PageRenderTime 81ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php

https://gitlab.com/ealexis.t/trends
PHP | 726 lines | 380 code | 90 blank | 256 comment | 33 complexity | 30bf67a7d6390d916d1e9101efd767d8 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of SwiftMailer.
    5. 

  5.  * (c) 2004-2009 Chris Corbyn
    6. 

  6.  *
    7. 

  7.  * This authentication is for Exchange servers. We support version 1 & 2.
    8. 

  8.  *
    9. 

  9.  * For the full copyright and license information, please view the LICENSE
    10. 

  10.  * file that was distributed with this source code.
    11. 

  11.  */
    12. 

  12. 

  13. /**
    14. 

  14.  * Handles NTLM authentication.
    15. 

  15.  *
    16. 

  16.  * @author Ward Peeters <ward@coding-tech.com>
    17. 

  17.  */
    18. 

  18. class Swift_Transport_Esmtp_Auth_NTLMAuthenticator implements Swift_Transport_Esmtp_Authenticator
    19. 

  19. {
    20. 

  20.     const NTLMSIG = "NTLMSSP\x00";
    21. 

  21.     const DESCONST = 'KGS!@#$%';
    22. 

  22. 

  23.     /**
    24. 

  24.      * Get the name of the AUTH mechanism this Authenticator handles.
    25. 

  25.      *
    26. 

  26.      * @return string
    27. 

  27.      */
    28. 

  28.     public function getAuthKeyword()
    29. 

  29.     {
    30. 

  30.         return 'NTLM';
    31. 

  31.     }
    32. 

  32. 

  33.     /**
    34. 

  34.      * Try to authenticate the user with $username and $password.
    35. 

  35.      *
    36. 

  36.      * @param Swift_Transport_SmtpAgent $agent
    37. 

  37.      * @param string                    $username
    38. 

  38.      * @param string                    $password
    39. 

  39.      *
    40. 

  40.      * @return bool
    41. 

  41.      */
    42. 

  42.     public function authenticate(Swift_Transport_SmtpAgent $agent, $username, $password)
    43. 

  43.     {
    44. 

  44.         if (!function_exists('mcrypt_module_open')) {
    45. 

  45.             throw new LogicException('The mcrypt functions need to be enabled to use the NTLM authenticator.');
    46. 

  46.         }
    47. 

  47. 

  48.         if (!function_exists('openssl_random_pseudo_bytes')) {
    49. 

  49.             throw new LogicException('The OpenSSL extension must be enabled to use the NTLM authenticator.');
    50. 

  50.         }
    51. 

  51. 

  52.         if (!function_exists('bcmul')) {
    53. 

  53.             throw new LogicException('The BCMatch functions must be enabled to use the NTLM authenticator.');
    54. 

  54.         }
    55. 

  55. 

  56.         try {
    57. 

  57.             // execute AUTH command and filter out the code at the beginning
    58. 

  58.             // AUTH NTLM xxxx
    59. 

  59.             $response = base64_decode(substr(trim($this->sendMessage1($agent)), 4));
    60. 

  60. 

  61.             // extra parameters for our unit cases
    62. 

  62.             $timestamp = func_num_args() > 3 ? func_get_arg(3) : $this->getCorrectTimestamp(bcmul(microtime(true), '1000'));
    63. 

  63.             $client = func_num_args() > 4 ? func_get_arg(4) : $this->getRandomBytes(8);
    64. 

  64. 

  65.             // Message 3 response
    66. 

  66.             $this->sendMessage3($response, $username, $password, $timestamp, $client, $agent);
    67. 

  67. 

  68.             return true;
    69. 

  69.         } catch (Swift_TransportException $e) {
    70. 

  70.             $agent->executeCommand("RSET\r\n", array(250));
    71. 

  71. 

  72.             return false;
    73. 

  73.         }
    74. 

  74.     }
    75. 

  75. 

  76.     protected function si2bin($si, $bits = 32)
    77. 

  77.     {
    78. 

  78.         $bin = null;
    79. 

  79.         if ($si >= -pow(2, $bits - 1) && ($si <= pow(2, $bits - 1))) {
    80. 

  80.             // positive or zero
    81. 

  81.             if ($si >= 0) {
    82. 

  82.                 $bin = base_convert($si, 10, 2);
    83. 

  83.                 // pad to $bits bit
    84. 

  84.                 $bin_length = strlen($bin);
    85. 

  85.                 if ($bin_length < $bits) {
    86. 

  86.                     $bin = str_repeat('0', $bits - $bin_length).$bin;
    87. 

  87.                 }
    88. 

  88.             } else {
    89. 

  89.                 // negative
    90. 

  90.                 $si = -$si - pow(2, $bits);
    91. 

  91.                 $bin = base_convert($si, 10, 2);
    92. 

  92.                 $bin_length = strlen($bin);
    93. 

  93.                 if ($bin_length > $bits) {
    94. 

  94.                     $bin = str_repeat('1', $bits - $bin_length).$bin;
    95. 

  95.                 }
    96. 

  96.             }
    97. 

  97.         }
    98. 

  98. 

  99.         return $bin;
    100. 

  100.     }
    101. 

  101. 

  102.     /**
    103. 

  103.      * Send our auth message and returns the response.
    104. 

  104.      *
    105. 

  105.      * @param Swift_Transport_SmtpAgent $agent
    106. 

  106.      *
    107. 

  107.      * @return string SMTP Response
    108. 

  108.      */
    109. 

  109.     protected function sendMessage1(Swift_Transport_SmtpAgent $agent)
    110. 

  110.     {
    111. 

  111.         $message = $this->createMessage1();
    112. 

  112. 

  113.         return $agent->executeCommand(sprintf("AUTH %s %s\r\n", $this->getAuthKeyword(), base64_encode($message)), array(334));
    114. 

  114.     }
    115. 

  115. 

  116.     /**
    117. 

  117.      * Fetch all details of our response (message 2).
    118. 

  118.      *
    119. 

  119.      * @param string $response
    120. 

  120.      *
    121. 

  121.      * @return array our response parsed
    122. 

  122.      */
    123. 

  123.     protected function parseMessage2($response)
    124. 

  124.     {
    125. 

  125.         $responseHex = bin2hex($response);
    126. 

  126.         $length = floor(hexdec(substr($responseHex, 28, 4)) / 256) * 2;
    127. 

  127.         $offset = floor(hexdec(substr($responseHex, 32, 4)) / 256) * 2;
    128. 

  128.         $challenge = $this->hex2bin(substr($responseHex, 48, 16));
    129. 

  129.         $context = $this->hex2bin(substr($responseHex, 64, 16));
    130. 

  130.         $targetInfoH = $this->hex2bin(substr($responseHex, 80, 16));
    131. 

  131.         $targetName = $this->hex2bin(substr($responseHex, $offset, $length));
    132. 

  132.         $offset = floor(hexdec(substr($responseHex, 88, 4)) / 256) * 2;
    133. 

  133.         $targetInfoBlock = substr($responseHex, $offset);
    134. 

  134.         list($domainName, $serverName, $DNSDomainName, $DNSServerName, $terminatorByte) = $this->readSubBlock($targetInfoBlock);
    135. 

  135. 

  136.         return array(
    137. 

  137.             $challenge,
    138. 

  138.             $context,
    139. 

  139.             $targetInfoH,
    140. 

  140.             $targetName,
    141. 

  141.             $domainName,
    142. 

  142.             $serverName,
    143. 

  143.             $DNSDomainName,
    144. 

  144.             $DNSServerName,
    145. 

  145.             $this->hex2bin($targetInfoBlock),
    146. 

  146.             $terminatorByte,
    147. 

  147.         );
    148. 

  148.     }
    149. 

  149. 

  150.     /**
    151. 

  151.      * Read the blob information in from message2.
    152. 

  152.      *
    153. 

  153.      * @param $block
    154. 

  154.      *
    155. 

  155.      * @return array
    156. 

  156.      */
    157. 

  157.     protected function readSubBlock($block)
    158. 

  158.     {
    159. 

  159.         // remove terminatorByte cause it's always the same
    160. 

  160.         $block = substr($block, 0, -8);
    161. 

  161. 

  162.         $length = strlen($block);
    163. 

  163.         $offset = 0;
    164. 

  164.         $data = array();
    165. 

  165.         while ($offset < $length) {
    166. 

  166.             $blockLength = hexdec(substr(substr($block, $offset, 8), -4)) / 256;
    167. 

  167.             $offset += 8;
    168. 

  168.             $data[] = $this->hex2bin(substr($block, $offset, $blockLength * 2));
    169. 

  169.             $offset += $blockLength * 2;
    170. 

  170.         }
    171. 

  171. 

  172.         if (count($data) == 3) {
    173. 

  173.             $data[] = $data[2];
    174. 

  174.             $data[2] = '';
    175. 

  175.         }
    176. 

  176. 

  177.         $data[] = $this->createByte('00');
    178. 

  178. 

  179.         return $data;
    180. 

  180.     }
    181. 

  181. 

  182.     /**
    183. 

  183.      * Send our final message with all our data.
    184. 

  184.      *
    185. 

  185.      * @param string                    $response  Message 1 response (message 2)
    186. 

  186.      * @param string                    $username
    187. 

  187.      * @param string                    $password
    188. 

  188.      * @param string                    $timestamp
    189. 

  189.      * @param string                    $client
    190. 

  190.      * @param Swift_Transport_SmtpAgent $agent
    191. 

  191.      * @param bool                      $v2        Use version2 of the protocol
    192. 

  192.      *
    193. 

  193.      * @return string
    194. 

  194.      */
    195. 

  195.     protected function sendMessage3($response, $username, $password, $timestamp, $client, Swift_Transport_SmtpAgent $agent, $v2 = true)
    196. 

  196.     {
    197. 

  197.         list($domain, $username) = $this->getDomainAndUsername($username);
    198. 

  198.         //$challenge, $context, $targetInfoH, $targetName, $domainName, $workstation, $DNSDomainName, $DNSServerName, $blob, $ter
    199. 

  199.         list($challenge, , , , , $workstation, , , $blob) = $this->parseMessage2($response);
    200. 

  200. 

  201.         if (!$v2) {
    202. 

  202.             // LMv1
    203. 

  203.             $lmResponse = $this->createLMPassword($password, $challenge);
    204. 

  204.             // NTLMv1
    205. 

  205.             $ntlmResponse = $this->createNTLMPassword($password, $challenge);
    206. 

  206.         } else {
    207. 

  207.             // LMv2
    208. 

  208.             $lmResponse = $this->createLMv2Password($password, $username, $domain, $challenge, $client);
    209. 

  209.             // NTLMv2
    210. 

  210.             $ntlmResponse = $this->createNTLMv2Hash($password, $username, $domain, $challenge, $blob, $timestamp, $client);
    211. 

  211.         }
    212. 

  212. 

  213.         $message = $this->createMessage3($domain, $username, $workstation, $lmResponse, $ntlmResponse);
    214. 

  214. 

  215.         return $agent->executeCommand(sprintf("%s\r\n", base64_encode($message)), array(235));
    216. 

  216.     }
    217. 

  217. 

  218.     /**
    219. 

  219.      * Create our message 1.
    220. 

  220.      *
    221. 

  221.      * @return string
    222. 

  222.      */
    223. 

  223.     protected function createMessage1()
    224. 

  224.     {
    225. 

  225.         return self::NTLMSIG
    226. 

  226.         .$this->createByte('01') // Message 1
    227. 

  227. .$this->createByte('0702'); // Flags
    228. 

  228.     }
    229. 

  229. 

  230.     /**
    231. 

  231.      * Create our message 3.
    232. 

  232.      *
    233. 

  233.      * @param string $domain
    234. 

  234.      * @param string $username
    235. 

  235.      * @param string $workstation
    236. 

  236.      * @param string $lmResponse
    237. 

  237.      * @param string $ntlmResponse
    238. 

  238.      *
    239. 

  239.      * @return string
    240. 

  240.      */
    241. 

  241.     protected function createMessage3($domain, $username, $workstation, $lmResponse, $ntlmResponse)
    242. 

  242.     {
    243. 

  243.         // Create security buffers
    244. 

  244.         $domainSec = $this->createSecurityBuffer($domain, 64);
    245. 

  245.         $domainInfo = $this->readSecurityBuffer(bin2hex($domainSec));
    246. 

  246.         $userSec = $this->createSecurityBuffer($username, ($domainInfo[0] + $domainInfo[1]) / 2);
    247. 

  247.         $userInfo = $this->readSecurityBuffer(bin2hex($userSec));
    248. 

  248.         $workSec = $this->createSecurityBuffer($workstation, ($userInfo[0] + $userInfo[1]) / 2);
    249. 

  249.         $workInfo = $this->readSecurityBuffer(bin2hex($workSec));
    250. 

  250.         $lmSec = $this->createSecurityBuffer($lmResponse, ($workInfo[0] + $workInfo[1]) / 2, true);
    251. 

  251.         $lmInfo = $this->readSecurityBuffer(bin2hex($lmSec));
    252. 

  252.         $ntlmSec = $this->createSecurityBuffer($ntlmResponse, ($lmInfo[0] + $lmInfo[1]) / 2, true);
    253. 

  253. 

  254.         return self::NTLMSIG
    255. 

  255.         .$this->createByte('03') // TYPE 3 message
    256. 

  256. .$lmSec // LM response header
    257. 

  257. .$ntlmSec // NTLM response header
    258. 

  258. .$domainSec // Domain header
    259. 

  259. .$userSec // User header
    260. 

  260. .$workSec // Workstation header
    261. 

  261. .$this->createByte('000000009a', 8) // session key header (empty)
    262. 

  262. .$this->createByte('01020000') // FLAGS
    263. 

  263. .$this->convertTo16bit($domain) // domain name
    264. 

  264. .$this->convertTo16bit($username) // username
    265. 

  265. .$this->convertTo16bit($workstation) // workstation
    266. 

  266. .$lmResponse
    267. 

  267.         .$ntlmResponse;
    268. 

  268.     }
    269. 

  269. 

  270.     /**
    271. 

  271.      * @param string $timestamp  Epoch timestamp in microseconds
    272. 

  272.      * @param string $client     Random bytes
    273. 

  273.      * @param string $targetInfo
    274. 

  274.      *
    275. 

  275.      * @return string
    276. 

  276.      */
    277. 

  277.     protected function createBlob($timestamp, $client, $targetInfo)
    278. 

  278.     {
    279. 

  279.         return $this->createByte('0101')
    280. 

  280.         .$this->createByte('00')
    281. 

  281.         .$timestamp
    282. 

  282.         .$client
    283. 

  283.         .$this->createByte('00')
    284. 

  284.         .$targetInfo
    285. 

  285.         .$this->createByte('00');
    286. 

  286.     }
    287. 

  287. 

  288.     /**
    289. 

  289.      * Get domain and username from our username.
    290. 

  290.      *
    291. 

  291.      * @example DOMAIN\username
    292. 

  292.      *
    293. 

  293.      * @param string $name
    294. 

  294.      *
    295. 

  295.      * @return array
    296. 

  296.      */
    297. 

  297.     protected function getDomainAndUsername($name)
    298. 

  298.     {
    299. 

  299.         if (strpos($name, '\\') !== false) {
    300. 

  300.             return explode('\\', $name);
    301. 

  301.         }
    302. 

  302. 

  303.         list($user, $domain) = explode('@', $name);
    304. 

  304. 

  305.         return array($domain, $user);
    306. 

  306.     }
    307. 

  307. 

  308.     /**
    309. 

  309.      * Create LMv1 response.
    310. 

  310.      *
    311. 

  311.      * @param string $password
    312. 

  312.      * @param string $challenge
    313. 

  313.      *
    314. 

  314.      * @return string
    315. 

  315.      */
    316. 

  316.     protected function createLMPassword($password, $challenge)
    317. 

  317.     {
    318. 

  318.         // FIRST PART
    319. 

  319.         $password = $this->createByte(strtoupper($password), 14, false);
    320. 

  320.         list($key1, $key2) = str_split($password, 7);
    321. 

  321. 

  322.         $desKey1 = $this->createDesKey($key1);
    323. 

  323.         $desKey2 = $this->createDesKey($key2);
    324. 

  324. 

  325.         $constantDecrypt = $this->createByte($this->desEncrypt(self::DESCONST, $desKey1).$this->desEncrypt(self::DESCONST, $desKey2), 21, false);
    326. 

  326. 

  327.         // SECOND PART
    328. 

  328.         list($key1, $key2, $key3) = str_split($constantDecrypt, 7);
    329. 

  329. 

  330.         $desKey1 = $this->createDesKey($key1);
    331. 

  331.         $desKey2 = $this->createDesKey($key2);
    332. 

  332.         $desKey3 = $this->createDesKey($key3);
    333. 

  333. 

  334.         return $this->desEncrypt($challenge, $desKey1).$this->desEncrypt($challenge, $desKey2).$this->desEncrypt($challenge, $desKey3);
    335. 

  335.     }
    336. 

  336. 

  337.     /**
    338. 

  338.      * Create NTLMv1 response.
    339. 

  339.      *
    340. 

  340.      * @param string $password
    341. 

  341.      * @param string $challenge
    342. 

  342.      *
    343. 

  343.      * @return string
    344. 

  344.      */
    345. 

  345.     protected function createNTLMPassword($password, $challenge)
    346. 

  346.     {
    347. 

  347.         // FIRST PART
    348. 

  348.         $ntlmHash = $this->createByte($this->md4Encrypt($password), 21, false);
    349. 

  349.         list($key1, $key2, $key3) = str_split($ntlmHash, 7);
    350. 

  350. 

  351.         $desKey1 = $this->createDesKey($key1);
    352. 

  352.         $desKey2 = $this->createDesKey($key2);
    353. 

  353.         $desKey3 = $this->createDesKey($key3);
    354. 

  354. 

  355.         return $this->desEncrypt($challenge, $desKey1).$this->desEncrypt($challenge, $desKey2).$this->desEncrypt($challenge, $desKey3);
    356. 

  356.     }
    357. 

  357. 

  358.     /**
    359. 

  359.      * Convert a normal timestamp to a tenth of a microtime epoch time.
    360. 

  360.      *
    361. 

  361.      * @param string $time
    362. 

  362.      *
    363. 

  363.      * @return string
    364. 

  364.      */
    365. 

  365.     protected function getCorrectTimestamp($time)
    366. 

  366.     {
    367. 

  367.         // Get our timestamp (tricky!)
    368. 

  368.         bcscale(0);
    369. 

  369. 

  370.         $time = number_format($time, 0, '.', ''); // save microtime to string
    371. 

  371.         $time = bcadd($time, '11644473600000'); // add epoch time
    372. 

  372.         $time = bcmul($time, 10000); // tenths of a microsecond.
    373. 

  373. 

  374.         $binary = $this->si2bin($time, 64); // create 64 bit binary string
    375. 

  375.         $timestamp = '';
    376. 

  376.         for ($i = 0; $i < 8; ++$i) {
    377. 

  377.             $timestamp .= chr(bindec(substr($binary, -(($i + 1) * 8), 8)));
    378. 

  378.         }
    379. 

  379. 

  380.         return $timestamp;
    381. 

  381.     }
    382. 

  382. 

  383.     /**
    384. 

  384.      * Create LMv2 response.
    385. 

  385.      *
    386. 

  386.      * @param string $password
    387. 

  387.      * @param string $username
    388. 

  388.      * @param string $domain
    389. 

  389.      * @param string $challenge NTLM Challenge
    390. 

  390.      * @param string $client    Random string
    391. 

  391.      *
    392. 

  392.      * @return string
    393. 

  393.      */
    394. 

  394.     protected function createLMv2Password($password, $username, $domain, $challenge, $client)
    395. 

  395.     {
    396. 

  396.         $lmPass = '00'; // by default 00
    397. 

  397.         // if $password > 15 than we can't use this method
    398. 

  398.         if (strlen($password) <= 15) {
    399. 

  399.             $ntlmHash = $this->md4Encrypt($password);
    400. 

  400.             $ntml2Hash = $this->md5Encrypt($ntlmHash, $this->convertTo16bit(strtoupper($username).$domain));
    401. 

  401. 

  402.             $lmPass = bin2hex($this->md5Encrypt($ntml2Hash, $challenge.$client).$client);
    403. 

  403.         }
    404. 

  404. 

  405.         return $this->createByte($lmPass, 24);
    406. 

  406.     }
    407. 

  407. 

  408.     /**
    409. 

  409.      * Create NTLMv2 response.
    410. 

  410.      *
    411. 

  411.      * @param string $password
    412. 

  412.      * @param string $username
    413. 

  413.      * @param string $domain
    414. 

  414.      * @param string $challenge  Hex values
    415. 

  415.      * @param string $targetInfo Hex values
    416. 

  416.      * @param string $timestamp
    417. 

  417.      * @param string $client     Random bytes
    418. 

  418.      *
    419. 

  419.      * @return string
    420. 

  420.      *
    421. 

  421.      * @see http://davenport.sourceforge.net/ntlm.html#theNtlmResponse
    422. 

  422.      */
    423. 

  423.     protected function createNTLMv2Hash($password, $username, $domain, $challenge, $targetInfo, $timestamp, $client)
    424. 

  424.     {
    425. 

  425.         $ntlmHash = $this->md4Encrypt($password);
    426. 

  426.         $ntml2Hash = $this->md5Encrypt($ntlmHash, $this->convertTo16bit(strtoupper($username).$domain));
    427. 

  427. 

  428.         // create blob
    429. 

  429.         $blob = $this->createBlob($timestamp, $client, $targetInfo);
    430. 

  430. 

  431.         $ntlmv2Response = $this->md5Encrypt($ntml2Hash, $challenge.$blob);
    432. 

  432. 

  433.         return $ntlmv2Response.$blob;
    434. 

  434.     }
    435. 

  435. 

  436.     protected function createDesKey($key)
    437. 

  437.     {
    438. 

  438.         $material = array(bin2hex($key[0]));
    439. 

  439.         $len = strlen($key);
    440. 

  440.         for ($i = 1; $i < $len; ++$i) {
    441. 

  441.             list($high, $low) = str_split(bin2hex($key[$i]));
    442. 

  442.             $v = $this->castToByte(ord($key[$i - 1]) << (7 + 1 - $i) | $this->uRShift(hexdec(dechex(hexdec($high) & 0xf).dechex(hexdec($low) & 0xf)), $i));
    443. 

  443.             $material[] = str_pad(substr(dechex($v), -2), 2, '0', STR_PAD_LEFT); // cast to byte
    444. 

  444.         }
    445. 

  445.         $material[] = str_pad(substr(dechex($this->castToByte(ord($key[6]) << 1)), -2), 2, '0');
    446. 

  446. 

  447.         // odd parity
    448. 

  448.         foreach ($material as $k => $v) {
    449. 

  449.             $b = $this->castToByte(hexdec($v));
    450. 

  450.             $needsParity = (($this->uRShift($b, 7) ^ $this->uRShift($b, 6) ^ $this->uRShift($b, 5)
    451. 

  451.                         ^ $this->uRShift($b, 4) ^ $this->uRShift($b, 3) ^ $this->uRShift($b, 2)
    452. 

  452.                         ^ $this->uRShift($b, 1)) & 0x01) == 0;
    453. 

  453. 

  454.             list($high, $low) = str_split($v);
    455. 

  455.             if ($needsParity) {
    456. 

  456.                 $material[$k] = dechex(hexdec($high) | 0x0).dechex(hexdec($low) | 0x1);
    457. 

  457.             } else {
    458. 

  458.                 $material[$k] = dechex(hexdec($high) & 0xf).dechex(hexdec($low) & 0xe);
    459. 

  459.             }
    460. 

  460.         }
    461. 

  461. 

  462.         return $this->hex2bin(implode('', $material));
    463. 

  463.     }
    464. 

  464. 

  465.     /** HELPER FUNCTIONS */
    466. 

  466.     /**
    467. 

  467.      * Create our security buffer depending on length and offset.
    468. 

  468.      *
    469. 

  469.      * @param string $value  Value we want to put in
    470. 

  470.      * @param int    $offset start of value
    471. 

  471.      * @param bool   $is16   Do we 16bit string or not?
    472. 

  472.      *
    473. 

  473.      * @return string
    474. 

  474.      */
    475. 

  475.     protected function createSecurityBuffer($value, $offset, $is16 = false)
    476. 

  476.     {
    477. 

  477.         $length = strlen(bin2hex($value));
    478. 

  478.         $length = $is16 ? $length / 2 : $length;
    479. 

  479.         $length = $this->createByte(str_pad(dechex($length), 2, '0', STR_PAD_LEFT), 2);
    480. 

  480. 

  481.         return $length.$length.$this->createByte(dechex($offset), 4);
    482. 

  482.     }
    483. 

  483. 

  484.     /**
    485. 

  485.      * Read our security buffer to fetch length and offset of our value.
    486. 

  486.      *
    487. 

  487.      * @param string $value Securitybuffer in hex
    488. 

  488.      *
    489. 

  489.      * @return array array with length and offset
    490. 

  490.      */
    491. 

  491.     protected function readSecurityBuffer($value)
    492. 

  492.     {
    493. 

  493.         $length = floor(hexdec(substr($value, 0, 4)) / 256) * 2;
    494. 

  494.         $offset = floor(hexdec(substr($value, 8, 4)) / 256) * 2;
    495. 

  495. 

  496.         return array($length, $offset);
    497. 

  497.     }
    498. 

  498. 

  499.     /**
    500. 

  500.      * Cast to byte java equivalent to (byte).
    501. 

  501.      *
    502. 

  502.      * @param int $v
    503. 

  503.      *
    504. 

  504.      * @return int
    505. 

  505.      */
    506. 

  506.     protected function castToByte($v)
    507. 

  507.     {
    508. 

  508.         return (($v + 128) % 256) - 128;
    509. 

  509.     }
    510. 

  510. 

  511.     /**
    512. 

  512.      * Java unsigned right bitwise
    513. 

  513.      * $a >>> $b.
    514. 

  514.      *
    515. 

  515.      * @param int $a
    516. 

  516.      * @param int $b
    517. 

  517.      *
    518. 

  518.      * @return int
    519. 

  519.      */
    520. 

  520.     protected function uRShift($a, $b)
    521. 

  521.     {
    522. 

  522.         if ($b == 0) {
    523. 

  523.             return $a;
    524. 

  524.         }
    525. 

  525. 

  526.         return ($a >> $b) & ~(1 << (8 * PHP_INT_SIZE - 1) >> ($b - 1));
    527. 

  527.     }
    528. 

  528. 

  529.     /**
    530. 

  530.      * Right padding with 0 to certain length.
    531. 

  531.      *
    532. 

  532.      * @param string $input
    533. 

  533.      * @param int    $bytes Length of bytes
    534. 

  534.      * @param bool   $isHex Did we provided hex value
    535. 

  535.      *
    536. 

  536.      * @return string
    537. 

  537.      */
    538. 

  538.     protected function createByte($input, $bytes = 4, $isHex = true)
    539. 

  539.     {
    540. 

  540.         if ($isHex) {
    541. 

  541.             $byte = $this->hex2bin(str_pad($input, $bytes * 2, '00'));
    542. 

  542.         } else {
    543. 

  543.             $byte = str_pad($input, $bytes, "\x00");
    544. 

  544.         }
    545. 

  545. 

  546.         return $byte;
    547. 

  547.     }
    548. 

  548. 

  549.     /**
    550. 

  550.      * Create random bytes.
    551. 

  551.      *
    552. 

  552.      * @param $length
    553. 

  553.      *
    554. 

  554.      * @return string
    555. 

  555.      */
    556. 

  556.     protected function getRandomBytes($length)
    557. 

  557.     {
    558. 

  558.         $bytes = openssl_random_pseudo_bytes($length, $strong);
    559. 

  559. 

  560.         if (false !== $bytes && true === $strong) {
    561. 

  561.             return $bytes;
    562. 

  562.         }
    563. 

  563. 

  564.         throw new RuntimeException('OpenSSL did not produce a secure random number.');
    565. 

  565.     }
    566. 

  566. 

  567.     /** ENCRYPTION ALGORITHMS */
    568. 

  568.     /**
    569. 

  569.      * DES Encryption.
    570. 

  570.      *
    571. 

  571.      * @param string $value
    572. 

  572.      * @param string $key
    573. 

  573.      *
    574. 

  574.      * @return string
    575. 

  575.      */
    576. 

  576.     protected function desEncrypt($value, $key)
    577. 

  577.     {
    578. 

  578.         $cipher = mcrypt_module_open(MCRYPT_DES, '', 'ecb', '');
    579. 

  579.         mcrypt_generic_init($cipher, $key, mcrypt_create_iv(mcrypt_enc_get_iv_size($cipher), MCRYPT_DEV_RANDOM));
    580. 

  580. 

  581.         return mcrypt_generic($cipher, $value);
    582. 

  582.     }
    583. 

  583. 

  584.     /**
    585. 

  585.      * MD5 Encryption.
    586. 

  586.      *
    587. 

  587.      * @param string $key Encryption key
    588. 

  588.      * @param string $msg Message to encrypt
    589. 

  589.      *
    590. 

  590.      * @return string
    591. 

  591.      */
    592. 

  592.     protected function md5Encrypt($key, $msg)
    593. 

  593.     {
    594. 

  594.         $blocksize = 64;
    595. 

  595.         if (strlen($key) > $blocksize) {
    596. 

  596.             $key = pack('H*', md5($key));
    597. 

  597.         }
    598. 

  598. 

  599.         $key = str_pad($key, $blocksize, "\0");
    600. 

  600.         $ipadk = $key ^ str_repeat("\x36", $blocksize);
    601. 

  601.         $opadk = $key ^ str_repeat("\x5c", $blocksize);
    602. 

  602. 

  603.         return pack('H*', md5($opadk.pack('H*', md5($ipadk.$msg))));
    604. 

  604.     }
    605. 

  605. 

  606.     /**
    607. 

  607.      * MD4 Encryption.
    608. 

  608.      *
    609. 

  609.      * @param string $input
    610. 

  610.      *
    611. 

  611.      * @return string
    612. 

  612.      *
    613. 

  613.      * @see http://php.net/manual/en/ref.hash.php
    614. 

  614.      */
    615. 

  615.     protected function md4Encrypt($input)
    616. 

  616.     {
    617. 

  617.         $input = $this->convertTo16bit($input);
    618. 

  618. 

  619.         return function_exists('hash') ? $this->hex2bin(hash('md4', $input)) : mhash(MHASH_MD4, $input);
    620. 

  620.     }
    621. 

  621. 

  622.     /**
    623. 

  623.      * Convert UTF-8 to UTF-16.
    624. 

  624.      *
    625. 

  625.      * @param string $input
    626. 

  626.      *
    627. 

  627.      * @return string
    628. 

  628.      */
    629. 

  629.     protected function convertTo16bit($input)
    630. 

  630.     {
    631. 

  631.         return iconv('UTF-8', 'UTF-16LE', $input);
    632. 

  632.     }
    633. 

  633. 

  634.     /**
    635. 

  635.      * Hex2bin replacement for < PHP 5.4.
    636. 

  636.      *
    637. 

  637.      * @param string $hex
    638. 

  638.      *
    639. 

  639.      * @return string Binary
    640. 

  640.      */
    641. 

  641.     protected function hex2bin($hex)
    642. 

  642.     {
    643. 

  643.         if (function_exists('hex2bin')) {
    644. 

  644.             return hex2bin($hex);
    645. 

  645.         } else {
    646. 

  646.             return pack('H*', $hex);
    647. 

  647.         }
    648. 

  648.     }
    649. 

  649. 

  650.     /**
    651. 

  651.      * @param string $message
    652. 

  652.      */
    653. 

  653.     protected function debug($message)
    654. 

  654.     {
    655. 

  655.         $message = bin2hex($message);
    656. 

  656.         $messageId = substr($message, 16, 8);
    657. 

  657.         echo substr($message, 0, 16)." NTLMSSP Signature<br />\n";
    658. 

  658.         echo $messageId." Type Indicator<br />\n";
    659. 

  659. 

  660.         if ($messageId == '02000000') {
    661. 

  661.             $map = array(
    662. 

  662.                 'Challenge',
    663. 

  663.                 'Context',
    664. 

  664.                 'Target Information Security Buffer',
    665. 

  665.                 'Target Name Data',
    666. 

  666.                 'NetBIOS Domain Name',
    667. 

  667.                 'NetBIOS Server Name',
    668. 

  668.                 'DNS Domain Name',
    669. 

  669.                 'DNS Server Name',
    670. 

  670.                 'BLOB',
    671. 

  671.                 'Target Information Terminator',
    672. 

  672.             );
    673. 

  673. 

  674.             $data = $this->parseMessage2($this->hex2bin($message));
    675. 

  675. 

  676.             foreach ($map as $key => $value) {
    677. 

  677.                 echo bin2hex($data[$key]).' - '.$data[$key].' ||| '.$value."<br />\n";
    678. 

  678.             }
    679. 

  679.         } elseif ($messageId == '03000000') {
    680. 

  680.             $i = 0;
    681. 

  681.             $data[$i++] = substr($message, 24, 16);
    682. 

  682.             list($lmLength, $lmOffset) = $this->readSecurityBuffer($data[$i - 1]);
    683. 

  683. 

  684.             $data[$i++] = substr($message, 40, 16);
    685. 

  685.             list($ntmlLength, $ntmlOffset) = $this->readSecurityBuffer($data[$i - 1]);
    686. 

  686. 

  687.             $data[$i++] = substr($message, 56, 16);
    688. 

  688.             list($targetLength, $targetOffset) = $this->readSecurityBuffer($data[$i - 1]);
    689. 

  689. 

  690.             $data[$i++] = substr($message, 72, 16);
    691. 

  691.             list($userLength, $userOffset) = $this->readSecurityBuffer($data[$i - 1]);
    692. 

  692. 

  693.             $data[$i++] = substr($message, 88, 16);
    694. 

  694.             list($workLength, $workOffset) = $this->readSecurityBuffer($data[$i - 1]);
    695. 

  695. 

  696.             $data[$i++] = substr($message, 104, 16);
    697. 

  697.             $data[$i++] = substr($message, 120, 8);
    698. 

  698.             $data[$i++] = substr($message, $targetOffset, $targetLength);
    699. 

  699.             $data[$i++] = substr($message, $userOffset, $userLength);
    700. 

  700.             $data[$i++] = substr($message, $workOffset, $workLength);
    701. 

  701.             $data[$i++] = substr($message, $lmOffset, $lmLength);
    702. 

  702.             $data[$i] = substr($message, $ntmlOffset, $ntmlLength);
    703. 

  703. 

  704.             $map = array(
    705. 

  705.                 'LM Response Security Buffer',
    706. 

  706.                 'NTLM Response Security Buffer',
    707. 

  707.                 'Target Name Security Buffer',
    708. 

  708.                 'User Name Security Buffer',
    709. 

  709.                 'Workstation Name Security Buffer',
    710. 

  710.                 'Session Key Security Buffer',
    711. 

  711.                 'Flags',
    712. 

  712.                 'Target Name Data',
    713. 

  713.                 'User Name Data',
    714. 

  714.                 'Workstation Name Data',
    715. 

  715.                 'LM Response Data',
    716. 

  716.                 'NTLM Response Data',
    717. 

  717.             );
    718. 

  718. 

  719.             foreach ($map as $key => $value) {
    720. 

  720.                 echo $data[$key].' - '.$this->hex2bin($data[$key]).' ||| '.$value."<br />\n";
    721. 

  721.             }
    722. 

  722.         }
    723. 

  723. 

  724.         echo '<br /><br />';
    725. 

  725.     }
    726. 

  726. }
    727. 

  727.