From 6989a7c59ba3ff5e8e6026e81ba17b6dc046d816 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 10 Aug 2016 13:27:50 -0300 Subject: Remove copy of pear-Crypt_CHAP from repo and use ports --- src/etc/inc/CHAP.inc | 463 ----------------------------------------- src/etc/pfSense.obsoletedfiles | 1 + 2 files changed, 1 insertion(+), 463 deletions(-) delete mode 100644 src/etc/inc/CHAP.inc (limited to 'src/etc') diff --git a/src/etc/inc/CHAP.inc b/src/etc/inc/CHAP.inc deleted file mode 100644 index 6eb22f7..0000000 --- a/src/etc/inc/CHAP.inc +++ /dev/null @@ -1,463 +0,0 @@ - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. The names of the authors may not be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -This code cannot simply be copied and put under the GNU Public License or -any other GPL-like (LGPL, GPL2) License. - - $Id: CHAP.php 302857 2010-08-28 21:12:59Z mbretter $ -*/ - -require_once 'PEAR.inc'; - -/** -* Classes for generating packets for various CHAP Protocols: -* CHAP-MD5: RFC1994 -* MS-CHAPv1: RFC2433 -* MS-CHAPv2: RFC2759 -* -* @package Crypt_CHAP -* @author Michael Bretterklieber -* @access public -* @version $Revision: 302857 $ -*/ - -/** - * class Crypt_CHAP - * - * Abstract base class for CHAP - * - * @package Crypt_CHAP - */ -class Crypt_CHAP extends PEAR -{ - /** - * Random binary challenge - * @var string - */ - var $challenge = null; - - /** - * Binary response - * @var string - */ - var $response = null; - - /** - * User password - * @var string - */ - var $password = null; - - /** - * Id of the authentication request. Should incremented after every request. - * @var integer - */ - var $chapid = 1; - - /** - * Constructor - * - * Generates a random challenge - * @return void - */ - function Crypt_CHAP() - { - $this->PEAR(); - $this->generateChallenge(); - } - - /** - * Generates a random binary challenge - * - * @param string $varname Name of the property - * @param integer $size Size of the challenge in Bytes - * @return void - */ - function generateChallenge($varname = 'challenge', $size = 8) - { - $this->$varname = ''; - for ($i = 0; $i < $size; $i++) { - $this->$varname .= pack('C', 1 + mt_rand() % 255); - } - return $this->$varname; - } - - /** - * Generates the response. Overwrite this. - * - * @return void - */ - function challengeResponse() - { - } - -} - -/** - * class Crypt_CHAP_MD5 - * - * Generate CHAP-MD5 Packets - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MD5 extends Crypt_CHAP -{ - - /** - * Generates the response. - * - * CHAP-MD5 uses MD5-Hash for generating the response. The Hash consists - * of the chapid, the plaintext password and the challenge. - * - * @return string - */ - function challengeResponse() - { - return pack('H*', md5(pack('C', $this->chapid) . $this->password . $this->challenge)); - } -} - -/** - * class Crypt_CHAP_MSv1 - * - * Generate MS-CHAPv1 Packets. MS-CHAP doesen't use the plaintext password, it uses the - * NT-HASH wich is stored in the SAM-Database or in the smbpasswd, if you are using samba. - * The NT-HASH is MD4(str2unicode(plaintextpass)). - * You need the hash extension for this class. - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MSv1 extends Crypt_CHAP -{ - /** - * Wether using deprecated LM-Responses or not. - * 0 = use LM-Response, 1 = use NT-Response - * @var bool - */ - var $flags = 1; - - /** - * Constructor - * - * Loads the hash extension - * @return void - */ - function Crypt_CHAP_MSv1() - { - $this->Crypt_CHAP(); - $this->loadExtension('hash'); - } - - /** - * Generates the NT-HASH from the given plaintext password. - * - * @access public - * @return string - */ - function ntPasswordHash($password = null) - { - if (isset($password)) { - return pack('H*',hash('md4', $this->str2unicode($password))); - } else { - return pack('H*',hash('md4', $this->str2unicode($this->password))); - } - } - - /** - * Converts ascii to unicode. - * - * @access public - * @return string - */ - function str2unicode($str) - { - $uni = ''; - $str = (string) $str; - for ($i = 0; $i < strlen($str); $i++) { - $a = ord($str{$i}) << 8; - $uni .= sprintf("%X", $a); - } - return pack('H*', $uni); - } - - /** - * Generates the NT-Response. - * - * @access public - * @return string - */ - function challengeResponse() - { - return $this->_challengeResponse(); - } - - /** - * Generates the NT-Response. - * - * @access public - * @return string - */ - function ntChallengeResponse() - { - return $this->_challengeResponse(false); - } - - /** - * Generates the LAN-Manager-Response. - * - * @access public - * @return string - */ - function lmChallengeResponse() - { - return $this->_challengeResponse(true); - } - - /** - * Generates the response. - * - * Generates the response using DES. - * - * @param bool $lm wether generating LAN-Manager-Response - * @access private - * @return string - */ - function _challengeResponse($lm = false) - { - if ($lm) { - $hash = $this->lmPasswordHash(); - } else { - $hash = $this->ntPasswordHash(); - } - - while (strlen($hash) < 21) { - $hash .= "\0"; - } - - $td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, ''); - $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - $key = $this->_desAddParity(substr($hash, 0, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp1 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - - $key = $this->_desAddParity(substr($hash, 7, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp2 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - - $key = $this->_desAddParity(substr($hash, 14, 7)); - mcrypt_generic_init($td, $key, $iv); - $resp3 = mcrypt_generic($td, $this->challenge); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - - return $resp1 . $resp2 . $resp3; - } - - /** - * Generates the LAN-Manager-HASH from the given plaintext password. - * - * @access public - * @return string - */ - function lmPasswordHash($password = null) - { - $plain = isset($password) ? $password : $this->password; - - $plain = substr(strtoupper($plain), 0, 14); - while (strlen($plain) < 14) { - $plain .= "\0"; - } - - return $this->_desHash(substr($plain, 0, 7)) . $this->_desHash(substr($plain, 7, 7)); - } - - /** - * Generates an irreversible HASH. - * - * @access private - * @return string - */ - function _desHash($plain) - { - $key = $this->_desAddParity($plain); - $td = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_ECB, ''); - $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - mcrypt_generic_init($td, $key, $iv); - $hash = mcrypt_generic($td, 'KGS!@#$%'); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - return $hash; - } - - /** - * Adds the parity bit to the given DES key. - * - * @access private - * @param string $key 7-Bytes Key without parity - * @return string - */ - function _desAddParity($key) - { - static $odd_parity = array( - 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, - 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, - 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, - 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, - 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, - 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, - 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, - 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, - 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, - 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, - 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, - 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, - 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, - 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, - 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, - 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254); - - $bin = ''; - for ($i = 0; $i < strlen($key); $i++) { - $bin .= sprintf('%08s', decbin(ord($key{$i}))); - } - - $str1 = explode('-', substr(chunk_split($bin, 7, '-'), 0, -1)); - $x = ''; - foreach($str1 as $s) { - $x .= sprintf('%02s', dechex($odd_parity[bindec($s . '0')])); - } - - return pack('H*', $x); - - } - - /** - * Generates the response-packet. - * - * @param bool $lm wether including LAN-Manager-Response - * @access private - * @return string - */ - function response($lm = false) - { - $ntresp = $this->ntChallengeResponse(); - if ($lm) { - $lmresp = $this->lmChallengeResponse(); - } else { - $lmresp = str_repeat ("\0", 24); - } - - // Response: LM Response, NT Response, flags (0 = use LM Response, 1 = use NT Response) - return $lmresp . $ntresp . pack('C', !$lm); - } -} - -/** - * class Crypt_CHAP_MSv2 - * - * Generate MS-CHAPv2 Packets. This version of MS-CHAP uses a 16 Bytes authenticator - * challenge and a 16 Bytes peer Challenge. LAN-Manager responses no longer exists - * in this version. The challenge is already a SHA1 challenge hash of both challenges - * and of the username. - * - * @package Crypt_CHAP - */ -class Crypt_CHAP_MSv2 extends Crypt_CHAP_MSv1 -{ - /** - * The username - * @var string - */ - var $username = null; - - /** - * The 16 Bytes random binary peer challenge - * @var string - */ - var $peerChallenge = null; - - /** - * The 16 Bytes random binary authenticator challenge - * @var string - */ - var $authChallenge = null; - - /** - * Constructor - * - * Generates the 16 Bytes peer and authentication challenge - * @return void - */ - function Crypt_CHAP_MSv2() - { - $this->Crypt_CHAP_MSv1(); - $this->generateChallenge('peerChallenge', 16); - $this->generateChallenge('authChallenge', 16); - } - - /** - * Generates a hash from the NT-HASH. - * - * @access public - * @param string $nthash The NT-HASH - * @return string - */ - function ntPasswordHashHash($nthash) - { - return pack('H*',hash('md4', $nthash)); - } - - /** - * Generates the challenge hash from the peer and the authenticator challenge and - * the username. SHA1 is used for this, but only the first 8 Bytes are used. - * - * @access public - * @return string - */ - function challengeHash() - { - return substr(pack('H*',hash('sha1', $this->peerChallenge . $this->authChallenge . $this->username)), 0, 8); - } - - /** - * Generates the response. - * - * @access public - * @return string - */ - function challengeResponse() - { - $this->challenge = $this->challengeHash(); - return $this->_challengeResponse(); - } -} - - -?> diff --git a/src/etc/pfSense.obsoletedfiles b/src/etc/pfSense.obsoletedfiles index 3941df3..fe386c5 100644 --- a/src/etc/pfSense.obsoletedfiles +++ b/src/etc/pfSense.obsoletedfiles @@ -14,6 +14,7 @@ /etc/gnats /etc/hostid /etc/hosts.lpd +/etc/inc/CHAP.inc /etc/inc/array_intersect_key.inc /etc/inc/cmd_chain.inc /etc/inc/dot.hushlogin -- cgit v1.1