mirror of
https://github.com/phpseclib/phpseclib.git
synced 2024-11-11 08:10:58 +00:00
SSH2: keyboard-interactive changes
Let's say your SSH server had a two-part keyboard-interactive auth. One prompt is for "Password" and the other is for "Verification code". Previously you'd have to do this:
$ssh->login($username, 'pass1', 'code1');
It'd try password authentication with pass1, fail, then do keyboard-interactive with pass1 and then keyboard-interacitve with code1.
ie. the order in which it tried stuff was dependent on the order it was past to the Net_SSH2 object. And it'd always try password auth first.
Now you can go straight to keyboard-interactive and mix the order as follows:
$ssh->login($username, array('Password' => 'pass1'), array('Verification code' => 'code1'));
This commit is contained in:
terrafrost
parent
04c24f6bbc
commit
e0abab9bb4
@ -744,6 +744,14 @@ class Net_SSH2 {
|
|||||||
*/
|
*/
|
||||||
var $last_interactive_response = '';
|
var $last_interactive_response = '';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Keyboard Interactive Request / Responses
|
||||||
|
*
|
||||||
|
* @see Net_SSH2::_keyboard_interactive_process()
|
||||||
|
* @access private
|
||||||
|
*/
|
||||||
|
var $keyboard_requests_responses = array();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default Constructor.
|
* Default Constructor.
|
||||||
*
|
*
|
||||||
@ -1476,6 +1484,7 @@ class Net_SSH2 {
|
|||||||
if (empty($args)) {
|
if (empty($args)) {
|
||||||
return $this->_login_helper($username);
|
return $this->_login_helper($username);
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($args as $arg) {
|
foreach ($args as $arg) {
|
||||||
if ($this->_login_helper($username, $arg)) {
|
if ($this->_login_helper($username, $arg)) {
|
||||||
return true;
|
return true;
|
||||||
@ -1525,7 +1534,7 @@ class Net_SSH2 {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (strlen($this->last_interactive_response)) {
|
if (strlen($this->last_interactive_response)) {
|
||||||
return !is_string($password) ? false : $this->_keyboard_interactive_process($password);
|
return !is_string($password) && !is_array($password) ? false : $this->_keyboard_interactive_process($password);
|
||||||
}
|
}
|
||||||
|
|
||||||
// although PHP5's get_class() preserves the case, PHP4's does not
|
// although PHP5's get_class() preserves the case, PHP4's does not
|
||||||
@ -1533,6 +1542,14 @@ class Net_SSH2 {
|
|||||||
return $this->_privatekey_login($username, $password);
|
return $this->_privatekey_login($username, $password);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (is_array($password)) {
|
||||||
|
if ($this->_keyboard_interactive_login($username, $password)) {
|
||||||
|
$this->bitmap |= NET_SSH2_MASK_LOGIN;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (!isset($password)) {
|
if (!isset($password)) {
|
||||||
$packet = pack('CNa*Na*Na*',
|
$packet = pack('CNa*Na*Na*',
|
||||||
NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
|
NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
|
||||||
@ -1675,14 +1692,31 @@ class Net_SSH2 {
|
|||||||
extract(unpack('Nlength', $this->_string_shift($response, 4)));
|
extract(unpack('Nlength', $this->_string_shift($response, 4)));
|
||||||
$this->_string_shift($response, $length); // language tag; may be empty
|
$this->_string_shift($response, $length); // language tag; may be empty
|
||||||
extract(unpack('Nnum_prompts', $this->_string_shift($response, 4)));
|
extract(unpack('Nnum_prompts', $this->_string_shift($response, 4)));
|
||||||
/*
|
|
||||||
for ($i = 0; $i < $num_prompts; $i++) {
|
for ($i = 0; $i < count($responses); $i++) {
|
||||||
extract(unpack('Nlength', $this->_string_shift($response, 4)));
|
if (is_array($responses[$i])) {
|
||||||
// prompt - ie. "Password: "; must not be empty
|
foreach ($responses[$i] as $key => $value) {
|
||||||
$this->_string_shift($response, $length);
|
$this->keyboard_requests_responses[$key] = $value;
|
||||||
$echo = $this->_string_shift($response) != chr(0);
|
}
|
||||||
|
unset($responses[$i]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$responses = array_values($responses);
|
||||||
|
|
||||||
|
if (isset($this->keyboard_requests_responses)) {
|
||||||
|
for ($i = 0; $i < $num_prompts; $i++) {
|
||||||
|
extract(unpack('Nlength', $this->_string_shift($response, 4)));
|
||||||
|
// prompt - ie. "Password: "; must not be empty
|
||||||
|
$prompt = $this->_string_shift($response, $length);
|
||||||
|
//$echo = $this->_string_shift($response) != chr(0);
|
||||||
|
foreach ($this->keyboard_requests_responses as $key => $value) {
|
||||||
|
if (substr($prompt, 0, strlen($key)) == $key) {
|
||||||
|
$responses[] = $value;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
|
|
||||||
// see http://tools.ietf.org/html/rfc4256#section-3.2
|
// see http://tools.ietf.org/html/rfc4256#section-3.2
|
||||||
if (strlen($this->last_interactive_response)) {
|
if (strlen($this->last_interactive_response)) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user