1
0
mirror of https://github.com/danog/phpseclib.git synced 2024-12-04 18:48:24 +01:00

SSH2: logging enhancements

This commit is contained in:
terrafrost 2020-01-17 03:37:25 -06:00
parent ef5e6a909f
commit 500e3225a8

View File

@ -1563,6 +1563,7 @@ class Net_SSH2
if (!$this->_send_binary_packet($packet)) { if (!$this->_send_binary_packet($packet)) {
return false; return false;
} }
$this->_updateLogHistory('UNKNOWN (34)', 'NET_SSH2_MSG_KEXDH_GEX_REQUEST');
$response = $this->_get_binary_packet(); $response = $this->_get_binary_packet();
if ($response === false) { if ($response === false) {
@ -1578,6 +1579,7 @@ class Net_SSH2
user_error('Expected SSH_MSG_KEX_DH_GEX_GROUP'); user_error('Expected SSH_MSG_KEX_DH_GEX_GROUP');
return false; return false;
} }
$this->_updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
if (strlen($response) < 4) { if (strlen($response) < 4) {
return false; return false;
@ -1666,6 +1668,9 @@ class Net_SSH2
user_error('Connection closed by server'); user_error('Connection closed by server');
return false; return false;
} }
if ($clientKexInitMessage == NET_SSH2_MSG_KEXDH_GEX_INIT) {
$this->_updateLogHistory('UNKNOWN (32)', 'NET_SSH2_MSG_KEXDH_GEX_INIT');
}
$response = $this->_get_binary_packet(); $response = $this->_get_binary_packet();
if ($response === false) { if ($response === false) {
@ -1679,9 +1684,15 @@ class Net_SSH2
extract(unpack('Ctype', $this->_string_shift($response, 1))); extract(unpack('Ctype', $this->_string_shift($response, 1)));
if ($type != $serverKexReplyMessage) { if ($type != $serverKexReplyMessage) {
user_error('Expected SSH_MSG_KEXDH_REPLY'); $expected = $serverKexReplyMessage == NET_SSH2_MSG_KEXDH_GEX_REPLY ?
'SSH_MSG_KEXDH_GEX_REPLY' :
'SSH_MSG_KEXDH_REPLY';
user_error("Expected $expected");
return false; return false;
} }
if ($serverKexReplyMessage == NET_SSH2_MSG_KEXDH_GEX_REPLY) {
$this->_updateLogHistory('UNKNOWN (33)', 'NET_SSH2_MSG_KEXDH_GEX_REPLY');
}
if (strlen($response) < 4) { if (strlen($response) < 4) {
return false; return false;
@ -2316,9 +2327,7 @@ class Net_SSH2
switch ($type) { switch ($type) {
case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
if (defined('NET_SSH2_LOGGING')) { $this->_updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ');
$this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ';
}
if (strlen($response) < 4) { if (strlen($response) < 4) {
return false; return false;
} }
@ -2469,12 +2478,8 @@ class Net_SSH2
// see http://tools.ietf.org/html/rfc4256#section-3.2 // see http://tools.ietf.org/html/rfc4256#section-3.2
if (strlen($this->last_interactive_response)) { if (strlen($this->last_interactive_response)) {
$this->last_interactive_response = ''; $this->last_interactive_response = '';
} elseif (defined('NET_SSH2_LOGGING')) { } else {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace( $this->_updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST');
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_INFO_REQUEST',
$this->message_number_log[count($this->message_number_log) - 1]
);
} }
if (!count($responses) && $num_prompts) { if (!count($responses) && $num_prompts) {
@ -2497,13 +2502,7 @@ class Net_SSH2
return false; return false;
} }
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) { $this->_updateLogHistory('UNKNOWN (61)', 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE');
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE',
$this->message_number_log[count($this->message_number_log) - 1]
);
}
/* /*
After receiving the response, the server MUST send either an After receiving the response, the server MUST send either an
@ -2630,13 +2629,7 @@ class Net_SSH2
case NET_SSH2_MSG_USERAUTH_PK_OK: case NET_SSH2_MSG_USERAUTH_PK_OK:
// we'll just take it on faith that the public key blob and the public key algorithm name are as // we'll just take it on faith that the public key blob and the public key algorithm name are as
// they should be // they should be
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) { $this->_updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PK_OK');
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
'UNKNOWN',
'NET_SSH2_MSG_USERAUTH_PK_OK',
$this->message_number_log[count($this->message_number_log) - 1]
);
}
} }
$packet = $part1 . chr(1) . $part2; $packet = $part1 . chr(1) . $part2;
@ -5072,4 +5065,22 @@ class Net_SSH2
$this->windowColumns = $columns; $this->windowColumns = $columns;
$this->windowRows = $rows; $this->windowRows = $rows;
} }
/**
* Update packet types in log history
*
* @param string $old
* @param string $new
* @access private
*/
function _updateLogHistory($old, $new)
{
if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX) {
$this->message_number_log[count($this->message_number_log) - 1] = str_replace(
$old,
$new,
$this->message_number_log[count($this->message_number_log) - 1]
);
}
}
} }