| [ Index ] |
PHP Cross Reference of DokuWiki |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Pure-PHP ssh-agent client. 5 * 6 * PHP version 5 7 * 8 * Here are some examples of how to use this library: 9 * <code> 10 * <?php 11 * include 'vendor/autoload.php'; 12 * 13 * $agent = new \phpseclib\System\SSH\Agent(); 14 * 15 * $ssh = new \phpseclib\Net\SSH2('www.domain.tld'); 16 * if (!$ssh->login('username', $agent)) { 17 * exit('Login Failed'); 18 * } 19 * 20 * echo $ssh->exec('pwd'); 21 * echo $ssh->exec('ls -la'); 22 * ?> 23 * </code> 24 * 25 * @category System 26 * @package SSH\Agent 27 * @author Jim Wigginton <terrafrost@php.net> 28 * @copyright 2014 Jim Wigginton 29 * @license http://www.opensource.org/licenses/mit-license.html MIT License 30 * @link http://phpseclib.sourceforge.net 31 * @internal See http://api.libssh.org/rfc/PROTOCOL.agent 32 */ 33 34 namespace phpseclib\System\SSH; 35 36 use phpseclib\Crypt\RSA; 37 use phpseclib\System\SSH\Agent\Identity; 38 39 /** 40 * Pure-PHP ssh-agent client identity factory 41 * 42 * requestIdentities() method pumps out \phpseclib\System\SSH\Agent\Identity objects 43 * 44 * @package SSH\Agent 45 * @author Jim Wigginton <terrafrost@php.net> 46 * @access public 47 */ 48 class Agent 49 { 50 /**#@+ 51 * Message numbers 52 * 53 * @access private 54 */ 55 // to request SSH1 keys you have to use SSH_AGENTC_REQUEST_RSA_IDENTITIES (1) 56 const SSH_AGENTC_REQUEST_IDENTITIES = 11; 57 // this is the SSH2 response; the SSH1 response is SSH_AGENT_RSA_IDENTITIES_ANSWER (2). 58 const SSH_AGENT_IDENTITIES_ANSWER = 12; 59 // the SSH1 request is SSH_AGENTC_RSA_CHALLENGE (3) 60 const SSH_AGENTC_SIGN_REQUEST = 13; 61 // the SSH1 response is SSH_AGENT_RSA_RESPONSE (4) 62 const SSH_AGENT_SIGN_RESPONSE = 14; 63 /**#@-*/ 64 65 /**@+ 66 * Agent forwarding status 67 * 68 * @access private 69 */ 70 // no forwarding requested and not active 71 const FORWARD_NONE = 0; 72 // request agent forwarding when opportune 73 const FORWARD_REQUEST = 1; 74 // forwarding has been request and is active 75 const FORWARD_ACTIVE = 2; 76 /**#@-*/ 77 78 /** 79 * Unused 80 */ 81 const SSH_AGENT_FAILURE = 5; 82 83 /** 84 * Socket Resource 85 * 86 * @var resource 87 * @access private 88 */ 89 var $fsock; 90 91 /** 92 * Agent forwarding status 93 * 94 * @access private 95 */ 96 var $forward_status = self::FORWARD_NONE; 97 98 /** 99 * Buffer for accumulating forwarded authentication 100 * agent data arriving on SSH data channel destined 101 * for agent unix socket 102 * 103 * @access private 104 */ 105 var $socket_buffer = ''; 106 107 /** 108 * Tracking the number of bytes we are expecting 109 * to arrive for the agent socket on the SSH data 110 * channel 111 */ 112 var $expected_bytes = 0; 113 114 /** 115 * Default Constructor 116 * 117 * @return \phpseclib\System\SSH\Agent 118 * @access public 119 */ 120 function __construct($address = null) 121 { 122 if (!$address) { 123 switch (true) { 124 case isset($_SERVER['SSH_AUTH_SOCK']): 125 $address = $_SERVER['SSH_AUTH_SOCK']; 126 break; 127 case isset($_ENV['SSH_AUTH_SOCK']): 128 $address = $_ENV['SSH_AUTH_SOCK']; 129 break; 130 default: 131 user_error('SSH_AUTH_SOCK not found'); 132 return false; 133 } 134 } 135 136 $this->fsock = fsockopen('unix://' . $address, 0, $errno, $errstr); 137 if (!$this->fsock) { 138 user_error("Unable to connect to ssh-agent (Error $errno: $errstr)"); 139 } 140 } 141 142 /** 143 * Request Identities 144 * 145 * See "2.5.2 Requesting a list of protocol 2 keys" 146 * Returns an array containing zero or more \phpseclib\System\SSH\Agent\Identity objects 147 * 148 * @return array 149 * @access public 150 */ 151 function requestIdentities() 152 { 153 if (!$this->fsock) { 154 return array(); 155 } 156 157 $packet = pack('NC', 1, self::SSH_AGENTC_REQUEST_IDENTITIES); 158 if (strlen($packet) != fputs($this->fsock, $packet)) { 159 user_error('Connection closed while requesting identities'); 160 return array(); 161 } 162 163 $length = current(unpack('N', fread($this->fsock, 4))); 164 $type = ord(fread($this->fsock, 1)); 165 if ($type != self::SSH_AGENT_IDENTITIES_ANSWER) { 166 user_error('Unable to request identities'); 167 return array(); 168 } 169 170 $identities = array(); 171 $keyCount = current(unpack('N', fread($this->fsock, 4))); 172 for ($i = 0; $i < $keyCount; $i++) { 173 $length = current(unpack('N', fread($this->fsock, 4))); 174 $key_blob = fread($this->fsock, $length); 175 $key_str = 'ssh-rsa ' . base64_encode($key_blob); 176 $length = current(unpack('N', fread($this->fsock, 4))); 177 if ($length) { 178 $key_str.= ' ' . fread($this->fsock, $length); 179 } 180 $length = current(unpack('N', substr($key_blob, 0, 4))); 181 $key_type = substr($key_blob, 4, $length); 182 switch ($key_type) { 183 case 'ssh-rsa': 184 $key = new RSA(); 185 $key->loadKey($key_str); 186 break; 187 case 'ssh-dss': 188 // not currently supported 189 break; 190 } 191 // resources are passed by reference by default 192 if (isset($key)) { 193 $identity = new Identity($this->fsock); 194 $identity->setPublicKey($key); 195 $identity->setPublicKeyBlob($key_blob); 196 $identities[] = $identity; 197 unset($key); 198 } 199 } 200 201 return $identities; 202 } 203 204 /** 205 * Signal that agent forwarding should 206 * be requested when a channel is opened 207 * 208 * @param Net_SSH2 $ssh 209 * @return bool 210 * @access public 211 */ 212 function startSSHForwarding($ssh) 213 { 214 if ($this->forward_status == self::FORWARD_NONE) { 215 $this->forward_status = self::FORWARD_REQUEST; 216 } 217 } 218 219 /** 220 * Request agent forwarding of remote server 221 * 222 * @param Net_SSH2 $ssh 223 * @return bool 224 * @access private 225 */ 226 function _request_forwarding($ssh) 227 { 228 $request_channel = $ssh->_get_open_channel(); 229 if ($request_channel === false) { 230 return false; 231 } 232 233 $packet = pack( 234 'CNNa*C', 235 NET_SSH2_MSG_CHANNEL_REQUEST, 236 $ssh->server_channels[$request_channel], 237 strlen('auth-agent-req@openssh.com'), 238 'auth-agent-req@openssh.com', 239 1 240 ); 241 242 $ssh->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_REQUEST; 243 244 if (!$ssh->_send_binary_packet($packet)) { 245 return false; 246 } 247 248 $response = $ssh->_get_channel_packet($request_channel); 249 if ($response === false) { 250 return false; 251 } 252 253 $ssh->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_OPEN; 254 $this->forward_status = self::FORWARD_ACTIVE; 255 256 return true; 257 } 258 259 /** 260 * On successful channel open 261 * 262 * This method is called upon successful channel 263 * open to give the SSH Agent an opportunity 264 * to take further action. i.e. request agent forwarding 265 * 266 * @param Net_SSH2 $ssh 267 * @access private 268 */ 269 function _on_channel_open($ssh) 270 { 271 if ($this->forward_status == self::FORWARD_REQUEST) { 272 $this->_request_forwarding($ssh); 273 } 274 } 275 276 /** 277 * Forward data to SSH Agent and return data reply 278 * 279 * @param string $data 280 * @return data from SSH Agent 281 * @access private 282 */ 283 function _forward_data($data) 284 { 285 if ($this->expected_bytes > 0) { 286 $this->socket_buffer.= $data; 287 $this->expected_bytes -= strlen($data); 288 } else { 289 $agent_data_bytes = current(unpack('N', $data)); 290 $current_data_bytes = strlen($data); 291 $this->socket_buffer = $data; 292 if ($current_data_bytes != $agent_data_bytes + 4) { 293 $this->expected_bytes = ($agent_data_bytes + 4) - $current_data_bytes; 294 return false; 295 } 296 } 297 298 if (strlen($this->socket_buffer) != fwrite($this->fsock, $this->socket_buffer)) { 299 user_error('Connection closed attempting to forward data to SSH agent'); 300 } 301 302 $this->socket_buffer = ''; 303 $this->expected_bytes = 0; 304 305 $agent_reply_bytes = current(unpack('N', fread($this->fsock, 4))); 306 307 $agent_reply_data = fread($this->fsock, $agent_reply_bytes); 308 $agent_reply_data = current(unpack('a*', $agent_reply_data)); 309 310 return pack('Na*', $agent_reply_bytes, $agent_reply_data); 311 } 312 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body