diff options
Diffstat (limited to 'etc/inc/ntlm_sasl_client.inc')
-rw-r--r-- | etc/inc/ntlm_sasl_client.inc | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/etc/inc/ntlm_sasl_client.inc b/etc/inc/ntlm_sasl_client.inc new file mode 100644 index 0000000..406edf2 --- /dev/null +++ b/etc/inc/ntlm_sasl_client.inc @@ -0,0 +1,180 @@ +<?php +/* + * ntlm_sasl_client.php + * + * @(#) $Id: ntlm_sasl_client.php,v 1.3 2004/11/17 08:00:37 mlemos Exp $ + * + */ + +define("SASL_NTLM_STATE_START", 0); +define("SASL_NTLM_STATE_IDENTIFY_DOMAIN", 1); +define("SASL_NTLM_STATE_RESPOND_CHALLENGE", 2); +define("SASL_NTLM_STATE_DONE", 3); + +class ntlm_sasl_client_class +{ + var $credentials=array(); + var $state=SASL_NTLM_STATE_START; + + Function Initialize(&$client) + { + if(!function_exists($function="mcrypt_encrypt") + || !function_exists($function="mhash")) + { + $extensions=array( + "mcrypt_encrypt"=>"mcrypt", + "mhash"=>"mhash" + ); + $client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration"; + return(0); + } + return(1); + } + + Function ASCIIToUnicode($ascii) + { + for($unicode="",$a=0;$a<strlen($ascii);$a++) + $unicode.=substr($ascii,$a,1).chr(0); + return($unicode); + } + + Function TypeMsg1($domain,$workstation) + { + $domain_length=strlen($domain); + $workstation_length=strlen($workstation); + $workstation_offset=32; + $domain_offset=$workstation_offset+$workstation_length; + return( + "NTLMSSP\0". + "\x01\x00\x00\x00". + "\x07\x32\x00\x00". + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + $workstation. + $domain + ); + } + + Function NTLMResponse($challenge,$password) + { + $unicode=$this->ASCIIToUnicode($password); + $md4=mhash(MHASH_MD4,$unicode); + $padded=$md4.str_repeat(chr(0),21-strlen($md4)); + $iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB); + $iv=mcrypt_create_iv($iv_size,MCRYPT_RAND); + for($response="",$third=0;$third<21;$third+=7) + { + for($packed="",$p=$third;$p<$third+7;$p++) + $packed.=str_pad(decbin(ord(substr($padded,$p,1))),8,"0",STR_PAD_LEFT); + for($key="",$p=0;$p<strlen($packed);$p+=7) + { + $s=substr($packed,$p,7); + $b=$s.((substr_count($s,"1") % 2) ? "0" : "1"); + $key.=chr(bindec($b)); + } + $ciphertext=mcrypt_encrypt(MCRYPT_DES,$key,$challenge,MCRYPT_MODE_ECB,$iv); + $response.=$ciphertext; + } + return $response; + } + + Function TypeMsg3($ntlm_response,$user,$domain,$workstation) + { + $domain_unicode=$this->ASCIIToUnicode($domain); + $domain_length=strlen($domain_unicode); + $domain_offset=64; + $user_unicode=$this->ASCIIToUnicode($user); + $user_length=strlen($user_unicode); + $user_offset=$domain_offset+$domain_length; + $workstation_unicode=$this->ASCIIToUnicode($workstation); + $workstation_length=strlen($workstation_unicode); + $workstation_offset=$user_offset+$user_length; + $lm=""; + $lm_length=strlen($lm); + $lm_offset=$workstation_offset+$workstation_length; + $ntlm=$ntlm_response; + $ntlm_length=strlen($ntlm); + $ntlm_offset=$lm_offset+$lm_length; + $session=""; + $session_length=strlen($session); + $session_offset=$ntlm_offset+$ntlm_length; + return( + "NTLMSSP\0". + "\x03\x00\x00\x00". + pack("v",$lm_length). + pack("v",$lm_length). + pack("V",$lm_offset). + pack("v",$ntlm_length). + pack("v",$ntlm_length). + pack("V",$ntlm_offset). + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$user_length). + pack("v",$user_length). + pack("V",$user_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + pack("v",$session_length). + pack("v",$session_length). + pack("V",$session_offset). + "\x01\x02\x00\x00". + $domain_unicode. + $user_unicode. + $workstation_unicode. + $lm. + $ntlm + ); + } + + Function Start(&$client, &$message, &$interactions) + { + if($this->state!=SASL_NTLM_STATE_START) + { + $client->error="NTLM authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "workstation"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if($status==SASL_CONTINUE) + $this->state=SASL_NTLM_STATE_IDENTIFY_DOMAIN; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch($this->state) + { + case SASL_NTLM_STATE_IDENTIFY_DOMAIN: + $message=$this->TypeMsg1($this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_RESPOND_CHALLENGE; + break; + case SASL_NTLM_STATE_RESPOND_CHALLENGE: + $ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]); + $message=$this->TypeMsg3($ntlm_response,$this->credentials["user"],$this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_DONE; + break; + case SASL_NTLM_STATE_DONE: + $client->error="NTLM authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid NTLM authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?>
\ No newline at end of file |