From 46bc6e545a17e77202aaf01ec0cd8d5a46567525 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 25 Aug 2015 08:08:24 -0300 Subject: Move main pfSense content to src/ --- src/etc/inc/ntlm_sasl_client.inc | 180 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) create mode 100644 src/etc/inc/ntlm_sasl_client.inc (limited to 'src/etc/inc/ntlm_sasl_client.inc') diff --git a/src/etc/inc/ntlm_sasl_client.inc b/src/etc/inc/ntlm_sasl_client.inc new file mode 100644 index 0000000..18e5658 --- /dev/null +++ b/src/etc/inc/ntlm_sasl_client.inc @@ -0,0 +1,180 @@ +"mcrypt", + "hash"=>"hash" + ); + $client->error="the extension ".$extensions[$function]." required by the NTLM SASL client class is not available in this PHP configuration"; + return(0); + } + return(1); + } + + Function ASCIIToUnicode($ascii) + { + for ($unicode="",$a=0;$aASCIIToUnicode($password); + $md4=hash("md4", $unicode); + $padded=$md4.str_repeat(chr(0),21-strlen($md4)); + $iv_size=mcrypt_get_iv_size(MCRYPT_DES,MCRYPT_MODE_ECB); + $iv=mcrypt_create_iv($iv_size,MCRYPT_RAND); + for ($response="",$third=0;$third<21;$third+=7) + { + for ($packed="",$p=$third;$p<$third+7;$p++) + $packed.=str_pad(decbin(ord(substr($padded,$p,1))),8,"0",STR_PAD_LEFT); + for ($key="",$p=0;$pASCIIToUnicode($domain); + $domain_length=strlen($domain_unicode); + $domain_offset=64; + $user_unicode=$this->ASCIIToUnicode($user); + $user_length=strlen($user_unicode); + $user_offset=$domain_offset+$domain_length; + $workstation_unicode=$this->ASCIIToUnicode($workstation); + $workstation_length=strlen($workstation_unicode); + $workstation_offset=$user_offset+$user_length; + $lm=""; + $lm_length=strlen($lm); + $lm_offset=$workstation_offset+$workstation_length; + $ntlm=$ntlm_response; + $ntlm_length=strlen($ntlm); + $ntlm_offset=$lm_offset+$lm_length; + $session=""; + $session_length=strlen($session); + $session_offset=$ntlm_offset+$ntlm_length; + return( + "NTLMSSP\0". + "\x03\x00\x00\x00". + pack("v",$lm_length). + pack("v",$lm_length). + pack("V",$lm_offset). + pack("v",$ntlm_length). + pack("v",$ntlm_length). + pack("V",$ntlm_offset). + pack("v",$domain_length). + pack("v",$domain_length). + pack("V",$domain_offset). + pack("v",$user_length). + pack("v",$user_length). + pack("V",$user_offset). + pack("v",$workstation_length). + pack("v",$workstation_length). + pack("V",$workstation_offset). + pack("v",$session_length). + pack("v",$session_length). + pack("V",$session_offset). + "\x01\x02\x00\x00". + $domain_unicode. + $user_unicode. + $workstation_unicode. + $lm. + $ntlm + ); + } + + Function Start(&$client, &$message, &$interactions) + { + if ($this->state!=SASL_NTLM_STATE_START) + { + $client->error="NTLM authentication state is not at the start"; + return(SASL_FAIL); + } + $this->credentials=array( + "user"=>"", + "password"=>"", + "realm"=>"", + "workstation"=>"" + ); + $defaults=array(); + $status=$client->GetCredentials($this->credentials,$defaults,$interactions); + if ($status==SASL_CONTINUE) + $this->state=SASL_NTLM_STATE_IDENTIFY_DOMAIN; + Unset($message); + return($status); + } + + Function Step(&$client, $response, &$message, &$interactions) + { + switch ($this->state) + { + case SASL_NTLM_STATE_IDENTIFY_DOMAIN: + $message=$this->TypeMsg1($this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_RESPOND_CHALLENGE; + break; + case SASL_NTLM_STATE_RESPOND_CHALLENGE: + $ntlm_response=$this->NTLMResponse(substr($response,24,8),$this->credentials["password"]); + $message=$this->TypeMsg3($ntlm_response,$this->credentials["user"],$this->credentials["realm"],$this->credentials["workstation"]); + $this->state=SASL_NTLM_STATE_DONE; + break; + case SASL_NTLM_STATE_DONE: + $client->error="NTLM authentication was finished without success"; + return(SASL_FAIL); + default: + $client->error="invalid NTLM authentication step state"; + return(SASL_FAIL); + } + return(SASL_CONTINUE); + } +}; + +?> -- cgit v1.1