PageRenderTime 71ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 1ms

/includes/src/phpseclib/Net/SSH2.php

https://bitbucket.org/kdms/sh-magento
PHP | 2302 lines | 1223 code | 275 blank | 804 comment | 198 complexity | 65563b38d6e6df3e8ebc628cec86f86d MD5 | raw file
    

  1. <?php
    2. 

  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
    3. 

  3. 

  4. /**
    5. 

  5.  * Pure-PHP implementation of SSHv2.
    6. 

  6.  *
    7. 

  7.  * PHP versions 4 and 5
    8. 

  8.  *
    9. 

  9.  * Here are some examples of how to use this library:
    10. 

  10.  * <code>
    11. 

  11.  * <?php
    12. 

  12.  *    include('Net/SSH2.php');
    13. 

  13.  *
    14. 

  14.  *    $ssh = new Net_SSH2('www.domain.tld');
    15. 

  15.  *    if (!$ssh->login('username', 'password')) {
    16. 

  16.  *        exit('Login Failed');
    17. 

  17.  *    }
    18. 

  18.  *
    19. 

  19.  *    echo $ssh->exec('pwd');
    20. 

  20.  *    echo $ssh->exec('ls -la');
    21. 

  21.  * ?>
    22. 

  22.  * </code>
    23. 

  23.  *
    24. 

  24.  * <code>
    25. 

  25.  * <?php
    26. 

  26.  *    include('Crypt/RSA.php');
    27. 

  27.  *    include('Net/SSH2.php');
    28. 

  28.  *
    29. 

  29.  *    $key = new Crypt_RSA();
    30. 

  30.  *    //$key->setPassword('whatever');
    31. 

  31.  *    $key->loadKey(file_get_contents('privatekey'));
    32. 

  32.  *
    33. 

  33.  *    $ssh = new Net_SSH2('www.domain.tld');
    34. 

  34.  *    if (!$ssh->login('username', $key)) {
    35. 

  35.  *        exit('Login Failed');
    36. 

  36.  *    }
    37. 

  37.  *
    38. 

  38.  *    echo $ssh->exec('pwd');
    39. 

  39.  *    echo $ssh->exec('ls -la');
    40. 

  40.  * ?>
    41. 

  41.  * </code>
    42. 

  42.  *
    43. 

  43.  * LICENSE: This library is free software; you can redistribute it and/or
    44. 

  44.  * modify it under the terms of the GNU Lesser General Public
    45. 

  45.  * License as published by the Free Software Foundation; either
    46. 

  46.  * version 2.1 of the License, or (at your option) any later version.
    47. 

  47.  *
    48. 

  48.  * This library is distributed in the hope that it will be useful,
    49. 

  49.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    50. 

  50.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    51. 

  51.  * Lesser General Public License for more details.
    52. 

  52.  *
    53. 

  53.  * You should have received a copy of the GNU Lesser General Public
    54. 

  54.  * License along with this library; if not, write to the Free Software
    55. 

  55.  * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
    56. 

  56.  * MA  02111-1307  USA
    57. 

  57.  *
    58. 

  58.  * @category   Net
    59. 

  59.  * @package    Net_SSH2
    60. 

  60.  * @author     Jim Wigginton <terrafrost@php.net>
    61. 

  61.  * @copyright  MMVII Jim Wigginton
    62. 

  62.  * @license    http://www.gnu.org/licenses/lgpl.txt
    63. 

  63.  * @version    $Id: SSH2.php,v 1.46 2010/04/27 21:29:36 terrafrost Exp $
    64. 

  64.  * @link       http://phpseclib.sourceforge.net
    65. 

  65.  */
    66. 

  66. 

  67. /**
    68. 

  68.  * Include Math_BigInteger
    69. 

  69.  *
    70. 

  70.  * Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
    71. 

  71.  */
    72. 

  72. require_once('phpseclib/Math/BigInteger.php');
    73. 

  73. 

  74. /**
    75. 

  75.  * Include Crypt_Random
    76. 

  76.  */
    77. 

  77. require_once('phpseclib/Crypt/Random.php');
    78. 

  78. 

  79. /**
    80. 

  80.  * Include Crypt_Hash
    81. 

  81.  */
    82. 

  82. require_once('phpseclib/Crypt/Hash.php');
    83. 

  83. 

  84. /**
    85. 

  85.  * Include Crypt_TripleDES
    86. 

  86.  */
    87. 

  87. require_once('phpseclib/Crypt/TripleDES.php');
    88. 

  88. 

  89. /**
    90. 

  90.  * Include Crypt_RC4
    91. 

  91.  */
    92. 

  92. require_once('phpseclib/Crypt/RC4.php');
    93. 

  93. 

  94. /**
    95. 

  95.  * Include Crypt_AES
    96. 

  96.  */
    97. 

  97. require_once('phpseclib/Crypt/AES.php');
    98. 

  98. 

  99. /**#@+
    100. 

  100.  * Execution Bitmap Masks
    101. 

  101.  *
    102. 

  102.  * @see Net_SSH2::bitmap
    103. 

  103.  * @access private
    104. 

  104.  */
    105. 

  105. define('NET_SSH2_MASK_CONSTRUCTOR', 0x00000001);
    106. 

  106. define('NET_SSH2_MASK_LOGIN',       0x00000002);
    107. 

  107. /**#@-*/
    108. 

  108. 

  109. /**#@+
    110. 

  110.  * Channel constants
    111. 

  111.  *
    112. 

  112.  * RFC4254 refers not to client and server channels but rather to sender and recipient channels.  we don't refer
    113. 

  113.  * to them in that way because RFC4254 toggles the meaning. the client sends a SSH_MSG_CHANNEL_OPEN message with
    114. 

  114.  * a sender channel and the server sends a SSH_MSG_CHANNEL_OPEN_CONFIRMATION in response, with a sender and a
    115. 

  115.  * recepient channel.  at first glance, you might conclude that SSH_MSG_CHANNEL_OPEN_CONFIRMATION's sender channel
    116. 

  116.  * would be the same thing as SSH_MSG_CHANNEL_OPEN's sender channel, but it's not, per this snipet:
    117. 

  117.  *     The 'recipient channel' is the channel number given in the original
    118. 

  118.  *     open request, and 'sender channel' is the channel number allocated by
    119. 

  119.  *     the other side.
    120. 

  120.  *
    121. 

  121.  * @see Net_SSH2::_send_channel_packet()
    122. 

  122.  * @see Net_SSH2::_get_channel_packet()
    123. 

  123.  * @access private
    124. 

  124.  */
    125. 

  125. define('NET_SSH2_CHANNEL_EXEC', 0); // PuTTy uses 0x100
    126. 

  126. /**#@-*/
    127. 

  127. 

  128. /**#@+
    129. 

  129.  * @access public
    130. 

  130.  * @see Net_SSH2::getLog()
    131. 

  131.  */
    132. 

  132. /**
    133. 

  133.  * Returns the message numbers
    134. 

  134.  */
    135. 

  135. define('NET_SSH2_LOG_SIMPLE',  1);
    136. 

  136. /**
    137. 

  137.  * Returns the message content
    138. 

  138.  */
    139. 

  139. define('NET_SSH2_LOG_COMPLEX', 2);
    140. 

  140. /**#@-*/
    141. 

  141. 

  142. /**
    143. 

  143.  * Pure-PHP implementation of SSHv2.
    144. 

  144.  *
    145. 

  145.  * @author  Jim Wigginton <terrafrost@php.net>
    146. 

  146.  * @version 0.1.0
    147. 

  147.  * @access  public
    148. 

  148.  * @package Net_SSH2
    149. 

  149.  */
    150. 

  150. class Net_SSH2 {
    151. 

  151.     /**
    152. 

  152.      * The SSH identifier
    153. 

  153.      *
    154. 

  154.      * @var String
    155. 

  155.      * @access private
    156. 

  156.      */
    157. 

  157.     var $identifier = 'SSH-2.0-phpseclib_0.2';
    158. 

  158. 

  159.     /**
    160. 

  160.      * The Socket Object
    161. 

  161.      *
    162. 

  162.      * @var Object
    163. 

  163.      * @access private
    164. 

  164.      */
    165. 

  165.     var $fsock;
    166. 

  166. 

  167.     /**
    168. 

  168.      * Execution Bitmap
    169. 

  169.      *
    170. 

  170.      * The bits that are set reprsent functions that have been called already.  This is used to determine
    171. 

  171.      * if a requisite function has been successfully executed.  If not, an error should be thrown.
    172. 

  172.      *
    173. 

  173.      * @var Integer
    174. 

  174.      * @access private
    175. 

  175.      */
    176. 

  176.     var $bitmap = 0;
    177. 

  177. 

  178.     /**
    179. 

  179.      * Error information
    180. 

  180.      *
    181. 

  181.      * @see Net_SSH2::getErrors()
    182. 

  182.      * @see Net_SSH2::getLastError()
    183. 

  183.      * @var String
    184. 

  184.      * @access private
    185. 

  185.      */
    186. 

  186.     var $errors = array();
    187. 

  187. 

  188.     /**
    189. 

  189.      * Server Identifier
    190. 

  190.      *
    191. 

  191.      * @see Net_SSH2::getServerIdentification()
    192. 

  192.      * @var String
    193. 

  193.      * @access private
    194. 

  194.      */
    195. 

  195.     var $server_identifier = '';
    196. 

  196. 

  197.     /**
    198. 

  198.      * Key Exchange Algorithms
    199. 

  199.      *
    200. 

  200.      * @see Net_SSH2::getKexAlgorithims()
    201. 

  201.      * @var Array
    202. 

  202.      * @access private
    203. 

  203.      */
    204. 

  204.     var $kex_algorithms;
    205. 

  205. 

  206.     /**
    207. 

  207.      * Server Host Key Algorithms
    208. 

  208.      *
    209. 

  209.      * @see Net_SSH2::getServerHostKeyAlgorithms()
    210. 

  210.      * @var Array
    211. 

  211.      * @access private
    212. 

  212.      */
    213. 

  213.     var $server_host_key_algorithms;
    214. 

  214. 

  215.     /**
    216. 

  216.      * Encryption Algorithms: Client to Server
    217. 

  217.      *
    218. 

  218.      * @see Net_SSH2::getEncryptionAlgorithmsClient2Server()
    219. 

  219.      * @var Array
    220. 

  220.      * @access private
    221. 

  221.      */
    222. 

  222.     var $encryption_algorithms_client_to_server;
    223. 

  223. 

  224.     /**
    225. 

  225.      * Encryption Algorithms: Server to Client
    226. 

  226.      *
    227. 

  227.      * @see Net_SSH2::getEncryptionAlgorithmsServer2Client()
    228. 

  228.      * @var Array
    229. 

  229.      * @access private
    230. 

  230.      */
    231. 

  231.     var $encryption_algorithms_server_to_client;
    232. 

  232. 

  233.     /**
    234. 

  234.      * MAC Algorithms: Client to Server
    235. 

  235.      *
    236. 

  236.      * @see Net_SSH2::getMACAlgorithmsClient2Server()
    237. 

  237.      * @var Array
    238. 

  238.      * @access private
    239. 

  239.      */
    240. 

  240.     var $mac_algorithms_client_to_server;
    241. 

  241. 

  242.     /**
    243. 

  243.      * MAC Algorithms: Server to Client
    244. 

  244.      *
    245. 

  245.      * @see Net_SSH2::getMACAlgorithmsServer2Client()
    246. 

  246.      * @var Array
    247. 

  247.      * @access private
    248. 

  248.      */
    249. 

  249.     var $mac_algorithms_server_to_client;
    250. 

  250. 

  251.     /**
    252. 

  252.      * Compression Algorithms: Client to Server
    253. 

  253.      *
    254. 

  254.      * @see Net_SSH2::getCompressionAlgorithmsClient2Server()
    255. 

  255.      * @var Array
    256. 

  256.      * @access private
    257. 

  257.      */
    258. 

  258.     var $compression_algorithms_client_to_server;
    259. 

  259. 

  260.     /**
    261. 

  261.      * Compression Algorithms: Server to Client
    262. 

  262.      *
    263. 

  263.      * @see Net_SSH2::getCompressionAlgorithmsServer2Client()
    264. 

  264.      * @var Array
    265. 

  265.      * @access private
    266. 

  266.      */
    267. 

  267.     var $compression_algorithms_server_to_client;
    268. 

  268. 

  269.     /**
    270. 

  270.      * Languages: Server to Client
    271. 

  271.      *
    272. 

  272.      * @see Net_SSH2::getLanguagesServer2Client()
    273. 

  273.      * @var Array
    274. 

  274.      * @access private
    275. 

  275.      */
    276. 

  276.     var $languages_server_to_client;
    277. 

  277. 

  278.     /**
    279. 

  279.      * Languages: Client to Server
    280. 

  280.      *
    281. 

  281.      * @see Net_SSH2::getLanguagesClient2Server()
    282. 

  282.      * @var Array
    283. 

  283.      * @access private
    284. 

  284.      */
    285. 

  285.     var $languages_client_to_server;
    286. 

  286. 

  287.     /**
    288. 

  288.      * Block Size for Server to Client Encryption
    289. 

  289.      *
    290. 

  290.      * "Note that the length of the concatenation of 'packet_length',
    291. 

  291.      *  'padding_length', 'payload', and 'random padding' MUST be a multiple
    292. 

  292.      *  of the cipher block size or 8, whichever is larger.  This constraint
    293. 

  293.      *  MUST be enforced, even when using stream ciphers."
    294. 

  294.      *
    295. 

  295.      *  -- http://tools.ietf.org/html/rfc4253#section-6
    296. 

  296.      *
    297. 

  297.      * @see Net_SSH2::Net_SSH2()
    298. 

  298.      * @see Net_SSH2::_send_binary_packet()
    299. 

  299.      * @var Integer
    300. 

  300.      * @access private
    301. 

  301.      */
    302. 

  302.     var $encrypt_block_size = 8;
    303. 

  303. 

  304.     /**
    305. 

  305.      * Block Size for Client to Server Encryption
    306. 

  306.      *
    307. 

  307.      * @see Net_SSH2::Net_SSH2()
    308. 

  308.      * @see Net_SSH2::_get_binary_packet()
    309. 

  309.      * @var Integer
    310. 

  310.      * @access private
    311. 

  311.      */
    312. 

  312.     var $decrypt_block_size = 8;
    313. 

  313. 

  314.     /**
    315. 

  315.      * Server to Client Encryption Object
    316. 

  316.      *
    317. 

  317.      * @see Net_SSH2::_get_binary_packet()
    318. 

  318.      * @var Object
    319. 

  319.      * @access private
    320. 

  320.      */
    321. 

  321.     var $decrypt = false;
    322. 

  322. 

  323.     /**
    324. 

  324.      * Client to Server Encryption Object
    325. 

  325.      *
    326. 

  326.      * @see Net_SSH2::_send_binary_packet()
    327. 

  327.      * @var Object
    328. 

  328.      * @access private
    329. 

  329.      */
    330. 

  330.     var $encrypt = false;
    331. 

  331. 

  332.     /**
    333. 

  333.      * Client to Server HMAC Object
    334. 

  334.      *
    335. 

  335.      * @see Net_SSH2::_send_binary_packet()
    336. 

  336.      * @var Object
    337. 

  337.      * @access private
    338. 

  338.      */
    339. 

  339.     var $hmac_create = false;
    340. 

  340. 

  341.     /**
    342. 

  342.      * Server to Client HMAC Object
    343. 

  343.      *
    344. 

  344.      * @see Net_SSH2::_get_binary_packet()
    345. 

  345.      * @var Object
    346. 

  346.      * @access private
    347. 

  347.      */
    348. 

  348.     var $hmac_check = false;
    349. 

  349. 

  350.     /**
    351. 

  351.      * Size of server to client HMAC
    352. 

  352.      *
    353. 

  353.      * We need to know how big the HMAC will be for the server to client direction so that we know how many bytes to read.
    354. 

  354.      * For the client to server side, the HMAC object will make the HMAC as long as it needs to be.  All we need to do is
    355. 

  355.      * append it.
    356. 

  356.      *
    357. 

  357.      * @see Net_SSH2::_get_binary_packet()
    358. 

  358.      * @var Integer
    359. 

  359.      * @access private
    360. 

  360.      */
    361. 

  361.     var $hmac_size = false;
    362. 

  362. 

  363.     /**
    364. 

  364.      * Server Public Host Key
    365. 

  365.      *
    366. 

  366.      * @see Net_SSH2::getServerPublicHostKey()
    367. 

  367.      * @var String
    368. 

  368.      * @access private
    369. 

  369.      */
    370. 

  370.     var $server_public_host_key;
    371. 

  371. 

  372.     /**
    373. 

  373.      * Session identifer
    374. 

  374.      *
    375. 

  375.      * "The exchange hash H from the first key exchange is additionally
    376. 

  376.      *  used as the session identifier, which is a unique identifier for
    377. 

  377.      *  this connection."
    378. 

  378.      *
    379. 

  379.      *  -- http://tools.ietf.org/html/rfc4253#section-7.2
    380. 

  380.      *
    381. 

  381.      * @see Net_SSH2::_key_exchange()
    382. 

  382.      * @var String
    383. 

  383.      * @access private
    384. 

  384.      */
    385. 

  385.     var $session_id = false;
    386. 

  386. 

  387.     /**
    388. 

  388.      * Message Numbers
    389. 

  389.      *
    390. 

  390.      * @see Net_SSH2::Net_SSH2()
    391. 

  391.      * @var Array
    392. 

  392.      * @access private
    393. 

  393.      */
    394. 

  394.     var $message_numbers = array();
    395. 

  395. 

  396.     /**
    397. 

  397.      * Disconnection Message 'reason codes' defined in RFC4253
    398. 

  398.      *
    399. 

  399.      * @see Net_SSH2::Net_SSH2()
    400. 

  400.      * @var Array
    401. 

  401.      * @access private
    402. 

  402.      */
    403. 

  403.     var $disconnect_reasons = array();
    404. 

  404. 

  405.     /**
    406. 

  406.      * SSH_MSG_CHANNEL_OPEN_FAILURE 'reason codes', defined in RFC4254
    407. 

  407.      *
    408. 

  408.      * @see Net_SSH2::Net_SSH2()
    409. 

  409.      * @var Array
    410. 

  410.      * @access private
    411. 

  411.      */
    412. 

  412.     var $channel_open_failure_reasons = array();
    413. 

  413. 

  414.     /**
    415. 

  415.      * Terminal Modes
    416. 

  416.      *
    417. 

  417.      * @link http://tools.ietf.org/html/rfc4254#section-8
    418. 

  418.      * @see Net_SSH2::Net_SSH2()
    419. 

  419.      * @var Array
    420. 

  420.      * @access private
    421. 

  421.      */
    422. 

  422.     var $terminal_modes = array();
    423. 

  423. 

  424.     /**
    425. 

  425.      * SSH_MSG_CHANNEL_EXTENDED_DATA's data_type_codes
    426. 

  426.      *
    427. 

  427.      * @link http://tools.ietf.org/html/rfc4254#section-5.2
    428. 

  428.      * @see Net_SSH2::Net_SSH2()
    429. 

  429.      * @var Array
    430. 

  430.      * @access private
    431. 

  431.      */
    432. 

  432.     var $channel_extended_data_type_codes = array();
    433. 

  433. 

  434.     /**
    435. 

  435.      * Send Sequence Number
    436. 

  436.      *
    437. 

  437.      * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
    438. 

  438.      *
    439. 

  439.      * @see Net_SSH2::_send_binary_packet()
    440. 

  440.      * @var Integer
    441. 

  441.      * @access private
    442. 

  442.      */
    443. 

  443.     var $send_seq_no = 0;
    444. 

  444. 

  445.     /**
    446. 

  446.      * Get Sequence Number
    447. 

  447.      *
    448. 

  448.      * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
    449. 

  449.      *
    450. 

  450.      * @see Net_SSH2::_get_binary_packet()
    451. 

  451.      * @var Integer
    452. 

  452.      * @access private
    453. 

  453.      */
    454. 

  454.     var $get_seq_no = 0;
    455. 

  455. 

  456.     /**
    457. 

  457.      * Server Channels
    458. 

  458.      *
    459. 

  459.      * Maps client channels to server channels
    460. 

  460.      *
    461. 

  461.      * @see Net_SSH2::_get_channel_packet()
    462. 

  462.      * @see Net_SSH2::exec()
    463. 

  463.      * @var Array
    464. 

  464.      * @access private
    465. 

  465.      */
    466. 

  466.     var $server_channels = array();
    467. 

  467. 

  468.     /**
    469. 

  469.      * Channel Buffers
    470. 

  470.      *
    471. 

  471.      * If a client requests a packet from one channel but receives two packets from another those packets should
    472. 

  472.      * be placed in a buffer
    473. 

  473.      *
    474. 

  474.      * @see Net_SSH2::_get_channel_packet()
    475. 

  475.      * @see Net_SSH2::exec()
    476. 

  476.      * @var Array
    477. 

  477.      * @access private
    478. 

  478.      */
    479. 

  479.     var $channel_buffers = array();
    480. 

  480. 

  481.     /**
    482. 

  482.      * Channel Status
    483. 

  483.      *
    484. 

  484.      * Contains the type of the last sent message
    485. 

  485.      *
    486. 

  486.      * @see Net_SSH2::_get_channel_packet()
    487. 

  487.      * @var Array
    488. 

  488.      * @access private
    489. 

  489.      */
    490. 

  490.     var $channel_status = array();
    491. 

  491. 

  492.     /**
    493. 

  493.      * Packet Size
    494. 

  494.      *
    495. 

  495.      * Maximum packet size indexed by channel
    496. 

  496.      *
    497. 

  497.      * @see Net_SSH2::_send_channel_packet()
    498. 

  498.      * @var Array
    499. 

  499.      * @access private
    500. 

  500.      */
    501. 

  501.     var $packet_size_client_to_server = array();
    502. 

  502. 

  503.     /**
    504. 

  504.      * Message Number Log
    505. 

  505.      *
    506. 

  506.      * @see Net_SSH2::getLog()
    507. 

  507.      * @var Array
    508. 

  508.      * @access private
    509. 

  509.      */
    510. 

  510.     var $message_number_log = array();
    511. 

  511. 

  512.     /**
    513. 

  513.      * Message Log
    514. 

  514.      *
    515. 

  515.      * @see Net_SSH2::getLog()
    516. 

  516.      * @var Array
    517. 

  517.      * @access private
    518. 

  518.      */
    519. 

  519.     var $message_log = array();
    520. 

  520. 

  521.     /**
    522. 

  522.      * The Window Size
    523. 

  523.      *
    524. 

  524.      * Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 4GB)
    525. 

  525.      *
    526. 

  526.      * @var Integer
    527. 

  527.      * @see Net_SSH2::_send_channel_packet()
    528. 

  528.      * @see Net_SSH2::exec()
    529. 

  529.      * @access private
    530. 

  530.      */
    531. 

  531.     var $window_size = 0x7FFFFFFF;
    532. 

  532. 

  533.     /**
    534. 

  534.      * Window size
    535. 

  535.      *
    536. 

  536.      * Window size indexed by channel
    537. 

  537.      *
    538. 

  538.      * @see Net_SSH2::_send_channel_packet()
    539. 

  539.      * @var Array
    540. 

  540.      * @access private
    541. 

  541.      */
    542. 

  542.     var $window_size_client_to_server = array();
    543. 

  543. 

  544.     /**
    545. 

  545.      * Server signature
    546. 

  546.      *
    547. 

  547.      * Verified against $this->session_id
    548. 

  548.      *
    549. 

  549.      * @see Net_SSH2::getServerPublicHostKey()
    550. 

  550.      * @var String
    551. 

  551.      * @access private
    552. 

  552.      */
    553. 

  553.     var $signature = '';
    554. 

  554. 

  555.     /**
    556. 

  556.      * Server signature format
    557. 

  557.      *
    558. 

  558.      * ssh-rsa or ssh-dss.
    559. 

  559.      *
    560. 

  560.      * @see Net_SSH2::getServerPublicHostKey()
    561. 

  561.      * @var String
    562. 

  562.      * @access private
    563. 

  563.      */
    564. 

  564.     var $signature_format = '';
    565. 

  565. 

  566.     /**
    567. 

  567.      * Default Constructor.
    568. 

  568.      *
    569. 

  569.      * Connects to an SSHv2 server
    570. 

  570.      *
    571. 

  571.      * @param String $host
    572. 

  572.      * @param optional Integer $port
    573. 

  573.      * @param optional Integer $timeout
    574. 

  574.      * @return Net_SSH2
    575. 

  575.      * @access public
    576. 

  576.      */
    577. 

  577.     function Net_SSH2($host, $port = 22, $timeout = 10)
    578. 

  578.     {
    579. 

  579.         $this->message_numbers = array(
    580. 

  580.             1 => 'NET_SSH2_MSG_DISCONNECT',
    581. 

  581.             2 => 'NET_SSH2_MSG_IGNORE',
    582. 

  582.             3 => 'NET_SSH2_MSG_UNIMPLEMENTED',
    583. 

  583.             4 => 'NET_SSH2_MSG_DEBUG',
    584. 

  584.             5 => 'NET_SSH2_MSG_SERVICE_REQUEST',
    585. 

  585.             6 => 'NET_SSH2_MSG_SERVICE_ACCEPT',
    586. 

  586.             20 => 'NET_SSH2_MSG_KEXINIT',
    587. 

  587.             21 => 'NET_SSH2_MSG_NEWKEYS',
    588. 

  588.             30 => 'NET_SSH2_MSG_KEXDH_INIT',
    589. 

  589.             31 => 'NET_SSH2_MSG_KEXDH_REPLY',
    590. 

  590.             50 => 'NET_SSH2_MSG_USERAUTH_REQUEST',
    591. 

  591.             51 => 'NET_SSH2_MSG_USERAUTH_FAILURE',
    592. 

  592.             52 => 'NET_SSH2_MSG_USERAUTH_SUCCESS',
    593. 

  593.             53 => 'NET_SSH2_MSG_USERAUTH_BANNER',
    594. 

  594. 

  595.             80 => 'NET_SSH2_MSG_GLOBAL_REQUEST',
    596. 

  596.             81 => 'NET_SSH2_MSG_REQUEST_SUCCESS',
    597. 

  597.             82 => 'NET_SSH2_MSG_REQUEST_FAILURE',
    598. 

  598.             90 => 'NET_SSH2_MSG_CHANNEL_OPEN',
    599. 

  599.             91 => 'NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION',
    600. 

  600.             92 => 'NET_SSH2_MSG_CHANNEL_OPEN_FAILURE',
    601. 

  601.             93 => 'NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST',
    602. 

  602.             94 => 'NET_SSH2_MSG_CHANNEL_DATA',
    603. 

  603.             95 => 'NET_SSH2_MSG_CHANNEL_EXTENDED_DATA',
    604. 

  604.             96 => 'NET_SSH2_MSG_CHANNEL_EOF',
    605. 

  605.             97 => 'NET_SSH2_MSG_CHANNEL_CLOSE',
    606. 

  606.             98 => 'NET_SSH2_MSG_CHANNEL_REQUEST',
    607. 

  607.             99 => 'NET_SSH2_MSG_CHANNEL_SUCCESS',
    608. 

  608.             100 => 'NET_SSH2_MSG_CHANNEL_FAILURE'
    609. 

  609.         );
    610. 

  610.         $this->disconnect_reasons = array(
    611. 

  611.             1 => 'NET_SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT',
    612. 

  612.             2 => 'NET_SSH2_DISCONNECT_PROTOCOL_ERROR',
    613. 

  613.             3 => 'NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED',
    614. 

  614.             4 => 'NET_SSH2_DISCONNECT_RESERVED',
    615. 

  615.             5 => 'NET_SSH2_DISCONNECT_MAC_ERROR',
    616. 

  616.             6 => 'NET_SSH2_DISCONNECT_COMPRESSION_ERROR',
    617. 

  617.             7 => 'NET_SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE',
    618. 

  618.             8 => 'NET_SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED',
    619. 

  619.             9 => 'NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE',
    620. 

  620.             10 => 'NET_SSH2_DISCONNECT_CONNECTION_LOST',
    621. 

  621.             11 => 'NET_SSH2_DISCONNECT_BY_APPLICATION',
    622. 

  622.             12 => 'NET_SSH2_DISCONNECT_TOO_MANY_CONNECTIONS',
    623. 

  623.             13 => 'NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER',
    624. 

  624.             14 => 'NET_SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE',
    625. 

  625.             15 => 'NET_SSH2_DISCONNECT_ILLEGAL_USER_NAME'
    626. 

  626.         );
    627. 

  627.         $this->channel_open_failure_reasons = array(
    628. 

  628.             1 => 'NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED'
    629. 

  629.         );
    630. 

  630.         $this->terminal_modes = array(
    631. 

  631.             0 => 'NET_SSH2_TTY_OP_END'
    632. 

  632.         );
    633. 

  633.         $this->channel_extended_data_type_codes = array(
    634. 

  634.             1 => 'NET_SSH2_EXTENDED_DATA_STDERR'
    635. 

  635.         );
    636. 

  636. 

  637.         $this->_define_array(
    638. 

  638.             $this->message_numbers,
    639. 

  639.             $this->disconnect_reasons,
    640. 

  640.             $this->channel_open_failure_reasons,
    641. 

  641.             $this->terminal_modes,
    642. 

  642.             $this->channel_extended_data_type_codes,
    643. 

  643.             array(60 => 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ'),
    644. 

  644.             array(60 => 'NET_SSH2_MSG_USERAUTH_PK_OK')
    645. 

  645.         );
    646. 

  646. 

  647.         $this->fsock = @fsockopen($host, $port, $errno, $errstr, $timeout);
    648. 

  648.         if (!$this->fsock) {
    649. 

  649.             user_error(rtrim("Cannot connect to $host. Error $errno. $errstr"), E_USER_NOTICE);
    650. 

  650.             return;
    651. 

  651.         }
    652. 

  652. 

  653.         /* According to the SSH2 specs,
    654. 

    655. 

  655.           "The server MAY send other lines of data before sending the version
    656. 

  656.            string.  Each line SHOULD be terminated by a Carriage Return and Line
    657. 

  657.            Feed.  Such lines MUST NOT begin with "SSH-", and SHOULD be encoded
    658. 

  658.            in ISO-10646 UTF-8 [RFC3629] (language is not specified).  Clients
    659. 

  659.            MUST be able to process such lines." */
    660. 

  660.         $temp = '';
    661. 

  661.         $extra = '';
    662. 

  662.         while (!feof($this->fsock) && !preg_match('#^SSH-(\d\.\d+)#', $temp, $matches)) {
    663. 

  663.             if (substr($temp, -2) == "\r\n") {
    664. 

  664.                 $extra.= $temp;
    665. 

  665.                 $temp = '';
    666. 

  666.             }
    667. 

  667.             $temp.= fgets($this->fsock, 255);
    668. 

  668.         }
    669. 

  669. 

  670.         $ext = array();
    671. 

  671.         if (extension_loaded('mcrypt')) {
    672. 

  672.             $ext[] = 'mcrypt';
    673. 

  673.         }
    674. 

  674.         if (extension_loaded('gmp')) {
    675. 

  675.             $ext[] = 'gmp';
    676. 

  676.         } else if (extension_loaded('bcmath')) {
    677. 

  677.             $ext[] = 'bcmath';
    678. 

  678.         }
    679. 

  679. 

  680.         if (!empty($ext)) {
    681. 

  681.             $this->identifier.= ' (' . implode(', ', $ext) . ')';
    682. 

  682.         }
    683. 

  683. 

  684.         if (defined('NET_SSH2_LOGGING')) {
    685. 

  685.             $this->message_number_log[] = '<-';
    686. 

  686.             $this->message_number_log[] = '->';
    687. 

  687. 

  688.             if (NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    689. 

  689.                 $this->message_log[] = $temp;
    690. 

  690.                 $this->message_log[] = $this->identifier . "\r\n";
    691. 

  691.             }
    692. 

  692.         }
    693. 

  693. 

  694.         $this->server_identifier = trim($temp, "\r\n");
    695. 

  695.         if (!empty($extra)) {
    696. 

  696.             $this->errors[] = utf8_decode($extra);
    697. 

  697.         }
    698. 

  698. 

  699.         if ($matches[1] != '1.99' && $matches[1] != '2.0') {
    700. 

  700.             user_error("Cannot connect to SSH $matches[1] servers", E_USER_NOTICE);
    701. 

  701.             return;
    702. 

  702.         }
    703. 

  703. 

  704.         fputs($this->fsock, $this->identifier . "\r\n");
    705. 

  705. 

  706.         $response = $this->_get_binary_packet();
    707. 

  707.         if ($response === false) {
    708. 

  708.             user_error('Connection closed by server', E_USER_NOTICE);
    709. 

  709.             return;
    710. 

  710.         }
    711. 

  711. 

  712.         if (ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
    713. 

  713.             user_error('Expected SSH_MSG_KEXINIT', E_USER_NOTICE);
    714. 

  714.             return;
    715. 

  715.         }
    716. 

  716. 

  717.         if (!$this->_key_exchange($response)) {
    718. 

  718.             return;
    719. 

  719.         }
    720. 

  720. 

  721.         $this->bitmap = NET_SSH2_MASK_CONSTRUCTOR;
    722. 

  722.     }
    723. 

  723. 

  724.     /**
    725. 

  725.      * Key Exchange
    726. 

  726.      *
    727. 

  727.      * @param String $kexinit_payload_server
    728. 

  728.      * @access private
    729. 

  729.      */
    730. 

  730.     function _key_exchange($kexinit_payload_server)
    731. 

  731.     {
    732. 

  732.         static $kex_algorithms = array(
    733. 

  733.             'diffie-hellman-group1-sha1', // REQUIRED
    734. 

  734.             'diffie-hellman-group14-sha1' // REQUIRED
    735. 

  735.         );
    736. 

  736. 

  737.         static $server_host_key_algorithms = array(
    738. 

  738.             'ssh-rsa', // RECOMMENDED  sign   Raw RSA Key
    739. 

  739.             'ssh-dss'  // REQUIRED     sign   Raw DSS Key
    740. 

  740.         );
    741. 

  741. 

  742.         static $encryption_algorithms = array(
    743. 

  743.             // from <http://tools.ietf.org/html/rfc4345#section-4>:
    744. 

  744.             'arcfour256',
    745. 

  745.             'arcfour128',
    746. 

  746. 

  747.             'arcfour',    // OPTIONAL          the ARCFOUR stream cipher with a 128-bit key
    748. 

  748. 

  749.             'aes128-cbc', // RECOMMENDED       AES with a 128-bit key
    750. 

  750.             'aes192-cbc', // OPTIONAL          AES with a 192-bit key
    751. 

  751.             'aes256-cbc', // OPTIONAL          AES in CBC mode, with a 256-bit key
    752. 

  752. 

  753.             // from <http://tools.ietf.org/html/rfc4344#section-4>:
    754. 

  754.             'aes128-ctr', // RECOMMENDED       AES (Rijndael) in SDCTR mode, with 128-bit key
    755. 

  755.             'aes192-ctr', // RECOMMENDED       AES with 192-bit key
    756. 

  756.             'aes256-ctr', // RECOMMENDED       AES with 256-bit key
    757. 

  757.             '3des-ctr',   // RECOMMENDED       Three-key 3DES in SDCTR mode
    758. 

  758. 

  759.             '3des-cbc',   // REQUIRED          three-key 3DES in CBC mode
    760. 

  760.             'none'        // OPTIONAL          no encryption; NOT RECOMMENDED
    761. 

  761.         );
    762. 

  762. 

  763.         static $mac_algorithms = array(
    764. 

  764.             'hmac-sha1-96', // RECOMMENDED     first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)
    765. 

  765.             'hmac-sha1',    // REQUIRED        HMAC-SHA1 (digest length = key length = 20)
    766. 

  766.             'hmac-md5-96',  // OPTIONAL        first 96 bits of HMAC-MD5 (digest length = 12, key length = 16)
    767. 

  767.             'hmac-md5',     // OPTIONAL        HMAC-MD5 (digest length = key length = 16)
    768. 

  768.             'none'          // OPTIONAL        no MAC; NOT RECOMMENDED
    769. 

  769.         );
    770. 

  770. 

  771.         static $compression_algorithms = array(
    772. 

  772.             'none'   // REQUIRED        no compression
    773. 

  773.             //'zlib' // OPTIONAL        ZLIB (LZ77) compression
    774. 

  774.         );
    775. 

  775. 

  776.         static $str_kex_algorithms, $str_server_host_key_algorithms,
    777. 

  777.                $encryption_algorithms_server_to_client, $mac_algorithms_server_to_client, $compression_algorithms_server_to_client,
    778. 

  778.                $encryption_algorithms_client_to_server, $mac_algorithms_client_to_server, $compression_algorithms_client_to_server;
    779. 

  779. 

  780.         if (empty($str_kex_algorithms)) {
    781. 

  781.             $str_kex_algorithms = implode(',', $kex_algorithms);
    782. 

  782.             $str_server_host_key_algorithms = implode(',', $server_host_key_algorithms);
    783. 

  783.             $encryption_algorithms_server_to_client = $encryption_algorithms_client_to_server = implode(',', $encryption_algorithms);
    784. 

  784.             $mac_algorithms_server_to_client = $mac_algorithms_client_to_server = implode(',', $mac_algorithms);
    785. 

  785.             $compression_algorithms_server_to_client = $compression_algorithms_client_to_server = implode(',', $compression_algorithms);
    786. 

  786.         }
    787. 

  787. 

  788.         $client_cookie = '';
    789. 

  789.         for ($i = 0; $i < 16; $i++) {
    790. 

  790.             $client_cookie.= chr(crypt_random(0, 255));
    791. 

  791.         }
    792. 

  792. 

  793.         $response = $kexinit_payload_server;
    794. 

  794.         $this->_string_shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT)
    795. 

  795.         $server_cookie = $this->_string_shift($response, 16);
    796. 

  796. 

  797.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    798. 

  798.         $this->kex_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
    799. 

  799. 

  800.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    801. 

  801.         $this->server_host_key_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
    802. 

  802. 

  803.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    804. 

  804.         $this->encryption_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    805. 

  805. 

  806.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    807. 

  807.         $this->encryption_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    808. 

  808. 

  809.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    810. 

  810.         $this->mac_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    811. 

  811. 

  812.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    813. 

  813.         $this->mac_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    814. 

  814. 

  815.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    816. 

  816.         $this->compression_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    817. 

  817. 

  818.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    819. 

  819.         $this->compression_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    820. 

  820. 

  821.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    822. 

  822.         $this->languages_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    823. 

  823. 

  824.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    825. 

  825.         $this->languages_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    826. 

  826. 

  827.         extract(unpack('Cfirst_kex_packet_follows', $this->_string_shift($response, 1)));
    828. 

  828.         $first_kex_packet_follows = $first_kex_packet_follows != 0;
    829. 

  829. 

  830.         // the sending of SSH2_MSG_KEXINIT could go in one of two places.  this is the second place.
    831. 

  831.         $kexinit_payload_client = pack('Ca*Na*Na*Na*Na*Na*Na*Na*Na*Na*Na*CN',
    832. 

  832.             NET_SSH2_MSG_KEXINIT, $client_cookie, strlen($str_kex_algorithms), $str_kex_algorithms,
    833. 

  833.             strlen($str_server_host_key_algorithms), $str_server_host_key_algorithms, strlen($encryption_algorithms_client_to_server),
    834. 

  834.             $encryption_algorithms_client_to_server, strlen($encryption_algorithms_server_to_client), $encryption_algorithms_server_to_client,
    835. 

  835.             strlen($mac_algorithms_client_to_server), $mac_algorithms_client_to_server, strlen($mac_algorithms_server_to_client),
    836. 

  836.             $mac_algorithms_server_to_client, strlen($compression_algorithms_client_to_server), $compression_algorithms_client_to_server,
    837. 

  837.             strlen($compression_algorithms_server_to_client), $compression_algorithms_server_to_client, 0, '', 0, '',
    838. 

  838.             0, 0
    839. 

  839.         );
    840. 

  840. 

  841.         if (!$this->_send_binary_packet($kexinit_payload_client)) {
    842. 

  842.             return false;
    843. 

  843.         }
    844. 

  844.         // here ends the second place.
    845. 

  845. 

  846.         // we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange
    847. 

  847.         for ($i = 0; $i < count($encryption_algorithms) && !in_array($encryption_algorithms[$i], $this->encryption_algorithms_server_to_client); $i++);
    848. 

  848.         if ($i == count($encryption_algorithms)) {
    849. 

  849.             user_error('No compatible server to client encryption algorithms found', E_USER_NOTICE);
    850. 

  850.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    851. 

  851.         }
    852. 

  852. 

  853.         // we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the
    854. 

  854.         // diffie-hellman key exchange as fast as possible
    855. 

  855.         $decrypt = $encryption_algorithms[$i];
    856. 

  856.         switch ($decrypt) {
    857. 

  857.             case '3des-cbc':
    858. 

  858.             case '3des-ctr':
    859. 

  859.                 $decryptKeyLength = 24; // eg. 192 / 8
    860. 

  860.                 break;
    861. 

  861.             case 'aes256-cbc':
    862. 

  862.             case 'aes256-ctr':
    863. 

  863.                 $decryptKeyLength = 32; // eg. 256 / 8
    864. 

  864.                 break;
    865. 

  865.             case 'aes192-cbc':
    866. 

  866.             case 'aes192-ctr':
    867. 

  867.                 $decryptKeyLength = 24; // eg. 192 / 8
    868. 

  868.                 break;
    869. 

  869.             case 'aes128-cbc':
    870. 

  870.             case 'aes128-ctr':
    871. 

  871.                 $decryptKeyLength = 16; // eg. 128 / 8
    872. 

  872.                 break;
    873. 

  873.             case 'arcfour':
    874. 

  874.             case 'arcfour128':
    875. 

  875.                 $decryptKeyLength = 16; // eg. 128 / 8
    876. 

  876.                 break;
    877. 

  877.             case 'arcfour256':
    878. 

  878.                 $decryptKeyLength = 32; // eg. 128 / 8
    879. 

  879.                 break;
    880. 

  880.             case 'none';
    881. 

  881.                 $decryptKeyLength = 0;
    882. 

  882.         }
    883. 

  883. 

  884.         for ($i = 0; $i < count($encryption_algorithms) && !in_array($encryption_algorithms[$i], $this->encryption_algorithms_client_to_server); $i++);
    885. 

  885.         if ($i == count($encryption_algorithms)) {
    886. 

  886.             user_error('No compatible client to server encryption algorithms found', E_USER_NOTICE);
    887. 

  887.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    888. 

  888.         }
    889. 

  889. 

  890.         $encrypt = $encryption_algorithms[$i];
    891. 

  891.         switch ($encrypt) {
    892. 

  892.             case '3des-cbc':
    893. 

  893.             case '3des-ctr':
    894. 

  894.                 $encryptKeyLength = 24;
    895. 

  895.                 break;
    896. 

  896.             case 'aes256-cbc':
    897. 

  897.             case 'aes256-ctr':
    898. 

  898.                 $encryptKeyLength = 32;
    899. 

  899.                 break;
    900. 

  900.             case 'aes192-cbc':
    901. 

  901.             case 'aes192-ctr':
    902. 

  902.                 $encryptKeyLength = 24;
    903. 

  903.                 break;
    904. 

  904.             case 'aes128-cbc':
    905. 

  905.             case 'aes128-ctr':
    906. 

  906.                 $encryptKeyLength = 16;
    907. 

  907.                 break;
    908. 

  908.             case 'arcfour':
    909. 

  909.             case 'arcfour128':
    910. 

  910.                 $encryptKeyLength = 16;
    911. 

  911.                 break;
    912. 

  912.             case 'arcfour256':
    913. 

  913.                 $encryptKeyLength = 32;
    914. 

  914.                 break;
    915. 

  915.             case 'none';
    916. 

  916.                 $encryptKeyLength = 0;
    917. 

  917.         }
    918. 

  918. 

  919.         $keyLength = $decryptKeyLength > $encryptKeyLength ? $decryptKeyLength : $encryptKeyLength;
    920. 

  920. 

  921.         // through diffie-hellman key exchange a symmetric key is obtained
    922. 

  922.         for ($i = 0; $i < count($kex_algorithms) && !in_array($kex_algorithms[$i], $this->kex_algorithms); $i++);
    923. 

  923.         if ($i == count($kex_algorithms)) {
    924. 

  924.             user_error('No compatible key exchange algorithms found', E_USER_NOTICE);
    925. 

  925.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    926. 

  926.         }
    927. 

  927. 

  928.         switch ($kex_algorithms[$i]) {
    929. 

  929.             // see http://tools.ietf.org/html/rfc2409#section-6.2 and 
    930. 

  930.             // http://tools.ietf.org/html/rfc2412, appendex E
    931. 

  931.             case 'diffie-hellman-group1-sha1':
    932. 

  932.                 $p = pack('H256', 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . 
    933. 

  933.                                   '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . 
    934. 

  934.                                   '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . 
    935. 

  935.                                   'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF');
    936. 

  936.                 $keyLength = $keyLength < 160 ? $keyLength : 160;
    937. 

  937.                 $hash = 'sha1';
    938. 

  938.                 break;
    939. 

  939.             // see http://tools.ietf.org/html/rfc3526#section-3
    940. 

  940.             case 'diffie-hellman-group14-sha1':
    941. 

  941.                 $p = pack('H512', 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . 
    942. 

  942.                                   '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . 
    943. 

  943.                                   '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . 
    944. 

  944.                                   'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . 
    945. 

  945.                                   '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . 
    946. 

  946.                                   '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . 
    947. 

  947.                                   'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . 
    948. 

  948.                                   '3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF');
    949. 

  949.                 $keyLength = $keyLength < 160 ? $keyLength : 160;
    950. 

  950.                 $hash = 'sha1';
    951. 

  951.         }
    952. 

  952. 

  953.         $p = new Math_BigInteger($p, 256);
    954. 

  954.         //$q = $p->bitwise_rightShift(1);
    955. 

  955. 

  956.         /* To increase the speed of the key exchange, both client and server may
    957. 

  957.            reduce the size of their private exponents.  It should be at least
    958. 

  958.            twice as long as the key material that is generated from the shared
    959. 

  959.            secret.  For more details, see the paper by van Oorschot and Wiener
    960. 

  960.            [VAN-OORSCHOT].
    961. 

    962. 

  962.            -- http://tools.ietf.org/html/rfc4419#section-6.2 */
    963. 

  963.         $q = new Math_BigInteger(1);
    964. 

  964.         $q = $q->bitwise_leftShift(2 * $keyLength);
    965. 

  965.         $q = $q->subtract(new Math_BigInteger(1));
    966. 

  966. 

  967.         $g = new Math_BigInteger(2);
    968. 

  968.         $x = new Math_BigInteger();
    969. 

  969.         $x->setRandomGenerator('crypt_random');
    970. 

  970.         $x = $x->random(new Math_BigInteger(1), $q);
    971. 

  971.         $e = $g->modPow($x, $p);
    972. 

  972. 

  973.         $eBytes = $e->toBytes(true);
    974. 

  974.         $data = pack('CNa*', NET_SSH2_MSG_KEXDH_INIT, strlen($eBytes), $eBytes);
    975. 

  975. 

  976.         if (!$this->_send_binary_packet($data)) {
    977. 

  977.             user_error('Connection closed by server', E_USER_NOTICE);
    978. 

  978.             return false;
    979. 

  979.         }
    980. 

  980. 

  981.         $response = $this->_get_binary_packet();
    982. 

  982.         if ($response === false) {
    983. 

  983.             user_error('Connection closed by server', E_USER_NOTICE);
    984. 

  984.             return false;
    985. 

  985.         }
    986. 

  986.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    987. 

  987. 

  988.         if ($type != NET_SSH2_MSG_KEXDH_REPLY) {
    989. 

  989.             user_error('Expected SSH_MSG_KEXDH_REPLY', E_USER_NOTICE);
    990. 

  990.             return false;
    991. 

  991.         }
    992. 

  992. 

  993.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    994. 

  994.         $this->server_public_host_key = $server_public_host_key = $this->_string_shift($response, $temp['length']);
    995. 

  995. 

  996.         $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    997. 

  997.         $public_key_format = $this->_string_shift($server_public_host_key, $temp['length']);
    998. 

  998. 

  999.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    1000. 

  1000.         $fBytes = $this->_string_shift($response, $temp['length']);
    1001. 

  1001.         $f = new Math_BigInteger($fBytes, -256);
    1002. 

  1002. 

  1003.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    1004. 

  1004.         $this->signature = $this->_string_shift($response, $temp['length']);
    1005. 

  1005. 

  1006.         $temp = unpack('Nlength', $this->_string_shift($this->signature, 4));
    1007. 

  1007.         $this->signature_format = $this->_string_shift($this->signature, $temp['length']);
    1008. 

  1008. 

  1009.         $key = $f->modPow($x, $p);
    1010. 

  1010.         $keyBytes = $key->toBytes(true);
    1011. 

  1011. 

  1012.         if ($this->session_id === false) {
    1013. 

  1013.             $source = pack('Na*Na*Na*Na*Na*Na*Na*Na*',
    1014. 

  1014.                 strlen($this->identifier), $this->identifier, strlen($this->server_identifier), $this->server_identifier,
    1015. 

  1015.                 strlen($kexinit_payload_client), $kexinit_payload_client, strlen($kexinit_payload_server),
    1016. 

  1016.                 $kexinit_payload_server, strlen($this->server_public_host_key), $this->server_public_host_key, strlen($eBytes),
    1017. 

  1017.                 $eBytes, strlen($fBytes), $fBytes, strlen($keyBytes), $keyBytes
    1018. 

  1018.             );
    1019. 

  1019. 

  1020.             $source = pack('H*', $hash($source));
    1021. 

  1021. 

  1022.             $this->session_id = $source;
    1023. 

  1023.         }
    1024. 

  1024. 

  1025.         for ($i = 0; $i < count($server_host_key_algorithms) && !in_array($server_host_key_algorithms[$i], $this->server_host_key_algorithms); $i++);
    1026. 

  1026.         if ($i == count($server_host_key_algorithms)) {
    1027. 

  1027.             user_error('No compatible server host key algorithms found', E_USER_NOTICE);
    1028. 

  1028.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1029. 

  1029.         }
    1030. 

  1030. 

  1031.         if ($public_key_format != $server_host_key_algorithms[$i] || $this->signature_format != $server_host_key_algorithms[$i]) {
    1032. 

  1032.             user_error('Sever Host Key Algorithm Mismatch', E_USER_NOTICE);
    1033. 

  1033.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1034. 

  1034.         }
    1035. 

  1035. 

  1036.         $packet = pack('C',
    1037. 

  1037.             NET_SSH2_MSG_NEWKEYS
    1038. 

  1038.         );
    1039. 

  1039. 

  1040.         if (!$this->_send_binary_packet($packet)) {
    1041. 

  1041.             return false;
    1042. 

  1042.         }
    1043. 

  1043. 

  1044.         $response = $this->_get_binary_packet();
    1045. 

  1045. 

  1046.         if ($response === false) {
    1047. 

  1047.             user_error('Connection closed by server', E_USER_NOTICE);
    1048. 

  1048.             return false;
    1049. 

  1049.         }
    1050. 

  1050. 

  1051.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1052. 

  1052. 

  1053.         if ($type != NET_SSH2_MSG_NEWKEYS) {
    1054. 

  1054.             user_error('Expected SSH_MSG_NEWKEYS', E_USER_NOTICE);
    1055. 

  1055.             return false;
    1056. 

  1056.         }
    1057. 

  1057. 

  1058.         switch ($encrypt) {
    1059. 

  1059.             case '3des-cbc':
    1060. 

  1060.                 $this->encrypt = new Crypt_TripleDES();
    1061. 

  1061.                 // $this->encrypt_block_size = 64 / 8 == the default
    1062. 

  1062.                 break;
    1063. 

  1063.             case '3des-ctr':
    1064. 

  1064.                 $this->encrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR);
    1065. 

  1065.                 // $this->encrypt_block_size = 64 / 8 == the default
    1066. 

  1066.                 break;
    1067. 

  1067.             case 'aes256-cbc':
    1068. 

  1068.             case 'aes192-cbc':
    1069. 

  1069.             case 'aes128-cbc':
    1070. 

  1070.                 $this->encrypt = new Crypt_AES();
    1071. 

  1071.                 $this->encrypt_block_size = 16; // eg. 128 / 8
    1072. 

  1072.                 break;
    1073. 

  1073.             case 'aes256-ctr':
    1074. 

  1074.             case 'aes192-ctr':
    1075. 

  1075.             case 'aes128-ctr':
    1076. 

  1076.                 $this->encrypt = new Crypt_AES(CRYPT_AES_MODE_CTR);
    1077. 

  1077.                 $this->encrypt_block_size = 16; // eg. 128 / 8
    1078. 

  1078.                 break;
    1079. 

  1079.             case 'arcfour':
    1080. 

  1080.             case 'arcfour128':
    1081. 

  1081.             case 'arcfour256':
    1082. 

  1082.                 $this->encrypt = new Crypt_RC4();
    1083. 

  1083.                 break;
    1084. 

  1084.             case 'none';
    1085. 

  1085.                 //$this->encrypt = new Crypt_Null();
    1086. 

  1086.         }
    1087. 

  1087. 

  1088.         switch ($decrypt) {
    1089. 

  1089.             case '3des-cbc':
    1090. 

  1090.                 $this->decrypt = new Crypt_TripleDES();
    1091. 

  1091.                 break;
    1092. 

  1092.             case '3des-ctr':
    1093. 

  1093.                 $this->decrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR);
    1094. 

  1094.                 break;
    1095. 

  1095.             case 'aes256-cbc':
    1096. 

  1096.             case 'aes192-cbc':
    1097. 

  1097.             case 'aes128-cbc':
    1098. 

  1098.                 $this->decrypt = new Crypt_AES();
    1099. 

  1099.                 $this->decrypt_block_size = 16;
    1100. 

  1100.                 break;
    1101. 

  1101.             case 'aes256-ctr':
    1102. 

  1102.             case 'aes192-ctr':
    1103. 

  1103.             case 'aes128-ctr':
    1104. 

  1104.                 $this->decrypt = new Crypt_AES(CRYPT_AES_MODE_CTR);
    1105. 

  1105.                 $this->decrypt_block_size = 16;
    1106. 

  1106.                 break;
    1107. 

  1107.             case 'arcfour':
    1108. 

  1108.             case 'arcfour128':
    1109. 

  1109.             case 'arcfour256':
    1110. 

  1110.                 $this->decrypt = new Crypt_RC4();
    1111. 

  1111.                 break;
    1112. 

  1112.             case 'none';
    1113. 

  1113.                 //$this->decrypt = new Crypt_Null();
    1114. 

  1114.         }
    1115. 

  1115. 

  1116.         $keyBytes = pack('Na*', strlen($keyBytes), $keyBytes);
    1117. 

  1117. 

  1118.         if ($this->encrypt) {
    1119. 

  1119.             $this->encrypt->enableContinuousBuffer();
    1120. 

  1120.             $this->encrypt->disablePadding();
    1121. 

  1121. 

  1122.             $iv = pack('H*', $hash($keyBytes . $this->session_id . 'A' . $this->session_id));
    1123. 

  1123.             while ($this->encrypt_block_size > strlen($iv)) {
    1124. 

  1124.                 $iv.= pack('H*', $hash($keyBytes . $this->session_id . $iv));
    1125. 

  1125.             }
    1126. 

  1126.             $this->encrypt->setIV(substr($iv, 0, $this->encrypt_block_size));
    1127. 

  1127. 

  1128.             $key = pack('H*', $hash($keyBytes . $this->session_id . 'C' . $this->session_id));
    1129. 

  1129.             while ($encryptKeyLength > strlen($key)) {
    1130. 

  1130.                 $key.= pack('H*', $hash($keyBytes . $this->session_id . $key));
    1131. 

  1131.             }
    1132. 

  1132.             $this->encrypt->setKey(substr($key, 0, $encryptKeyLength));
    1133. 

  1133.         }
    1134. 

  1134. 

  1135.         if ($this->decrypt) {
    1136. 

  1136.             $this->decrypt->enableContinuousBuffer();
    1137. 

  1137.             $this->decrypt->disablePadding();
    1138. 

  1138. 

  1139.             $iv = pack('H*', $hash($keyBytes . $this->session_id . 'B' . $this->session_id));
    1140. 

  1140.             while ($this->decrypt_block_size > strlen($iv)) {
    1141. 

  1141.                 $iv.= pack('H*', $hash($keyBytes . $this->session_id . $iv));
    1142. 

  1142.             }
    1143. 

  1143.             $this->decrypt->setIV(substr($iv, 0, $this->decrypt_block_size));
    1144. 

  1144. 

  1145.             $key = pack('H*', $hash($keyBytes . $this->session_id . 'D' . $this->session_id));
    1146. 

  1146.             while ($decryptKeyLength > strlen($key)) {
    1147. 

  1147.                 $key.= pack('H*', $hash($keyBytes . $this->session_id . $key));
    1148. 

  1148.             }
    1149. 

  1149.             $this->decrypt->setKey(substr($key, 0, $decryptKeyLength));
    1150. 

  1150.         }
    1151. 

  1151. 

  1152.         /* The "arcfour128" algorithm is the RC4 cipher, as described in
    1153. 

  1153.            [SCHNEIER], using a 128-bit key.  The first 1536 bytes of keystream
    1154. 

  1154.            generated by the cipher MUST be discarded, and the first byte of the
    1155. 

  1155.            first encrypted packet MUST be encrypted using the 1537th byte of
    1156. 

  1156.            keystream.
    1157. 

    1158. 

  1158.            -- http://tools.ietf.org/html/rfc4345#section-4 */
    1159. 

  1159.         if ($encrypt == 'arcfour128' || $encrypt == 'arcfour256') {
    1160. 

  1160.             $this->encrypt->encrypt(str_repeat("\0", 1536));
    1161. 

  1161.         }
    1162. 

  1162.         if ($decrypt == 'arcfour128' || $decrypt == 'arcfour256') {
    1163. 

  1163.             $this->decrypt->decrypt(str_repeat("\0", 1536));
    1164. 

  1164.         }
    1165. 

  1165. 

  1166.         for ($i = 0; $i < count($mac_algorithms) && !in_array($mac_algorithms[$i], $this->mac_algorithms_client_to_server); $i++);
    1167. 

  1167.         if ($i == count($mac_algorithms)) {
    1168. 

  1168.             user_error('No compatible client to server message authentication algorithms found', E_USER_NOTICE);
    1169. 

  1169.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1170. 

  1170.         }
    1171. 

  1171. 

  1172.         $createKeyLength = 0; // ie. $mac_algorithms[$i] == 'none'
    1173. 

  1173.         switch ($mac_algorithms[$i]) {
    1174. 

  1174.             case 'hmac-sha1':
    1175. 

  1175.                 $this->hmac_create = new Crypt_Hash('sha1');
    1176. 

  1176.                 $createKeyLength = 20;
    1177. 

  1177.                 break;
    1178. 

  1178.             case 'hmac-sha1-96':
    1179. 

  1179.                 $this->hmac_create = new Crypt_Hash('sha1-96');
    1180. 

  1180.                 $createKeyLength = 20;
    1181. 

  1181.                 break;
    1182. 

  1182.             case 'hmac-md5':
    1183. 

  1183.                 $this->hmac_create = new Crypt_Hash('md5');
    1184. 

  1184.                 $createKeyLength = 16;
    1185. 

  1185.                 break;
    1186. 

  1186.             case 'hmac-md5-96':
    1187. 

  1187.                 $this->hmac_create = new Crypt_Hash('md5-96');
    1188. 

  1188.                 $createKeyLength = 16;
    1189. 

  1189.         }
    1190. 

  1190. 

  1191.         for ($i = 0; $i < count($mac_algorithms) && !in_array($mac_algorithms[$i], $this->mac_algorithms_server_to_client); $i++);
    1192. 

  1192.         if ($i == count($mac_algorithms)) {
    1193. 

  1193.             user_error('No compatible server to client message authentication algorithms found', E_USER_NOTICE);
    1194. 

  1194.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1195. 

  1195.         }
    1196. 

  1196. 

  1197.         $checkKeyLength = 0;
    1198. 

  1198.         $this->hmac_size = 0;
    1199. 

  1199.         switch ($mac_algorithms[$i]) {
    1200. 

  1200.             case 'hmac-sha1':
    1201. 

  1201.                 $this->hmac_check = new Crypt_Hash('sha1');
    1202. 

  1202.                 $checkKeyLength = 20;
    1203. 

  1203.                 $this->hmac_size = 20;
    1204. 

  1204.                 break;
    1205. 

  1205.             case 'hmac-sha1-96':
    1206. 

  1206.                 $this->hmac_check = new Crypt_Hash('sha1-96');
    1207. 

  1207.                 $checkKeyLength = 20;
    1208. 

  1208.                 $this->hmac_size = 12;
    1209. 

  1209.                 break;
    1210. 

  1210.             case 'hmac-md5':
    1211. 

  1211.                 $this->hmac_check = new Crypt_Hash('md5');
    1212. 

  1212.                 $checkKeyLength = 16;
    1213. 

  1213.                 $this->hmac_size = 16;
    1214. 

  1214.                 break;
    1215. 

  1215.             case 'hmac-md5-96':
    1216. 

  1216.                 $this->hmac_check = new Crypt_Hash('md5-96');
    1217. 

  1217.                 $checkKeyLength = 16;
    1218. 

  1218.                 $this->hmac_size = 12;
    1219. 

  1219.         }
    1220. 

  1220. 

  1221.         $key = pack('H*', $hash($keyBytes . $this->session_id . 'E' . $this->session_id));
    1222. 

  1222.         while ($createKeyLength > strlen($key)) {
    1223. 

  1223.             $key.= pack('H*', $hash($keyBytes . $this->session_id . $key));
    1224. 

  1224.         }
    1225. 

  1225.         $this->hmac_create->setKey(substr($key, 0, $createKeyLength));
    1226. 

  1226. 

  1227.         $key = pack('H*', $hash($keyBytes . $this->session_id . 'F' . $this->session_id));
    1228. 

  1228.         while ($checkKeyLength > strlen($key)) {
    1229. 

  1229.             $key.= pack('H*', $hash($keyBytes . $this->session_id . $key));
    1230. 

  1230.         }
    1231. 

  1231.         $this->hmac_check->setKey(substr($key, 0, $checkKeyLength));
    1232. 

  1232. 

  1233.         for ($i = 0; $i < count($compression_algorithms) && !in_array($compression_algorithms[$i], $this->compression_algorithms_server_to_client); $i++);
    1234. 

  1234.         if ($i == count($compression_algorithms)) {
    1235. 

  1235.             user_error('No compatible server to client compression algorithms found', E_USER_NOTICE);
    1236. 

  1236.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1237. 

  1237.         }
    1238. 

  1238.         $this->decompress = $compression_algorithms[$i] == 'zlib';
    1239. 

  1239. 

  1240.         for ($i = 0; $i < count($compression_algorithms) && !in_array($compression_algorithms[$i], $this->compression_algorithms_client_to_server); $i++);
    1241. 

  1241.         if ($i == count($compression_algorithms)) {
    1242. 

  1242.             user_error('No compatible client to server compression algorithms found', E_USER_NOTICE);
    1243. 

  1243.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1244. 

  1244.         }
    1245. 

  1245.         $this->compress = $compression_algorithms[$i] == 'zlib';
    1246. 

  1246. 

  1247.         return true;
    1248. 

  1248.     }
    1249. 

  1249. 

  1250.     /**
    1251. 

  1251.      * Login
    1252. 

  1252.      *
    1253. 

  1253.      * @param String $username
    1254. 

  1254.      * @param optional String $password
    1255. 

  1255.      * @return Boolean
    1256. 

  1256.      * @access public
    1257. 

  1257.      * @internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
    1258. 

  1258.      *           by sending dummy SSH_MSG_IGNORE messages.
    1259. 

  1259.      */
    1260. 

  1260.     function login($username, $password = '')
    1261. 

  1261.     {
    1262. 

  1262.         if (!($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR)) {
    1263. 

  1263.             return false;
    1264. 

  1264.         }
    1265. 

  1265. 

  1266.         $packet = pack('CNa*',
    1267. 

  1267.             NET_SSH2_MSG_SERVICE_REQUEST, strlen('ssh-userauth'), 'ssh-userauth'
    1268. 

  1268.         );
    1269. 

  1269. 

  1270.         if (!$this->_send_binary_packet($packet)) {
    1271. 

  1271.             return false;
    1272. 

  1272.         }
    1273. 

  1273. 

  1274.         $response = $this->_get_binary_packet();
    1275. 

  1275.         if ($response === false) {
    1276. 

  1276.             user_error('Connection closed by server', E_USER_NOTICE);
    1277. 

  1277.             return false;
    1278. 

  1278.         }
    1279. 

  1279. 

  1280.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1281. 

  1281. 

  1282.         if ($type != NET_SSH2_MSG_SERVICE_ACCEPT) {
    1283. 

  1283.             user_error('Expected SSH_MSG_SERVICE_ACCEPT', E_USER_NOTICE);
    1284. 

  1284.             return false;
    1285. 

  1285.         }
    1286. 

  1286. 

  1287.         // although PHP5's get_class() preserves the case, PHP4's does not
    1288. 

  1288.         if (is_object($password) && strtolower(get_class($password)) == 'crypt_rsa')  {
    1289. 

  1289.             return $this->_privatekey_login($username, $password);
    1290. 

  1290.         }
    1291. 

  1291. 

  1292.         $utf8_password = utf8_encode($password);
    1293. 

  1293.         $packet = pack('CNa*Na*Na*CNa*',
    1294. 

  1294.             NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
    1295. 

  1295.             strlen('password'), 'password', 0, strlen($utf8_password), $utf8_password
    1296. 

  1296.         );
    1297. 

  1297. 

  1298.         if (!$this->_send_binary_packet($packet)) {
    1299. 

  1299.             return false;
    1300. 

  1300.         }
    1301. 

  1301. 

  1302.         // remove the username and password from the last logged packet
    1303. 

  1303.         if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    1304. 

  1304.             $packet = pack('CNa*Na*Na*CNa*',
    1305. 

  1305.                 NET_SSH2_MSG_USERAUTH_REQUEST, strlen('username'), 'username', strlen('ssh-connection'), 'ssh-connection',
    1306. 

  1306.                 strlen('password'), 'password', 0, strlen('password'), 'password'
    1307. 

  1307.             );
    1308. 

  1308.             $this->message_log[count($this->message_log) - 1] = $packet;
    1309. 

  1309.         }
    1310. 

  1310. 

  1311.         $response = $this->_get_binary_packet();
    1312. 

  1312.         if ($response === false) {
    1313. 

  1313.             user_error('Connection closed by server', E_USER_NOTICE);
    1314. 

  1314.             return false;
    1315. 

  1315.         }
    1316. 

  1316. 

  1317.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1318. 

  1318. 

  1319.         switch ($type) {
    1320. 

  1320.             case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
    1321. 

  1321.                 if (defined('NET_SSH2_LOGGING')) {
    1322. 

  1322.                     $this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ';
    1323. 

  1323.                 }
    1324. 

  1324.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1325. 

  1325.                 $this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . utf8_decode($this->_string_shift($response, $length));
    1326. 

  1326.                 return $this->_disconnect(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
    1327. 

  1327.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1328. 

  1328.                 // either the login is bad or the server employees multi-factor authentication
    1329. 

  1329.                 return false;
    1330. 

  1330.             case NET_SSH2_MSG_USERAUTH_SUCCESS:
    1331. 

  1331.                 $this->bitmap |= NET_SSH2_MASK_LOGIN;
    1332. 

  1332.                 return true;
    1333. 

  1333.         }
    1334. 

  1334. 

  1335.         return false;
    1336. 

  1336.     }
    1337. 

  1337. 

  1338.     /**
    1339. 

  1339.      * Login with an RSA private key
    1340. 

  1340.      *
    1341. 

  1341.      * @param String $username
    1342. 

  1342.      * @param Crypt_RSA $password
    1343. 

  1343.      * @return Boolean
    1344. 

  1344.      * @access private
    1345. 

  1345.      * @internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
    1346. 

  1346.      *           by sending dummy SSH_MSG_IGNORE messages.
    1347. 

  1347.      */
    1348. 

  1348.     function _privatekey_login($username, $privatekey)
    1349. 

  1349.     {
    1350. 

  1350.         // see http://tools.ietf.org/html/rfc4253#page-15
    1351. 

  1351.         $publickey = $privatekey->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_RAW);
    1352. 

  1352.         if ($publickey === false) {
    1353. 

  1353.             return false;
    1354. 

  1354.         }
    1355. 

  1355. 

  1356.         $publickey = array(
    1357. 

  1357.             'e' => $publickey['e']->toBytes(true),
    1358. 

  1358.             'n' => $publickey['n']->toBytes(true)
    1359. 

  1359.         );
    1360. 

  1360.         $publickey = pack('Na*Na*Na*',
    1361. 

  1361.             strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey['e']), $publickey['e'], strlen($publickey['n']), $publickey['n']
    1362. 

  1362.         );
    1363. 

  1363. 

  1364.         $part1 = pack('CNa*Na*Na*',
    1365. 

  1365.             NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
    1366. 

  1366.             strlen('publickey'), 'publickey'
    1367. 

  1367.         );
    1368. 

  1368.         $part2 = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey), $publickey);
    1369. 

  1369. 

  1370.         $packet = $part1 . chr(0) . $part2;
    1371. 

  1371. 

  1372.         if (!$this->_send_binary_packet($packet)) {
    1373. 

  1373.             return false;
    1374. 

  1374.         }
    1375. 

  1375. 

  1376.         $response = $this->_get_binary_packet();
    1377. 

  1377.         if ($response === false) {
    1378. 

  1378.             user_error('Connection closed by server', E_USER_NOTICE);
    1379. 

  1379.             return false;
    1380. 

  1380.         }
    1381. 

  1381. 

  1382.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1383. 

  1383. 

  1384.         switch ($type) {
    1385. 

  1385.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1386. 

  1386.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1387. 

  1387.                 $this->errors[] = 'SSH_MSG_USERAUTH_FAILURE: ' . $this->_string_shift($response, $length);
    1388. 

  1388.                 return $this->_disconnect(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
    1389. 

  1389.             case NET_SSH2_MSG_USERAUTH_PK_OK:
    1390. 

  1390.                 // we'll just take it on faith that the public key blob and the public key algorithm name are as
    1391. 

  1391.                 // they should be
    1392. 

  1392.                 if (defined('NET_SSH2_LOGGING')) {
    1393. 

  1393.                     $this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PK_OK';
    1394. 

  1394.                 }
    1395. 

  1395.         }
    1396. 

  1396. 

  1397.         $packet = $part1 . chr(1) . $part2;
    1398. 

  1398.         $privatekey->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
    1399. 

  1399.         $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet));
    1400. 

  1400.         $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
    1401. 

  1401.         $packet.= pack('Na*', strlen($signature), $signature);
    1402. 

  1402. 

  1403.         if (!$this->_send_binary_packet($packet)) {
    1404. 

  1404.             return false;
    1405. 

  1405.         }
    1406. 

  1406. 

  1407.         $response = $this->_get_binary_packet();
    1408. 

  1408.         if ($response === false) {
    1409. 

  1409.             user_error('Connection closed by server', E_USER_NOTICE);
    1410. 

  1410.             return false;
    1411. 

  1411.         }
    1412. 

  1412. 

  1413.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1414. 

  1414. 

  1415.         switch ($type) {
    1416. 

  1416.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1417. 

  1417.                 // either the login is bad or the server employees multi-factor authentication
    1418. 

  1418.                 return false;
    1419. 

  1419.             case NET_SSH2_MSG_USERAUTH_SUCCESS:
    1420. 

  1420.                 $this->bitmap |= NET_SSH2_MASK_LOGIN;
    1421. 

  1421.                 return true;
    1422. 

  1422.         }
    1423. 

  1423. 

  1424.         return false;
    1425. 

  1425.     }
    1426. 

  1426. 

  1427.     /**
    1428. 

  1428.      * Execute Command
    1429. 

  1429.      *
    1430. 

  1430.      * @param String $command
    1431. 

  1431.      * @return String
    1432. 

  1432.      * @access public
    1433. 

  1433.      */
    1434. 

  1434.     function exec($command)
    1435. 

  1435.     {
    1436. 

  1436.         if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1437. 

  1437.             return false;
    1438. 

  1438.         }
    1439. 

  1439. 

  1440.         // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to
    1441. 

  1441.         // be adjusted".  0x7FFFFFFF is, at 4GB, the max size.  technically, it should probably be decremented, but, 
    1442. 

  1442.         // honestly, if you're transfering more than 4GB, you probably shouldn't be using phpseclib, anyway.
    1443. 

  1443.         // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info
    1444. 

  1444.         $this->window_size_client_to_server[NET_SSH2_CHANNEL_EXEC] = 0x7FFFFFFF;
    1445. 

  1445.         // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy
    1446. 

  1446.         // uses 0x4000, that's what will be used here, as well.
    1447. 

  1447.         $packet_size = 0x4000;
    1448. 

  1448. 

  1449.         $packet = pack('CNa*N3',
    1450. 

  1450.             NET_SSH2_MSG_CHANNEL_OPEN, strlen('session'), 'session', NET_SSH2_CHANNEL_EXEC, $this->window_size_client_to_server[NET_SSH2_CHANNEL_EXEC], $packet_size);
    1451. 

  1451. 

  1452.         if (!$this->_send_binary_packet($packet)) {
    1453. 

  1453.             return false;
    1454. 

  1454.         }
    1455. 

  1455. 

  1456.         $this->channel_status[NET_SSH2_CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_OPEN;
    1457. 

  1457. 

  1458.         $response = $this->_get_channel_packet(NET_SSH2_CHANNEL_EXEC);
    1459. 

  1459.         if ($response === false) {
    1460. 

  1460.             return false;
    1461. 

  1461.         }
    1462. 

  1462. 

  1463.         // sending a pty-req SSH_MSG_CHANNEL_REQUEST message is unnecessary and, in fact, in most cases, slows things
    1464. 

  1464.         // down.  the one place where it might be desirable is if you're doing something like Net_SSH2::exec('ping localhost &').
    1465. 

  1465.         // with a pty-req SSH_MSG_cHANNEL_REQUEST, exec() will return immediately and the ping process will then
    1466. 

  1466.         // then immediately terminate.  without such a request exec() will loop indefinitely.  the ping process won't end but
    1467. 

  1467.         // neither will your script.
    1468. 

  1468. 

  1469.         // although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by
    1470. 

  1470.         // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the 
    1471. 

  1471.         // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA.  RFC4254#section-5.2 corroborates.
    1472. 

  1472.         $packet = pack('CNNa*CNa*',
    1473. 

  1473.             NET_SSH2_MSG_CHANNEL_REQUEST, $this->server_channels[NET_SSH2_CHANNEL_EXEC], strlen('exec'), 'exec', 1, strlen($command), $command);
    1474. 

  1474.         if (!$this->_send_binary_packet($packet)) {
    1475. 

  1475.             return false;
    1476. 

  1476.         }
    1477. 

  1477. 

  1478.         $this->channel_status[NET_SSH2_CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST;
    1479. 

  1479. 

  1480.         $response = $this->_get_channel_packet(NET_SSH2_CHANNEL_EXEC);
    1481. 

  1481.         if ($response === false) {
    1482. 

  1482.             return false;
    1483. 

  1483.         }
    1484. 

  1484. 

  1485.         $this->channel_status[NET_SSH2_CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_DATA;
    1486. 

  1486. 

  1487.         $output = '';
    1488. 

  1488.         while (true) {
    1489. 

  1489.             $temp = $this->_get_channel_packet(NET_SSH2_CHANNEL_EXEC);
    1490. 

  1490.             switch (true) {
    1491. 

  1491.                 case $temp === true:
    1492. 

  1492.                     return $output;
    1493. 

  1493.                 case $temp === false:
    1494. 

  1494.                     return false;
    1495. 

  1495.                 default:
    1496. 

  1496.                     $output.= $temp;
    1497. 

  1497.             }
    1498. 

  1498.         }
    1499. 

  1499.     }
    1500. 

  1500. 

  1501.     /**
    1502. 

  1502.      * Disconnect
    1503. 

  1503.      *
    1504. 

  1504.      * @access public
    1505. 

  1505.      */
    1506. 

  1506.     function disconnect()
    1507. 

  1507.     {
    1508. 

  1508.         $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1509. 

  1509.     }
    1510. 

  1510. 

  1511.     /**
    1512. 

  1512.      * Destructor.
    1513. 

  1513.      *
    1514. 

  1514.      * Will be called, automatically, if you're supporting just PHP5.  If you're supporting PHP4, you'll need to call
    1515. 

  1515.      * disconnect().
    1516. 

  1516.      *
    1517. 

  1517.      * @access public
    1518. 

  1518.      */
    1519. 

  1519.     function __destruct()
    1520. 

  1520.     {
    1521. 

  1521.         $this->disconnect();
    1522. 

  1522.     }
    1523. 

  1523. 

  1524.     /**
    1525. 

  1525.      * Gets Binary Packets
    1526. 

  1526.      *
    1527. 

  1527.      * See '6. Binary Packet Protocol' of rfc4253 for more info.
    1528. 

  1528.      *
    1529. 

  1529.      * @see Net_SSH2::_send_binary_packet()
    1530. 

  1530.      * @return String
    1531. 

  1531.      * @access private
    1532. 

  1532.      */
    1533. 

  1533.     function _get_binary_packet()
    1534. 

  1534.     {
    1535. 

  1535.         if (feof($this->fsock)) {
    1536. 

  1536.             user_error('Connection closed prematurely', E_USER_NOTICE);
    1537. 

  1537.             return false;
    1538. 

  1538.         }
    1539. 

  1539. 

  1540.         $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
    1541. 

  1541.         $raw = fread($this->fsock, $this->decrypt_block_size);
    1542. 

  1542.         $stop = strtok(microtime(), ' ') + strtok('');
    1543. 

  1543. 

  1544.         if ($this->decrypt !== false) {
    1545. 

  1545.             $raw = $this->decrypt->decrypt($raw);
    1546. 

  1546.         }
    1547. 

  1547. 

  1548.         extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
    1549. 

  1549. 

  1550.         $remaining_length = $packet_length + 4 - $this->decrypt_block_size;
    1551. 

  1551.         $buffer = '';
    1552. 

  1552.         while ($remaining_length > 0) {
    1553. 

  1553.             $temp = fread($this->fsock, $remaining_length);
    1554. 

  1554.             $buffer.= $temp;
    1555. 

  1555.             $remaining_length-= strlen($temp);
    1556. 

  1556.         }
    1557. 

  1557.         if (!empty($buffer)) {
    1558. 

  1558.             $raw.= $this->decrypt !== false ? $this->decrypt->decrypt($buffer) : $buffer;
    1559. 

  1559.             $buffer = $temp = '';
    1560. 

  1560.         }
    1561. 

  1561. 

  1562.         $payload = $this->_string_shift($raw, $packet_length - $padding_length - 1);
    1563. 

  1563.         $padding = $this->_string_shift($raw, $padding_length); // should leave $raw empty
    1564. 

  1564. 

  1565.         if ($this->hmac_check !== false) {
    1566. 

  1566.             $hmac = fread($this->fsock, $this->hmac_size);
    1567. 

  1567.             if ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) {
    1568. 

  1568.                 user_error('Invalid HMAC', E_USER_NOTICE);
    1569. 

  1569.                 return false;
    1570. 

  1570.             }
    1571. 

  1571.         }
    1572. 

  1572. 

  1573.         //if ($this->decompress) {
    1574. 

  1574.         //    $payload = gzinflate(substr($payload, 2));
    1575. 

  1575.         //}
    1576. 

  1576. 

  1577.         $this->get_seq_no++;
    1578. 

  1578. 

  1579.         if (defined('NET_SSH2_LOGGING')) {
    1580. 

  1580.             $temp = isset($this->message_numbers[ord($payload[0])]) ? $this->message_numbers[ord($payload[0])] : 'UNKNOWN';
    1581. 

  1581.             $this->message_number_log[] = '<- ' . $temp .
    1582. 

  1582.                                           ' (' . round($stop - $start, 4) . 's)';
    1583. 

  1583.             if (NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    1584. 

  1584.                 $this->message_log[] = substr($payload, 1);
    1585. 

  1585.             }
    1586. 

  1586.         }
    1587. 

  1587. 

  1588.         return $this->_filter($payload);
    1589. 

  1589.     }
    1590. 

  1590. 

  1591.     /**
    1592. 

  1592.      * Filter Binary Packets
    1593. 

  1593.      *
    1594. 

  1594.      * Because some binary packets need to be ignored...
    1595. 

  1595.      *
    1596. 

  1596.      * @see Net_SSH2::_get_binary_packet()
    1597. 

  1597.      * @return String
    1598. 

  1598.      * @access private
    1599. 

  1599.      */
    1600. 

  1600.     function _filter($payload)
    1601. 

  1601.     {
    1602. 

  1602.         switch (ord($payload[0])) {
    1603. 

  1603.             case NET_SSH2_MSG_DISCONNECT:
    1604. 

  1604.                 $this->_string_shift($payload, 1);
    1605. 

  1605.                 extract(unpack('Nreason_code/Nlength', $this->_string_shift($payload, 8)));
    1606. 

  1606.                 $this->errors[] = 'SSH_MSG_DISCONNECT: ' . $this->disconnect_reasons[$reason_code] . "\r\n" . utf8_decode($this->_string_shift($payload, $length));
    1607. 

  1607.                 $this->bitmask = 0;
    1608. 

  1608.                 return false;
    1609. 

  1609.             case NET_SSH2_MSG_IGNORE:
    1610. 

  1610.                 $payload = $this->_get_binary_packet();
    1611. 

  1611.                 break;
    1612. 

  1612.             case NET_SSH2_MSG_DEBUG:
    1613. 

  1613.                 $this->_string_shift($payload, 2);
    1614. 

  1614.                 extract(unpack('Nlength', $this->_string_shift($payload, 4)));
    1615. 

  1615.                 $this->errors[] = 'SSH_MSG_DEBUG: ' . utf8_decode($this->_string_shift($payload, $length));
    1616. 

  1616.                 $payload = $this->_get_binary_packet();
    1617. 

  1617.                 break;
    1618. 

  1618.             case NET_SSH2_MSG_UNIMPLEMENTED:
    1619. 

  1619.                 return false;
    1620. 

  1620.             case NET_SSH2_MSG_KEXINIT:
    1621. 

  1621.                 if ($this->session_id !== false) {
    1622. 

  1622.                     if (!$this->_key_exchange($payload)) {
    1623. 

  1623.                         $this->bitmask = 0;
    1624. 

  1624.                         return false;
    1625. 

  1625.                     }
    1626. 

  1626.                     $payload = $this->_get_binary_packet();
    1627. 

  1627.                 }
    1628. 

  1628.         }
    1629. 

  1629. 

  1630.         // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
    1631. 

  1631.         if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
    1632. 

  1632.             $this->_string_shift($payload, 1);
    1633. 

  1633.             extract(unpack('Nlength', $this->_string_shift($payload, 4)));
    1634. 

  1634.             $this->errors[] = 'SSH_MSG_USERAUTH_BANNER: ' . utf8_decode($this->_string_shift($payload, $length));
    1635. 

  1635.             $payload = $this->_get_binary_packet();
    1636. 

  1636.         }
    1637. 

  1637. 

  1638.         // only called when we've already logged in
    1639. 

  1639.         if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && ($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1640. 

  1640.             switch (ord($payload[0])) {
    1641. 

  1641.                 case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
    1642. 

  1642.                     $this->_string_shift($payload, 1);
    1643. 

  1643.                     extract(unpack('Nlength', $this->_string_shift($payload)));
    1644. 

  1644.                     $this->errors[] = 'SSH_MSG_GLOBAL_REQUEST: ' . utf8_decode($this->_string_shift($payload, $length));
    1645. 

  1645. 

  1646.                     if (!$this->_send_binary_packet(pack('C', NET_SSH2_MSG_REQUEST_FAILURE))) {
    1647. 

  1647.                         return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1648. 

  1648.                     }
    1649. 

  1649. 

  1650.                     $payload = $this->_get_binary_packet();
    1651. 

  1651.                     break;
    1652. 

  1652.                 case NET_SSH2_MSG_CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1
    1653. 

  1653.                     $this->_string_shift($payload, 1);
    1654. 

  1654.                     extract(unpack('N', $this->_string_shift($payload, 4)));
    1655. 

  1655.                     $this->errors[] = 'SSH_MSG_CHANNEL_OPEN: ' . utf8_decode($this->_string_shift($payload, $length));
    1656. 

  1656. 

  1657.                     $this->_string_shift($payload, 4); // skip over client channel
    1658. 

  1658.                     extract(unpack('Nserver_channel', $this->_string_shift($payload, 4)));
    1659. 

  1659. 

  1660.                     $packet = pack('CN3a*Na*',
    1661. 

  1661.                         NET_SSH2_MSG_REQUEST_FAILURE, $server_channel, NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED, 0, '', 0, '');
    1662. 

  1662. 

  1663.                     if (!$this->_send_binary_packet($packet)) {
    1664. 

  1664.                         return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1665. 

  1665.                     }
    1666. 

  1666. 

  1667.                     $payload = $this->_get_binary_packet();
    1668. 

  1668.                     break;
    1669. 

  1669.                 case NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST:
    1670. 

  1670.                     $payload = $this->_get_binary_packet();
    1671. 

  1671.             }
    1672. 

  1672.         }
    1673. 

  1673. 

  1674.         return $payload;
    1675. 

  1675.     }
    1676. 

  1676. 

  1677.     /**
    1678. 

  1678.      * Gets channel data
    1679. 

  1679.      *
    1680. 

  1680.      * Returns the data as a string if it's available and false if not.
    1681. 

  1681.      *
    1682. 

  1682.      * @param $client_channel
    1683. 

  1683.      * @return Mixed
    1684. 

  1684.      * @access private
    1685. 

  1685.      */
    1686. 

  1686.     function _get_channel_packet($client_channel)
    1687. 

  1687.     {
    1688. 

  1688.         if (!empty($this->channel_buffers[$client_channel])) {
    1689. 

  1689.             return array_shift($this->channel_buffers[$client_channel]);
    1690. 

  1690.         }
    1691. 

  1691. 

  1692.         while (true) {
    1693. 

  1693.             $response = $this->_get_binary_packet();
    1694. 

  1694.             if ($response === false) {
    1695. 

  1695.                 user_error('Connection closed by server', E_USER_NOTICE);
    1696. 

  1696.                 return false;
    1697. 

  1697.             }
    1698. 

  1698. 

  1699.             extract(unpack('Ctype/Nchannel', $this->_string_shift($response, 5)));
    1700. 

  1700. 

  1701.             switch ($this->channel_status[$channel]) {
    1702. 

  1702.                 case NET_SSH2_MSG_CHANNEL_OPEN:
    1703. 

  1703.                     switch ($type) {
    1704. 

  1704.                         case NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
    1705. 

  1705.                             extract(unpack('Nserver_channel', $this->_string_shift($response, 4)));
    1706. 

  1706.                             $this->server_channels[$client_channel] = $server_channel;
    1707. 

  1707.                             $this->_string_shift($response, 4); // skip over (server) window size
    1708. 

  1708.                             $temp = unpack('Npacket_size_client_to_server', $this->_string_shift($response, 4));
    1709. 

  1709.                             $this->packet_size_client_to_server[$client_channel] = $temp['packet_size_client_to_server'];
    1710. 

  1710.                             return true;
    1711. 

  1711.                         //case NET_SSH2_MSG_CHANNEL_OPEN_FAILURE:
    1712. 

  1712.                         default:
    1713. 

  1713.                             user_error('Unable to open channel', E_USER_NOTICE);
    1714. 

  1714.                             return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1715. 

  1715.                     }
    1716. 

  1716.                     break;
    1717. 

  1717.                 case NET_SSH2_MSG_CHANNEL_REQUEST:
    1718. 

  1718.                     switch ($type) {
    1719. 

  1719.                         case NET_SSH2_MSG_CHANNEL_SUCCESS:
    1720. 

  1720.                             return true;
    1721. 

  1721.                         //case NET_SSH2_MSG_CHANNEL_FAILURE:
    1722. 

  1722.                         default:
    1723. 

  1723.                             user_error('Unable to request pseudo-terminal', E_USER_NOTICE);
    1724. 

  1724.                             return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1725. 

  1725.                     }
    1726. 

  1726. 

  1727.             }
    1728. 

  1728. 

  1729.             switch ($type) {
    1730. 

  1730.                 case NET_SSH2_MSG_CHANNEL_DATA:
    1731. 

  1731.                     if ($client_channel == NET_SSH2_CHANNEL_EXEC) {
    1732. 

  1732.                         // SCP requires null packets, such as this, be sent.  further, in the case of the ssh.com SSH server
    1733. 

  1733.                         // this actually seems to make things twice as fast.  more to the point, the message right after 
    1734. 

  1734.                         // SSH_MSG_CHANNEL_DATA (usually SSH_MSG_IGNORE) won't block for as long as it would have otherwise.
    1735. 

  1735.                         // in OpenSSH it slows things down but only by a couple thousandths of a second.
    1736. 

  1736.                         $this->_send_channel_packet($client_channel, chr(0));
    1737. 

  1737.                     }
    1738. 

  1738.                     extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1739. 

  1739.                     $data = $this->_string_shift($response, $length);
    1740. 

  1740.                     if ($client_channel == $channel) {
    1741. 

  1741.                         return $data;
    1742. 

  1742.                     }
    1743. 

  1743.                     if (!isset($this->channel_buffers[$client_channel])) {
    1744. 

  1744.                         $this->channel_buffers[$client_channel] = array();
    1745. 

  1745.                     }
    1746. 

  1746.                     $this->channel_buffers[$client_channel][] = $data;
    1747. 

  1747.                     break;
    1748. 

  1748.                 case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA:
    1749. 

  1749.                     if ($client_channel == NET_SSH2_CHANNEL_EXEC) {
    1750. 

  1750.                         $this->_send_channel_packet($client_channel, chr(0));
    1751. 

  1751.                     }
    1752. 

  1752.                     // currently, there's only one possible value for $data_type_code: NET_SSH2_EXTENDED_DATA_STDERR
    1753. 

  1753.                     extract(unpack('Ndata_type_code/Nlength', $this->_string_shift($response, 8)));
    1754. 

  1754.                     $data = $this->_string_shift($response, $length);
    1755. 

  1755.                     if ($client_channel == $channel) {
    1756. 

  1756.                         return $data;
    1757. 

  1757.                     }
    1758. 

  1758.                     if (!isset($this->channel_buffers[$client_channel])) {
    1759. 

  1759.                         $this->channel_buffers[$client_channel] = array();
    1760. 

  1760.                     }
    1761. 

  1761.                     $this->channel_buffers[$client_channel][] = $data;
    1762. 

  1762.                     break;
    1763. 

  1763.                 case NET_SSH2_MSG_CHANNEL_REQUEST:
    1764. 

  1764.                     extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1765. 

  1765.                     $value = $this->_string_shift($response, $length);
    1766. 

  1766.                     switch ($value) {
    1767. 

  1767.                         case 'exit-signal':
    1768. 

  1768.                             $this->_string_shift($response, 1);
    1769. 

  1769.                             extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1770. 

  1770.                             $this->errors[] = 'SSH_MSG_CHANNEL_REQUEST (exit-signal): ' . $this->_string_shift($response, $length);
    1771. 

  1771.                             $this->_string_shift($response, 1);
    1772. 

  1772.                             extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1773. 

  1773.                             if ($length) {
    1774. 

  1774.                                 $this->errors[count($this->errors)].= "\r\n" . $this->_string_shift($response, $length);
    1775. 

  1775.                             }
    1776. 

  1776.                         //case 'exit-status':
    1777. 

  1777.                         default:
    1778. 

  1778.                             // "Some systems may not implement signals, in which case they SHOULD ignore this message."
    1779. 

  1779.                             //  -- http://tools.ietf.org/html/rfc4254#section-6.9
    1780. 

  1780.                             break;
    1781. 

  1781.                     }
    1782. 

  1782.                     break;
    1783. 

  1783.                 case NET_SSH2_MSG_CHANNEL_CLOSE:
    1784. 

  1784.                     $this->_send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel]));
    1785. 

  1785.                     return true;
    1786. 

  1786.                 case NET_SSH2_MSG_CHANNEL_EOF:
    1787. 

  1787.                     break;
    1788. 

  1788.                 default:
    1789. 

  1789.                     user_error('Error reading channel data', E_USER_NOTICE);
    1790. 

  1790.                     return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1791. 

  1791.             }
    1792. 

  1792.         }
    1793. 

  1793.     }
    1794. 

  1794. 

  1795.     /**
    1796. 

  1796.      * Sends Binary Packets
    1797. 

  1797.      *
    1798. 

  1798.      * See '6. Binary Packet Protocol' of rfc4253 for more info.
    1799. 

  1799.      *
    1800. 

  1800.      * @param String $data
    1801. 

  1801.      * @see Net_SSH2::_get_binary_packet()
    1802. 

  1802.      * @return Boolean
    1803. 

  1803.      * @access private
    1804. 

  1804.      */
    1805. 

  1805.     function _send_binary_packet($data)
    1806. 

  1806.     {
    1807. 

  1807.         if (feof($this->fsock)) {
    1808. 

  1808.             user_error('Connection closed prematurely', E_USER_NOTICE);
    1809. 

  1809.             return false;
    1810. 

  1810.         }
    1811. 

  1811. 

  1812.         //if ($this->compress) {
    1813. 

  1813.         //    // the -4 removes the checksum:
    1814. 

  1814.         //    // http://php.net/function.gzcompress#57710
    1815. 

  1815.         //    $data = substr(gzcompress($data), 0, -4);
    1816. 

  1816.         //}
    1817. 

  1817. 

  1818.         // 4 (packet length) + 1 (padding length) + 4 (minimal padding amount) == 9
    1819. 

  1819.         $packet_length = strlen($data) + 9;
    1820. 

  1820.         // round up to the nearest $this->encrypt_block_size
    1821. 

  1821.         $packet_length+= (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size;
    1822. 

  1822.         // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length
    1823. 

  1823.         $padding_length = $packet_length - strlen($data) - 5;
    1824. 

  1824. 

  1825.         $padding = '';
    1826. 

  1826.         for ($i = 0; $i < $padding_length; $i++) {
    1827. 

  1827.             $padding.= chr(crypt_random(0, 255));
    1828. 

  1828.         }
    1829. 

  1829. 

  1830.         // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself
    1831. 

  1831.         $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding);
    1832. 

  1832. 

  1833.         $hmac = $this->hmac_create !== false ? $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)) : '';
    1834. 

  1834.         $this->send_seq_no++;
    1835. 

  1835. 

  1836.         if ($this->encrypt !== false) {
    1837. 

  1837.             $packet = $this->encrypt->encrypt($packet);
    1838. 

  1838.         }
    1839. 

  1839. 

  1840.         $packet.= $hmac;
    1841. 

  1841. 

  1842.         $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
    1843. 

  1843.         $result = strlen($packet) == fputs($this->fsock, $packet);
    1844. 

  1844.         $stop = strtok(microtime(), ' ') + strtok('');
    1845. 

  1845. 

  1846.         if (defined('NET_SSH2_LOGGING')) {
    1847. 

  1847.             $temp = isset($this->message_numbers[ord($data[0])]) ? $this->message_numbers[ord($data[0])] : 'UNKNOWN';
    1848. 

  1848.             $this->message_number_log[] = '-> ' . $temp .
    1849. 

  1849.                                           ' (' . round($stop - $start, 4) . 's)';
    1850. 

  1850.             if (NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    1851. 

  1851.                 $this->message_log[] = substr($data, 1);
    1852. 

  1852.             }
    1853. 

  1853.         }
    1854. 

  1854. 

  1855.         return $result;
    1856. 

  1856.     }
    1857. 

  1857. 

  1858.     /**
    1859. 

  1859.      * Sends channel data
    1860. 

  1860.      *
    1861. 

  1861.      * Spans multiple SSH_MSG_CHANNEL_DATAs if appropriate
    1862. 

  1862.      *
    1863. 

  1863.      * @param Integer $client_channel
    1864. 

  1864.      * @param String $data
    1865. 

  1865.      * @return Boolean
    1866. 

  1866.      * @access private
    1867. 

  1867.      */
    1868. 

  1868.     function _send_channel_packet($client_channel, $data)
    1869. 

  1869.     {
    1870. 

  1870.         while (strlen($data) > $this->packet_size_client_to_server[$client_channel]) {
    1871. 

  1871.             // resize the window, if appropriate
    1872. 

  1872.             $this->window_size_client_to_server[$client_channel]-= $this->packet_size_client_to_server[$client_channel];
    1873. 

  1873.             if ($this->window_size_client_to_server[$client_channel] < 0) {
    1874. 

  1874.                 $packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$client_channel], $this->window_size);
    1875. 

  1875.                 if (!$this->_send_binary_packet($packet)) {
    1876. 

  1876.                     return false;
    1877. 

  1877.                 }
    1878. 

  1878.                 $this->window_size_client_to_server[$client_channel]+= $this->window_size;
    1879. 

  1879.             }
    1880. 

  1880. 

  1881.             $packet = pack('CN2a*',
    1882. 

  1882.                 NET_SSH2_MSG_CHANNEL_DATA,
    1883. 

  1883.                 $this->server_channels[$client_channel],
    1884. 

  1884.                 $this->packet_size_client_to_server[$client_channel],
    1885. 

  1885.                 $this->_string_shift($data, $this->packet_size_client_to_server[$client_channel])
    1886. 

  1886.             );
    1887. 

  1887. 

  1888.             if (!$this->_send_binary_packet($packet)) {
    1889. 

  1889.                 return false;
    1890. 

  1890.             }
    1891. 

  1891.         }
    1892. 

  1892. 

  1893.         // resize the window, if appropriate
    1894. 

  1894.         $this->window_size_client_to_server[$client_channel]-= strlen($data);
    1895. 

  1895.         if ($this->window_size_client_to_server[$client_channel] < 0) {
    1896. 

  1896.             $packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$client_channel], $this->window_size);
    1897. 

  1897.             if (!$this->_send_binary_packet($packet)) {
    1898. 

  1898.                 return false;
    1899. 

  1899.             }
    1900. 

  1900.             $this->window_size_client_to_server[$client_channel]+= $this->window_size;
    1901. 

  1901.         }
    1902. 

  1902. 

  1903.         return $this->_send_binary_packet(pack('CN2a*',
    1904. 

  1904.             NET_SSH2_MSG_CHANNEL_DATA,
    1905. 

  1905.             $this->server_channels[$client_channel],
    1906. 

  1906.             strlen($data),
    1907. 

  1907.             $data));
    1908. 

  1908.     }
    1909. 

  1909. 

  1910.     /**
    1911. 

  1911.      * Disconnect
    1912. 

  1912.      *
    1913. 

  1913.      * @param Integer $reason
    1914. 

  1914.      * @return Boolean
    1915. 

  1915.      * @access private
    1916. 

  1916.      */
    1917. 

  1917.     function _disconnect($reason)
    1918. 

  1918.     {
    1919. 

  1919.         if ($this->bitmap) {
    1920. 

  1920.             $data = pack('CNNa*Na*', NET_SSH2_MSG_DISCONNECT, $reason, 0, '', 0, '');
    1921. 

  1921.             $this->_send_binary_packet($data);
    1922. 

  1922.             $this->bitmap = 0;
    1923. 

  1923.             fclose($this->fsock);
    1924. 

  1924.             return false;
    1925. 

  1925.         }
    1926. 

  1926.     }
    1927. 

  1927. 

  1928.     /**
    1929. 

  1929.      * String Shift
    1930. 

  1930.      *
    1931. 

  1931.      * Inspired by array_shift
    1932. 

  1932.      *
    1933. 

  1933.      * @param String $string
    1934. 

  1934.      * @param optional Integer $index
    1935. 

  1935.      * @return String
    1936. 

  1936.      * @access private
    1937. 

  1937.      */
    1938. 

  1938.     function _string_shift(&$string, $index = 1)
    1939. 

  1939.     {
    1940. 

  1940.         $substr = substr($string, 0, $index);
    1941. 

  1941.         $string = substr($string, $index);
    1942. 

  1942.         return $substr;
    1943. 

  1943.     }
    1944. 

  1944. 

  1945.     /**
    1946. 

  1946.      * Define Array
    1947. 

  1947.      *
    1948. 

  1948.      * Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of
    1949. 

  1949.      * named constants from it, using the value as the name of the constant and the index as the value of the constant.
    1950. 

  1950.      * If any of the constants that would be defined already exists, none of the constants will be defined.
    1951. 

  1951.      *
    1952. 

  1952.      * @param Array $array
    1953. 

  1953.      * @access private
    1954. 

  1954.      */
    1955. 

  1955.     function _define_array()
    1956. 

  1956.     {
    1957. 

  1957.         $args = func_get_args();
    1958. 

  1958.         foreach ($args as $arg) {
    1959. 

  1959.             foreach ($arg as $key=>$value) {
    1960. 

  1960.                 if (!defined($value)) {
    1961. 

  1961.                     define($value, $key);
    1962. 

  1962.                 } else {
    1963. 

  1963.                     break 2;
    1964. 

  1964.                 }
    1965. 

  1965.             }
    1966. 

  1966.         }
    1967. 

  1967.     }
    1968. 

  1968. 

  1969.     /**
    1970. 

  1970.      * Returns a log of the packets that have been sent and received.
    1971. 

  1971.      *
    1972. 

  1972.      * Returns a string if NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX, an array if NET_SSH2_LOGGING == NET_SSH2_LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING')
    1973. 

  1973.      *
    1974. 

  1974.      * @access public
    1975. 

  1975.      * @return String or Array
    1976. 

  1976.      */
    1977. 

  1977.     function getLog()
    1978. 

  1978.     {
    1979. 

  1979.         if (!defined('NET_SSH2_LOGGING')) {
    1980. 

  1980.             return false;
    1981. 

  1981.         }
    1982. 

  1982. 

  1983.         switch (NET_SSH2_LOGGING) {
    1984. 

  1984.             case NET_SSH2_LOG_SIMPLE:
    1985. 

  1985.                 return $this->message_number_log;
    1986. 

  1986.                 break;
    1987. 

  1987.             case NET_SSH2_LOG_COMPLEX:
    1988. 

  1988.                 return $this->_format_log($this->message_log, $this->message_number_log);
    1989. 

  1989.                 break;
    1990. 

  1990.             default:
    1991. 

  1991.                 return false;
    1992. 

  1992.         }
    1993. 

  1993.     }
    1994. 

  1994. 

  1995.     /**
    1996. 

  1996.      * Formats a log for printing
    1997. 

  1997.      *
    1998. 

  1998.      * @param Array $message_log
    1999. 

  1999.      * @param Array $message_number_log
    2000. 

  2000.      * @access private
    2001. 

  2001.      * @return String
    2002. 

  2002.      */
    2003. 

  2003.     function _format_log($message_log, $message_number_log)
    2004. 

  2004.     {
    2005. 

  2005.         static $boundary = ':', $long_width = 65, $short_width = 16;
    2006. 

  2006. 

  2007.         $output = '';
    2008. 

  2008.         for ($i = 0; $i < count($message_log); $i++) {
    2009. 

  2009.             $output.= $message_number_log[$i] . "\r\n";
    2010. 

  2010.             $current_log = $message_log[$i];
    2011. 

  2011.             $j = 0;
    2012. 

  2012.             do {
    2013. 

  2013.                 if (!empty($current_log)) {
    2014. 

  2014.                     $output.= str_pad(dechex($j), 7, '0', STR_PAD_LEFT) . '0  ';
    2015. 

  2015.                 }
    2016. 

  2016.                 $fragment = $this->_string_shift($current_log, $short_width);
    2017. 

  2017.                 $hex = substr(
    2018. 

  2018.                            preg_replace(
    2019. 

  2019.                                '#(.)#es',
    2020. 

  2020.                                '"' . $boundary . '" . str_pad(dechex(ord(substr("\\1", -1))), 2, "0", STR_PAD_LEFT)',
    2021. 

  2021.                                $fragment),
    2022. 

  2022.                            strlen($boundary)
    2023. 

  2023.                        );
    2024. 

  2024.                 // replace non ASCII printable characters with dots
    2025. 

  2025.                 // http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters
    2026. 

  2026.                 // also replace < with a . since < messes up the output on web browsers
    2027. 

  2027.                 $raw = preg_replace('#[^\x20-\x7E]|<#', '.', $fragment);
    2028. 

  2028.                 $output.= str_pad($hex, $long_width - $short_width, ' ') . $raw . "\r\n";
    2029. 

  2029.                 $j++;
    2030. 

  2030.             } while (!empty($current_log));
    2031. 

  2031.             $output.= "\r\n";
    2032. 

  2032.         }
    2033. 

  2033. 

  2034.         return $output;
    2035. 

  2035.     }
    2036. 

  2036. 

  2037.     /**
    2038. 

  2038.      * Returns all errors
    2039. 

  2039.      *
    2040. 

  2040.      * @return String
    2041. 

  2041.      * @access public
    2042. 

  2042.      */
    2043. 

  2043.     function getErrors()
    2044. 

  2044.     {
    2045. 

  2045.         return $this->errors;
    2046. 

  2046.     }
    2047. 

  2047. 

  2048.     /**
    2049. 

  2049.      * Returns the last error
    2050. 

  2050.      *
    2051. 

  2051.      * @return String
    2052. 

  2052.      * @access public
    2053. 

  2053.      */
    2054. 

  2054.     function getLastError()
    2055. 

  2055.     {
    2056. 

  2056.         return $this->errors[count($this->errors) - 1];
    2057. 

  2057.     }
    2058. 

  2058. 

  2059.     /**
    2060. 

  2060.      * Return the server identification.
    2061. 

  2061.      *
    2062. 

  2062.      * @return String
    2063. 

  2063.      * @access public
    2064. 

  2064.      */
    2065. 

  2065.     function getServerIdentification()
    2066. 

  2066.     {
    2067. 

  2067.         return $this->server_identifier;
    2068. 

  2068.     }
    2069. 

  2069. 

  2070.     /**
    2071. 

  2071.      * Return a list of the key exchange algorithms the server supports.
    2072. 

  2072.      *
    2073. 

  2073.      * @return Array
    2074. 

  2074.      * @access public
    2075. 

  2075.      */
    2076. 

  2076.     function getKexAlgorithms()
    2077. 

  2077.     {
    2078. 

  2078.         return $this->kex_algorithms;
    2079. 

  2079.     }
    2080. 

  2080. 

  2081.     /**
    2082. 

  2082.      * Return a list of the host key (public key) algorithms the server supports.
    2083. 

  2083.      *
    2084. 

  2084.      * @return Array
    2085. 

  2085.      * @access public
    2086. 

  2086.      */
    2087. 

  2087.     function getServerHostKeyAlgorithms()
    2088. 

  2088.     {
    2089. 

  2089.         return $this->server_host_key_algorithms;
    2090. 

  2090.     }
    2091. 

  2091. 

  2092.     /**
    2093. 

  2093.      * Return a list of the (symmetric key) encryption algorithms the server supports, when receiving stuff from the client.
    2094. 

  2094.      *
    2095. 

  2095.      * @return Array
    2096. 

  2096.      * @access public
    2097. 

  2097.      */
    2098. 

  2098.     function getEncryptionAlgorithmsClient2Server()
    2099. 

  2099.     {
    2100. 

  2100.         return $this->encryption_algorithms_client_to_server;
    2101. 

  2101.     }
    2102. 

  2102. 

  2103.     /**
    2104. 

  2104.      * Return a list of the (symmetric key) encryption algorithms the server supports, when sending stuff to the client.
    2105. 

  2105.      *
    2106. 

  2106.      * @return Array
    2107. 

  2107.      * @access public
    2108. 

  2108.      */
    2109. 

  2109.     function getEncryptionAlgorithmsServer2Client()
    2110. 

  2110.     {
    2111. 

  2111.         return $this->encryption_algorithms_server_to_client;
    2112. 

  2112.     }
    2113. 

  2113. 

  2114.     /**
    2115. 

  2115.      * Return a list of the MAC algorithms the server supports, when receiving stuff from the client.
    2116. 

  2116.      *
    2117. 

  2117.      * @return Array
    2118. 

  2118.      * @access public
    2119. 

  2119.      */
    2120. 

  2120.     function getMACAlgorithmsClient2Server()
    2121. 

  2121.     {
    2122. 

  2122.         return $this->mac_algorithms_client_to_server;
    2123. 

  2123.     }
    2124. 

  2124. 

  2125.     /**
    2126. 

  2126.      * Return a list of the MAC algorithms the server supports, when sending stuff to the client.
    2127. 

  2127.      *
    2128. 

  2128.      * @return Array
    2129. 

  2129.      * @access public
    2130. 

  2130.      */
    2131. 

  2131.     function getMACAlgorithmsServer2Client()
    2132. 

  2132.     {
    2133. 

  2133.         return $this->mac_algorithms_server_to_client;
    2134. 

  2134.     }
    2135. 

  2135. 

  2136.     /**
    2137. 

  2137.      * Return a list of the compression algorithms the server supports, when receiving stuff from the client.
    2138. 

  2138.      *
    2139. 

  2139.      * @return Array
    2140. 

  2140.      * @access public
    2141. 

  2141.      */
    2142. 

  2142.     function getCompressionAlgorithmsClient2Server()
    2143. 

  2143.     {
    2144. 

  2144.         return $this->compression_algorithms_client_to_server;
    2145. 

  2145.     }
    2146. 

  2146. 

  2147.     /**
    2148. 

  2148.      * Return a list of the compression algorithms the server supports, when sending stuff to the client.
    2149. 

  2149.      *
    2150. 

  2150.      * @return Array
    2151. 

  2151.      * @access public
    2152. 

  2152.      */
    2153. 

  2153.     function getCompressionAlgorithmsServer2Client()
    2154. 

  2154.     {
    2155. 

  2155.         return $this->compression_algorithms_server_to_client;
    2156. 

  2156.     }
    2157. 

  2157. 

  2158.     /**
    2159. 

  2159.      * Return a list of the languages the server supports, when sending stuff to the client.
    2160. 

  2160.      *
    2161. 

  2161.      * @return Array
    2162. 

  2162.      * @access public
    2163. 

  2163.      */
    2164. 

  2164.     function getLanguagesServer2Client()
    2165. 

  2165.     {
    2166. 

  2166.         return $this->languages_server_to_client;
    2167. 

  2167.     }
    2168. 

  2168. 

  2169.     /**
    2170. 

  2170.      * Return a list of the languages the server supports, when receiving stuff from the client.
    2171. 

  2171.      *
    2172. 

  2172.      * @return Array
    2173. 

  2173.      * @access public
    2174. 

  2174.      */
    2175. 

  2175.     function getLanguagesClient2Server()
    2176. 

  2176.     {
    2177. 

  2177.         return $this->languages_client_to_server;
    2178. 

  2178.     }
    2179. 

  2179. 

  2180.     /**
    2181. 

  2181.      * Returns the server public host key.
    2182. 

  2182.      *
    2183. 

  2183.      * Caching this the first time you connect to a server and checking the result on subsequent connections
    2184. 

  2184.      * is recommended.  Returns false if the server signature is not signed correctly with the public host key.
    2185. 

  2185.      *
    2186. 

  2186.      * @return Mixed
    2187. 

  2187.      * @access public
    2188. 

  2188.      */
    2189. 

  2189.     function getServerPublicHostKey()
    2190. 

  2190.     {
    2191. 

  2191.         $signature = $this->signature;
    2192. 

  2192.         $server_public_host_key = $this->server_public_host_key;
    2193. 

  2193. 

  2194.         extract(unpack('Nlength', $this->_string_shift($server_public_host_key, 4)));
    2195. 

  2195.         $this->_string_shift($server_public_host_key, $length);
    2196. 

  2196. 

  2197.         switch ($this->signature_format) {
    2198. 

  2198.             case 'ssh-dss':
    2199. 

  2199.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2200. 

  2200.                 $p = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2201. 

  2201. 

  2202.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2203. 

  2203.                 $q = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2204. 

  2204. 

  2205.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2206. 

  2206.                 $g = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2207. 

  2207. 

  2208.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2209. 

  2209.                 $y = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2210. 

  2210. 

  2211.                 /* The value for 'dss_signature_blob' is encoded as a string containing
    2212. 

  2212.                    r, followed by s (which are 160-bit integers, without lengths or
    2213. 

  2213.                    padding, unsigned, and in network byte order). */
    2214. 

  2214.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    2215. 

  2215.                 if ($temp['length'] != 40) {
    2216. 

  2216.                     user_error('Invalid signature', E_USER_NOTICE);
    2217. 

  2217.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    2218. 

  2218.                 }
    2219. 

  2219. 

  2220.                 $r = new Math_BigInteger($this->_string_shift($signature, 20), 256);
    2221. 

  2221.                 $s = new Math_BigInteger($this->_string_shift($signature, 20), 256);
    2222. 

  2222. 

  2223.                 if ($r->compare($q) >= 0 || $s->compare($q) >= 0) {
    2224. 

  2224.                     user_error('Invalid signature', E_USER_NOTICE);
    2225. 

  2225.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    2226. 

  2226.                 }
    2227. 

  2227. 

  2228.                 $w = $s->modInverse($q);
    2229. 

  2229. 

  2230.                 $u1 = $w->multiply(new Math_BigInteger(sha1($this->session_id), 16));
    2231. 

  2231.                 list(, $u1) = $u1->divide($q);
    2232. 

  2232. 

  2233.                 $u2 = $w->multiply($r);
    2234. 

  2234.                 list(, $u2) = $u2->divide($q);
    2235. 

  2235. 

  2236.                 $g = $g->modPow($u1, $p);
    2237. 

  2237.                 $y = $y->modPow($u2, $p);
    2238. 

  2238. 

  2239.                 $v = $g->multiply($y);
    2240. 

  2240.                 list(, $v) = $v->divide($p);
    2241. 

  2241.                 list(, $v) = $v->divide($q);
    2242. 

  2242. 

  2243.                 if (!$v->equals($r)) {
    2244. 

  2244.                     user_error('Bad server signature', E_USER_NOTICE);
    2245. 

  2245.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    2246. 

  2246.                 }
    2247. 

  2247. 

  2248.                 break;
    2249. 

  2249.             case 'ssh-rsa':
    2250. 

  2250.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2251. 

  2251.                 $e = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2252. 

  2252. 

  2253.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2254. 

  2254.                 $n = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2255. 

  2255.                 $nLength = $temp['length'];
    2256. 

  2256. 

  2257.                 /*
    2258. 

  2258.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    2259. 

  2259.                 $signature = $this->_string_shift($signature, $temp['length']);
    2260. 

    2261. 

  2261.                 if (!class_exists('Crypt_RSA')) {
    2262. 

  2262.                     require_once('Crypt/RSA.php');
    2263. 

  2263.                 }
    2264. 

    2265. 

  2265.                 $rsa = new Crypt_RSA();
    2266. 

  2266.                 $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
    2267. 

  2267.                 $rsa->loadKey(array('e' => $e, 'n' => $n), CRYPT_RSA_PUBLIC_FORMAT_RAW);
    2268. 

  2268.                 if (!$rsa->verify($this->session_id, $signature)) {
    2269. 

  2269.                     user_error('Bad server signature', E_USER_NOTICE);
    2270. 

  2270.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    2271. 

  2271.                 }
    2272. 

  2272.                 */
    2273. 

  2273. 

  2274.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    2275. 

  2275.                 $s = new Math_BigInteger($this->_string_shift($signature, $temp['length']), 256);
    2276. 

  2276. 

  2277.                 // validate an RSA signature per "8.2 RSASSA-PKCS1-v1_5", "5.2.2 RSAVP1", and "9.1 EMSA-PSS" in the
    2278. 

  2278.                 // following URL:
    2279. 

  2279.                 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
    2280. 

  2280. 

  2281.                 // also, see SSHRSA.c (rsa2_verifysig) in PuTTy's source.
    2282. 

  2282. 

  2283.                 if ($s->compare(new Math_BigInteger()) < 0 || $s->compare($n->subtract(new Math_BigInteger(1))) > 0) {
    2284. 

  2284.                     user_error('Invalid signature', E_USER_NOTICE);
    2285. 

  2285.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    2286. 

  2286.                 }
    2287. 

  2287. 

  2288.                 $s = $s->modPow($e, $n);
    2289. 

  2289.                 $s = $s->toBytes();
    2290. 

  2290. 

  2291.                 $h = pack('N4H*', 0x00302130, 0x0906052B, 0x0E03021A, 0x05000414, sha1($this->session_id));
    2292. 

  2292.                 $h = chr(0x01) . str_repeat(chr(0xFF), $nLength - 3 - strlen($h)) . $h;
    2293. 

  2293. 

  2294.                 if ($s != $h) {
    2295. 

  2295.                     user_error('Bad server signature', E_USER_NOTICE);
    2296. 

  2296.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    2297. 

  2297.                 }
    2298. 

  2298.         }
    2299. 

  2299. 

  2300.         return $this->server_public_host_key;
    2301. 

  2301.     }
    2302. 

  2302. }
    2303. 

  2303.