PageRenderTime 60ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/system/expressionengine/third_party/updater/libraries/phpseclib/Net/SSH2.php

https://bitbucket.org/studiobreakfast/sync
PHP | 2659 lines | 1408 code | 321 blank | 930 comment | 227 complexity | 7b74b23941e07be4e74004b2552e82e3 MD5 | raw file
    

  1. <?php
    2. 

  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
    3. 

  3. 

  4. /**
    5. 

  5.  * Pure-PHP implementation of SSHv2.
    6. 

  6.  *
    7. 

  7.  * PHP versions 4 and 5
    8. 

  8.  *
    9. 

  9.  * Here are some examples of how to use this library:
    10. 

  10.  * <code>
    11. 

  11.  * <?php
    12. 

  12.  *    include('Net/SSH2.php');
    13. 

  13.  *
    14. 

  14.  *    $ssh = new Net_SSH2('www.domain.tld');
    15. 

  15.  *    if (!$ssh->login('username', 'password')) {
    16. 

  16.  *        exit('Login Failed');
    17. 

  17.  *    }
    18. 

  18.  *
    19. 

  19.  *    echo $ssh->exec('pwd');
    20. 

  20.  *    echo $ssh->exec('ls -la');
    21. 

  21.  * ?>
    22. 

  22.  * </code>
    23. 

  23.  *
    24. 

  24.  * <code>
    25. 

  25.  * <?php
    26. 

  26.  *    include('Crypt/RSA.php');
    27. 

  27.  *    include('Net/SSH2.php');
    28. 

  28.  *
    29. 

  29.  *    $key = new Crypt_RSA();
    30. 

  30.  *    //$key->setPassword('whatever');
    31. 

  31.  *    $key->loadKey(file_get_contents('privatekey'));
    32. 

  32.  *
    33. 

  33.  *    $ssh = new Net_SSH2('www.domain.tld');
    34. 

  34.  *    if (!$ssh->login('username', $key)) {
    35. 

  35.  *        exit('Login Failed');
    36. 

  36.  *    }
    37. 

  37.  *
    38. 

  38.  *    echo $ssh->read('username@username:~$');
    39. 

  39.  *    $ssh->write("ls -la\n");
    40. 

  40.  *    echo $ssh->read('username@username:~$');
    41. 

  41.  * ?>
    42. 

  42.  * </code>
    43. 

  43.  *
    44. 

  44.  * LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
    45. 

  45.  * of this software and associated documentation files (the "Software"), to deal
    46. 

  46.  * in the Software without restriction, including without limitation the rights
    47. 

  47.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    48. 

  48.  * copies of the Software, and to permit persons to whom the Software is
    49. 

  49.  * furnished to do so, subject to the following conditions:
    50. 

  50.  * 
    51. 

  51.  * The above copyright notice and this permission notice shall be included in
    52. 

  52.  * all copies or substantial portions of the Software.
    53. 

  53.  * 
    54. 

  54.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    55. 

  55.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    56. 

  56.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    57. 

  57.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    58. 

  58.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    59. 

  59.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    60. 

  60.  * THE SOFTWARE.
    61. 

  61.  *
    62. 

  62.  * @category   Net
    63. 

  63.  * @package    Net_SSH2
    64. 

  64.  * @author     Jim Wigginton <terrafrost@php.net>
    65. 

  65.  * @copyright  MMVII Jim Wigginton
    66. 

  66.  * @license    http://www.opensource.org/licenses/mit-license.html  MIT License
    67. 

  67.  * @version    $Id: SSH2.php,v 1.53 2010-10-24 01:24:30 terrafrost Exp $
    68. 

  68.  * @link       http://phpseclib.sourceforge.net
    69. 

  69.  */
    70. 

  70. 

  71. /**
    72. 

  72.  * Include Math_BigInteger
    73. 

  73.  *
    74. 

  74.  * Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
    75. 

  75.  */
    76. 

  76. require_once(dirname(dirname(__FILE__)).'/Math/BigInteger.php');
    77. 

  77. 

  78. /**
    79. 

  79.  * Include Crypt_Random
    80. 

  80.  */
    81. 

  81. require_once(dirname(dirname(__FILE__)).'/Crypt/Random.php');
    82. 

  82. 

  83. /**
    84. 

  84.  * Include Crypt_Hash
    85. 

  85.  */
    86. 

  86. require_once(dirname(dirname(__FILE__)).'/Crypt/Hash.php');
    87. 

  87. 

  88. /**
    89. 

  89.  * Include Crypt_TripleDES
    90. 

  90.  */
    91. 

  91. require_once(dirname(dirname(__FILE__)).'/Crypt/TripleDES.php');
    92. 

  92. 

  93. /**
    94. 

  94.  * Include Crypt_RC4
    95. 

  95.  */
    96. 

  96. require_once(dirname(dirname(__FILE__)).'/Crypt/RC4.php');
    97. 

  97. 

  98. /**
    99. 

  99.  * Include Crypt_AES
    100. 

  100.  */
    101. 

  101. require_once(dirname(dirname(__FILE__)).'/Crypt/AES.php');
    102. 

  102. 

  103. /**#@+
    104. 

  104.  * Execution Bitmap Masks
    105. 

  105.  *
    106. 

  106.  * @see Net_SSH2::bitmap
    107. 

  107.  * @access private
    108. 

  108.  */
    109. 

  109. define('NET_SSH2_MASK_CONSTRUCTOR', 0x00000001);
    110. 

  110. define('NET_SSH2_MASK_LOGIN',       0x00000002);
    111. 

  111. define('NET_SSH2_MASK_SHELL',       0x00000004);
    112. 

  112. /**#@-*/
    113. 

  113. 

  114. /**#@+
    115. 

  115.  * Channel constants
    116. 

  116.  *
    117. 

  117.  * RFC4254 refers not to client and server channels but rather to sender and recipient channels.  we don't refer
    118. 

  118.  * to them in that way because RFC4254 toggles the meaning. the client sends a SSH_MSG_CHANNEL_OPEN message with
    119. 

  119.  * a sender channel and the server sends a SSH_MSG_CHANNEL_OPEN_CONFIRMATION in response, with a sender and a
    120. 

  120.  * recepient channel.  at first glance, you might conclude that SSH_MSG_CHANNEL_OPEN_CONFIRMATION's sender channel
    121. 

  121.  * would be the same thing as SSH_MSG_CHANNEL_OPEN's sender channel, but it's not, per this snipet:
    122. 

  122.  *     The 'recipient channel' is the channel number given in the original
    123. 

  123.  *     open request, and 'sender channel' is the channel number allocated by
    124. 

  124.  *     the other side.
    125. 

  125.  *
    126. 

  126.  * @see Net_SSH2::_send_channel_packet()
    127. 

  127.  * @see Net_SSH2::_get_channel_packet()
    128. 

  128.  * @access private
    129. 

  129.  */
    130. 

  130. define('NET_SSH2_CHANNEL_EXEC', 0); // PuTTy uses 0x100
    131. 

  131. define('NET_SSH2_CHANNEL_SHELL',1);
    132. 

  132. /**#@-*/
    133. 

  133. 

  134. /**#@+
    135. 

  135.  * @access public
    136. 

  136.  * @see Net_SSH2::getLog()
    137. 

  137.  */
    138. 

  138. /**
    139. 

  139.  * Returns the message numbers
    140. 

  140.  */
    141. 

  141. define('NET_SSH2_LOG_SIMPLE',  1);
    142. 

  142. /**
    143. 

  143.  * Returns the message content
    144. 

  144.  */
    145. 

  145. define('NET_SSH2_LOG_COMPLEX', 2);
    146. 

  146. /**#@-*/
    147. 

  147. 

  148. /**#@+
    149. 

  149.  * @access public
    150. 

  150.  * @see Net_SSH2::read()
    151. 

  151.  */
    152. 

  152. /**
    153. 

  153.  * Returns when a string matching $expect exactly is found
    154. 

  154.  */
    155. 

  155. define('NET_SSH2_READ_SIMPLE',  1);
    156. 

  156. /**
    157. 

  157.  * Returns when a string matching the regular expression $expect is found
    158. 

  158.  */
    159. 

  159. define('NET_SSH2_READ_REGEX', 2);
    160. 

  160. /**#@-*/
    161. 

  161. 

  162. /**
    163. 

  163.  * Pure-PHP implementation of SSHv2.
    164. 

  164.  *
    165. 

  165.  * @author  Jim Wigginton <terrafrost@php.net>
    166. 

  166.  * @version 0.1.0
    167. 

  167.  * @access  public
    168. 

  168.  * @package Net_SSH2
    169. 

  169.  */
    170. 

  170. class Net_SSH2 {
    171. 

  171.     /**
    172. 

  172.      * The SSH identifier
    173. 

  173.      *
    174. 

  174.      * @var String
    175. 

  175.      * @access private
    176. 

  176.      */
    177. 

  177.     var $identifier = 'SSH-2.0-phpseclib_0.2';
    178. 

  178. 

  179.     /**
    180. 

  180.      * The Socket Object
    181. 

  181.      *
    182. 

  182.      * @var Object
    183. 

  183.      * @access private
    184. 

  184.      */
    185. 

  185.     var $fsock;
    186. 

  186. 

  187.     /**
    188. 

  188.      * Execution Bitmap
    189. 

  189.      *
    190. 

  190.      * The bits that are set reprsent functions that have been called already.  This is used to determine
    191. 

  191.      * if a requisite function has been successfully executed.  If not, an error should be thrown.
    192. 

  192.      *
    193. 

  193.      * @var Integer
    194. 

  194.      * @access private
    195. 

  195.      */
    196. 

  196.     var $bitmap = 0;
    197. 

  197. 

  198.     /**
    199. 

  199.      * Error information
    200. 

  200.      *
    201. 

  201.      * @see Net_SSH2::getErrors()
    202. 

  202.      * @see Net_SSH2::getLastError()
    203. 

  203.      * @var String
    204. 

  204.      * @access private
    205. 

  205.      */
    206. 

  206.     var $errors = array();
    207. 

  207. 

  208.     /**
    209. 

  209.      * Server Identifier
    210. 

  210.      *
    211. 

  211.      * @see Net_SSH2::getServerIdentification()
    212. 

  212.      * @var String
    213. 

  213.      * @access private
    214. 

  214.      */
    215. 

  215.     var $server_identifier = '';
    216. 

  216. 

  217.     /**
    218. 

  218.      * Key Exchange Algorithms
    219. 

  219.      *
    220. 

  220.      * @see Net_SSH2::getKexAlgorithims()
    221. 

  221.      * @var Array
    222. 

  222.      * @access private
    223. 

  223.      */
    224. 

  224.     var $kex_algorithms;
    225. 

  225. 

  226.     /**
    227. 

  227.      * Server Host Key Algorithms
    228. 

  228.      *
    229. 

  229.      * @see Net_SSH2::getServerHostKeyAlgorithms()
    230. 

  230.      * @var Array
    231. 

  231.      * @access private
    232. 

  232.      */
    233. 

  233.     var $server_host_key_algorithms;
    234. 

  234. 

  235.     /**
    236. 

  236.      * Encryption Algorithms: Client to Server
    237. 

  237.      *
    238. 

  238.      * @see Net_SSH2::getEncryptionAlgorithmsClient2Server()
    239. 

  239.      * @var Array
    240. 

  240.      * @access private
    241. 

  241.      */
    242. 

  242.     var $encryption_algorithms_client_to_server;
    243. 

  243. 

  244.     /**
    245. 

  245.      * Encryption Algorithms: Server to Client
    246. 

  246.      *
    247. 

  247.      * @see Net_SSH2::getEncryptionAlgorithmsServer2Client()
    248. 

  248.      * @var Array
    249. 

  249.      * @access private
    250. 

  250.      */
    251. 

  251.     var $encryption_algorithms_server_to_client;
    252. 

  252. 

  253.     /**
    254. 

  254.      * MAC Algorithms: Client to Server
    255. 

  255.      *
    256. 

  256.      * @see Net_SSH2::getMACAlgorithmsClient2Server()
    257. 

  257.      * @var Array
    258. 

  258.      * @access private
    259. 

  259.      */
    260. 

  260.     var $mac_algorithms_client_to_server;
    261. 

  261. 

  262.     /**
    263. 

  263.      * MAC Algorithms: Server to Client
    264. 

  264.      *
    265. 

  265.      * @see Net_SSH2::getMACAlgorithmsServer2Client()
    266. 

  266.      * @var Array
    267. 

  267.      * @access private
    268. 

  268.      */
    269. 

  269.     var $mac_algorithms_server_to_client;
    270. 

  270. 

  271.     /**
    272. 

  272.      * Compression Algorithms: Client to Server
    273. 

  273.      *
    274. 

  274.      * @see Net_SSH2::getCompressionAlgorithmsClient2Server()
    275. 

  275.      * @var Array
    276. 

  276.      * @access private
    277. 

  277.      */
    278. 

  278.     var $compression_algorithms_client_to_server;
    279. 

  279. 

  280.     /**
    281. 

  281.      * Compression Algorithms: Server to Client
    282. 

  282.      *
    283. 

  283.      * @see Net_SSH2::getCompressionAlgorithmsServer2Client()
    284. 

  284.      * @var Array
    285. 

  285.      * @access private
    286. 

  286.      */
    287. 

  287.     var $compression_algorithms_server_to_client;
    288. 

  288. 

  289.     /**
    290. 

  290.      * Languages: Server to Client
    291. 

  291.      *
    292. 

  292.      * @see Net_SSH2::getLanguagesServer2Client()
    293. 

  293.      * @var Array
    294. 

  294.      * @access private
    295. 

  295.      */
    296. 

  296.     var $languages_server_to_client;
    297. 

  297. 

  298.     /**
    299. 

  299.      * Languages: Client to Server
    300. 

  300.      *
    301. 

  301.      * @see Net_SSH2::getLanguagesClient2Server()
    302. 

  302.      * @var Array
    303. 

  303.      * @access private
    304. 

  304.      */
    305. 

  305.     var $languages_client_to_server;
    306. 

  306. 

  307.     /**
    308. 

  308.      * Block Size for Server to Client Encryption
    309. 

  309.      *
    310. 

  310.      * "Note that the length of the concatenation of 'packet_length',
    311. 

  311.      *  'padding_length', 'payload', and 'random padding' MUST be a multiple
    312. 

  312.      *  of the cipher block size or 8, whichever is larger.  This constraint
    313. 

  313.      *  MUST be enforced, even when using stream ciphers."
    314. 

  314.      *
    315. 

  315.      *  -- http://tools.ietf.org/html/rfc4253#section-6
    316. 

  316.      *
    317. 

  317.      * @see Net_SSH2::Net_SSH2()
    318. 

  318.      * @see Net_SSH2::_send_binary_packet()
    319. 

  319.      * @var Integer
    320. 

  320.      * @access private
    321. 

  321.      */
    322. 

  322.     var $encrypt_block_size = 8;
    323. 

  323. 

  324.     /**
    325. 

  325.      * Block Size for Client to Server Encryption
    326. 

  326.      *
    327. 

  327.      * @see Net_SSH2::Net_SSH2()
    328. 

  328.      * @see Net_SSH2::_get_binary_packet()
    329. 

  329.      * @var Integer
    330. 

  330.      * @access private
    331. 

  331.      */
    332. 

  332.     var $decrypt_block_size = 8;
    333. 

  333. 

  334.     /**
    335. 

  335.      * Server to Client Encryption Object
    336. 

  336.      *
    337. 

  337.      * @see Net_SSH2::_get_binary_packet()
    338. 

  338.      * @var Object
    339. 

  339.      * @access private
    340. 

  340.      */
    341. 

  341.     var $decrypt = false;
    342. 

  342. 

  343.     /**
    344. 

  344.      * Client to Server Encryption Object
    345. 

  345.      *
    346. 

  346.      * @see Net_SSH2::_send_binary_packet()
    347. 

  347.      * @var Object
    348. 

  348.      * @access private
    349. 

  349.      */
    350. 

  350.     var $encrypt = false;
    351. 

  351. 

  352.     /**
    353. 

  353.      * Client to Server HMAC Object
    354. 

  354.      *
    355. 

  355.      * @see Net_SSH2::_send_binary_packet()
    356. 

  356.      * @var Object
    357. 

  357.      * @access private
    358. 

  358.      */
    359. 

  359.     var $hmac_create = false;
    360. 

  360. 

  361.     /**
    362. 

  362.      * Server to Client HMAC Object
    363. 

  363.      *
    364. 

  364.      * @see Net_SSH2::_get_binary_packet()
    365. 

  365.      * @var Object
    366. 

  366.      * @access private
    367. 

  367.      */
    368. 

  368.     var $hmac_check = false;
    369. 

  369. 

  370.     /**
    371. 

  371.      * Size of server to client HMAC
    372. 

  372.      *
    373. 

  373.      * We need to know how big the HMAC will be for the server to client direction so that we know how many bytes to read.
    374. 

  374.      * For the client to server side, the HMAC object will make the HMAC as long as it needs to be.  All we need to do is
    375. 

  375.      * append it.
    376. 

  376.      *
    377. 

  377.      * @see Net_SSH2::_get_binary_packet()
    378. 

  378.      * @var Integer
    379. 

  379.      * @access private
    380. 

  380.      */
    381. 

  381.     var $hmac_size = false;
    382. 

  382. 

  383.     /**
    384. 

  384.      * Server Public Host Key
    385. 

  385.      *
    386. 

  386.      * @see Net_SSH2::getServerPublicHostKey()
    387. 

  387.      * @var String
    388. 

  388.      * @access private
    389. 

  389.      */
    390. 

  390.     var $server_public_host_key;
    391. 

  391. 

  392.     /**
    393. 

  393.      * Session identifer
    394. 

  394.      *
    395. 

  395.      * "The exchange hash H from the first key exchange is additionally
    396. 

  396.      *  used as the session identifier, which is a unique identifier for
    397. 

  397.      *  this connection."
    398. 

  398.      *
    399. 

  399.      *  -- http://tools.ietf.org/html/rfc4253#section-7.2
    400. 

  400.      *
    401. 

  401.      * @see Net_SSH2::_key_exchange()
    402. 

  402.      * @var String
    403. 

  403.      * @access private
    404. 

  404.      */
    405. 

  405.     var $session_id = false;
    406. 

  406. 

  407.     /**
    408. 

  408.      * Exchange hash
    409. 

  409.      *
    410. 

  410.      * The current exchange hash
    411. 

  411.      *
    412. 

  412.      * @see Net_SSH2::_key_exchange()
    413. 

  413.      * @var String
    414. 

  414.      * @access private
    415. 

  415.      */
    416. 

  416.     var $exchange_hash = false;
    417. 

  417. 

  418.     /**
    419. 

  419.      * Message Numbers
    420. 

  420.      *
    421. 

  421.      * @see Net_SSH2::Net_SSH2()
    422. 

  422.      * @var Array
    423. 

  423.      * @access private
    424. 

  424.      */
    425. 

  425.     var $message_numbers = array();
    426. 

  426. 

  427.     /**
    428. 

  428.      * Disconnection Message 'reason codes' defined in RFC4253
    429. 

  429.      *
    430. 

  430.      * @see Net_SSH2::Net_SSH2()
    431. 

  431.      * @var Array
    432. 

  432.      * @access private
    433. 

  433.      */
    434. 

  434.     var $disconnect_reasons = array();
    435. 

  435. 

  436.     /**
    437. 

  437.      * SSH_MSG_CHANNEL_OPEN_FAILURE 'reason codes', defined in RFC4254
    438. 

  438.      *
    439. 

  439.      * @see Net_SSH2::Net_SSH2()
    440. 

  440.      * @var Array
    441. 

  441.      * @access private
    442. 

  442.      */
    443. 

  443.     var $channel_open_failure_reasons = array();
    444. 

  444. 

  445.     /**
    446. 

  446.      * Terminal Modes
    447. 

  447.      *
    448. 

  448.      * @link http://tools.ietf.org/html/rfc4254#section-8
    449. 

  449.      * @see Net_SSH2::Net_SSH2()
    450. 

  450.      * @var Array
    451. 

  451.      * @access private
    452. 

  452.      */
    453. 

  453.     var $terminal_modes = array();
    454. 

  454. 

  455.     /**
    456. 

  456.      * SSH_MSG_CHANNEL_EXTENDED_DATA's data_type_codes
    457. 

  457.      *
    458. 

  458.      * @link http://tools.ietf.org/html/rfc4254#section-5.2
    459. 

  459.      * @see Net_SSH2::Net_SSH2()
    460. 

  460.      * @var Array
    461. 

  461.      * @access private
    462. 

  462.      */
    463. 

  463.     var $channel_extended_data_type_codes = array();
    464. 

  464. 

  465.     /**
    466. 

  466.      * Send Sequence Number
    467. 

  467.      *
    468. 

  468.      * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
    469. 

  469.      *
    470. 

  470.      * @see Net_SSH2::_send_binary_packet()
    471. 

  471.      * @var Integer
    472. 

  472.      * @access private
    473. 

  473.      */
    474. 

  474.     var $send_seq_no = 0;
    475. 

  475. 

  476.     /**
    477. 

  477.      * Get Sequence Number
    478. 

  478.      *
    479. 

  479.      * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
    480. 

  480.      *
    481. 

  481.      * @see Net_SSH2::_get_binary_packet()
    482. 

  482.      * @var Integer
    483. 

  483.      * @access private
    484. 

  484.      */
    485. 

  485.     var $get_seq_no = 0;
    486. 

  486. 

  487.     /**
    488. 

  488.      * Server Channels
    489. 

  489.      *
    490. 

  490.      * Maps client channels to server channels
    491. 

  491.      *
    492. 

  492.      * @see Net_SSH2::_get_channel_packet()
    493. 

  493.      * @see Net_SSH2::exec()
    494. 

  494.      * @var Array
    495. 

  495.      * @access private
    496. 

  496.      */
    497. 

  497.     var $server_channels = array();
    498. 

  498. 

  499.     /**
    500. 

  500.      * Channel Buffers
    501. 

  501.      *
    502. 

  502.      * If a client requests a packet from one channel but receives two packets from another those packets should
    503. 

  503.      * be placed in a buffer
    504. 

  504.      *
    505. 

  505.      * @see Net_SSH2::_get_channel_packet()
    506. 

  506.      * @see Net_SSH2::exec()
    507. 

  507.      * @var Array
    508. 

  508.      * @access private
    509. 

  509.      */
    510. 

  510.     var $channel_buffers = array();
    511. 

  511. 

  512.     /**
    513. 

  513.      * Channel Status
    514. 

  514.      *
    515. 

  515.      * Contains the type of the last sent message
    516. 

  516.      *
    517. 

  517.      * @see Net_SSH2::_get_channel_packet()
    518. 

  518.      * @var Array
    519. 

  519.      * @access private
    520. 

  520.      */
    521. 

  521.     var $channel_status = array();
    522. 

  522. 

  523.     /**
    524. 

  524.      * Packet Size
    525. 

  525.      *
    526. 

  526.      * Maximum packet size indexed by channel
    527. 

  527.      *
    528. 

  528.      * @see Net_SSH2::_send_channel_packet()
    529. 

  529.      * @var Array
    530. 

  530.      * @access private
    531. 

  531.      */
    532. 

  532.     var $packet_size_client_to_server = array();
    533. 

  533. 

  534.     /**
    535. 

  535.      * Message Number Log
    536. 

  536.      *
    537. 

  537.      * @see Net_SSH2::getLog()
    538. 

  538.      * @var Array
    539. 

  539.      * @access private
    540. 

  540.      */
    541. 

  541.     var $message_number_log = array();
    542. 

  542. 

  543.     /**
    544. 

  544.      * Message Log
    545. 

  545.      *
    546. 

  546.      * @see Net_SSH2::getLog()
    547. 

  547.      * @var Array
    548. 

  548.      * @access private
    549. 

  549.      */
    550. 

  550.     var $message_log = array();
    551. 

  551. 

  552.     /**
    553. 

  553.      * The Window Size
    554. 

  554.      *
    555. 

  555.      * Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 4GB)
    556. 

  556.      *
    557. 

  557.      * @var Integer
    558. 

  558.      * @see Net_SSH2::_send_channel_packet()
    559. 

  559.      * @see Net_SSH2::exec()
    560. 

  560.      * @access private
    561. 

  561.      */
    562. 

  562.     var $window_size = 0x7FFFFFFF;
    563. 

  563. 

  564.     /**
    565. 

  565.      * Window size
    566. 

  566.      *
    567. 

  567.      * Window size indexed by channel
    568. 

  568.      *
    569. 

  569.      * @see Net_SSH2::_send_channel_packet()
    570. 

  570.      * @var Array
    571. 

  571.      * @access private
    572. 

  572.      */
    573. 

  573.     var $window_size_client_to_server = array();
    574. 

  574. 

  575.     /**
    576. 

  576.      * Server signature
    577. 

  577.      *
    578. 

  578.      * Verified against $this->session_id
    579. 

  579.      *
    580. 

  580.      * @see Net_SSH2::getServerPublicHostKey()
    581. 

  581.      * @var String
    582. 

  582.      * @access private
    583. 

  583.      */
    584. 

  584.     var $signature = '';
    585. 

  585. 

  586.     /**
    587. 

  587.      * Server signature format
    588. 

  588.      *
    589. 

  589.      * ssh-rsa or ssh-dss.
    590. 

  590.      *
    591. 

  591.      * @see Net_SSH2::getServerPublicHostKey()
    592. 

  592.      * @var String
    593. 

  593.      * @access private
    594. 

  594.      */
    595. 

  595.     var $signature_format = '';
    596. 

  596. 

  597.     /**
    598. 

  598.      * Interactive Buffer
    599. 

  599.      *
    600. 

  600.      * @see Net_SSH2::read()
    601. 

  601.      * @var Array
    602. 

  602.      * @access private
    603. 

  603.      */
    604. 

  604.     var $interactiveBuffer = '';
    605. 

  605. 

  606.     /**
    607. 

  607.      * Default Constructor.
    608. 

  608.      *
    609. 

  609.      * Connects to an SSHv2 server
    610. 

  610.      *
    611. 

  611.      * @param String $host
    612. 

  612.      * @param optional Integer $port
    613. 

  613.      * @param optional Integer $timeout
    614. 

  614.      * @return Net_SSH2
    615. 

  615.      * @access public
    616. 

  616.      */
    617. 

  617.     function Net_SSH2($host, $port = 22, $timeout = 10)
    618. 

  618.     {
    619. 

  619.         $this->message_numbers = array(
    620. 

  620.             1 => 'NET_SSH2_MSG_DISCONNECT',
    621. 

  621.             2 => 'NET_SSH2_MSG_IGNORE',
    622. 

  622.             3 => 'NET_SSH2_MSG_UNIMPLEMENTED',
    623. 

  623.             4 => 'NET_SSH2_MSG_DEBUG',
    624. 

  624.             5 => 'NET_SSH2_MSG_SERVICE_REQUEST',
    625. 

  625.             6 => 'NET_SSH2_MSG_SERVICE_ACCEPT',
    626. 

  626.             20 => 'NET_SSH2_MSG_KEXINIT',
    627. 

  627.             21 => 'NET_SSH2_MSG_NEWKEYS',
    628. 

  628.             30 => 'NET_SSH2_MSG_KEXDH_INIT',
    629. 

  629.             31 => 'NET_SSH2_MSG_KEXDH_REPLY',
    630. 

  630.             50 => 'NET_SSH2_MSG_USERAUTH_REQUEST',
    631. 

  631.             51 => 'NET_SSH2_MSG_USERAUTH_FAILURE',
    632. 

  632.             52 => 'NET_SSH2_MSG_USERAUTH_SUCCESS',
    633. 

  633.             53 => 'NET_SSH2_MSG_USERAUTH_BANNER',
    634. 

  634. 

  635.             80 => 'NET_SSH2_MSG_GLOBAL_REQUEST',
    636. 

  636.             81 => 'NET_SSH2_MSG_REQUEST_SUCCESS',
    637. 

  637.             82 => 'NET_SSH2_MSG_REQUEST_FAILURE',
    638. 

  638.             90 => 'NET_SSH2_MSG_CHANNEL_OPEN',
    639. 

  639.             91 => 'NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION',
    640. 

  640.             92 => 'NET_SSH2_MSG_CHANNEL_OPEN_FAILURE',
    641. 

  641.             93 => 'NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST',
    642. 

  642.             94 => 'NET_SSH2_MSG_CHANNEL_DATA',
    643. 

  643.             95 => 'NET_SSH2_MSG_CHANNEL_EXTENDED_DATA',
    644. 

  644.             96 => 'NET_SSH2_MSG_CHANNEL_EOF',
    645. 

  645.             97 => 'NET_SSH2_MSG_CHANNEL_CLOSE',
    646. 

  646.             98 => 'NET_SSH2_MSG_CHANNEL_REQUEST',
    647. 

  647.             99 => 'NET_SSH2_MSG_CHANNEL_SUCCESS',
    648. 

  648.             100 => 'NET_SSH2_MSG_CHANNEL_FAILURE'
    649. 

  649.         );
    650. 

  650.         $this->disconnect_reasons = array(
    651. 

  651.             1 => 'NET_SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT',
    652. 

  652.             2 => 'NET_SSH2_DISCONNECT_PROTOCOL_ERROR',
    653. 

  653.             3 => 'NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED',
    654. 

  654.             4 => 'NET_SSH2_DISCONNECT_RESERVED',
    655. 

  655.             5 => 'NET_SSH2_DISCONNECT_MAC_ERROR',
    656. 

  656.             6 => 'NET_SSH2_DISCONNECT_COMPRESSION_ERROR',
    657. 

  657.             7 => 'NET_SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE',
    658. 

  658.             8 => 'NET_SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED',
    659. 

  659.             9 => 'NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE',
    660. 

  660.             10 => 'NET_SSH2_DISCONNECT_CONNECTION_LOST',
    661. 

  661.             11 => 'NET_SSH2_DISCONNECT_BY_APPLICATION',
    662. 

  662.             12 => 'NET_SSH2_DISCONNECT_TOO_MANY_CONNECTIONS',
    663. 

  663.             13 => 'NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER',
    664. 

  664.             14 => 'NET_SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE',
    665. 

  665.             15 => 'NET_SSH2_DISCONNECT_ILLEGAL_USER_NAME'
    666. 

  666.         );
    667. 

  667.         $this->channel_open_failure_reasons = array(
    668. 

  668.             1 => 'NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED'
    669. 

  669.         );
    670. 

  670.         $this->terminal_modes = array(
    671. 

  671.             0 => 'NET_SSH2_TTY_OP_END'
    672. 

  672.         );
    673. 

  673.         $this->channel_extended_data_type_codes = array(
    674. 

  674.             1 => 'NET_SSH2_EXTENDED_DATA_STDERR'
    675. 

  675.         );
    676. 

  676. 

  677.         $this->_define_array(
    678. 

  678.             $this->message_numbers,
    679. 

  679.             $this->disconnect_reasons,
    680. 

  680.             $this->channel_open_failure_reasons,
    681. 

  681.             $this->terminal_modes,
    682. 

  682.             $this->channel_extended_data_type_codes,
    683. 

  683.             array(60 => 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ'),
    684. 

  684.             array(60 => 'NET_SSH2_MSG_USERAUTH_PK_OK'),
    685. 

  685.             array(60 => 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST',
    686. 

  686.                   61 => 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE')
    687. 

  687.         );
    688. 

  688. 

  689.         $this->fsock = @fsockopen($host, $port, $errno, $errstr, $timeout);
    690. 

  690.         if (!$this->fsock) {
    691. 

  691.             user_error(rtrim("Cannot connect to $host. Error $errno. $errstr"), E_USER_NOTICE);
    692. 

  692.             return;
    693. 

  693.         }
    694. 

  694. 

  695.         /* According to the SSH2 specs,
    696. 

    697. 

  697.           "The server MAY send other lines of data before sending the version
    698. 

  698.            string.  Each line SHOULD be terminated by a Carriage Return and Line
    699. 

  699.            Feed.  Such lines MUST NOT begin with "SSH-", and SHOULD be encoded
    700. 

  700.            in ISO-10646 UTF-8 [RFC3629] (language is not specified).  Clients
    701. 

  701.            MUST be able to process such lines." */
    702. 

  702.         $temp = '';
    703. 

  703.         $extra = '';
    704. 

  704.         while (!feof($this->fsock) && !preg_match('#^SSH-(\d\.\d+)#', $temp, $matches)) {
    705. 

  705.             if (substr($temp, -2) == "\r\n") {
    706. 

  706.                 $extra.= $temp;
    707. 

  707.                 $temp = '';
    708. 

  708.             }
    709. 

  709.             $temp.= fgets($this->fsock, 255);
    710. 

  710.         }
    711. 

  711. 

  712.         if (feof($this->fsock)) {
    713. 

  713.             user_error('Connection closed by server', E_USER_NOTICE);
    714. 

  714.             return false;
    715. 

  715.         }
    716. 

  716. 

  717.         $ext = array();
    718. 

  718.         if (extension_loaded('mcrypt')) {
    719. 

  719.             $ext[] = 'mcrypt';
    720. 

  720.         }
    721. 

  721.         if (extension_loaded('gmp')) {
    722. 

  722.             $ext[] = 'gmp';
    723. 

  723.         } else if (extension_loaded('bcmath')) {
    724. 

  724.             $ext[] = 'bcmath';
    725. 

  725.         }
    726. 

  726. 

  727.         if (!empty($ext)) {
    728. 

  728.             $this->identifier.= ' (' . implode(', ', $ext) . ')';
    729. 

  729.         }
    730. 

  730. 

  731.         if (defined('NET_SSH2_LOGGING')) {
    732. 

  732.             $this->message_number_log[] = '<-';
    733. 

  733.             $this->message_number_log[] = '->';
    734. 

  734. 

  735.             if (NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    736. 

  736.                 $this->message_log[] = $temp;
    737. 

  737.                 $this->message_log[] = $this->identifier . "\r\n";
    738. 

  738.             }
    739. 

  739.         }
    740. 

  740. 

  741.         $this->server_identifier = trim($temp, "\r\n");
    742. 

  742.         if (!empty($extra)) {
    743. 

  743.             $this->errors[] = utf8_decode($extra);
    744. 

  744.         }
    745. 

  745. 

  746.         if ($matches[1] != '1.99' && $matches[1] != '2.0') {
    747. 

  747.             user_error("Cannot connect to SSH $matches[1] servers", E_USER_NOTICE);
    748. 

  748.             return;
    749. 

  749.         }
    750. 

  750. 

  751.         fputs($this->fsock, $this->identifier . "\r\n");
    752. 

  752. 

  753.         $response = $this->_get_binary_packet();
    754. 

  754.         if ($response === false) {
    755. 

  755.             user_error('Connection closed by server', E_USER_NOTICE);
    756. 

  756.             return;
    757. 

  757.         }
    758. 

  758. 

  759.         if (ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
    760. 

  760.             user_error('Expected SSH_MSG_KEXINIT', E_USER_NOTICE);
    761. 

  761.             return;
    762. 

  762.         }
    763. 

  763. 

  764.         if (!$this->_key_exchange($response)) {
    765. 

  765.             return;
    766. 

  766.         }
    767. 

  767. 

  768.         $this->bitmap = NET_SSH2_MASK_CONSTRUCTOR;
    769. 

  769.     }
    770. 

  770. 

  771.     /**
    772. 

  772.      * Key Exchange
    773. 

  773.      *
    774. 

  774.      * @param String $kexinit_payload_server
    775. 

  775.      * @access private
    776. 

  776.      */
    777. 

  777.     function _key_exchange($kexinit_payload_server)
    778. 

  778.     {
    779. 

  779.         static $kex_algorithms = array(
    780. 

  780.             'diffie-hellman-group1-sha1', // REQUIRED
    781. 

  781.             'diffie-hellman-group14-sha1' // REQUIRED
    782. 

  782.         );
    783. 

  783. 

  784.         static $server_host_key_algorithms = array(
    785. 

  785.             'ssh-rsa', // RECOMMENDED  sign   Raw RSA Key
    786. 

  786.             'ssh-dss'  // REQUIRED     sign   Raw DSS Key
    787. 

  787.         );
    788. 

  788. 

  789.         static $encryption_algorithms = array(
    790. 

  790.             // from <http://tools.ietf.org/html/rfc4345#section-4>:
    791. 

  791.             'arcfour256',
    792. 

  792.             'arcfour128',
    793. 

  793. 

  794.             'arcfour',    // OPTIONAL          the ARCFOUR stream cipher with a 128-bit key
    795. 

  795. 

  796.             'aes128-cbc', // RECOMMENDED       AES with a 128-bit key
    797. 

  797.             'aes192-cbc', // OPTIONAL          AES with a 192-bit key
    798. 

  798.             'aes256-cbc', // OPTIONAL          AES in CBC mode, with a 256-bit key
    799. 

  799. 

  800.             // from <http://tools.ietf.org/html/rfc4344#section-4>:
    801. 

  801.             'aes128-ctr', // RECOMMENDED       AES (Rijndael) in SDCTR mode, with 128-bit key
    802. 

  802.             'aes192-ctr', // RECOMMENDED       AES with 192-bit key
    803. 

  803.             'aes256-ctr', // RECOMMENDED       AES with 256-bit key
    804. 

  804.             '3des-ctr',   // RECOMMENDED       Three-key 3DES in SDCTR mode
    805. 

  805. 

  806.             '3des-cbc',   // REQUIRED          three-key 3DES in CBC mode
    807. 

  807.             'none'        // OPTIONAL          no encryption; NOT RECOMMENDED
    808. 

  808.         );
    809. 

  809. 

  810.         static $mac_algorithms = array(
    811. 

  811.             'hmac-sha1-96', // RECOMMENDED     first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)
    812. 

  812.             'hmac-sha1',    // REQUIRED        HMAC-SHA1 (digest length = key length = 20)
    813. 

  813.             'hmac-md5-96',  // OPTIONAL        first 96 bits of HMAC-MD5 (digest length = 12, key length = 16)
    814. 

  814.             'hmac-md5',     // OPTIONAL        HMAC-MD5 (digest length = key length = 16)
    815. 

  815.             'none'          // OPTIONAL        no MAC; NOT RECOMMENDED
    816. 

  816.         );
    817. 

  817. 

  818.         static $compression_algorithms = array(
    819. 

  819.             'none'   // REQUIRED        no compression
    820. 

  820.             //'zlib' // OPTIONAL        ZLIB (LZ77) compression
    821. 

  821.         );
    822. 

  822. 

  823.         static $str_kex_algorithms, $str_server_host_key_algorithms,
    824. 

  824.                $encryption_algorithms_server_to_client, $mac_algorithms_server_to_client, $compression_algorithms_server_to_client,
    825. 

  825.                $encryption_algorithms_client_to_server, $mac_algorithms_client_to_server, $compression_algorithms_client_to_server;
    826. 

  826. 

  827.         if (empty($str_kex_algorithms)) {
    828. 

  828.             $str_kex_algorithms = implode(',', $kex_algorithms);
    829. 

  829.             $str_server_host_key_algorithms = implode(',', $server_host_key_algorithms);
    830. 

  830.             $encryption_algorithms_server_to_client = $encryption_algorithms_client_to_server = implode(',', $encryption_algorithms);
    831. 

  831.             $mac_algorithms_server_to_client = $mac_algorithms_client_to_server = implode(',', $mac_algorithms);
    832. 

  832.             $compression_algorithms_server_to_client = $compression_algorithms_client_to_server = implode(',', $compression_algorithms);
    833. 

  833.         }
    834. 

  834. 

  835.         $client_cookie = '';
    836. 

  836.         for ($i = 0; $i < 16; $i++) {
    837. 

  837.             $client_cookie.= chr(crypt_random(0, 255));
    838. 

  838.         }
    839. 

  839. 

  840.         $response = $kexinit_payload_server;
    841. 

  841.         $this->_string_shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT)
    842. 

  842.         $server_cookie = $this->_string_shift($response, 16);
    843. 

  843. 

  844.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    845. 

  845.         $this->kex_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
    846. 

  846. 

  847.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    848. 

  848.         $this->server_host_key_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
    849. 

  849. 

  850.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    851. 

  851.         $this->encryption_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    852. 

  852. 

  853.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    854. 

  854.         $this->encryption_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    855. 

  855. 

  856.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    857. 

  857.         $this->mac_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    858. 

  858. 

  859.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    860. 

  860.         $this->mac_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    861. 

  861. 

  862.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    863. 

  863.         $this->compression_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    864. 

  864. 

  865.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    866. 

  866.         $this->compression_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    867. 

  867. 

  868.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    869. 

  869.         $this->languages_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    870. 

  870. 

  871.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    872. 

  872.         $this->languages_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    873. 

  873. 

  874.         extract(unpack('Cfirst_kex_packet_follows', $this->_string_shift($response, 1)));
    875. 

  875.         $first_kex_packet_follows = $first_kex_packet_follows != 0;
    876. 

  876. 

  877.         // the sending of SSH2_MSG_KEXINIT could go in one of two places.  this is the second place.
    878. 

  878.         $kexinit_payload_client = pack('Ca*Na*Na*Na*Na*Na*Na*Na*Na*Na*Na*CN',
    879. 

  879.             NET_SSH2_MSG_KEXINIT, $client_cookie, strlen($str_kex_algorithms), $str_kex_algorithms,
    880. 

  880.             strlen($str_server_host_key_algorithms), $str_server_host_key_algorithms, strlen($encryption_algorithms_client_to_server),
    881. 

  881.             $encryption_algorithms_client_to_server, strlen($encryption_algorithms_server_to_client), $encryption_algorithms_server_to_client,
    882. 

  882.             strlen($mac_algorithms_client_to_server), $mac_algorithms_client_to_server, strlen($mac_algorithms_server_to_client),
    883. 

  883.             $mac_algorithms_server_to_client, strlen($compression_algorithms_client_to_server), $compression_algorithms_client_to_server,
    884. 

  884.             strlen($compression_algorithms_server_to_client), $compression_algorithms_server_to_client, 0, '', 0, '',
    885. 

  885.             0, 0
    886. 

  886.         );
    887. 

  887. 

  888.         if (!$this->_send_binary_packet($kexinit_payload_client)) {
    889. 

  889.             return false;
    890. 

  890.         }
    891. 

  891.         // here ends the second place.
    892. 

  892. 

  893.         // we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange
    894. 

  894.         for ($i = 0; $i < count($encryption_algorithms) && !in_array($encryption_algorithms[$i], $this->encryption_algorithms_server_to_client); $i++);
    895. 

  895.         if ($i == count($encryption_algorithms)) {
    896. 

  896.             user_error('No compatible server to client encryption algorithms found', E_USER_NOTICE);
    897. 

  897.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    898. 

  898.         }
    899. 

  899. 

  900.         // we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the
    901. 

  901.         // diffie-hellman key exchange as fast as possible
    902. 

  902.         $decrypt = $encryption_algorithms[$i];
    903. 

  903.         switch ($decrypt) {
    904. 

  904.             case '3des-cbc':
    905. 

  905.             case '3des-ctr':
    906. 

  906.                 $decryptKeyLength = 24; // eg. 192 / 8
    907. 

  907.                 break;
    908. 

  908.             case 'aes256-cbc':
    909. 

  909.             case 'aes256-ctr':
    910. 

  910.                 $decryptKeyLength = 32; // eg. 256 / 8
    911. 

  911.                 break;
    912. 

  912.             case 'aes192-cbc':
    913. 

  913.             case 'aes192-ctr':
    914. 

  914.                 $decryptKeyLength = 24; // eg. 192 / 8
    915. 

  915.                 break;
    916. 

  916.             case 'aes128-cbc':
    917. 

  917.             case 'aes128-ctr':
    918. 

  918.                 $decryptKeyLength = 16; // eg. 128 / 8
    919. 

  919.                 break;
    920. 

  920.             case 'arcfour':
    921. 

  921.             case 'arcfour128':
    922. 

  922.                 $decryptKeyLength = 16; // eg. 128 / 8
    923. 

  923.                 break;
    924. 

  924.             case 'arcfour256':
    925. 

  925.                 $decryptKeyLength = 32; // eg. 128 / 8
    926. 

  926.                 break;
    927. 

  927.             case 'none';
    928. 

  928.                 $decryptKeyLength = 0;
    929. 

  929.         }
    930. 

  930. 

  931.         for ($i = 0; $i < count($encryption_algorithms) && !in_array($encryption_algorithms[$i], $this->encryption_algorithms_client_to_server); $i++);
    932. 

  932.         if ($i == count($encryption_algorithms)) {
    933. 

  933.             user_error('No compatible client to server encryption algorithms found', E_USER_NOTICE);
    934. 

  934.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    935. 

  935.         }
    936. 

  936. 

  937.         $encrypt = $encryption_algorithms[$i];
    938. 

  938.         switch ($encrypt) {
    939. 

  939.             case '3des-cbc':
    940. 

  940.             case '3des-ctr':
    941. 

  941.                 $encryptKeyLength = 24;
    942. 

  942.                 break;
    943. 

  943.             case 'aes256-cbc':
    944. 

  944.             case 'aes256-ctr':
    945. 

  945.                 $encryptKeyLength = 32;
    946. 

  946.                 break;
    947. 

  947.             case 'aes192-cbc':
    948. 

  948.             case 'aes192-ctr':
    949. 

  949.                 $encryptKeyLength = 24;
    950. 

  950.                 break;
    951. 

  951.             case 'aes128-cbc':
    952. 

  952.             case 'aes128-ctr':
    953. 

  953.                 $encryptKeyLength = 16;
    954. 

  954.                 break;
    955. 

  955.             case 'arcfour':
    956. 

  956.             case 'arcfour128':
    957. 

  957.                 $encryptKeyLength = 16;
    958. 

  958.                 break;
    959. 

  959.             case 'arcfour256':
    960. 

  960.                 $encryptKeyLength = 32;
    961. 

  961.                 break;
    962. 

  962.             case 'none';
    963. 

  963.                 $encryptKeyLength = 0;
    964. 

  964.         }
    965. 

  965. 

  966.         $keyLength = $decryptKeyLength > $encryptKeyLength ? $decryptKeyLength : $encryptKeyLength;
    967. 

  967. 

  968.         // through diffie-hellman key exchange a symmetric key is obtained
    969. 

  969.         for ($i = 0; $i < count($kex_algorithms) && !in_array($kex_algorithms[$i], $this->kex_algorithms); $i++);
    970. 

  970.         if ($i == count($kex_algorithms)) {
    971. 

  971.             user_error('No compatible key exchange algorithms found', E_USER_NOTICE);
    972. 

  972.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    973. 

  973.         }
    974. 

  974. 

  975.         switch ($kex_algorithms[$i]) {
    976. 

  976.             // see http://tools.ietf.org/html/rfc2409#section-6.2 and 
    977. 

  977.             // http://tools.ietf.org/html/rfc2412, appendex E
    978. 

  978.             case 'diffie-hellman-group1-sha1':
    979. 

  979.                 $p = pack('H256', 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . 
    980. 

  980.                                   '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . 
    981. 

  981.                                   '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . 
    982. 

  982.                                   'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF');
    983. 

  983.                 $keyLength = $keyLength < 160 ? $keyLength : 160;
    984. 

  984.                 $hash = 'sha1';
    985. 

  985.                 break;
    986. 

  986.             // see http://tools.ietf.org/html/rfc3526#section-3
    987. 

  987.             case 'diffie-hellman-group14-sha1':
    988. 

  988.                 $p = pack('H512', 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . 
    989. 

  989.                                   '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . 
    990. 

  990.                                   '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . 
    991. 

  991.                                   'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . 
    992. 

  992.                                   '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . 
    993. 

  993.                                   '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . 
    994. 

  994.                                   'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . 
    995. 

  995.                                   '3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF');
    996. 

  996.                 $keyLength = $keyLength < 160 ? $keyLength : 160;
    997. 

  997.                 $hash = 'sha1';
    998. 

  998.         }
    999. 

  999. 

  1000.         $p = new Math_BigInteger($p, 256);
    1001. 

  1001.         //$q = $p->bitwise_rightShift(1);
    1002. 

  1002. 

  1003.         /* To increase the speed of the key exchange, both client and server may
    1004. 

  1004.            reduce the size of their private exponents.  It should be at least
    1005. 

  1005.            twice as long as the key material that is generated from the shared
    1006. 

  1006.            secret.  For more details, see the paper by van Oorschot and Wiener
    1007. 

  1007.            [VAN-OORSCHOT].
    1008. 

    1009. 

  1009.            -- http://tools.ietf.org/html/rfc4419#section-6.2 */
    1010. 

  1010.         $q = new Math_BigInteger(1);
    1011. 

  1011.         $q = $q->bitwise_leftShift(2 * $keyLength);
    1012. 

  1012.         $q = $q->subtract(new Math_BigInteger(1));
    1013. 

  1013. 

  1014.         $g = new Math_BigInteger(2);
    1015. 

  1015.         $x = new Math_BigInteger();
    1016. 

  1016.         $x->setRandomGenerator('crypt_random');
    1017. 

  1017.         $x = $x->random(new Math_BigInteger(1), $q);
    1018. 

  1018.         $e = $g->modPow($x, $p);
    1019. 

  1019. 

  1020.         $eBytes = $e->toBytes(true);
    1021. 

  1021.         $data = pack('CNa*', NET_SSH2_MSG_KEXDH_INIT, strlen($eBytes), $eBytes);
    1022. 

  1022. 

  1023.         if (!$this->_send_binary_packet($data)) {
    1024. 

  1024.             user_error('Connection closed by server', E_USER_NOTICE);
    1025. 

  1025.             return false;
    1026. 

  1026.         }
    1027. 

  1027. 

  1028.         $response = $this->_get_binary_packet();
    1029. 

  1029.         if ($response === false) {
    1030. 

  1030.             user_error('Connection closed by server', E_USER_NOTICE);
    1031. 

  1031.             return false;
    1032. 

  1032.         }
    1033. 

  1033.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1034. 

  1034. 

  1035.         if ($type != NET_SSH2_MSG_KEXDH_REPLY) {
    1036. 

  1036.             user_error('Expected SSH_MSG_KEXDH_REPLY', E_USER_NOTICE);
    1037. 

  1037.             return false;
    1038. 

  1038.         }
    1039. 

  1039. 

  1040.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    1041. 

  1041.         $this->server_public_host_key = $server_public_host_key = $this->_string_shift($response, $temp['length']);
    1042. 

  1042. 

  1043.         $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    1044. 

  1044.         $public_key_format = $this->_string_shift($server_public_host_key, $temp['length']);
    1045. 

  1045. 

  1046.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    1047. 

  1047.         $fBytes = $this->_string_shift($response, $temp['length']);
    1048. 

  1048.         $f = new Math_BigInteger($fBytes, -256);
    1049. 

  1049. 

  1050.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    1051. 

  1051.         $this->signature = $this->_string_shift($response, $temp['length']);
    1052. 

  1052. 

  1053.         $temp = unpack('Nlength', $this->_string_shift($this->signature, 4));
    1054. 

  1054.         $this->signature_format = $this->_string_shift($this->signature, $temp['length']);
    1055. 

  1055. 

  1056.         $key = $f->modPow($x, $p);
    1057. 

  1057.         $keyBytes = $key->toBytes(true);
    1058. 

  1058. 

  1059.         $this->exchange_hash = pack('Na*Na*Na*Na*Na*Na*Na*Na*',
    1060. 

  1060.             strlen($this->identifier), $this->identifier, strlen($this->server_identifier), $this->server_identifier,
    1061. 

  1061.             strlen($kexinit_payload_client), $kexinit_payload_client, strlen($kexinit_payload_server),
    1062. 

  1062.             $kexinit_payload_server, strlen($this->server_public_host_key), $this->server_public_host_key, strlen($eBytes),
    1063. 

  1063.             $eBytes, strlen($fBytes), $fBytes, strlen($keyBytes), $keyBytes
    1064. 

  1064.         );
    1065. 

  1065. 

  1066.         $this->exchange_hash = pack('H*', $hash($this->exchange_hash));
    1067. 

  1067. 

  1068.         if ($this->session_id === false) {
    1069. 

  1069.             $this->session_id = $this->exchange_hash;
    1070. 

  1070.         }
    1071. 

  1071. 

  1072.         for ($i = 0; $i < count($server_host_key_algorithms) && !in_array($server_host_key_algorithms[$i], $this->server_host_key_algorithms); $i++);
    1073. 

  1073.         if ($i == count($server_host_key_algorithms)) {
    1074. 

  1074.             user_error('No compatible server host key algorithms found', E_USER_NOTICE);
    1075. 

  1075.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1076. 

  1076.         }
    1077. 

  1077. 

  1078.         if ($public_key_format != $server_host_key_algorithms[$i] || $this->signature_format != $server_host_key_algorithms[$i]) {
    1079. 

  1079.             user_error('Sever Host Key Algorithm Mismatch', E_USER_NOTICE);
    1080. 

  1080.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1081. 

  1081.         }
    1082. 

  1082. 

  1083.         $packet = pack('C',
    1084. 

  1084.             NET_SSH2_MSG_NEWKEYS
    1085. 

  1085.         );
    1086. 

  1086. 

  1087.         if (!$this->_send_binary_packet($packet)) {
    1088. 

  1088.             return false;
    1089. 

  1089.         }
    1090. 

  1090. 

  1091.         $response = $this->_get_binary_packet();
    1092. 

  1092. 

  1093.         if ($response === false) {
    1094. 

  1094.             user_error('Connection closed by server', E_USER_NOTICE);
    1095. 

  1095.             return false;
    1096. 

  1096.         }
    1097. 

  1097. 

  1098.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1099. 

  1099. 

  1100.         if ($type != NET_SSH2_MSG_NEWKEYS) {
    1101. 

  1101.             user_error('Expected SSH_MSG_NEWKEYS', E_USER_NOTICE);
    1102. 

  1102.             return false;
    1103. 

  1103.         }
    1104. 

  1104. 

  1105.         switch ($encrypt) {
    1106. 

  1106.             case '3des-cbc':
    1107. 

  1107.                 $this->encrypt = new Crypt_TripleDES();
    1108. 

  1108.                 // $this->encrypt_block_size = 64 / 8 == the default
    1109. 

  1109.                 break;
    1110. 

  1110.             case '3des-ctr':
    1111. 

  1111.                 $this->encrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR);
    1112. 

  1112.                 // $this->encrypt_block_size = 64 / 8 == the default
    1113. 

  1113.                 break;
    1114. 

  1114.             case 'aes256-cbc':
    1115. 

  1115.             case 'aes192-cbc':
    1116. 

  1116.             case 'aes128-cbc':
    1117. 

  1117.                 $this->encrypt = new Crypt_AES();
    1118. 

  1118.                 $this->encrypt_block_size = 16; // eg. 128 / 8
    1119. 

  1119.                 break;
    1120. 

  1120.             case 'aes256-ctr':
    1121. 

  1121.             case 'aes192-ctr':
    1122. 

  1122.             case 'aes128-ctr':
    1123. 

  1123.                 $this->encrypt = new Crypt_AES(CRYPT_AES_MODE_CTR);
    1124. 

  1124.                 $this->encrypt_block_size = 16; // eg. 128 / 8
    1125. 

  1125.                 break;
    1126. 

  1126.             case 'arcfour':
    1127. 

  1127.             case 'arcfour128':
    1128. 

  1128.             case 'arcfour256':
    1129. 

  1129.                 $this->encrypt = new Crypt_RC4();
    1130. 

  1130.                 break;
    1131. 

  1131.             case 'none';
    1132. 

  1132.                 //$this->encrypt = new Crypt_Null();
    1133. 

  1133.         }
    1134. 

  1134. 

  1135.         switch ($decrypt) {
    1136. 

  1136.             case '3des-cbc':
    1137. 

  1137.                 $this->decrypt = new Crypt_TripleDES();
    1138. 

  1138.                 break;
    1139. 

  1139.             case '3des-ctr':
    1140. 

  1140.                 $this->decrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR);
    1141. 

  1141.                 break;
    1142. 

  1142.             case 'aes256-cbc':
    1143. 

  1143.             case 'aes192-cbc':
    1144. 

  1144.             case 'aes128-cbc':
    1145. 

  1145.                 $this->decrypt = new Crypt_AES();
    1146. 

  1146.                 $this->decrypt_block_size = 16;
    1147. 

  1147.                 break;
    1148. 

  1148.             case 'aes256-ctr':
    1149. 

  1149.             case 'aes192-ctr':
    1150. 

  1150.             case 'aes128-ctr':
    1151. 

  1151.                 $this->decrypt = new Crypt_AES(CRYPT_AES_MODE_CTR);
    1152. 

  1152.                 $this->decrypt_block_size = 16;
    1153. 

  1153.                 break;
    1154. 

  1154.             case 'arcfour':
    1155. 

  1155.             case 'arcfour128':
    1156. 

  1156.             case 'arcfour256':
    1157. 

  1157.                 $this->decrypt = new Crypt_RC4();
    1158. 

  1158.                 break;
    1159. 

  1159.             case 'none';
    1160. 

  1160.                 //$this->decrypt = new Crypt_Null();
    1161. 

  1161.         }
    1162. 

  1162. 

  1163.         $keyBytes = pack('Na*', strlen($keyBytes), $keyBytes);
    1164. 

  1164. 

  1165.         if ($this->encrypt) {
    1166. 

  1166.             $this->encrypt->enableContinuousBuffer();
    1167. 

  1167.             $this->encrypt->disablePadding();
    1168. 

  1168. 

  1169.             $iv = pack('H*', $hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id));
    1170. 

  1170.             while ($this->encrypt_block_size > strlen($iv)) {
    1171. 

  1171.                 $iv.= pack('H*', $hash($keyBytes . $this->exchange_hash . $iv));
    1172. 

  1172.             }
    1173. 

  1173.             $this->encrypt->setIV(substr($iv, 0, $this->encrypt_block_size));
    1174. 

  1174. 

  1175.             $key = pack('H*', $hash($keyBytes . $this->exchange_hash . 'C' . $this->session_id));
    1176. 

  1176.             while ($encryptKeyLength > strlen($key)) {
    1177. 

  1177.                 $key.= pack('H*', $hash($keyBytes . $this->exchange_hash . $key));
    1178. 

  1178.             }
    1179. 

  1179.             $this->encrypt->setKey(substr($key, 0, $encryptKeyLength));
    1180. 

  1180.         }
    1181. 

  1181. 

  1182.         if ($this->decrypt) {
    1183. 

  1183.             $this->decrypt->enableContinuousBuffer();
    1184. 

  1184.             $this->decrypt->disablePadding();
    1185. 

  1185. 

  1186.             $iv = pack('H*', $hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id));
    1187. 

  1187.             while ($this->decrypt_block_size > strlen($iv)) {
    1188. 

  1188.                 $iv.= pack('H*', $hash($keyBytes . $this->exchange_hash . $iv));
    1189. 

  1189.             }
    1190. 

  1190.             $this->decrypt->setIV(substr($iv, 0, $this->decrypt_block_size));
    1191. 

  1191. 

  1192.             $key = pack('H*', $hash($keyBytes . $this->exchange_hash . 'D' . $this->session_id));
    1193. 

  1193.             while ($decryptKeyLength > strlen($key)) {
    1194. 

  1194.                 $key.= pack('H*', $hash($keyBytes . $this->exchange_hash . $key));
    1195. 

  1195.             }
    1196. 

  1196.             $this->decrypt->setKey(substr($key, 0, $decryptKeyLength));
    1197. 

  1197.         }
    1198. 

  1198. 

  1199.         /* The "arcfour128" algorithm is the RC4 cipher, as described in
    1200. 

  1200.            [SCHNEIER], using a 128-bit key.  The first 1536 bytes of keystream
    1201. 

  1201.            generated by the cipher MUST be discarded, and the first byte of the
    1202. 

  1202.            first encrypted packet MUST be encrypted using the 1537th byte of
    1203. 

  1203.            keystream.
    1204. 

    1205. 

  1205.            -- http://tools.ietf.org/html/rfc4345#section-4 */
    1206. 

  1206.         if ($encrypt == 'arcfour128' || $encrypt == 'arcfour256') {
    1207. 

  1207.             $this->encrypt->encrypt(str_repeat("\0", 1536));
    1208. 

  1208.         }
    1209. 

  1209.         if ($decrypt == 'arcfour128' || $decrypt == 'arcfour256') {
    1210. 

  1210.             $this->decrypt->decrypt(str_repeat("\0", 1536));
    1211. 

  1211.         }
    1212. 

  1212. 

  1213.         for ($i = 0; $i < count($mac_algorithms) && !in_array($mac_algorithms[$i], $this->mac_algorithms_client_to_server); $i++);
    1214. 

  1214.         if ($i == count($mac_algorithms)) {
    1215. 

  1215.             user_error('No compatible client to server message authentication algorithms found', E_USER_NOTICE);
    1216. 

  1216.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1217. 

  1217.         }
    1218. 

  1218. 

  1219.         $createKeyLength = 0; // ie. $mac_algorithms[$i] == 'none'
    1220. 

  1220.         switch ($mac_algorithms[$i]) {
    1221. 

  1221.             case 'hmac-sha1':
    1222. 

  1222.                 $this->hmac_create = new Crypt_Hash('sha1');
    1223. 

  1223.                 $createKeyLength = 20;
    1224. 

  1224.                 break;
    1225. 

  1225.             case 'hmac-sha1-96':
    1226. 

  1226.                 $this->hmac_create = new Crypt_Hash('sha1-96');
    1227. 

  1227.                 $createKeyLength = 20;
    1228. 

  1228.                 break;
    1229. 

  1229.             case 'hmac-md5':
    1230. 

  1230.                 $this->hmac_create = new Crypt_Hash('md5');
    1231. 

  1231.                 $createKeyLength = 16;
    1232. 

  1232.                 break;
    1233. 

  1233.             case 'hmac-md5-96':
    1234. 

  1234.                 $this->hmac_create = new Crypt_Hash('md5-96');
    1235. 

  1235.                 $createKeyLength = 16;
    1236. 

  1236.         }
    1237. 

  1237. 

  1238.         for ($i = 0; $i < count($mac_algorithms) && !in_array($mac_algorithms[$i], $this->mac_algorithms_server_to_client); $i++);
    1239. 

  1239.         if ($i == count($mac_algorithms)) {
    1240. 

  1240.             user_error('No compatible server to client message authentication algorithms found', E_USER_NOTICE);
    1241. 

  1241.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1242. 

  1242.         }
    1243. 

  1243. 

  1244.         $checkKeyLength = 0;
    1245. 

  1245.         $this->hmac_size = 0;
    1246. 

  1246.         switch ($mac_algorithms[$i]) {
    1247. 

  1247.             case 'hmac-sha1':
    1248. 

  1248.                 $this->hmac_check = new Crypt_Hash('sha1');
    1249. 

  1249.                 $checkKeyLength = 20;
    1250. 

  1250.                 $this->hmac_size = 20;
    1251. 

  1251.                 break;
    1252. 

  1252.             case 'hmac-sha1-96':
    1253. 

  1253.                 $this->hmac_check = new Crypt_Hash('sha1-96');
    1254. 

  1254.                 $checkKeyLength = 20;
    1255. 

  1255.                 $this->hmac_size = 12;
    1256. 

  1256.                 break;
    1257. 

  1257.             case 'hmac-md5':
    1258. 

  1258.                 $this->hmac_check = new Crypt_Hash('md5');
    1259. 

  1259.                 $checkKeyLength = 16;
    1260. 

  1260.                 $this->hmac_size = 16;
    1261. 

  1261.                 break;
    1262. 

  1262.             case 'hmac-md5-96':
    1263. 

  1263.                 $this->hmac_check = new Crypt_Hash('md5-96');
    1264. 

  1264.                 $checkKeyLength = 16;
    1265. 

  1265.                 $this->hmac_size = 12;
    1266. 

  1266.         }
    1267. 

  1267. 

  1268.         $key = pack('H*', $hash($keyBytes . $this->exchange_hash . 'E' . $this->session_id));
    1269. 

  1269.         while ($createKeyLength > strlen($key)) {
    1270. 

  1270.             $key.= pack('H*', $hash($keyBytes . $this->exchange_hash . $key));
    1271. 

  1271.         }
    1272. 

  1272.         $this->hmac_create->setKey(substr($key, 0, $createKeyLength));
    1273. 

  1273. 

  1274.         $key = pack('H*', $hash($keyBytes . $this->exchange_hash . 'F' . $this->session_id));
    1275. 

  1275.         while ($checkKeyLength > strlen($key)) {
    1276. 

  1276.             $key.= pack('H*', $hash($keyBytes . $this->exchange_hash . $key));
    1277. 

  1277.         }
    1278. 

  1278.         $this->hmac_check->setKey(substr($key, 0, $checkKeyLength));
    1279. 

  1279. 

  1280.         for ($i = 0; $i < count($compression_algorithms) && !in_array($compression_algorithms[$i], $this->compression_algorithms_server_to_client); $i++);
    1281. 

  1281.         if ($i == count($compression_algorithms)) {
    1282. 

  1282.             user_error('No compatible server to client compression algorithms found', E_USER_NOTICE);
    1283. 

  1283.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1284. 

  1284.         }
    1285. 

  1285.         $this->decompress = $compression_algorithms[$i] == 'zlib';
    1286. 

  1286. 

  1287.         for ($i = 0; $i < count($compression_algorithms) && !in_array($compression_algorithms[$i], $this->compression_algorithms_client_to_server); $i++);
    1288. 

  1288.         if ($i == count($compression_algorithms)) {
    1289. 

  1289.             user_error('No compatible client to server compression algorithms found', E_USER_NOTICE);
    1290. 

  1290.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1291. 

  1291.         }
    1292. 

  1292.         $this->compress = $compression_algorithms[$i] == 'zlib';
    1293. 

  1293. 

  1294.         return true;
    1295. 

  1295.     }
    1296. 

  1296. 

  1297.     /**
    1298. 

  1298.      * Login
    1299. 

  1299.      *
    1300. 

  1300.      * The $password parameter can be a plaintext password or a Crypt_RSA object.
    1301. 

  1301.      *
    1302. 

  1302.      * @param String $username
    1303. 

  1303.      * @param optional String $password
    1304. 

  1304.      * @return Boolean
    1305. 

  1305.      * @access public
    1306. 

  1306.      * @internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
    1307. 

  1307.      *           by sending dummy SSH_MSG_IGNORE messages.
    1308. 

  1308.      */
    1309. 

  1309.     function login($username, $password = '')
    1310. 

  1310.     {
    1311. 

  1311.         if (!($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR)) {
    1312. 

  1312.             return false;
    1313. 

  1313.         }
    1314. 

  1314. 

  1315.         $packet = pack('CNa*',
    1316. 

  1316.             NET_SSH2_MSG_SERVICE_REQUEST, strlen('ssh-userauth'), 'ssh-userauth'
    1317. 

  1317.         );
    1318. 

  1318. 

  1319.         if (!$this->_send_binary_packet($packet)) {
    1320. 

  1320.             return false;
    1321. 

  1321.         }
    1322. 

  1322. 

  1323.         $response = $this->_get_binary_packet();
    1324. 

  1324.         if ($response === false) {
    1325. 

  1325.             user_error('Connection closed by server', E_USER_NOTICE);
    1326. 

  1326.             return false;
    1327. 

  1327.         }
    1328. 

  1328. 

  1329.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1330. 

  1330. 

  1331.         if ($type != NET_SSH2_MSG_SERVICE_ACCEPT) {
    1332. 

  1332.             user_error('Expected SSH_MSG_SERVICE_ACCEPT', E_USER_NOTICE);
    1333. 

  1333.             return false;
    1334. 

  1334.         }
    1335. 

  1335. 

  1336.         // although PHP5's get_class() preserves the case, PHP4's does not
    1337. 

  1337.         if (is_object($password) && strtolower(get_class($password)) == 'crypt_rsa') {
    1338. 

  1338.             return $this->_privatekey_login($username, $password);
    1339. 

  1339.         }
    1340. 

  1340. 

  1341.         $packet = pack('CNa*Na*Na*CNa*',
    1342. 

  1342.             NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
    1343. 

  1343.             strlen('password'), 'password', 0, strlen($password), $password
    1344. 

  1344.         );
    1345. 

  1345. 

  1346.         if (!$this->_send_binary_packet($packet)) {
    1347. 

  1347.             return false;
    1348. 

  1348.         }
    1349. 

  1349. 

  1350.         // remove the username and password from the last logged packet
    1351. 

  1351.         if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    1352. 

  1352.             $packet = pack('CNa*Na*Na*CNa*',
    1353. 

  1353.                 NET_SSH2_MSG_USERAUTH_REQUEST, strlen('username'), 'username', strlen('ssh-connection'), 'ssh-connection',
    1354. 

  1354.                 strlen('password'), 'password', 0, strlen('password'), 'password'
    1355. 

  1355.             );
    1356. 

  1356.             $this->message_log[count($this->message_log) - 1] = $packet;
    1357. 

  1357.         }
    1358. 

  1358. 

  1359.         $response = $this->_get_binary_packet();
    1360. 

  1360.         if ($response === false) {
    1361. 

  1361.             user_error('Connection closed by server', E_USER_NOTICE);
    1362. 

  1362.             return false;
    1363. 

  1363.         }
    1364. 

  1364. 

  1365.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1366. 

  1366. 

  1367.         switch ($type) {
    1368. 

  1368.             case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
    1369. 

  1369.                 if (defined('NET_SSH2_LOGGING')) {
    1370. 

  1370.                     $this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ';
    1371. 

  1371.                 }
    1372. 

  1372.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1373. 

  1373.                 $this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . utf8_decode($this->_string_shift($response, $length));
    1374. 

  1374.                 return $this->_disconnect(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
    1375. 

  1375.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1376. 

  1376.                 // can we use keyboard-interactive authentication?  if not then either the login is bad or the server employees
    1377. 

  1377.                 // multi-factor authentication
    1378. 

  1378.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1379. 

  1379.                 $auth_methods = explode(',', $this->_string_shift($response, $length));
    1380. 

  1380.                 if (in_array('keyboard-interactive', $auth_methods)) {
    1381. 

  1381.                     if ($this->_keyboard_interactive_login($username, $password)) {
    1382. 

  1382.                         $this->bitmap |= NET_SSH2_MASK_LOGIN;
    1383. 

  1383.                         return true;
    1384. 

  1384.                     }
    1385. 

  1385.                     return false;
    1386. 

  1386.                 }
    1387. 

  1387.                 return false;
    1388. 

  1388.             case NET_SSH2_MSG_USERAUTH_SUCCESS:
    1389. 

  1389.                 $this->bitmap |= NET_SSH2_MASK_LOGIN;
    1390. 

  1390.                 return true;
    1391. 

  1391.         }
    1392. 

  1392. 

  1393.         return false;
    1394. 

  1394.     }
    1395. 

  1395. 

  1396.     /**
    1397. 

  1397.      * Login via keyboard-interactive authentication
    1398. 

  1398.      *
    1399. 

  1399.      * See {@link http://tools.ietf.org/html/rfc4256 RFC4256} for details.  This is not a full-featured keyboard-interactive authenticator.
    1400. 

  1400.      *
    1401. 

  1401.      * @param String $username
    1402. 

  1402.      * @param String $password
    1403. 

  1403.      * @return Boolean
    1404. 

  1404.      * @access private
    1405. 

  1405.      */
    1406. 

  1406.     function _keyboard_interactive_login($username, $password)
    1407. 

  1407.     {
    1408. 

  1408.         $packet = pack('CNa*Na*Na*Na*Na*', 
    1409. 

  1409.             NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
    1410. 

  1410.             strlen('keyboard-interactive'), 'keyboard-interactive', 0, '', 0, ''
    1411. 

  1411.         );
    1412. 

  1412. 

  1413.         if (!$this->_send_binary_packet($packet)) {
    1414. 

  1414.             return false;
    1415. 

  1415.         }
    1416. 

  1416. 

  1417.         return $this->_keyboard_interactive_process($password);
    1418. 

  1418.     }
    1419. 

  1419. 

  1420.     /**
    1421. 

  1421.      * Handle the keyboard-interactive requests / responses.
    1422. 

  1422.      *
    1423. 

  1423.      * @param String $responses...
    1424. 

  1424.      * @return Boolean
    1425. 

  1425.      * @access private
    1426. 

  1426.      */
    1427. 

  1427.     function _keyboard_interactive_process()
    1428. 

  1428.     {
    1429. 

  1429.         $responses = func_get_args();
    1430. 

  1430. 

  1431.         $response = $this->_get_binary_packet();
    1432. 

  1432.         if ($response === false) {
    1433. 

  1433.             user_error('Connection closed by server', E_USER_NOTICE);
    1434. 

  1434.             return false;
    1435. 

  1435.         }
    1436. 

  1436. 

  1437.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1438. 

  1438. 

  1439.         switch ($type) {
    1440. 

  1440.             case NET_SSH2_MSG_USERAUTH_INFO_REQUEST:
    1441. 

  1441.                 // see http://tools.ietf.org/html/rfc4256#section-3.2
    1442. 

  1442.                 if (defined('NET_SSH2_LOGGING')) {
    1443. 

  1443.                     $this->message_number_log[count($this->message_number_log) - 1] = str_replace(
    1444. 

  1444.                         'UNKNOWN',
    1445. 

  1445.                         'NET_SSH2_MSG_USERAUTH_INFO_REQUEST',
    1446. 

  1446.                         $this->message_number_log[count($this->message_number_log) - 1]
    1447. 

  1447.                     );
    1448. 

  1448.                 }
    1449. 

  1449. 

  1450.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1451. 

  1451.                 $this->_string_shift($response, $length); // name; may be empty
    1452. 

  1452.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1453. 

  1453.                 $this->_string_shift($response, $length); // instruction; may be empty
    1454. 

  1454.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1455. 

  1455.                 $this->_string_shift($response, $length); // language tag; may be empty
    1456. 

  1456.                 extract(unpack('Nnum_prompts', $this->_string_shift($response, 4)));
    1457. 

  1457.                 /*
    1458. 

  1458.                 for ($i = 0; $i < $num_prompts; $i++) {
    1459. 

  1459.                     extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1460. 

  1460.                     // prompt - ie. "Password: "; must not be empty
    1461. 

  1461.                     $this->_string_shift($response, $length);
    1462. 

  1462.                     $echo = $this->_string_shift($response) != chr(0);
    1463. 

  1463.                 }
    1464. 

  1464.                 */
    1465. 

  1465. 

  1466.                 /*
    1467. 

  1467.                    After obtaining the requested information from the user, the client
    1468. 

  1468.                    MUST respond with an SSH_MSG_USERAUTH_INFO_RESPONSE message.
    1469. 

  1469.                 */
    1470. 

  1470.                 // see http://tools.ietf.org/html/rfc4256#section-3.4
    1471. 

  1471.                 $packet = $logged = pack('CN', NET_SSH2_MSG_USERAUTH_INFO_RESPONSE, count($responses));
    1472. 

  1472.                 for ($i = 0; $i < count($responses); $i++) {
    1473. 

  1473.                     $packet.= pack('Na*', strlen($responses[$i]), $responses[$i]);
    1474. 

  1474.                     $logged.= pack('Na*', strlen('dummy-answer'), 'dummy-answer');
    1475. 

  1475.                 }
    1476. 

  1476. 

  1477.                 if (!$this->_send_binary_packet($packet)) {
    1478. 

  1478.                     return false;
    1479. 

  1479.                 }
    1480. 

  1480. 

  1481.                 if (defined('NET_SSH2_LOGGING')) {
    1482. 

  1482.                     $this->message_number_log[count($this->message_number_log) - 1] = str_replace(
    1483. 

  1483.                         'UNKNOWN',
    1484. 

  1484.                         'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE',
    1485. 

  1485.                         $this->message_number_log[count($this->message_number_log) - 1]
    1486. 

  1486.                     );
    1487. 

  1487.                     $this->message_log[count($this->message_log) - 1] = $logged;
    1488. 

  1488.                 }
    1489. 

  1489. 

  1490.                 /*
    1491. 

  1491.                    After receiving the response, the server MUST send either an
    1492. 

  1492.                    SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another
    1493. 

  1493.                    SSH_MSG_USERAUTH_INFO_REQUEST message.
    1494. 

  1494.                 */
    1495. 

  1495.                 // maybe phpseclib should force close the connection after x request / responses?  unless something like that is done
    1496. 

  1496.                 // there could be an infinite loop of request / responses.
    1497. 

  1497.                 return $this->_keyboard_interactive_process();
    1498. 

  1498.             case NET_SSH2_MSG_USERAUTH_SUCCESS:
    1499. 

  1499.                 return true;
    1500. 

  1500.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1501. 

  1501.                 return false;
    1502. 

  1502.         }
    1503. 

  1503. 

  1504.         return false;
    1505. 

  1505.     }
    1506. 

  1506. 

  1507.     /**
    1508. 

  1508.      * Login with an RSA private key
    1509. 

  1509.      *
    1510. 

  1510.      * @param String $username
    1511. 

  1511.      * @param Crypt_RSA $password
    1512. 

  1512.      * @return Boolean
    1513. 

  1513.      * @access private
    1514. 

  1514.      * @internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
    1515. 

  1515.      *           by sending dummy SSH_MSG_IGNORE messages.
    1516. 

  1516.      */
    1517. 

  1517.     function _privatekey_login($username, $privatekey)
    1518. 

  1518.     {
    1519. 

  1519.         // see http://tools.ietf.org/html/rfc4253#page-15
    1520. 

  1520.         $publickey = $privatekey->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_RAW);
    1521. 

  1521.         if ($publickey === false) {
    1522. 

  1522.             return false;
    1523. 

  1523.         }
    1524. 

  1524. 

  1525.         $publickey = array(
    1526. 

  1526.             'e' => $publickey['e']->toBytes(true),
    1527. 

  1527.             'n' => $publickey['n']->toBytes(true)
    1528. 

  1528.         );
    1529. 

  1529.         $publickey = pack('Na*Na*Na*',
    1530. 

  1530.             strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey['e']), $publickey['e'], strlen($publickey['n']), $publickey['n']
    1531. 

  1531.         );
    1532. 

  1532. 

  1533.         $part1 = pack('CNa*Na*Na*',
    1534. 

  1534.             NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
    1535. 

  1535.             strlen('publickey'), 'publickey'
    1536. 

  1536.         );
    1537. 

  1537.         $part2 = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey), $publickey);
    1538. 

  1538. 

  1539.         $packet = $part1 . chr(0) . $part2;
    1540. 

  1540.         if (!$this->_send_binary_packet($packet)) {
    1541. 

  1541.             return false;
    1542. 

  1542.         }
    1543. 

  1543. 

  1544.         $response = $this->_get_binary_packet();
    1545. 

  1545.         if ($response === false) {
    1546. 

  1546.             user_error('Connection closed by server', E_USER_NOTICE);
    1547. 

  1547.             return false;
    1548. 

  1548.         }
    1549. 

  1549. 

  1550.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1551. 

  1551. 

  1552.         switch ($type) {
    1553. 

  1553.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1554. 

  1554.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1555. 

  1555.                 $this->errors[] = 'SSH_MSG_USERAUTH_FAILURE: ' . $this->_string_shift($response, $length);
    1556. 

  1556.                 return $this->_disconnect(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
    1557. 

  1557.             case NET_SSH2_MSG_USERAUTH_PK_OK:
    1558. 

  1558.                 // we'll just take it on faith that the public key blob and the public key algorithm name are as
    1559. 

  1559.                 // they should be
    1560. 

  1560.                 if (defined('NET_SSH2_LOGGING')) {
    1561. 

  1561.                     $this->message_number_log[count($this->message_number_log) - 1] = str_replace(
    1562. 

  1562.                         'UNKNOWN',
    1563. 

  1563.                         'NET_SSH2_MSG_USERAUTH_PK_OK',
    1564. 

  1564.                         $this->message_number_log[count($this->message_number_log) - 1]
    1565. 

  1565.                     );
    1566. 

  1566.                 }
    1567. 

  1567.         }
    1568. 

  1568. 

  1569.         $packet = $part1 . chr(1) . $part2;
    1570. 

  1570.         $privatekey->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
    1571. 

  1571.         $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet));
    1572. 

  1572.         $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
    1573. 

  1573.         $packet.= pack('Na*', strlen($signature), $signature);
    1574. 

  1574. 

  1575.         if (!$this->_send_binary_packet($packet)) {
    1576. 

  1576.             return false;
    1577. 

  1577.         }
    1578. 

  1578. 

  1579.         $response = $this->_get_binary_packet();
    1580. 

  1580.         if ($response === false) {
    1581. 

  1581.             user_error('Connection closed by server', E_USER_NOTICE);
    1582. 

  1582.             return false;
    1583. 

  1583.         }
    1584. 

  1584. 

  1585.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1586. 

  1586. 

  1587.         switch ($type) {
    1588. 

  1588.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1589. 

  1589.                 // either the login is bad or the server employees multi-factor authentication
    1590. 

  1590.                 return false;
    1591. 

  1591.             case NET_SSH2_MSG_USERAUTH_SUCCESS:
    1592. 

  1592.                 $this->bitmap |= NET_SSH2_MASK_LOGIN;
    1593. 

  1593.                 return true;
    1594. 

  1594.         }
    1595. 

  1595. 

  1596.         return false;
    1597. 

  1597.     }
    1598. 

  1598. 

  1599.     /**
    1600. 

  1600.      * Execute Command
    1601. 

  1601.      *
    1602. 

  1602.      * If $block is set to false then Net_SSH2::_get_channel_packet(NET_SSH2_CHANNEL_EXEC) will need to be called manually.
    1603. 

  1603.      * In all likelihood, this is not a feature you want to be taking advantage of.
    1604. 

  1604.      *
    1605. 

  1605.      * @param String $command
    1606. 

  1606.      * @param optional Boolean $block
    1607. 

  1607.      * @return String
    1608. 

  1608.      * @access public
    1609. 

  1609.      */
    1610. 

  1610.     function exec($command, $block = true)
    1611. 

  1611.     {
    1612. 

  1612.         if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1613. 

  1613.             return false;
    1614. 

  1614.         }
    1615. 

  1615. 

  1616.         // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to
    1617. 

  1617.         // be adjusted".  0x7FFFFFFF is, at 4GB, the max size.  technically, it should probably be decremented, but, 
    1618. 

  1618.         // honestly, if you're transfering more than 4GB, you probably shouldn't be using phpseclib, anyway.
    1619. 

  1619.         // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info
    1620. 

  1620.         $this->window_size_client_to_server[NET_SSH2_CHANNEL_EXEC] = 0x7FFFFFFF;
    1621. 

  1621.         // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy
    1622. 

  1622.         // uses 0x4000, that's what will be used here, as well.
    1623. 

  1623.         $packet_size = 0x4000;
    1624. 

  1624. 

  1625.         $packet = pack('CNa*N3',
    1626. 

  1626.             NET_SSH2_MSG_CHANNEL_OPEN, strlen('session'), 'session', NET_SSH2_CHANNEL_EXEC, $this->window_size_client_to_server[NET_SSH2_CHANNEL_EXEC], $packet_size);
    1627. 

  1627. 

  1628.         if (!$this->_send_binary_packet($packet)) {
    1629. 

  1629.             return false;
    1630. 

  1630.         }
    1631. 

  1631. 

  1632.         $this->channel_status[NET_SSH2_CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_OPEN;
    1633. 

  1633. 

  1634.         $response = $this->_get_channel_packet(NET_SSH2_CHANNEL_EXEC);
    1635. 

  1635.         if ($response === false) {
    1636. 

  1636.             return false;
    1637. 

  1637.         }
    1638. 

  1638. 

  1639.         // sending a pty-req SSH_MSG_CHANNEL_REQUEST message is unnecessary and, in fact, in most cases, slows things
    1640. 

  1640.         // down.  the one place where it might be desirable is if you're doing something like Net_SSH2::exec('ping localhost &').
    1641. 

  1641.         // with a pty-req SSH_MSG_CHANNEL_REQUEST, exec() will return immediately and the ping process will then
    1642. 

  1642.         // then immediately terminate.  without such a request exec() will loop indefinitely.  the ping process won't end but
    1643. 

  1643.         // neither will your script.
    1644. 

  1644. 

  1645.         // although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by
    1646. 

  1646.         // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the 
    1647. 

  1647.         // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA.  RFC4254#section-5.2 corroborates.
    1648. 

  1648.         $packet = pack('CNNa*CNa*',
    1649. 

  1649.             NET_SSH2_MSG_CHANNEL_REQUEST, $this->server_channels[NET_SSH2_CHANNEL_EXEC], strlen('exec'), 'exec', 1, strlen($command), $command);
    1650. 

  1650.         if (!$this->_send_binary_packet($packet)) {
    1651. 

  1651.             return false;
    1652. 

  1652.         }
    1653. 

  1653. 

  1654.         $this->channel_status[NET_SSH2_CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST;
    1655. 

  1655. 

  1656.         $response = $this->_get_channel_packet(NET_SSH2_CHANNEL_EXEC);
    1657. 

  1657.         if ($response === false) {
    1658. 

  1658.             return false;
    1659. 

  1659.         }
    1660. 

  1660. 

  1661.         $this->channel_status[NET_SSH2_CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_DATA;
    1662. 

  1662. 

  1663.         if (!$block) {
    1664. 

  1664.             return true;
    1665. 

  1665.         }
    1666. 

  1666. 

  1667.         $output = '';
    1668. 

  1668.         while (true) {
    1669. 

  1669.             $temp = $this->_get_channel_packet(NET_SSH2_CHANNEL_EXEC);
    1670. 

  1670.             switch (true) {
    1671. 

  1671.                 case $temp === true:
    1672. 

  1672.                     return $output;
    1673. 

  1673.                 case $temp === false:
    1674. 

  1674.                     return false;
    1675. 

  1675.                 default:
    1676. 

  1676.                     $output.= $temp;
    1677. 

  1677.             }
    1678. 

  1678.         }
    1679. 

  1679.     }
    1680. 

  1680. 

  1681.     /**
    1682. 

  1682.      * Creates an interactive shell
    1683. 

  1683.      *
    1684. 

  1684.      * @see Net_SSH2::read()
    1685. 

  1685.      * @see Net_SSH2::write()
    1686. 

  1686.      * @return Boolean
    1687. 

  1687.      * @access private
    1688. 

  1688.      */
    1689. 

  1689.     function _initShell()
    1690. 

  1690.     {
    1691. 

  1691.         $this->window_size_client_to_server[NET_SSH2_CHANNEL_SHELL] = 0x7FFFFFFF;
    1692. 

  1692.         $packet_size = 0x4000;
    1693. 

  1693. 

  1694.         $packet = pack('CNa*N3',
    1695. 

  1695.             NET_SSH2_MSG_CHANNEL_OPEN, strlen('session'), 'session', NET_SSH2_CHANNEL_SHELL, $this->window_size_client_to_server[NET_SSH2_CHANNEL_SHELL], $packet_size);
    1696. 

  1696. 

  1697.         if (!$this->_send_binary_packet($packet)) {
    1698. 

  1698.             return false;
    1699. 

  1699.         }
    1700. 

  1700. 

  1701.         $this->channel_status[NET_SSH2_CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_OPEN;
    1702. 

  1702. 

  1703.         $response = $this->_get_channel_packet(NET_SSH2_CHANNEL_SHELL);
    1704. 

  1704.         if ($response === false) {
    1705. 

  1705.             return false;
    1706. 

  1706.         }
    1707. 

  1707. 

  1708.         $terminal_modes = pack('C', NET_SSH2_TTY_OP_END);
    1709. 

  1709.         $packet = pack('CNNa*CNa*N5a*',
    1710. 

  1710.             NET_SSH2_MSG_CHANNEL_REQUEST, $this->server_channels[NET_SSH2_CHANNEL_SHELL], strlen('pty-req'), 'pty-req', 1, strlen('vt100'), 'vt100',
    1711. 

  1711.             80, 24, 0, 0, strlen($terminal_modes), $terminal_modes);
    1712. 

  1712. 

  1713.         if (!$this->_send_binary_packet($packet)) {
    1714. 

  1714.             return false;
    1715. 

  1715.         }
    1716. 

  1716. 

  1717. 

  1718.         $response = $this->_get_binary_packet();
    1719. 

  1719.         if ($response === false) {
    1720. 

  1720.             user_error('Connection closed by server', E_USER_NOTICE);
    1721. 

  1721.             return false;
    1722. 

  1722.         }
    1723. 

  1723. 

  1724.         list(, $type) = unpack('C', $this->_string_shift($response, 1));
    1725. 

  1725. 

  1726.         switch ($type) {
    1727. 

  1727.             case NET_SSH2_MSG_CHANNEL_SUCCESS:
    1728. 

  1728.                 break;
    1729. 

  1729.             case NET_SSH2_MSG_CHANNEL_FAILURE:
    1730. 

  1730.             default:
    1731. 

  1731.                 user_error('Unable to request pseudo-terminal', E_USER_NOTICE);
    1732. 

  1732.                 return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1733. 

  1733.         }
    1734. 

  1734. 

  1735.         $packet = pack('CNNa*C',
    1736. 

  1736.             NET_SSH2_MSG_CHANNEL_REQUEST, $this->server_channels[NET_SSH2_CHANNEL_SHELL], strlen('shell'), 'shell', 1);
    1737. 

  1737.         if (!$this->_send_binary_packet($packet)) {
    1738. 

  1738.             return false;
    1739. 

  1739.         }
    1740. 

  1740. 

  1741.         $this->channel_status[NET_SSH2_CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_REQUEST;
    1742. 

  1742. 

  1743.         $response = $this->_get_channel_packet(NET_SSH2_CHANNEL_SHELL);
    1744. 

  1744.         if ($response === false) {
    1745. 

  1745.             return false;
    1746. 

  1746.         }
    1747. 

  1747. 

  1748.         $this->channel_status[NET_SSH2_CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_DATA;
    1749. 

  1749. 

  1750.         $this->bitmap |= NET_SSH2_MASK_SHELL;
    1751. 

  1751. 

  1752.         return true;
    1753. 

  1753.     }
    1754. 

  1754. 

  1755.     /**
    1756. 

  1756.      * Returns the output of an interactive shell
    1757. 

  1757.      *
    1758. 

  1758.      * Returns when there's a match for $expect, which can take the form of a string literal or,
    1759. 

  1759.      * if $mode == NET_SSH2_READ_REGEX, a regular expression.
    1760. 

  1760.      *
    1761. 

  1761.      * @see Net_SSH2::read()
    1762. 

  1762.      * @param String $expect
    1763. 

  1763.      * @param Integer $mode
    1764. 

  1764.      * @return String
    1765. 

  1765.      * @access public
    1766. 

  1766.      */
    1767. 

  1767.     function read($expect, $mode = NET_SSH2_READ_SIMPLE)
    1768. 

  1768.     {
    1769. 

  1769.         if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1770. 

  1770.             user_error('Operation disallowed prior to login()', E_USER_NOTICE);
    1771. 

  1771.             return false;
    1772. 

  1772.         }
    1773. 

  1773. 

  1774.         if (!($this->bitmap & NET_SSH2_MASK_SHELL) && !$this->_initShell()) {
    1775. 

  1775.             user_error('Unable to initiate an interactive shell session', E_USER_NOTICE);
    1776. 

  1776.             return false;
    1777. 

  1777.         }
    1778. 

  1778. 

  1779.         $match = $expect;
    1780. 

  1780.         while (true) {
    1781. 

  1781.             if ($mode == NET_SSH2_READ_REGEX) {
    1782. 

  1782.                 preg_match($expect, $this->interactiveBuffer, $matches);
    1783. 

  1783.                 $match = $matches[0];
    1784. 

  1784.             }
    1785. 

  1785.             $pos = strpos($this->interactiveBuffer, $match);
    1786. 

  1786.             if ($pos !== false) {
    1787. 

  1787.                 return $this->_string_shift($this->interactiveBuffer, $pos + strlen($match));
    1788. 

  1788.             }
    1789. 

  1789.             $response = $this->_get_channel_packet(NET_SSH2_CHANNEL_SHELL);
    1790. 

  1790. 

  1791.             $this->interactiveBuffer.= $response;
    1792. 

  1792.         }
    1793. 

  1793.     }
    1794. 

  1794. 

  1795.     /**
    1796. 

  1796.      * Inputs a command into an interactive shell.
    1797. 

  1797.      *
    1798. 

  1798.      * @see Net_SSH1::interactiveWrite()
    1799. 

  1799.      * @param String $cmd
    1800. 

  1800.      * @return Boolean
    1801. 

  1801.      * @access public
    1802. 

  1802.      */
    1803. 

  1803.     function write($cmd)
    1804. 

  1804.     {
    1805. 

  1805.         if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1806. 

  1806.             user_error('Operation disallowed prior to login()', E_USER_NOTICE);
    1807. 

  1807.             return false;
    1808. 

  1808.         }
    1809. 

  1809. 

  1810.         if (!($this->bitmap & NET_SSH2_MASK_SHELL) && !$this->_initShell()) {
    1811. 

  1811.             user_error('Unable to initiate an interactive shell session', E_USER_NOTICE);
    1812. 

  1812.             return false;
    1813. 

  1813.         }
    1814. 

  1814. 

  1815.         return $this->_send_channel_packet(NET_SSH2_CHANNEL_SHELL, $cmd);
    1816. 

  1816.     }
    1817. 

  1817. 

  1818.     /**
    1819. 

  1819.      * Disconnect
    1820. 

  1820.      *
    1821. 

  1821.      * @access public
    1822. 

  1822.      */
    1823. 

  1823.     function disconnect()
    1824. 

  1824.     {
    1825. 

  1825.         $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1826. 

  1826.     }
    1827. 

  1827. 

  1828.     /**
    1829. 

  1829.      * Destructor.
    1830. 

  1830.      *
    1831. 

  1831.      * Will be called, automatically, if you're supporting just PHP5.  If you're supporting PHP4, you'll need to call
    1832. 

  1832.      * disconnect().
    1833. 

  1833.      *
    1834. 

  1834.      * @access public
    1835. 

  1835.      */
    1836. 

  1836.     function __destruct()
    1837. 

  1837.     {
    1838. 

  1838.         $this->disconnect();
    1839. 

  1839.     }
    1840. 

  1840. 

  1841.     /**
    1842. 

  1842.      * Gets Binary Packets
    1843. 

  1843.      *
    1844. 

  1844.      * See '6. Binary Packet Protocol' of rfc4253 for more info.
    1845. 

  1845.      *
    1846. 

  1846.      * @see Net_SSH2::_send_binary_packet()
    1847. 

  1847.      * @return String
    1848. 

  1848.      * @access private
    1849. 

  1849.      */
    1850. 

  1850.     function _get_binary_packet()
    1851. 

  1851.     {
    1852. 

  1852.         if (feof($this->fsock)) {
    1853. 

  1853.             user_error('Connection closed prematurely', E_USER_NOTICE);
    1854. 

  1854.             return false;
    1855. 

  1855.         }
    1856. 

  1856. 

  1857.         $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
    1858. 

  1858.         $raw = fread($this->fsock, $this->decrypt_block_size);
    1859. 

  1859.         $stop = strtok(microtime(), ' ') + strtok('');
    1860. 

  1860. 

  1861.         if (empty($raw)) {
    1862. 

  1862.             return '';
    1863. 

  1863.         }
    1864. 

  1864. 

  1865.         if ($this->decrypt !== false) {
    1866. 

  1866.             $raw = $this->decrypt->decrypt($raw);
    1867. 

  1867.         }
    1868. 

  1868. 

  1869.         extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
    1870. 

  1870. 

  1871.         $remaining_length = $packet_length + 4 - $this->decrypt_block_size;
    1872. 

  1872.         $buffer = '';
    1873. 

  1873.         while ($remaining_length > 0) {
    1874. 

  1874.             $temp = fread($this->fsock, $remaining_length);
    1875. 

  1875.             $buffer.= $temp;
    1876. 

  1876.             $remaining_length-= strlen($temp);
    1877. 

  1877.         }
    1878. 

  1878.         if (!empty($buffer)) {
    1879. 

  1879.             $raw.= $this->decrypt !== false ? $this->decrypt->decrypt($buffer) : $buffer;
    1880. 

  1880.             $buffer = $temp = '';
    1881. 

  1881.         }
    1882. 

  1882. 

  1883.         $payload = $this->_string_shift($raw, $packet_length - $padding_length - 1);
    1884. 

  1884.         $padding = $this->_string_shift($raw, $padding_length); // should leave $raw empty
    1885. 

  1885. 

  1886.         if ($this->hmac_check !== false) {
    1887. 

  1887.             $hmac = fread($this->fsock, $this->hmac_size);
    1888. 

  1888.             if ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) {
    1889. 

  1889.                 user_error('Invalid HMAC', E_USER_NOTICE);
    1890. 

  1890.                 return false;
    1891. 

  1891.             }
    1892. 

  1892.         }
    1893. 

  1893. 

  1894.         //if ($this->decompress) {
    1895. 

  1895.         //    $payload = gzinflate(substr($payload, 2));
    1896. 

  1896.         //}
    1897. 

  1897. 

  1898.         $this->get_seq_no++;
    1899. 

  1899. 

  1900.         if (defined('NET_SSH2_LOGGING')) {
    1901. 

  1901.             $temp = isset($this->message_numbers[ord($payload[0])]) ? $this->message_numbers[ord($payload[0])] : 'UNKNOWN (' . ord($payload[0]) . ')';
    1902. 

  1902.             $this->message_number_log[] = '<- ' . $temp .
    1903. 

  1903.                                           ' (' . round($stop - $start, 4) . 's)';
    1904. 

  1904.             if (NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    1905. 

  1905.                 $this->message_log[] = substr($payload, 1);
    1906. 

  1906.             }
    1907. 

  1907.         }
    1908. 

  1908. 

  1909.         return $this->_filter($payload);
    1910. 

  1910.     }
    1911. 

  1911. 

  1912.     /**
    1913. 

  1913.      * Filter Binary Packets
    1914. 

  1914.      *
    1915. 

  1915.      * Because some binary packets need to be ignored...
    1916. 

  1916.      *
    1917. 

  1917.      * @see Net_SSH2::_get_binary_packet()
    1918. 

  1918.      * @return String
    1919. 

  1919.      * @access private
    1920. 

  1920.      */
    1921. 

  1921.     function _filter($payload)
    1922. 

  1922.     {
    1923. 

  1923.         switch (ord($payload[0])) {
    1924. 

  1924.             case NET_SSH2_MSG_DISCONNECT:
    1925. 

  1925.                 $this->_string_shift($payload, 1);
    1926. 

  1926.                 extract(unpack('Nreason_code/Nlength', $this->_string_shift($payload, 8)));
    1927. 

  1927.                 $this->errors[] = 'SSH_MSG_DISCONNECT: ' . $this->disconnect_reasons[$reason_code] . "\r\n" . utf8_decode($this->_string_shift($payload, $length));
    1928. 

  1928.                 $this->bitmask = 0;
    1929. 

  1929.                 return false;
    1930. 

  1930.             case NET_SSH2_MSG_IGNORE:
    1931. 

  1931.                 $payload = $this->_get_binary_packet();
    1932. 

  1932.                 break;
    1933. 

  1933.             case NET_SSH2_MSG_DEBUG:
    1934. 

  1934.                 $this->_string_shift($payload, 2);
    1935. 

  1935.                 extract(unpack('Nlength', $this->_string_shift($payload, 4)));
    1936. 

  1936.                 $this->errors[] = 'SSH_MSG_DEBUG: ' . utf8_decode($this->_string_shift($payload, $length));
    1937. 

  1937.                 $payload = $this->_get_binary_packet();
    1938. 

  1938.                 break;
    1939. 

  1939.             case NET_SSH2_MSG_UNIMPLEMENTED:
    1940. 

  1940.                 return false;
    1941. 

  1941.             case NET_SSH2_MSG_KEXINIT:
    1942. 

  1942.                 if ($this->session_id !== false) {
    1943. 

  1943.                     if (!$this->_key_exchange($payload)) {
    1944. 

  1944.                         $this->bitmask = 0;
    1945. 

  1945.                         return false;
    1946. 

  1946.                     }
    1947. 

  1947.                     $payload = $this->_get_binary_packet();
    1948. 

  1948.                 }
    1949. 

  1949.         }
    1950. 

  1950. 

  1951.         // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
    1952. 

  1952.         if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
    1953. 

  1953.             $this->_string_shift($payload, 1);
    1954. 

  1954.             extract(unpack('Nlength', $this->_string_shift($payload, 4)));
    1955. 

  1955.             $this->errors[] = 'SSH_MSG_USERAUTH_BANNER: ' . utf8_decode($this->_string_shift($payload, $length));
    1956. 

  1956.             $payload = $this->_get_binary_packet();
    1957. 

  1957.         }
    1958. 

  1958. 

  1959.         // only called when we've already logged in
    1960. 

  1960.         if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && ($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1961. 

  1961.             switch (ord($payload[0])) {
    1962. 

  1962.                 case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
    1963. 

  1963.                     $this->_string_shift($payload, 1);
    1964. 

  1964.                     extract(unpack('Nlength', $this->_string_shift($payload)));
    1965. 

  1965.                     $this->errors[] = 'SSH_MSG_GLOBAL_REQUEST: ' . utf8_decode($this->_string_shift($payload, $length));
    1966. 

  1966. 

  1967.                     if (!$this->_send_binary_packet(pack('C', NET_SSH2_MSG_REQUEST_FAILURE))) {
    1968. 

  1968.                         return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1969. 

  1969.                     }
    1970. 

  1970. 

  1971.                     $payload = $this->_get_binary_packet();
    1972. 

  1972.                     break;
    1973. 

  1973.                 case NET_SSH2_MSG_CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1
    1974. 

  1974.                     $this->_string_shift($payload, 1);
    1975. 

  1975.                     extract(unpack('N', $this->_string_shift($payload, 4)));
    1976. 

  1976.                     $this->errors[] = 'SSH_MSG_CHANNEL_OPEN: ' . utf8_decode($this->_string_shift($payload, $length));
    1977. 

  1977. 

  1978.                     $this->_string_shift($payload, 4); // skip over client channel
    1979. 

  1979.                     extract(unpack('Nserver_channel', $this->_string_shift($payload, 4)));
    1980. 

  1980. 

  1981.                     $packet = pack('CN3a*Na*',
    1982. 

  1982.                         NET_SSH2_MSG_REQUEST_FAILURE, $server_channel, NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED, 0, '', 0, '');
    1983. 

  1983. 

  1984.                     if (!$this->_send_binary_packet($packet)) {
    1985. 

  1985.                         return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1986. 

  1986.                     }
    1987. 

  1987. 

  1988.                     $payload = $this->_get_binary_packet();
    1989. 

  1989.                     break;
    1990. 

  1990.                 case NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST:
    1991. 

  1991.                     $payload = $this->_get_binary_packet();
    1992. 

  1992.             }
    1993. 

  1993.         }
    1994. 

  1994. 

  1995.         return $payload;
    1996. 

  1996.     }
    1997. 

  1997. 

  1998.     /**
    1999. 

  1999.      * Gets channel data
    2000. 

  2000.      *
    2001. 

  2001.      * Returns the data as a string if it's available and false if not.
    2002. 

  2002.      *
    2003. 

  2003.      * @param $client_channel
    2004. 

  2004.      * @return Mixed
    2005. 

  2005.      * @access private
    2006. 

  2006.      */
    2007. 

  2007.     function _get_channel_packet($client_channel, $skip_extended = false)
    2008. 

  2008.     {
    2009. 

  2009.         if (!empty($this->channel_buffers[$client_channel])) {
    2010. 

  2010.             return array_shift($this->channel_buffers[$client_channel]);
    2011. 

  2011.         }
    2012. 

  2012. 

  2013.         while (true) {
    2014. 

  2014.             $response = $this->_get_binary_packet();
    2015. 

  2015.             if ($response === false) {
    2016. 

  2016.                 user_error('Connection closed by server', E_USER_NOTICE);
    2017. 

  2017.                 return false;
    2018. 

  2018.             }
    2019. 

  2019. 

  2020.             if (empty($response)) {
    2021. 

  2021.                 return '';
    2022. 

  2022.             }
    2023. 

  2023. 

  2024.             extract(unpack('Ctype/Nchannel', $this->_string_shift($response, 5)));
    2025. 

  2025. 

  2026.             switch ($this->channel_status[$channel]) {
    2027. 

  2027.                 case NET_SSH2_MSG_CHANNEL_OPEN:
    2028. 

  2028.                     switch ($type) {
    2029. 

  2029.                         case NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
    2030. 

  2030.                             extract(unpack('Nserver_channel', $this->_string_shift($response, 4)));
    2031. 

  2031.                             $this->server_channels[$client_channel] = $server_channel;
    2032. 

  2032.                             $this->_string_shift($response, 4); // skip over (server) window size
    2033. 

  2033.                             $temp = unpack('Npacket_size_client_to_server', $this->_string_shift($response, 4));
    2034. 

  2034.                             $this->packet_size_client_to_server[$client_channel] = $temp['packet_size_client_to_server'];
    2035. 

  2035.                             return true;
    2036. 

  2036.                         //case NET_SSH2_MSG_CHANNEL_OPEN_FAILURE:
    2037. 

  2037.                         default:
    2038. 

  2038.                             user_error('Unable to open channel', E_USER_NOTICE);
    2039. 

  2039.                             return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    2040. 

  2040.                     }
    2041. 

  2041.                     break;
    2042. 

  2042.                 case NET_SSH2_MSG_CHANNEL_REQUEST:
    2043. 

  2043.                     switch ($type) {
    2044. 

  2044.                         case NET_SSH2_MSG_CHANNEL_SUCCESS:
    2045. 

  2045.                             return true;
    2046. 

  2046.                         //case NET_SSH2_MSG_CHANNEL_FAILURE:
    2047. 

  2047.                         default:
    2048. 

  2048.                             user_error('Unable to request pseudo-terminal', E_USER_NOTICE);
    2049. 

  2049.                             return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    2050. 

  2050.                     }
    2051. 

  2051. 

  2052.             }
    2053. 

  2053. 

  2054.             switch ($type) {
    2055. 

  2055.                 case NET_SSH2_MSG_CHANNEL_DATA:
    2056. 

  2056.                     /*
    2057. 

  2057.                     if ($client_channel == NET_SSH2_CHANNEL_EXEC) {
    2058. 

  2058.                         // SCP requires null packets, such as this, be sent.  further, in the case of the ssh.com SSH server
    2059. 

  2059.                         // this actually seems to make things twice as fast.  more to the point, the message right after 
    2060. 

  2060.                         // SSH_MSG_CHANNEL_DATA (usually SSH_MSG_IGNORE) won't block for as long as it would have otherwise.
    2061. 

  2061.                         // in OpenSSH it slows things down but only by a couple thousandths of a second.
    2062. 

  2062.                         $this->_send_channel_packet($client_channel, chr(0));
    2063. 

  2063.                     }
    2064. 

  2064.                     */
    2065. 

  2065.                     extract(unpack('Nlength', $this->_string_shift($response, 4)));
    2066. 

  2066.                     $data = $this->_string_shift($response, $length);
    2067. 

  2067.                     if ($client_channel == $channel) {
    2068. 

  2068.                         return $data;
    2069. 

  2069.                     }
    2070. 

  2070.                     if (!isset($this->channel_buffers[$client_channel])) {
    2071. 

  2071.                         $this->channel_buffers[$client_channel] = array();
    2072. 

  2072.                     }
    2073. 

  2073.                     $this->channel_buffers[$client_channel][] = $data;
    2074. 

  2074.                     break;
    2075. 

  2075.                 case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA:
    2076. 

  2076.                     if ($skip_extended) {
    2077. 

  2077.                         break;
    2078. 

  2078.                     }
    2079. 

  2079.                     /*
    2080. 

  2080.                     if ($client_channel == NET_SSH2_CHANNEL_EXEC) {
    2081. 

  2081.                         $this->_send_channel_packet($client_channel, chr(0));
    2082. 

  2082.                     }
    2083. 

  2083.                     */
    2084. 

  2084.                     // currently, there's only one possible value for $data_type_code: NET_SSH2_EXTENDED_DATA_STDERR
    2085. 

  2085.                     extract(unpack('Ndata_type_code/Nlength', $this->_string_shift($response, 8)));
    2086. 

  2086.                     $data = $this->_string_shift($response, $length);
    2087. 

  2087.                     if ($client_channel == $channel) {
    2088. 

  2088.                         return $data;
    2089. 

  2089.                     }
    2090. 

  2090.                     if (!isset($this->channel_buffers[$client_channel])) {
    2091. 

  2091.                         $this->channel_buffers[$client_channel] = array();
    2092. 

  2092.                     }
    2093. 

  2093.                     $this->channel_buffers[$client_channel][] = $data;
    2094. 

  2094.                     break;
    2095. 

  2095.                 case NET_SSH2_MSG_CHANNEL_REQUEST:
    2096. 

  2096.                     extract(unpack('Nlength', $this->_string_shift($response, 4)));
    2097. 

  2097.                     $value = $this->_string_shift($response, $length);
    2098. 

  2098.                     switch ($value) {
    2099. 

  2099.                         case 'exit-signal':
    2100. 

  2100.                             $this->_string_shift($response, 1);
    2101. 

  2101.                             extract(unpack('Nlength', $this->_string_shift($response, 4)));
    2102. 

  2102.                             $this->errors[] = 'SSH_MSG_CHANNEL_REQUEST (exit-signal): ' . $this->_string_shift($response, $length);
    2103. 

  2103.                             $this->_string_shift($response, 1);
    2104. 

  2104.                             extract(unpack('Nlength', $this->_string_shift($response, 4)));
    2105. 

  2105.                             if ($length) {
    2106. 

  2106.                                 $this->errors[count($this->errors)].= "\r\n" . $this->_string_shift($response, $length);
    2107. 

  2107.                             }
    2108. 

  2108.                         //case 'exit-status':
    2109. 

  2109.                         default:
    2110. 

  2110.                             // "Some systems may not implement signals, in which case they SHOULD ignore this message."
    2111. 

  2111.                             //  -- http://tools.ietf.org/html/rfc4254#section-6.9
    2112. 

  2112.                             break;
    2113. 

  2113.                     }
    2114. 

  2114.                     break;
    2115. 

  2115.                 case NET_SSH2_MSG_CHANNEL_CLOSE:
    2116. 

  2116.                     $this->_send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel]));
    2117. 

  2117.                     return true;
    2118. 

  2118.                 case NET_SSH2_MSG_CHANNEL_EOF:
    2119. 

  2119.                     break;
    2120. 

  2120.                 default:
    2121. 

  2121.                     user_error('Error reading channel data', E_USER_NOTICE);
    2122. 

  2122.                     return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    2123. 

  2123.             }
    2124. 

  2124.         }
    2125. 

  2125.     }
    2126. 

  2126. 

  2127.     /**
    2128. 

  2128.      * Sends Binary Packets
    2129. 

  2129.      *
    2130. 

  2130.      * See '6. Binary Packet Protocol' of rfc4253 for more info.
    2131. 

  2131.      *
    2132. 

  2132.      * @param String $data
    2133. 

  2133.      * @see Net_SSH2::_get_binary_packet()
    2134. 

  2134.      * @return Boolean
    2135. 

  2135.      * @access private
    2136. 

  2136.      */
    2137. 

  2137.     function _send_binary_packet($data)
    2138. 

  2138.     {
    2139. 

  2139.         if (feof($this->fsock)) {
    2140. 

  2140.             user_error('Connection closed prematurely', E_USER_NOTICE);
    2141. 

  2141.             return false;
    2142. 

  2142.         }
    2143. 

  2143. 

  2144.         //if ($this->compress) {
    2145. 

  2145.         //    // the -4 removes the checksum:
    2146. 

  2146.         //    // http://php.net/function.gzcompress#57710
    2147. 

  2147.         //    $data = substr(gzcompress($data), 0, -4);
    2148. 

  2148.         //}
    2149. 

  2149. 

  2150.         // 4 (packet length) + 1 (padding length) + 4 (minimal padding amount) == 9
    2151. 

  2151.         $packet_length = strlen($data) + 9;
    2152. 

  2152.         // round up to the nearest $this->encrypt_block_size
    2153. 

  2153.         $packet_length+= (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size;
    2154. 

  2154.         // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length
    2155. 

  2155.         $padding_length = $packet_length - strlen($data) - 5;
    2156. 

  2156. 

  2157.         $padding = '';
    2158. 

  2158.         for ($i = 0; $i < $padding_length; $i++) {
    2159. 

  2159.             $padding.= chr(crypt_random(0, 255));
    2160. 

  2160.         }
    2161. 

  2161. 

  2162.         // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself
    2163. 

  2163.         $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding);
    2164. 

  2164. 

  2165.         $hmac = $this->hmac_create !== false ? $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)) : '';
    2166. 

  2166.         $this->send_seq_no++;
    2167. 

  2167. 

  2168.         if ($this->encrypt !== false) {
    2169. 

  2169.             $packet = $this->encrypt->encrypt($packet);
    2170. 

  2170.         }
    2171. 

  2171. 

  2172.         $packet.= $hmac;
    2173. 

  2173. 

  2174.         $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
    2175. 

  2175.         $result = strlen($packet) == fputs($this->fsock, $packet);
    2176. 

  2176.         $stop = strtok(microtime(), ' ') + strtok('');
    2177. 

  2177. 

  2178.         if (defined('NET_SSH2_LOGGING')) {
    2179. 

  2179.             $temp = isset($this->message_numbers[ord($data[0])]) ? $this->message_numbers[ord($data[0])] : 'UNKNOWN (' . ord($data[0]) . ')';
    2180. 

  2180.             $this->message_number_log[] = '-> ' . $temp .
    2181. 

  2181.                                           ' (' . round($stop - $start, 4) . 's)';
    2182. 

  2182.             if (NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
    2183. 

  2183.                 $this->message_log[] = substr($data, 1);
    2184. 

  2184.             }
    2185. 

  2185.         }
    2186. 

  2186. 

  2187.         return $result;
    2188. 

  2188.     }
    2189. 

  2189. 

  2190.     /**
    2191. 

  2191.      * Sends channel data
    2192. 

  2192.      *
    2193. 

  2193.      * Spans multiple SSH_MSG_CHANNEL_DATAs if appropriate
    2194. 

  2194.      *
    2195. 

  2195.      * @param Integer $client_channel
    2196. 

  2196.      * @param String $data
    2197. 

  2197.      * @return Boolean
    2198. 

  2198.      * @access private
    2199. 

  2199.      */
    2200. 

  2200.     function _send_channel_packet($client_channel, $data)
    2201. 

  2201.     {
    2202. 

  2202.         while (strlen($data) > $this->packet_size_client_to_server[$client_channel]) {
    2203. 

  2203.             // resize the window, if appropriate
    2204. 

  2204.             $this->window_size_client_to_server[$client_channel]-= $this->packet_size_client_to_server[$client_channel];
    2205. 

  2205.             if ($this->window_size_client_to_server[$client_channel] < 0) {
    2206. 

  2206.                 $packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$client_channel], $this->window_size);
    2207. 

  2207.                 if (!$this->_send_binary_packet($packet)) {
    2208. 

  2208.                     return false;
    2209. 

  2209.                 }
    2210. 

  2210.                 $this->window_size_client_to_server[$client_channel]+= $this->window_size;
    2211. 

  2211.             }
    2212. 

  2212. 

  2213.             $packet = pack('CN2a*',
    2214. 

  2214.                 NET_SSH2_MSG_CHANNEL_DATA,
    2215. 

  2215.                 $this->server_channels[$client_channel],
    2216. 

  2216.                 $this->packet_size_client_to_server[$client_channel],
    2217. 

  2217.                 $this->_string_shift($data, $this->packet_size_client_to_server[$client_channel])
    2218. 

  2218.             );
    2219. 

  2219. 

  2220.             if (!$this->_send_binary_packet($packet)) {
    2221. 

  2221.                 return false;
    2222. 

  2222.             }
    2223. 

  2223.         }
    2224. 

  2224. 

  2225.         // resize the window, if appropriate
    2226. 

  2226.         $this->window_size_client_to_server[$client_channel]-= strlen($data);
    2227. 

  2227.         if ($this->window_size_client_to_server[$client_channel] < 0) {
    2228. 

  2228.             $packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$client_channel], $this->window_size);
    2229. 

  2229.             if (!$this->_send_binary_packet($packet)) {
    2230. 

  2230.                 return false;
    2231. 

  2231.             }
    2232. 

  2232.             $this->window_size_client_to_server[$client_channel]+= $this->window_size;
    2233. 

  2233.         }
    2234. 

  2234. 

  2235.         return $this->_send_binary_packet(pack('CN2a*',
    2236. 

  2236.             NET_SSH2_MSG_CHANNEL_DATA,
    2237. 

  2237.             $this->server_channels[$client_channel],
    2238. 

  2238.             strlen($data),
    2239. 

  2239.             $data));
    2240. 

  2240.     }
    2241. 

  2241. 

  2242.     /**
    2243. 

  2243.      * Closes and flushes a channel
    2244. 

  2244.      *
    2245. 

  2245.      * Net_SSH2 doesn't properly close most channels.  For exec() channels are normally closed by the server
    2246. 

  2246.      * and for SFTP channels are presumably closed when the client disconnects.  This functions is intended
    2247. 

  2247.      * for SCP more than anything.
    2248. 

  2248.      *
    2249. 

  2249.      * @param Integer $client_channel
    2250. 

  2250.      * @return Boolean
    2251. 

  2251.      * @access private
    2252. 

  2252.      */
    2253. 

  2253.     function _close_channel($client_channel)
    2254. 

  2254.     {
    2255. 

  2255.         // see http://tools.ietf.org/html/rfc4254#section-5.3
    2256. 

  2256. 

  2257.         $packet = pack('CN',
    2258. 

  2258.             NET_SSH2_MSG_CHANNEL_EOF,
    2259. 

  2259.             $this->server_channels[$client_channel]);
    2260. 

  2260.         if (!$this->_send_binary_packet($packet)) {
    2261. 

  2261.             return false;
    2262. 

  2262.         }
    2263. 

  2263. 

  2264.         while ($this->_get_channel_packet($client_channel) !== true);
    2265. 

  2265.     }
    2266. 

  2266. 

  2267.     /**
    2268. 

  2268.      * Disconnect
    2269. 

  2269.      *
    2270. 

  2270.      * @param Integer $reason
    2271. 

  2271.      * @return Boolean
    2272. 

  2272.      * @access private
    2273. 

  2273.      */
    2274. 

  2274.     function _disconnect($reason)
    2275. 

  2275.     {
    2276. 

  2276.         if ($this->bitmap) {
    2277. 

  2277.             $data = pack('CNNa*Na*', NET_SSH2_MSG_DISCONNECT, $reason, 0, '', 0, '');
    2278. 

  2278.             $this->_send_binary_packet($data);
    2279. 

  2279.             $this->bitmap = 0;
    2280. 

  2280.             fclose($this->fsock);
    2281. 

  2281.             return false;
    2282. 

  2282.         }
    2283. 

  2283.     }
    2284. 

  2284. 

  2285.     /**
    2286. 

  2286.      * String Shift
    2287. 

  2287.      *
    2288. 

  2288.      * Inspired by array_shift
    2289. 

  2289.      *
    2290. 

  2290.      * @param String $string
    2291. 

  2291.      * @param optional Integer $index
    2292. 

  2292.      * @return String
    2293. 

  2293.      * @access private
    2294. 

  2294.      */
    2295. 

  2295.     function _string_shift(&$string, $index = 1)
    2296. 

  2296.     {
    2297. 

  2297.         $substr = substr($string, 0, $index);
    2298. 

  2298.         $string = substr($string, $index);
    2299. 

  2299.         return $substr;
    2300. 

  2300.     }
    2301. 

  2301. 

  2302.     /**
    2303. 

  2303.      * Define Array
    2304. 

  2304.      *
    2305. 

  2305.      * Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of
    2306. 

  2306.      * named constants from it, using the value as the name of the constant and the index as the value of the constant.
    2307. 

  2307.      * If any of the constants that would be defined already exists, none of the constants will be defined.
    2308. 

  2308.      *
    2309. 

  2309.      * @param Array $array
    2310. 

  2310.      * @access private
    2311. 

  2311.      */
    2312. 

  2312.     function _define_array()
    2313. 

  2313.     {
    2314. 

  2314.         $args = func_get_args();
    2315. 

  2315.         foreach ($args as $arg) {
    2316. 

  2316.             foreach ($arg as $key=>$value) {
    2317. 

  2317.                 if (!defined($value)) {
    2318. 

  2318.                     define($value, $key);
    2319. 

  2319.                 } else {
    2320. 

  2320.                     break 2;
    2321. 

  2321.                 }
    2322. 

  2322.             }
    2323. 

  2323.         }
    2324. 

  2324.     }
    2325. 

  2325. 

  2326.     /**
    2327. 

  2327.      * Returns a log of the packets that have been sent and received.
    2328. 

  2328.      *
    2329. 

  2329.      * Returns a string if NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX, an array if NET_SSH2_LOGGING == NET_SSH2_LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING')
    2330. 

  2330.      *
    2331. 

  2331.      * @access public
    2332. 

  2332.      * @return String or Array
    2333. 

  2333.      */
    2334. 

  2334.     function getLog()
    2335. 

  2335.     {
    2336. 

  2336.         if (!defined('NET_SSH2_LOGGING')) {
    2337. 

  2337.             return false;
    2338. 

  2338.         }
    2339. 

  2339. 

  2340.         switch (NET_SSH2_LOGGING) {
    2341. 

  2341.             case NET_SSH2_LOG_SIMPLE:
    2342. 

  2342.                 return $this->message_number_log;
    2343. 

  2343.                 break;
    2344. 

  2344.             case NET_SSH2_LOG_COMPLEX:
    2345. 

  2345.                 return $this->_format_log($this->message_log, $this->message_number_log);
    2346. 

  2346.                 break;
    2347. 

  2347.             default:
    2348. 

  2348.                 return false;
    2349. 

  2349.         }
    2350. 

  2350.     }
    2351. 

  2351. 

  2352.     /**
    2353. 

  2353.      * Formats a log for printing
    2354. 

  2354.      *
    2355. 

  2355.      * @param Array $message_log
    2356. 

  2356.      * @param Array $message_number_log
    2357. 

  2357.      * @access private
    2358. 

  2358.      * @return String
    2359. 

  2359.      */
    2360. 

  2360.     function _format_log($message_log, $message_number_log)
    2361. 

  2361.     {
    2362. 

  2362.         static $boundary = ':', $long_width = 65, $short_width = 16;
    2363. 

  2363. 

  2364.         $output = '';
    2365. 

  2365.         for ($i = 0; $i < count($message_log); $i++) {
    2366. 

  2366.             $output.= $message_number_log[$i] . "\r\n";
    2367. 

  2367.             $current_log = $message_log[$i];
    2368. 

  2368.             $j = 0;
    2369. 

  2369.             do {
    2370. 

  2370.                 if (!empty($current_log)) {
    2371. 

  2371.                     $output.= str_pad(dechex($j), 7, '0', STR_PAD_LEFT) . '0  ';
    2372. 

  2372.                 }
    2373. 

  2373.                 $fragment = $this->_string_shift($current_log, $short_width);
    2374. 

  2374.                 $hex = substr(
    2375. 

  2375.                            preg_replace(
    2376. 

  2376.                                '#(.)#es',
    2377. 

  2377.                                '"' . $boundary . '" . str_pad(dechex(ord(substr("\\1", -1))), 2, "0", STR_PAD_LEFT)',
    2378. 

  2378.                                $fragment),
    2379. 

  2379.                            strlen($boundary)
    2380. 

  2380.                        );
    2381. 

  2381.                 // replace non ASCII printable characters with dots
    2382. 

  2382.                 // http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters
    2383. 

  2383.                 // also replace < with a . since < messes up the output on web browsers
    2384. 

  2384.                 $raw = preg_replace('#[^\x20-\x7E]|<#', '.', $fragment);
    2385. 

  2385.                 $output.= str_pad($hex, $long_width - $short_width, ' ') . $raw . "\r\n";
    2386. 

  2386.                 $j++;
    2387. 

  2387.             } while (!empty($current_log));
    2388. 

  2388.             $output.= "\r\n";
    2389. 

  2389.         }
    2390. 

  2390. 

  2391.         return $output;
    2392. 

  2392.     }
    2393. 

  2393. 

  2394.     /**
    2395. 

  2395.      * Returns all errors
    2396. 

  2396.      *
    2397. 

  2397.      * @return String
    2398. 

  2398.      * @access public
    2399. 

  2399.      */
    2400. 

  2400.     function getErrors()
    2401. 

  2401.     {
    2402. 

  2402.         return $this->errors;
    2403. 

  2403.     }
    2404. 

  2404. 

  2405.     /**
    2406. 

  2406.      * Returns the last error
    2407. 

  2407.      *
    2408. 

  2408.      * @return String
    2409. 

  2409.      * @access public
    2410. 

  2410.      */
    2411. 

  2411.     function getLastError()
    2412. 

  2412.     {
    2413. 

  2413.         return $this->errors[count($this->errors) - 1];
    2414. 

  2414.     }
    2415. 

  2415. 

  2416.     /**
    2417. 

  2417.      * Return the server identification.
    2418. 

  2418.      *
    2419. 

  2419.      * @return String
    2420. 

  2420.      * @access public
    2421. 

  2421.      */
    2422. 

  2422.     function getServerIdentification()
    2423. 

  2423.     {
    2424. 

  2424.         return $this->server_identifier;
    2425. 

  2425.     }
    2426. 

  2426. 

  2427.     /**
    2428. 

  2428.      * Return a list of the key exchange algorithms the server supports.
    2429. 

  2429.      *
    2430. 

  2430.      * @return Array
    2431. 

  2431.      * @access public
    2432. 

  2432.      */
    2433. 

  2433.     function getKexAlgorithms()
    2434. 

  2434.     {
    2435. 

  2435.         return $this->kex_algorithms;
    2436. 

  2436.     }
    2437. 

  2437. 

  2438.     /**
    2439. 

  2439.      * Return a list of the host key (public key) algorithms the server supports.
    2440. 

  2440.      *
    2441. 

  2441.      * @return Array
    2442. 

  2442.      * @access public
    2443. 

  2443.      */
    2444. 

  2444.     function getServerHostKeyAlgorithms()
    2445. 

  2445.     {
    2446. 

  2446.         return $this->server_host_key_algorithms;
    2447. 

  2447.     }
    2448. 

  2448. 

  2449.     /**
    2450. 

  2450.      * Return a list of the (symmetric key) encryption algorithms the server supports, when receiving stuff from the client.
    2451. 

  2451.      *
    2452. 

  2452.      * @return Array
    2453. 

  2453.      * @access public
    2454. 

  2454.      */
    2455. 

  2455.     function getEncryptionAlgorithmsClient2Server()
    2456. 

  2456.     {
    2457. 

  2457.         return $this->encryption_algorithms_client_to_server;
    2458. 

  2458.     }
    2459. 

  2459. 

  2460.     /**
    2461. 

  2461.      * Return a list of the (symmetric key) encryption algorithms the server supports, when sending stuff to the client.
    2462. 

  2462.      *
    2463. 

  2463.      * @return Array
    2464. 

  2464.      * @access public
    2465. 

  2465.      */
    2466. 

  2466.     function getEncryptionAlgorithmsServer2Client()
    2467. 

  2467.     {
    2468. 

  2468.         return $this->encryption_algorithms_server_to_client;
    2469. 

  2469.     }
    2470. 

  2470. 

  2471.     /**
    2472. 

  2472.      * Return a list of the MAC algorithms the server supports, when receiving stuff from the client.
    2473. 

  2473.      *
    2474. 

  2474.      * @return Array
    2475. 

  2475.      * @access public
    2476. 

  2476.      */
    2477. 

  2477.     function getMACAlgorithmsClient2Server()
    2478. 

  2478.     {
    2479. 

  2479.         return $this->mac_algorithms_client_to_server;
    2480. 

  2480.     }
    2481. 

  2481. 

  2482.     /**
    2483. 

  2483.      * Return a list of the MAC algorithms the server supports, when sending stuff to the client.
    2484. 

  2484.      *
    2485. 

  2485.      * @return Array
    2486. 

  2486.      * @access public
    2487. 

  2487.      */
    2488. 

  2488.     function getMACAlgorithmsServer2Client()
    2489. 

  2489.     {
    2490. 

  2490.         return $this->mac_algorithms_server_to_client;
    2491. 

  2491.     }
    2492. 

  2492. 

  2493.     /**
    2494. 

  2494.      * Return a list of the compression algorithms the server supports, when receiving stuff from the client.
    2495. 

  2495.      *
    2496. 

  2496.      * @return Array
    2497. 

  2497.      * @access public
    2498. 

  2498.      */
    2499. 

  2499.     function getCompressionAlgorithmsClient2Server()
    2500. 

  2500.     {
    2501. 

  2501.         return $this->compression_algorithms_client_to_server;
    2502. 

  2502.     }
    2503. 

  2503. 

  2504.     /**
    2505. 

  2505.      * Return a list of the compression algorithms the server supports, when sending stuff to the client.
    2506. 

  2506.      *
    2507. 

  2507.      * @return Array
    2508. 

  2508.      * @access public
    2509. 

  2509.      */
    2510. 

  2510.     function getCompressionAlgorithmsServer2Client()
    2511. 

  2511.     {
    2512. 

  2512.         return $this->compression_algorithms_server_to_client;
    2513. 

  2513.     }
    2514. 

  2514. 

  2515.     /**
    2516. 

  2516.      * Return a list of the languages the server supports, when sending stuff to the client.
    2517. 

  2517.      *
    2518. 

  2518.      * @return Array
    2519. 

  2519.      * @access public
    2520. 

  2520.      */
    2521. 

  2521.     function getLanguagesServer2Client()
    2522. 

  2522.     {
    2523. 

  2523.         return $this->languages_server_to_client;
    2524. 

  2524.     }
    2525. 

  2525. 

  2526.     /**
    2527. 

  2527.      * Return a list of the languages the server supports, when receiving stuff from the client.
    2528. 

  2528.      *
    2529. 

  2529.      * @return Array
    2530. 

  2530.      * @access public
    2531. 

  2531.      */
    2532. 

  2532.     function getLanguagesClient2Server()
    2533. 

  2533.     {
    2534. 

  2534.         return $this->languages_client_to_server;
    2535. 

  2535.     }
    2536. 

  2536. 

  2537.     /**
    2538. 

  2538.      * Returns the server public host key.
    2539. 

  2539.      *
    2540. 

  2540.      * Caching this the first time you connect to a server and checking the result on subsequent connections
    2541. 

  2541.      * is recommended.  Returns false if the server signature is not signed correctly with the public host key.
    2542. 

  2542.      *
    2543. 

  2543.      * @return Mixed
    2544. 

  2544.      * @access public
    2545. 

  2545.      */
    2546. 

  2546.     function getServerPublicHostKey()
    2547. 

  2547.     {
    2548. 

  2548.         $signature = $this->signature;
    2549. 

  2549.         $server_public_host_key = $this->server_public_host_key;
    2550. 

  2550. 

  2551.         extract(unpack('Nlength', $this->_string_shift($server_public_host_key, 4)));
    2552. 

  2552.         $this->_string_shift($server_public_host_key, $length);
    2553. 

  2553. 

  2554.         switch ($this->signature_format) {
    2555. 

  2555.             case 'ssh-dss':
    2556. 

  2556.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2557. 

  2557.                 $p = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2558. 

  2558. 

  2559.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2560. 

  2560.                 $q = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2561. 

  2561. 

  2562.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2563. 

  2563.                 $g = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2564. 

  2564. 

  2565.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2566. 

  2566.                 $y = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2567. 

  2567. 

  2568.                 /* The value for 'dss_signature_blob' is encoded as a string containing
    2569. 

  2569.                    r, followed by s (which are 160-bit integers, without lengths or
    2570. 

  2570.                    padding, unsigned, and in network byte order). */
    2571. 

  2571.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    2572. 

  2572.                 if ($temp['length'] != 40) {
    2573. 

  2573.                     user_error('Invalid signature', E_USER_NOTICE);
    2574. 

  2574.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    2575. 

  2575.                 }
    2576. 

  2576. 

  2577.                 $r = new Math_BigInteger($this->_string_shift($signature, 20), 256);
    2578. 

  2578.                 $s = new Math_BigInteger($this->_string_shift($signature, 20), 256);
    2579. 

  2579. 

  2580.                 if ($r->compare($q) >= 0 || $s->compare($q) >= 0) {
    2581. 

  2581.                     user_error('Invalid signature', E_USER_NOTICE);
    2582. 

  2582.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    2583. 

  2583.                 }
    2584. 

  2584. 

  2585.                 $w = $s->modInverse($q);
    2586. 

  2586. 

  2587.                 $u1 = $w->multiply(new Math_BigInteger(sha1($this->exchange_hash), 16));
    2588. 

  2588.                 list(, $u1) = $u1->divide($q);
    2589. 

  2589. 

  2590.                 $u2 = $w->multiply($r);
    2591. 

  2591.                 list(, $u2) = $u2->divide($q);
    2592. 

  2592. 

  2593.                 $g = $g->modPow($u1, $p);
    2594. 

  2594.                 $y = $y->modPow($u2, $p);
    2595. 

  2595. 

  2596.                 $v = $g->multiply($y);
    2597. 

  2597.                 list(, $v) = $v->divide($p);
    2598. 

  2598.                 list(, $v) = $v->divide($q);
    2599. 

  2599. 

  2600.                 if (!$v->equals($r)) {
    2601. 

  2601.                     user_error('Bad server signature', E_USER_NOTICE);
    2602. 

  2602.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    2603. 

  2603.                 }
    2604. 

  2604. 

  2605.                 break;
    2606. 

  2606.             case 'ssh-rsa':
    2607. 

  2607.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2608. 

  2608.                 $e = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2609. 

  2609. 

  2610.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    2611. 

  2611.                 $n = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    2612. 

  2612.                 $nLength = $temp['length'];
    2613. 

  2613. 

  2614.                 /*
    2615. 

  2615.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    2616. 

  2616.                 $signature = $this->_string_shift($signature, $temp['length']);
    2617. 

    2618. 

  2618.                 if (!class_exists('Crypt_RSA')) {
    2619. 

  2619.                     require_once('Crypt/RSA.php');
    2620. 

  2620.                 }
    2621. 

    2622. 

  2622.                 $rsa = new Crypt_RSA();
    2623. 

  2623.                 $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
    2624. 

  2624.                 $rsa->loadKey(array('e' => $e, 'n' => $n), CRYPT_RSA_PUBLIC_FORMAT_RAW);
    2625. 

  2625.                 if (!$rsa->verify($this->exchange_hash, $signature)) {
    2626. 

  2626.                     user_error('Bad server signature', E_USER_NOTICE);
    2627. 

  2627.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    2628. 

  2628.                 }
    2629. 

  2629.                 */
    2630. 

  2630. 

  2631.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    2632. 

  2632.                 $s = new Math_BigInteger($this->_string_shift($signature, $temp['length']), 256);
    2633. 

  2633. 

  2634.                 // validate an RSA signature per "8.2 RSASSA-PKCS1-v1_5", "5.2.2 RSAVP1", and "9.1 EMSA-PSS" in the
    2635. 

  2635.                 // following URL:
    2636. 

  2636.                 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
    2637. 

  2637. 

  2638.                 // also, see SSHRSA.c (rsa2_verifysig) in PuTTy's source.
    2639. 

  2639. 

  2640.                 if ($s->compare(new Math_BigInteger()) < 0 || $s->compare($n->subtract(new Math_BigInteger(1))) > 0) {
    2641. 

  2641.                     user_error('Invalid signature', E_USER_NOTICE);
    2642. 

  2642.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    2643. 

  2643.                 }
    2644. 

  2644. 

  2645.                 $s = $s->modPow($e, $n);
    2646. 

  2646.                 $s = $s->toBytes();
    2647. 

  2647. 

  2648.                 $h = pack('N4H*', 0x00302130, 0x0906052B, 0x0E03021A, 0x05000414, sha1($this->exchange_hash));
    2649. 

  2649.                 $h = chr(0x01) . str_repeat(chr(0xFF), $nLength - 3 - strlen($h)) . $h;
    2650. 

  2650. 

  2651.                 if ($s != $h) {
    2652. 

  2652.                     user_error('Bad server signature', E_USER_NOTICE);
    2653. 

  2653.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    2654. 

  2654.                 }
    2655. 

  2655.         }
    2656. 

  2656. 

  2657.         return $this->server_public_host_key;
    2658. 

  2658.     }
    2659. 

  2659. }
    2660.