Agent.php index 91c48b4f..c57c4b74 100644 --- a/phpseclib/System/SSH_Agent.php +++ b/phpseclib/System/SSH_Agent.php @@ -36,4 +36,4 @@ * @internal See http://api.libssh.org/rfc/PROTOCOL.agent */ -include_once 'SSH/Agent.php'; \ No newline at end of file +require_once 'SSH/Agent.php'; \ No newline at end of file From 6f4ddf0e3314e3cba7a94f9e2fa86ee942658096 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 1 Apr 2014 22:54:26 +0200 Subject: [PATCH 4/4] SSH_Agent: add new line at end of file to comply with CS --- phpseclib/System/SSH_Agent.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/System/SSH_Agent.php b/phpseclib/System/SSH_Agent.php index c57c4b74..0a001656 100644 --- a/phpseclib/System/SSH_Agent.php +++ b/phpseclib/System/SSH_Agent.php @@ -36,4 +36,4 @@ * @internal See http://api.libssh.org/rfc/PROTOCOL.agent */ -require_once 'SSH/Agent.php'; \ No newline at end of file +require_once 'SSH/Agent.php';