PageRenderTime 40ms CodeModel.GetById 10ms RepoModel.GetById 0ms app.codeStats 0ms

/core/Associates/SwiftMailer/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/Esmtp/Auth/NTLMAuthenticator.php

https://gitlab.com/fiesta-framework/Documentation
PHP | 700 lines | 380 code | 90 blank | 230 comment | 33 complexity | 7194dbddabe9f67d505efbb9f2a85f68 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of SwiftMailer.
    5. 

  5.  * (c) 2004-2009 Chris Corbyn
    6. 

  6.  *
    7. 

  7.  * This authentication is for Exchange servers. We support version 1 & 2.
    8. 

  8.  *
    9. 

  9.  * For the full copyright and license information, please view the LICENSE
    10. 

  10.  * file that was distributed with this source code.
    11. 

  11.  */
    12. 

  12. 

  13. /**
    14. 

  14.  * Handles NTLM authentication.
    15. 

  15.  *
    16. 

  16.  * @author     Ward Peeters <ward@coding-tech.com>
    17. 

  17.  */
    18. 

  18. class Swift_Transport_Esmtp_Auth_NTLMAuthenticator implements Swift_Transport_Esmtp_Authenticator
    19. 

  19. {
    20. 

  20.     const NTLMSIG = "NTLMSSP\x00";
    21. 

  21.     const DESCONST = "KGS!@#$%";
    22. 

  22. 

  23.     /**
    24. 

  24.      * Get the name of the AUTH mechanism this Authenticator handles.
    25. 

  25.      *
    26. 

  26.      * @return string
    27. 

  27.      */
    28. 

  28.     public function getAuthKeyword()
    29. 

  29.     {
    30. 

  30.         return 'NTLM';
    31. 

  31.     }
    32. 

  32. 

  33.     /**
    34. 

  34.      * Try to authenticate the user with $username and $password.
    35. 

  35.      *
    36. 

  36.      * @param Swift_Transport_SmtpAgent $agent
    37. 

  37.      * @param string $username
    38. 

  38.      * @param string $password
    39. 

  39.      *
    40. 

  40.      * @return bool
    41. 

  41.      */
    42. 

  42.     public function authenticate(Swift_Transport_SmtpAgent $agent, $username, $password)
    43. 

  43.     {
    44. 

  44.         if (!function_exists('mcrypt_module_open')) {
    45. 

  45.             throw new LogicException('The mcrypt functions need to be enabled to use the NTLM authenticator.');
    46. 

  46.         }
    47. 

  47. 

  48.         if (!function_exists('openssl_random_pseudo_bytes')) {
    49. 

  49.             throw new LogicException('The OpenSSL extension must be enabled to use the NTLM authenticator.');
    50. 

  50.         }
    51. 

  51. 

  52.         if (!function_exists('bcmul')) {
    53. 

  53.             throw new LogicException('The BCMatch functions must be enabled to use the NTLM authenticator.');
    54. 

  54.         }
    55. 

  55. 

  56.         try {
    57. 

  57.             // execute AUTH command and filter out the code at the beginning
    58. 

  58.             // AUTH NTLM xxxx
    59. 

  59.             $response = base64_decode(substr(trim($this->sendMessage1($agent)), 4));
    60. 

  60. 

  61.             // extra parameters for our unit cases
    62. 

  62.             $timestamp = func_num_args() > 3 ? func_get_arg(3) : $this->getCorrectTimestamp(bcmul(microtime(true), "1000"));
    63. 

  63.             $client = func_num_args() > 4 ? func_get_arg(4) : $this->getRandomBytes(8);
    64. 

  64. 

  65.             // Message 3 response
    66. 

  66.             $this->sendMessage3($response, $username, $password, $timestamp, $client, $agent);
    67. 

  67. 

  68.             return true;
    69. 

  69.         } catch (Swift_TransportException $e) {
    70. 

  70.             $agent->executeCommand("RSET\r\n", array(250));
    71. 

  71. 

  72.             return false;
    73. 

  73.         }
    74. 

  74.     }
    75. 

  75. 

  76.     protected function si2bin($si, $bits = 32)
    77. 

  77.     {
    78. 

  78.         $bin = null;
    79. 

  79.         if ($si >= -pow(2, $bits - 1) && ($si <= pow(2, $bits - 1))) {
    80. 

  80.             // positive or zero
    81. 

  81.             if ($si >= 0) {
    82. 

  82.                 $bin = base_convert($si, 10, 2);
    83. 

  83.                 // pad to $bits bit
    84. 

  84.                 $bin_length = strlen($bin);
    85. 

  85.                 if ($bin_length < $bits) {
    86. 

  86.                     $bin = str_repeat("0", $bits - $bin_length).$bin;
    87. 

  87.                 }
    88. 

  88.             } else {
    89. 

  89.                 // negative
    90. 

  90.                 $si = -$si - pow(2, $bits);
    91. 

  91.                 $bin = base_convert($si, 10, 2);
    92. 

  92.                 $bin_length = strlen($bin);
    93. 

  93.                 if ($bin_length > $bits) {
    94. 

  94.                     $bin = str_repeat("1", $bits - $bin_length).$bin;
    95. 

  95.                 }
    96. 

  96.             }
    97. 

  97.         }
    98. 

  98. 

  99.         return $bin;
    100. 

  100.     }
    101. 

  101. 

  102.     /**
    103. 

  103.      * Send our auth message and returns the response
    104. 

  104.      *
    105. 

  105.      * @param Swift_Transport_SmtpAgent $agent
    106. 

  106.      * @return string SMTP Response
    107. 

  107.      */
    108. 

  108.     protected function sendMessage1(Swift_Transport_SmtpAgent $agent)
    109. 

  109.     {
    110. 

  110.         $message = $this->createMessage1();
    111. 

  111. 

  112.         return $agent->executeCommand(sprintf("AUTH %s %s\r\n", $this->getAuthKeyword(), base64_encode($message)), array(334));
    113. 

  113.     }
    114. 

  114. 

  115.     /**
    116. 

  116.      * Fetch all details of our response (message 2)
    117. 

  117.      *
    118. 

  118.      * @param string $response
    119. 

  119.      * @return array our response parsed
    120. 

  120.      */
    121. 

  121.     protected function parseMessage2($response)
    122. 

  122.     {
    123. 

  123.         $responseHex = bin2hex($response);
    124. 

  124.         $length = floor(hexdec(substr($responseHex, 28, 4)) / 256) * 2;
    125. 

  125.         $offset = floor(hexdec(substr($responseHex, 32, 4)) / 256) * 2;
    126. 

  126.         $challenge = $this->hex2bin(substr($responseHex, 48, 16));
    127. 

  127.         $context = $this->hex2bin(substr($responseHex, 64, 16));
    128. 

  128.         $targetInfoH = $this->hex2bin(substr($responseHex, 80, 16));
    129. 

  129.         $targetName = $this->hex2bin(substr($responseHex, $offset, $length));
    130. 

  130.         $offset = floor(hexdec(substr($responseHex, 88, 4)) / 256) * 2;
    131. 

  131.         $targetInfoBlock = substr($responseHex, $offset);
    132. 

  132.         list($domainName, $serverName, $DNSDomainName, $DNSServerName, $terminatorByte) = $this->readSubBlock($targetInfoBlock);
    133. 

  133. 

  134.         return array(
    135. 

  135.             $challenge,
    136. 

  136.             $context,
    137. 

  137.             $targetInfoH,
    138. 

  138.             $targetName,
    139. 

  139.             $domainName,
    140. 

  140.             $serverName,
    141. 

  141.             $DNSDomainName,
    142. 

  142.             $DNSServerName,
    143. 

  143.             $this->hex2bin($targetInfoBlock),
    144. 

  144.             $terminatorByte,
    145. 

  145.         );
    146. 

  146.     }
    147. 

  147. 

  148.     /**
    149. 

  149.      * Read the blob information in from message2
    150. 

  150.      *
    151. 

  151.      * @param $block
    152. 

  152.      * @return array
    153. 

  153.      */
    154. 

  154.     protected function readSubBlock($block)
    155. 

  155.     {
    156. 

  156.         // remove terminatorByte cause it's always the same
    157. 

  157.         $block = substr($block, 0, -8);
    158. 

  158. 

  159.         $length = strlen($block);
    160. 

  160.         $offset = 0;
    161. 

  161.         $data = array();
    162. 

  162.         while ($offset < $length) {
    163. 

  163.             $blockLength = hexdec(substr(substr($block, $offset, 8), -4)) / 256;
    164. 

  164.             $offset += 8;
    165. 

  165.             $data[] = $this->hex2bin(substr($block, $offset, $blockLength * 2));
    166. 

  166.             $offset += $blockLength * 2;
    167. 

  167.         }
    168. 

  168. 

  169.         if (count($data) == 3) {
    170. 

  170.             $data[] = $data[2];
    171. 

  171.             $data[2] = '';
    172. 

  172.         }
    173. 

  173. 

  174.         $data[] = $this->createByte('00');
    175. 

  175. 

  176.         return $data;
    177. 

  177.     }
    178. 

  178. 

  179.     /**
    180. 

  180.      * Send our final message with all our data
    181. 

  181.      *
    182. 

  182.      * @param string $response Message 1 response (message 2)
    183. 

  183.      * @param string $username
    184. 

  184.      * @param string $password
    185. 

  185.      * @param string $timestamp
    186. 

  186.      * @param string $client
    187. 

  187.      * @param Swift_Transport_SmtpAgent $agent
    188. 

  188.      * @param bool $v2 Use version2 of the protocol
    189. 

  189.      * @return string
    190. 

  190.      */
    191. 

  191.     protected function sendMessage3($response, $username, $password, $timestamp, $client, Swift_Transport_SmtpAgent $agent, $v2 = true)
    192. 

  192.     {
    193. 

  193.         list($domain, $username) = $this->getDomainAndUsername($username);
    194. 

  194.         //$challenge, $context, $targetInfoH, $targetName, $domainName, $workstation, $DNSDomainName, $DNSServerName, $blob, $ter
    195. 

  195.         list($challenge, , , , , $workstation, , , $blob) = $this->parseMessage2($response);
    196. 

  196. 

  197.         if (!$v2) {
    198. 

  198.             // LMv1
    199. 

  199.             $lmResponse = $this->createLMPassword($password, $challenge);
    200. 

  200.             // NTLMv1
    201. 

  201.             $ntlmResponse = $this->createNTLMPassword($password, $challenge);
    202. 

  202.         } else {
    203. 

  203.             // LMv2
    204. 

  204.             $lmResponse = $this->createLMv2Password($password, $username, $domain, $challenge, $client);
    205. 

  205.             // NTLMv2
    206. 

  206.             $ntlmResponse = $this->createNTLMv2Hash($password, $username, $domain, $challenge, $blob, $timestamp, $client);
    207. 

  207.         }
    208. 

  208. 

  209.         $message = $this->createMessage3($domain, $username, $workstation, $lmResponse, $ntlmResponse);
    210. 

  210. 

  211.         return $agent->executeCommand(sprintf("%s\r\n", base64_encode($message)), array(235));
    212. 

  212.     }
    213. 

  213. 

  214.     /**
    215. 

  215.      * Create our message 1
    216. 

  216.      *
    217. 

  217.      * @return string
    218. 

  218.      */
    219. 

  219.     protected function createMessage1()
    220. 

  220.     {
    221. 

  221.         return self::NTLMSIG
    222. 

  222.         .$this->createByte('01') // Message 1
    223. 

  223. .$this->createByte('0702'); // Flags
    224. 

  224.     }
    225. 

  225. 

  226.     /**
    227. 

  227.      * Create our message 3
    228. 

  228.      *
    229. 

  229.      * @param string $domain
    230. 

  230.      * @param string $username
    231. 

  231.      * @param string $workstation
    232. 

  232.      * @param string $lmResponse
    233. 

  233.      * @param string $ntlmResponse
    234. 

  234.      * @return string
    235. 

  235.      */
    236. 

  236.     protected function createMessage3($domain, $username, $workstation, $lmResponse, $ntlmResponse)
    237. 

  237.     {
    238. 

  238.         // Create security buffers
    239. 

  239.         $domainSec = $this->createSecurityBuffer($domain, 64);
    240. 

  240.         $domainInfo = $this->readSecurityBuffer(bin2hex($domainSec));
    241. 

  241.         $userSec = $this->createSecurityBuffer($username, ($domainInfo[0] + $domainInfo[1]) / 2);
    242. 

  242.         $userInfo = $this->readSecurityBuffer(bin2hex($userSec));
    243. 

  243.         $workSec = $this->createSecurityBuffer($workstation, ($userInfo[0] + $userInfo[1]) / 2);
    244. 

  244.         $workInfo = $this->readSecurityBuffer(bin2hex($workSec));
    245. 

  245.         $lmSec = $this->createSecurityBuffer($lmResponse, ($workInfo[0] + $workInfo[1]) / 2, true);
    246. 

  246.         $lmInfo = $this->readSecurityBuffer(bin2hex($lmSec));
    247. 

  247.         $ntlmSec = $this->createSecurityBuffer($ntlmResponse, ($lmInfo[0] + $lmInfo[1]) / 2, true);
    248. 

  248. 

  249.         return self::NTLMSIG
    250. 

  250.         .$this->createByte('03') // TYPE 3 message
    251. 

  251. .$lmSec // LM response header
    252. 

  252. .$ntlmSec // NTLM response header
    253. 

  253. .$domainSec // Domain header
    254. 

  254. .$userSec // User header
    255. 

  255. .$workSec // Workstation header
    256. 

  256. .$this->createByte("000000009a", 8) // session key header (empty)
    257. 

  257. .$this->createByte('01020000') // FLAGS
    258. 

  258. .$this->convertTo16bit($domain) // domain name
    259. 

  259. .$this->convertTo16bit($username) // username
    260. 

  260. .$this->convertTo16bit($workstation) // workstation
    261. 

  261. .$lmResponse
    262. 

  262.         .$ntlmResponse;
    263. 

  263.     }
    264. 

  264. 

  265.     /**
    266. 

  266.      * @param string $timestamp Epoch timestamp in microseconds
    267. 

  267.      * @param string $client Random bytes
    268. 

  268.      * @param string $targetInfo
    269. 

  269.      * @return string
    270. 

  270.      */
    271. 

  271.     protected function createBlob($timestamp, $client, $targetInfo)
    272. 

  272.     {
    273. 

  273.         return $this->createByte('0101')
    274. 

  274.         .$this->createByte('00')
    275. 

  275.         .$timestamp
    276. 

  276.         .$client
    277. 

  277.         .$this->createByte('00')
    278. 

  278.         .$targetInfo
    279. 

  279.         .$this->createByte('00');
    280. 

  280.     }
    281. 

  281. 

  282.     /**
    283. 

  283.      * Get domain and username from our username
    284. 

  284.      *
    285. 

  285.      * @example DOMAIN\username
    286. 

  286.      *
    287. 

  287.      * @param string $name
    288. 

  288.      * @return array
    289. 

  289.      */
    290. 

  290.     protected function getDomainAndUsername($name)
    291. 

  291.     {
    292. 

  292.         if (strpos($name, '\\') !== false) {
    293. 

  293.             return explode('\\', $name);
    294. 

  294.         }
    295. 

  295. 

  296.         list($user, $domain) = explode('@', $name);
    297. 

  297. 

  298.         return array($domain, $user);
    299. 

  299.     }
    300. 

  300. 

  301.     /**
    302. 

  302.      * Create LMv1 response
    303. 

  303.      *
    304. 

  304.      * @param string $password
    305. 

  305.      * @param string $challenge
    306. 

  306.      * @return string
    307. 

  307.      */
    308. 

  308.     protected function createLMPassword($password, $challenge)
    309. 

  309.     {
    310. 

  310.         // FIRST PART
    311. 

  311.         $password = $this->createByte(strtoupper($password), 14, false);
    312. 

  312.         list($key1, $key2) = str_split($password, 7);
    313. 

  313. 

  314.         $desKey1 = $this->createDesKey($key1);
    315. 

  315.         $desKey2 = $this->createDesKey($key2);
    316. 

  316. 

  317.         $constantDecrypt = $this->createByte($this->desEncrypt(self::DESCONST, $desKey1).$this->desEncrypt(self::DESCONST, $desKey2), 21, false);
    318. 

  318. 

  319.         // SECOND PART
    320. 

  320.         list($key1, $key2, $key3) = str_split($constantDecrypt, 7);
    321. 

  321. 

  322.         $desKey1 = $this->createDesKey($key1);
    323. 

  323.         $desKey2 = $this->createDesKey($key2);
    324. 

  324.         $desKey3 = $this->createDesKey($key3);
    325. 

  325. 

  326.         return $this->desEncrypt($challenge, $desKey1).$this->desEncrypt($challenge, $desKey2).$this->desEncrypt($challenge, $desKey3);
    327. 

  327.     }
    328. 

  328. 

  329.     /**
    330. 

  330.      * Create NTLMv1 response
    331. 

  331.      *
    332. 

  332.      * @param string $password
    333. 

  333.      * @param string $challenge
    334. 

  334.      * @return string
    335. 

  335.      */
    336. 

  336.     protected function createNTLMPassword($password, $challenge)
    337. 

  337.     {
    338. 

  338.         // FIRST PART
    339. 

  339.         $ntlmHash = $this->createByte($this->md4Encrypt($password), 21, false);
    340. 

  340.         list($key1, $key2, $key3) = str_split($ntlmHash, 7);
    341. 

  341. 

  342.         $desKey1 = $this->createDesKey($key1);
    343. 

  343.         $desKey2 = $this->createDesKey($key2);
    344. 

  344.         $desKey3 = $this->createDesKey($key3);
    345. 

  345. 

  346.         return $this->desEncrypt($challenge, $desKey1).$this->desEncrypt($challenge, $desKey2).$this->desEncrypt($challenge, $desKey3);
    347. 

  347.     }
    348. 

  348. 

  349.     /**
    350. 

  350.      * Convert a normal timestamp to a tenth of a microtime epoch time
    351. 

  351.      *
    352. 

  352.      * @param string $time
    353. 

  353.      * @return string
    354. 

  354.      */
    355. 

  355.     protected function getCorrectTimestamp($time)
    356. 

  356.     {
    357. 

  357.         // Get our timestamp (tricky!)
    358. 

  358.         bcscale(0);
    359. 

  359. 

  360.         $time = number_format($time, 0, '.', ''); // save microtime to string
    361. 

  361.         $time = bcadd($time, "11644473600000"); // add epoch time
    362. 

  362.         $time = bcmul($time, 10000); // tenths of a microsecond.
    363. 

  363. 

  364.         $binary = $this->si2bin($time, 64); // create 64 bit binary string
    365. 

  365.         $timestamp = "";
    366. 

  366.         for ($i = 0; $i < 8; $i++) {
    367. 

  367.             $timestamp .= chr(bindec(substr($binary, -(($i + 1) * 8), 8)));
    368. 

  368.         }
    369. 

  369. 

  370.         return $timestamp;
    371. 

  371.     }
    372. 

  372. 

  373.     /**
    374. 

  374.      * Create LMv2 response
    375. 

  375.      *
    376. 

  376.      * @param string $password
    377. 

  377.      * @param string $username
    378. 

  378.      * @param string $domain
    379. 

  379.      * @param string $challenge NTLM Challenge
    380. 

  380.      * @param string $client Random string
    381. 

  381.      * @return string
    382. 

  382.      */
    383. 

  383.     protected function createLMv2Password($password, $username, $domain, $challenge, $client)
    384. 

  384.     {
    385. 

  385.         $lmPass = '00'; // by default 00
    386. 

  386.         // if $password > 15 than we can't use this method
    387. 

  387.         if (strlen($password) <= 15) {
    388. 

  388.             $ntlmHash = $this->md4Encrypt($password);
    389. 

  389.             $ntml2Hash = $this->md5Encrypt($ntlmHash, $this->convertTo16bit(strtoupper($username).$domain));
    390. 

  390. 

  391.             $lmPass = bin2hex($this->md5Encrypt($ntml2Hash, $challenge.$client).$client);
    392. 

  392.         }
    393. 

  393. 

  394.         return $this->createByte($lmPass, 24);
    395. 

  395.     }
    396. 

  396. 

  397.     /**
    398. 

  398.      * Create NTLMv2 response
    399. 

  399.      *
    400. 

  400.      * @param string $password
    401. 

  401.      * @param string $username
    402. 

  402.      * @param string $domain
    403. 

  403.      * @param string $challenge Hex values
    404. 

  404.      * @param string $targetInfo Hex values
    405. 

  405.      * @param string $timestamp
    406. 

  406.      * @param string $client Random bytes
    407. 

  407.      * @return string
    408. 

  408.      * @see http://davenport.sourceforge.net/ntlm.html#theNtlmResponse
    409. 

  409.      */
    410. 

  410.     protected function createNTLMv2Hash($password, $username, $domain, $challenge, $targetInfo, $timestamp, $client)
    411. 

  411.     {
    412. 

  412.         $ntlmHash = $this->md4Encrypt($password);
    413. 

  413.         $ntml2Hash = $this->md5Encrypt($ntlmHash, $this->convertTo16bit(strtoupper($username).$domain));
    414. 

  414. 

  415.         // create blob
    416. 

  416.         $blob = $this->createBlob($timestamp, $client, $targetInfo);
    417. 

  417. 

  418.         $ntlmv2Response = $this->md5Encrypt($ntml2Hash, $challenge.$blob);
    419. 

  419. 

  420.         return $ntlmv2Response.$blob;
    421. 

  421.     }
    422. 

  422. 

  423.     protected function createDesKey($key)
    424. 

  424.     {
    425. 

  425.         $material = array(bin2hex($key[0]));
    426. 

  426.         $len = strlen($key);
    427. 

  427.         for ($i = 1; $i < $len; $i++) {
    428. 

  428.             list($high, $low) = str_split(bin2hex($key[$i]));
    429. 

  429.             $v = $this->castToByte(ord($key[$i - 1]) << (7 + 1 - $i) | $this->uRShift(hexdec(dechex(hexdec($high) & 0xf).dechex(hexdec($low) & 0xf)), $i));
    430. 

  430.             $material[] = str_pad(substr(dechex($v), -2), 2, '0', STR_PAD_LEFT); // cast to byte
    431. 

  431.         }
    432. 

  432.         $material[] = str_pad(substr(dechex($this->castToByte(ord($key[6]) << 1)), -2), 2, '0');
    433. 

  433. 

  434.         // odd parity
    435. 

  435.         foreach ($material as $k => $v) {
    436. 

  436.             $b = $this->castToByte(hexdec($v));
    437. 

  437.             $needsParity = (($this->uRShift($b, 7) ^ $this->uRShift($b, 6) ^ $this->uRShift($b, 5)
    438. 

  438.                         ^ $this->uRShift($b, 4) ^ $this->uRShift($b, 3) ^ $this->uRShift($b, 2)
    439. 

  439.                         ^ $this->uRShift($b, 1)) & 0x01) == 0;
    440. 

  440. 

  441.             list($high, $low) = str_split($v);
    442. 

  442.             if ($needsParity) {
    443. 

  443.                 $material[$k] = dechex(hexdec($high) | 0x0).dechex(hexdec($low) | 0x1);
    444. 

  444.             } else {
    445. 

  445.                 $material[$k] = dechex(hexdec($high) & 0xf).dechex(hexdec($low) & 0xe);
    446. 

  446.             }
    447. 

  447.         }
    448. 

  448. 

  449.         return $this->hex2bin(implode('', $material));
    450. 

  450.     }
    451. 

  451. 

  452.     /** HELPER FUNCTIONS */
    453. 

  453.     /**
    454. 

  454.      * Create our security buffer depending on length and offset
    455. 

  455.      *
    456. 

  456.      * @param string $value Value we want to put in
    457. 

  457.      * @param int $offset start of value
    458. 

  458.      * @param bool $is16 Do we 16bit string or not?
    459. 

  459.      * @return string
    460. 

  460.      */
    461. 

  461.     protected function createSecurityBuffer($value, $offset, $is16 = false)
    462. 

  462.     {
    463. 

  463.         $length = strlen(bin2hex($value));
    464. 

  464.         $length = $is16 ? $length / 2 : $length;
    465. 

  465.         $length = $this->createByte(str_pad(dechex($length), 2, '0', STR_PAD_LEFT), 2);
    466. 

  466. 

  467.         return $length.$length.$this->createByte(dechex($offset), 4);
    468. 

  468.     }
    469. 

  469. 

  470.     /**
    471. 

  471.      * Read our security buffer to fetch length and offset of our value
    472. 

  472.      *
    473. 

  473.      * @param string $value Securitybuffer in hex
    474. 

  474.      * @return array array with length and offset
    475. 

  475.      */
    476. 

  476.     protected function readSecurityBuffer($value)
    477. 

  477.     {
    478. 

  478.         $length = floor(hexdec(substr($value, 0, 4)) / 256) * 2;
    479. 

  479.         $offset = floor(hexdec(substr($value, 8, 4)) / 256) * 2;
    480. 

  480. 

  481.         return array($length, $offset);
    482. 

  482.     }
    483. 

  483. 

  484.     /**
    485. 

  485.      * Cast to byte java equivalent to (byte)
    486. 

  486.      *
    487. 

  487.      * @param int $v
    488. 

  488.      * @return int
    489. 

  489.      */
    490. 

  490.     protected function castToByte($v)
    491. 

  491.     {
    492. 

  492.         return (($v + 128) % 256) - 128;
    493. 

  493.     }
    494. 

  494. 

  495.     /**
    496. 

  496.      * Java unsigned right bitwise
    497. 

  497.      * $a >>> $b
    498. 

  498.      *
    499. 

  499.      * @param int $a
    500. 

  500.      * @param int $b
    501. 

  501.      * @return int
    502. 

  502.      */
    503. 

  503.     protected function uRShift($a, $b)
    504. 

  504.     {
    505. 

  505.         if ($b == 0) {
    506. 

  506.             return $a;
    507. 

  507.         }
    508. 

  508. 

  509.         return ($a >> $b) & ~(1 << (8 * PHP_INT_SIZE - 1) >> ($b - 1));
    510. 

  510.     }
    511. 

  511. 

  512.     /**
    513. 

  513.      * Right padding with 0 to certain length
    514. 

  514.      *
    515. 

  515.      * @param string $input
    516. 

  516.      * @param int $bytes Length of bytes
    517. 

  517.      * @param bool $isHex Did we provided hex value
    518. 

  518.      * @return string
    519. 

  519.      */
    520. 

  520.     protected function createByte($input, $bytes = 4, $isHex = true)
    521. 

  521.     {
    522. 

  522.         if ($isHex) {
    523. 

  523.             $byte = $this->hex2bin(str_pad($input, $bytes * 2, '00'));
    524. 

  524.         } else {
    525. 

  525.             $byte = str_pad($input, $bytes, "\x00");
    526. 

  526.         }
    527. 

  527. 

  528.         return $byte;
    529. 

  529.     }
    530. 

  530. 

  531.     /**
    532. 

  532.      * Create random bytes
    533. 

  533.      *
    534. 

  534.      * @param $length
    535. 

  535.      * @return string
    536. 

  536.      */
    537. 

  537.     protected function getRandomBytes($length)
    538. 

  538.     {
    539. 

  539.         $bytes = openssl_random_pseudo_bytes($length, $strong);
    540. 

  540. 

  541.         if (false !== $bytes && true === $strong) {
    542. 

  542.             return $bytes;
    543. 

  543.         }
    544. 

  544. 

  545.         throw new RuntimeException('OpenSSL did not produce a secure random number.');
    546. 

  546.     }
    547. 

  547. 

  548.     /** ENCRYPTION ALGORITHMS */
    549. 

  549.     /**
    550. 

  550.      * DES Encryption
    551. 

  551.      *
    552. 

  552.      * @param string $value
    553. 

  553.      * @param string $key
    554. 

  554.      * @return string
    555. 

  555.      */
    556. 

  556.     protected function desEncrypt($value, $key)
    557. 

  557.     {
    558. 

  558.         $cipher = mcrypt_module_open(MCRYPT_DES, '', 'ecb', '');
    559. 

  559.         mcrypt_generic_init($cipher, $key, mcrypt_create_iv(mcrypt_enc_get_iv_size($cipher), MCRYPT_DEV_RANDOM));
    560. 

  560. 

  561.         return mcrypt_generic($cipher, $value);
    562. 

  562.     }
    563. 

  563. 

  564.     /**
    565. 

  565.      * MD5 Encryption
    566. 

  566.      *
    567. 

  567.      * @param string $key Encryption key
    568. 

  568.      * @param string $msg Message to encrypt
    569. 

  569.      * @return string
    570. 

  570.      */
    571. 

  571.     protected function md5Encrypt($key, $msg)
    572. 

  572.     {
    573. 

  573.         $blocksize = 64;
    574. 

  574.         if (strlen($key) > $blocksize) {
    575. 

  575.             $key = pack('H*', md5($key));
    576. 

  576.         }
    577. 

  577. 

  578.         $key = str_pad($key, $blocksize, "\0");
    579. 

  579.         $ipadk = $key ^ str_repeat("\x36", $blocksize);
    580. 

  580.         $opadk = $key ^ str_repeat("\x5c", $blocksize);
    581. 

  581. 

  582.         return pack('H*', md5($opadk.pack('H*', md5($ipadk.$msg))));
    583. 

  583.     }
    584. 

  584. 

  585.     /**
    586. 

  586.      * MD4 Encryption
    587. 

  587.      *
    588. 

  588.      * @param string $input
    589. 

  589.      * @return string
    590. 

  590.      * @see http://php.net/manual/en/ref.hash.php
    591. 

  591.      */
    592. 

  592.     protected function md4Encrypt($input)
    593. 

  593.     {
    594. 

  594.         $input = $this->convertTo16bit($input);
    595. 

  595. 

  596.         return function_exists('hash') ? $this->hex2bin(hash('md4', $input)) : mhash(MHASH_MD4, $input);
    597. 

  597.     }
    598. 

  598. 

  599.     /**
    600. 

  600.      * Convert UTF-8 to UTF-16
    601. 

  601.      *
    602. 

  602.      * @param string $input
    603. 

  603.      * @return string
    604. 

  604.      */
    605. 

  605.     protected function convertTo16bit($input)
    606. 

  606.     {
    607. 

  607.         return iconv('UTF-8', 'UTF-16LE', $input);
    608. 

  608.     }
    609. 

  609. 

  610.     /**
    611. 

  611.      * Hex2bin replacement for < PHP 5.4
    612. 

  612.      * @param string $hex
    613. 

  613.      * @return string Binary
    614. 

  614.      */
    615. 

  615.     protected function hex2bin($hex)
    616. 

  616.     {
    617. 

  617.         if (function_exists('hex2bin')) {
    618. 

  618.             return hex2bin($hex);
    619. 

  619.         } else {
    620. 

  620.             return pack('H*', $hex);
    621. 

  621.         }
    622. 

  622.     }
    623. 

  623. 

  624.     /**
    625. 

  625.      * @param string $message
    626. 

  626.      */
    627. 

  627.     protected function debug($message)
    628. 

  628.     {
    629. 

  629.         $message = bin2hex($message);
    630. 

  630.         $messageId = substr($message, 16, 8);
    631. 

  631.         echo substr($message, 0, 16)." NTLMSSP Signature<br />\n";
    632. 

  632.         echo $messageId." Type Indicator<br />\n";
    633. 

  633. 

  634.         if ($messageId == "02000000") {
    635. 

  635.             $map = array(
    636. 

  636.                 'Challenge',
    637. 

  637.                 'Context',
    638. 

  638.                 'Target Information Security Buffer',
    639. 

  639.                 'Target Name Data',
    640. 

  640.                 'NetBIOS Domain Name',
    641. 

  641.                 'NetBIOS Server Name',
    642. 

  642.                 'DNS Domain Name',
    643. 

  643.                 'DNS Server Name',
    644. 

  644.                 'BLOB',
    645. 

  645.                 'Target Information Terminator',
    646. 

  646.             );
    647. 

  647. 

  648.             $data = $this->parseMessage2($this->hex2bin($message));
    649. 

  649. 

  650.             foreach ($map as $key => $value) {
    651. 

  651.                 echo bin2hex($data[$key]).' - '.$data[$key].' ||| '.$value."<br />\n";
    652. 

  652.             }
    653. 

  653.         } elseif ($messageId == "03000000") {
    654. 

  654.             $i = 0;
    655. 

  655.             $data[$i++] = substr($message, 24, 16);
    656. 

  656.             list($lmLength, $lmOffset) = $this->readSecurityBuffer($data[$i - 1]);
    657. 

  657. 

  658.             $data[$i++] = substr($message, 40, 16);
    659. 

  659.             list($ntmlLength, $ntmlOffset) = $this->readSecurityBuffer($data[$i - 1]);
    660. 

  660. 

  661.             $data[$i++] = substr($message, 56, 16);
    662. 

  662.             list($targetLength, $targetOffset) = $this->readSecurityBuffer($data[$i - 1]);
    663. 

  663. 

  664.             $data[$i++] = substr($message, 72, 16);
    665. 

  665.             list($userLength, $userOffset) = $this->readSecurityBuffer($data[$i - 1]);
    666. 

  666. 

  667.             $data[$i++] = substr($message, 88, 16);
    668. 

  668.             list($workLength, $workOffset) = $this->readSecurityBuffer($data[$i - 1]);
    669. 

  669. 

  670.             $data[$i++] = substr($message, 104, 16);
    671. 

  671.             $data[$i++] = substr($message, 120, 8);
    672. 

  672.             $data[$i++] = substr($message, $targetOffset, $targetLength);
    673. 

  673.             $data[$i++] = substr($message, $userOffset, $userLength);
    674. 

  674.             $data[$i++] = substr($message, $workOffset, $workLength);
    675. 

  675.             $data[$i++] = substr($message, $lmOffset, $lmLength);
    676. 

  676.             $data[$i] = substr($message, $ntmlOffset, $ntmlLength);
    677. 

  677. 

  678.             $map = array(
    679. 

  679.                 'LM Response Security Buffer',
    680. 

  680.                 'NTLM Response Security Buffer',
    681. 

  681.                 'Target Name Security Buffer',
    682. 

  682.                 'User Name Security Buffer',
    683. 

  683.                 'Workstation Name Security Buffer',
    684. 

  684.                 'Session Key Security Buffer',
    685. 

  685.                 'Flags',
    686. 

  686.                 'Target Name Data',
    687. 

  687.                 'User Name Data',
    688. 

  688.                 'Workstation Name Data',
    689. 

  689.                 'LM Response Data',
    690. 

  690.                 'NTLM Response Data',
    691. 

  691.             );
    692. 

  692. 

  693.             foreach ($map as $key => $value) {
    694. 

  694.                 echo $data[$key].' - '.$this->hex2bin($data[$key]).' ||| '.$value."<br />\n";
    695. 

  695.             }
    696. 

  696.         }
    697. 

  697. 

  698.         echo "<br /><br />";
    699. 

  699.     }
    700. 

  700. }
    701. 

  701.