function _filter($payload)
{
switch (ord($payload[0])) {
case NET_SSH2_MSG_DISCONNECT:
Strings::shift($payload, 1);
if (strlen($payload) < 8) {
return false;
}
extract(unpack('Nreason_code/Nlength', Strings::shift($payload, 8)));
$this->errors[] = 'SSH_MSG_DISCONNECT: ' . $this->disconnect_reasons[$reason_code] . "\r\n" . utf8_decode(Strings::shift($payload, $length));
$this->bitmap = 0;
return false;
case NET_SSH2_MSG_IGNORE:
$payload = $this->_get_binary_packet();
break;
case NET_SSH2_MSG_DEBUG:
Strings::shift($payload, 2);
if (strlen($payload) < 4) {
return false;
}
extract(unpack('Nlength', Strings::shift($payload, 4)));
$this->errors[] = 'SSH_MSG_DEBUG: ' . utf8_decode(Strings::shift($payload, $length));
$payload = $this->_get_binary_packet();
break;
case NET_SSH2_MSG_UNIMPLEMENTED:
return false;
case NET_SSH2_MSG_KEXINIT:
if ($this->session_id !== false) {
if (!$this->_key_exchange($payload)) {
$this->bitmap = 0;
return false;
}
$payload = $this->_get_binary_packet();
}
}
// see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
if ($this->bitmap & self::MASK_CONNECTED && !($this->bitmap & self::MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
Strings::shift($payload, 1);
if (strlen($payload) < 4) {
return false;
}
extract(unpack('Nlength', Strings::shift($payload, 4)));
$this->banner_message = utf8_decode(Strings::shift($payload, $length));
$payload = $this->_get_binary_packet();
}
// only called when we've already logged in
if ($this->bitmap & self::MASK_CONNECTED && $this->bitmap & self::MASK_LOGIN) {
switch (ord($payload[0])) {
case NET_SSH2_MSG_GLOBAL_REQUEST:
// see http://tools.ietf.org/html/rfc4254#section-4
if (strlen($payload) < 4) {
return false;
}
extract(unpack('Nlength', Strings::shift($payload, 4)));
$this->errors[] = 'SSH_MSG_GLOBAL_REQUEST: ' . Strings::shift($payload, $length);
if (!$this->_send_binary_packet(pack('C', NET_SSH2_MSG_REQUEST_FAILURE))) {
return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
}
$payload = $this->_get_binary_packet();
break;
case NET_SSH2_MSG_CHANNEL_OPEN:
// see http://tools.ietf.org/html/rfc4254#section-5.1
Strings::shift($payload, 1);
if (strlen($payload) < 4) {
return false;
}
extract(unpack('Nlength', Strings::shift($payload, 4)));
$data = Strings::shift($payload, $length);
if (strlen($payload) < 4) {
return false;
}
extract(unpack('Nserver_channel', Strings::shift($payload, 4)));
switch ($data) {
case 'auth-agent':
case '[email protected]':
if (isset($this->agent)) {
$new_channel = self::CHANNEL_AGENT_FORWARD;
if (strlen($payload) < 8) {
return false;
}
extract(unpack('Nremote_window_size', Strings::shift($payload, 4)));
extract(unpack('Nremote_maximum_packet_size', Strings::shift($payload, 4)));
$this->packet_size_client_to_server[$new_channel] = $remote_window_size;
$this->window_size_server_to_client[$new_channel] = $remote_maximum_packet_size;
$this->window_size_client_to_server[$new_channel] = $this->window_size;
$packet_size = 0x4000;
$packet = pack('CN4', NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, $server_channel, $new_channel, $packet_size, $packet_size);
$this->server_channels[$new_channel] = $server_channel;
$this->channel_status[$new_channel] = NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION;
if (!$this->_send_binary_packet($packet)) {
return false;
}
}
break;
default:
$packet = pack('CN3a*Na*', NET_SSH2_MSG_REQUEST_FAILURE, $server_channel, NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED, 0, '', 0, '');
if (!$this->_send_binary_packet($packet)) {
return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
}
}
$payload = $this->_get_binary_packet();
break;
case NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST:
Strings::shift($payload, 1);
if (strlen($payload) < 8) {
return false;
}
extract(unpack('Nchannel', Strings::shift($payload, 4)));
extract(unpack('Nwindow_size', Strings::shift($payload, 4)));
$this->window_size_client_to_server[$channel] += $window_size;
$payload = $this->bitmap & self::MASK_WINDOW_ADJUST ? true : $this->_get_binary_packet();
}
}
return $payload;
}