ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Agent.php
Go to the documentation of this file.
1<?php
2
35
38
48class Agent
49{
55 // to request SSH1 keys you have to use SSH_AGENTC_REQUEST_RSA_IDENTITIES (1)
57 // this is the SSH2 response; the SSH1 response is SSH_AGENT_RSA_IDENTITIES_ANSWER (2).
59 // the SSH1 request is SSH_AGENTC_RSA_CHALLENGE (3)
61 // the SSH1 response is SSH_AGENT_RSA_RESPONSE (4)
70 // no forwarding requested and not active
71 const FORWARD_NONE = 0;
72 // request agent forwarding when opportune
73 const FORWARD_REQUEST = 1;
74 // forwarding has been request and is active
75 const FORWARD_ACTIVE = 2;
82
89 var $fsock;
90
97
106
113
120 function __construct()
121 {
122 switch (true) {
123 case isset($_SERVER['SSH_AUTH_SOCK']):
124 $address = $_SERVER['SSH_AUTH_SOCK'];
125 break;
126 case isset($_ENV['SSH_AUTH_SOCK']):
127 $address = $_ENV['SSH_AUTH_SOCK'];
128 break;
129 default:
130 user_error('SSH_AUTH_SOCK not found');
131 return false;
132 }
133
134 $this->fsock = fsockopen('unix://' . $address, 0, $errno, $errstr);
135 if (!$this->fsock) {
136 user_error("Unable to connect to ssh-agent (Error $errno: $errstr)");
137 }
138 }
139
150 {
151 if (!$this->fsock) {
152 return array();
153 }
154
155 $packet = pack('NC', 1, self::SSH_AGENTC_REQUEST_IDENTITIES);
156 if (strlen($packet) != fputs($this->fsock, $packet)) {
157 user_error('Connection closed while requesting identities');
158 }
159
160 $length = current(unpack('N', fread($this->fsock, 4)));
161 $type = ord(fread($this->fsock, 1));
162 if ($type != self::SSH_AGENT_IDENTITIES_ANSWER) {
163 user_error('Unable to request identities');
164 }
165
166 $identities = array();
167 $keyCount = current(unpack('N', fread($this->fsock, 4)));
168 for ($i = 0; $i < $keyCount; $i++) {
169 $length = current(unpack('N', fread($this->fsock, 4)));
170 $key_blob = fread($this->fsock, $length);
171 $length = current(unpack('N', fread($this->fsock, 4)));
172 if ($length) {
173 $key_comment = fread($this->fsock, $length);
174 }
175 $length = current(unpack('N', substr($key_blob, 0, 4)));
176 $key_type = substr($key_blob, 4, $length);
177 switch ($key_type) {
178 case 'ssh-rsa':
179 $key = new RSA();
180 $key->loadKey('ssh-rsa ' . base64_encode($key_blob) . ' ' . $key_comment);
181 break;
182 case 'ssh-dss':
183 // not currently supported
184 break;
185 }
186 // resources are passed by reference by default
187 if (isset($key)) {
188 $identity = new Identity($this->fsock);
189 $identity->setPublicKey($key);
190 $identity->setPublicKeyBlob($key_blob);
191 $identities[] = $identity;
192 unset($key);
193 }
194 }
195
196 return $identities;
197 }
198
207 function startSSHForwarding($ssh)
208 {
209 if ($this->forward_status == self::FORWARD_NONE) {
210 $this->forward_status = self::FORWARD_REQUEST;
211 }
212 }
213
221 function _request_forwarding($ssh)
222 {
223 $request_channel = $ssh->_get_open_channel();
224 if ($request_channel === false) {
225 return false;
226 }
227
228 $packet = pack(
229 'CNNa*C',
230 NET_SSH2_MSG_CHANNEL_REQUEST,
231 $ssh->server_channels[$request_channel],
232 strlen('auth-agent-req@openssh.com'),
233 'auth-agent-req@openssh.com',
234 1
235 );
236
237 $ssh->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_REQUEST;
238
239 if (!$ssh->_send_binary_packet($packet)) {
240 return false;
241 }
242
243 $response = $ssh->_get_channel_packet($request_channel);
244 if ($response === false) {
245 return false;
246 }
247
248 $ssh->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_OPEN;
249 $this->forward_status = self::FORWARD_ACTIVE;
250
251 return true;
252 }
253
264 function _on_channel_open($ssh)
265 {
266 if ($this->forward_status == self::FORWARD_REQUEST) {
267 $this->_request_forwarding($ssh);
268 }
269 }
270
279 {
280 if ($this->expected_bytes > 0) {
281 $this->socket_buffer.= $data;
282 $this->expected_bytes -= strlen($data);
283 } else {
284 $agent_data_bytes = current(unpack('N', $data));
285 $current_data_bytes = strlen($data);
286 $this->socket_buffer = $data;
287 if ($current_data_bytes != $agent_data_bytes + 4) {
288 $this->expected_bytes = ($agent_data_bytes + 4) - $current_data_bytes;
289 return false;
290 }
291 }
292
293 if (strlen($this->socket_buffer) != fwrite($this->fsock, $this->socket_buffer)) {
294 user_error('Connection closed attempting to forward data to SSH agent');
295 }
296
297 $this->socket_buffer = '';
298 $this->expected_bytes = 0;
299
300 $agent_reply_bytes = current(unpack('N', fread($this->fsock, 4)));
301
302 $agent_reply_data = fread($this->fsock, $agent_reply_bytes);
303 $agent_reply_data = current(unpack('a*', $agent_reply_data));
304
305 return pack('Na*', $agent_reply_bytes, $agent_reply_data);
306 }
307}
An exception for terminatinating execution or to throw for unit testing.
$socket_buffer
Buffer for accumulating forwarded authentication agent data arriving on SSH data channel destined for...
Definition: Agent.php:105
$expected_bytes
Tracking the number of bytes we are expecting to arrive for the agent socket on the SSH data channel.
Definition: Agent.php:112
_request_forwarding($ssh)
Request agent forwarding of remote server.
Definition: Agent.php:221
requestIdentities()
Request Identities.
Definition: Agent.php:149
_forward_data($data)
Forward data to SSH Agent and return data reply.
Definition: Agent.php:278
__construct()
Default Constructor.
Definition: Agent.php:120
startSSHForwarding($ssh)
Signal that agent forwarding should be requested when a channel is opened.
Definition: Agent.php:207
$forward_status
Agent forwarding status.
Definition: Agent.php:96
const SSH_AGENT_IDENTITIES_ANSWER
Definition: Agent.php:58
const SSH_AGENTC_REQUEST_IDENTITIES
#+ Message numbers
Definition: Agent.php:56
_on_channel_open($ssh)
On successful channel open.
Definition: Agent.php:264
$key
Definition: croninfo.php:18
$i
Definition: disco.tpl.php:19
Pure-PHP PKCS#1 compliant implementation of RSA.
$type
$response
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
$data
Definition: bench.php:6