1
0
mirror of https://github.com/danog/phpseclib.git synced 2024-12-12 09:09:39 +01:00

Support for continue auth methods.

This commit is contained in:
nickyb 2021-04-30 19:48:19 +01:00 committed by terrafrost
parent 8bc9f4ba25
commit aa8138a330

View File

@ -975,6 +975,14 @@ class Net_SSH2
*/ */
var $auth = array(); var $auth = array();
/**
* The authentication methods that may productively continue authentication.
*
* @see https://tools.ietf.org/html/rfc4252#section-5.1
* @var array|null
*/
private $auth_methods_to_continue = null;
/** /**
* Default Constructor. * Default Constructor.
* *
@ -2142,7 +2150,7 @@ class Net_SSH2
// try logging with 'none' as an authentication method first since that's what // try logging with 'none' as an authentication method first since that's what
// PuTTY does // PuTTY does
if (substr($this->server_identifier, 0, 13) != 'SSH-2.0-CoreFTP') { if (substr($this->server_identifier, 0, 13) != 'SSH-2.0-CoreFTP' && $this->auth_methods_to_continue === null) {
if ($this->_login($username)) { if ($this->_login($username)) {
return true; return true;
} }
@ -2290,7 +2298,9 @@ class Net_SSH2
case NET_SSH2_MSG_USERAUTH_SUCCESS: case NET_SSH2_MSG_USERAUTH_SUCCESS:
$this->bitmap |= NET_SSH2_MASK_LOGIN; $this->bitmap |= NET_SSH2_MASK_LOGIN;
return true; return true;
//case NET_SSH2_MSG_USERAUTH_FAILURE: case NET_SSH2_MSG_USERAUTH_FAILURE:
extract(unpack('Nmethodlistlen', $this->_string_shift($response, 4)));
$this->auth_methods_to_continue = explode(',', $this->_string_shift($response, $methodlistlen));
default: default:
return false; return false;
} }
@ -2362,6 +2372,7 @@ class Net_SSH2
} }
extract(unpack('Nlength', $this->_string_shift($response, 4))); extract(unpack('Nlength', $this->_string_shift($response, 4)));
$auth_methods = explode(',', $this->_string_shift($response, $length)); $auth_methods = explode(',', $this->_string_shift($response, $length));
$this->auth_methods_to_continue = $auth_methods;
if (!strlen($response)) { if (!strlen($response)) {
return false; return false;
} }
@ -2534,6 +2545,8 @@ class Net_SSH2
case NET_SSH2_MSG_USERAUTH_SUCCESS: case NET_SSH2_MSG_USERAUTH_SUCCESS:
return true; return true;
case NET_SSH2_MSG_USERAUTH_FAILURE: case NET_SSH2_MSG_USERAUTH_FAILURE:
extract(unpack('Nmethodlistlen', $this->_string_shift($response, 4)));
$this->auth_methods_to_continue = explode(',', $this->_string_shift($response, $methodlistlen));
return false; return false;
} }
@ -2642,8 +2655,9 @@ class Net_SSH2
if (strlen($response) < 4) { if (strlen($response) < 4) {
return false; return false;
} }
extract(unpack('Nlength', $this->_string_shift($response, 4))); extract(unpack('Nmethodlistlen', $this->_string_shift($response, 4)));
$this->errors[] = 'SSH_MSG_USERAUTH_FAILURE: ' . $this->_string_shift($response, $length); $this->auth_methods_to_continue = explode(',', $this->_string_shift($response, $methodlistlen));
$this->errors[] = 'SSH_MSG_USERAUTH_FAILURE';
return false; return false;
case NET_SSH2_MSG_USERAUTH_PK_OK: case NET_SSH2_MSG_USERAUTH_PK_OK:
// we'll just take it on faith that the public key blob and the public key algorithm name are as // we'll just take it on faith that the public key blob and the public key algorithm name are as
@ -2684,6 +2698,8 @@ class Net_SSH2
switch ($type) { switch ($type) {
case NET_SSH2_MSG_USERAUTH_FAILURE: case NET_SSH2_MSG_USERAUTH_FAILURE:
// either the login is bad or the server employs multi-factor authentication // either the login is bad or the server employs multi-factor authentication
extract(unpack('Nmethodlistlen', $this->_string_shift($response, 4)));
$this->auth_methods_to_continue = explode(',', $this->_string_shift($response, $methodlistlen));
return false; return false;
case NET_SSH2_MSG_USERAUTH_SUCCESS: case NET_SSH2_MSG_USERAUTH_SUCCESS:
$this->bitmap |= NET_SSH2_MASK_LOGIN; $this->bitmap |= NET_SSH2_MASK_LOGIN;
@ -5152,4 +5168,15 @@ class Net_SSH2
); );
} }
} }
/**
* Return the list of authentication methods that may productively continue authentication.
*
* @see https://tools.ietf.org/html/rfc4252#section-5.1
* @return array|null
*/
public function getAuthMethodsToContinue()
{
return $this->auth_methods_to_continue;
}
} }