public function getNtHash() { return "Crypt_CHAP_MSv1 hack"; $chap = new Crypt_CHAP_MSv1(); $chap->password = $this->password; return bin2hex($chap->ntPasswordHash()); }
/** * Constructor * * Generates the 16 Bytes peer and authentication challenge * @return void */ public function __construct() { parent::__construct(); $this->generateChallenge('peerChallenge', 16); $this->generateChallenge('authChallenge', 16); }
echo "CHAP-MD5 TEST\n"; $crpt = new Crypt_CHAP_MD5(); $crpt->password = '******'; $crpt->chapid = 1; $crpt->challenge = pack('H*', '102DB5DF085D3041'); printf("ChallResp : %s\nexpected : 8f028814450d66d94c72331ef455a172\n", bin2hex($crpt->challengeResponse())); echo "\n"; echo "CHAP-MD5 TEST 2\n"; $crpt = new Crypt_CHAP_MD5(); $crpt->password = '******'; $crpt->chapid = 1; $crpt->challenge = pack('H*', '102DB5DF085D3041'); printf("ChallResp : %s\nexpected : d39bfaf5d6855a948c8c81a85947502c\n", bin2hex($crpt->challengeResponse())); echo "\n"; echo "MS-CHAPv1 str2unicode\n"; $crpt = new Crypt_CHAP_MSv1(); printf("Passed 123 as Number:%s\n", bin2hex($crpt->str2unicode(123))); printf("Passed 123 as String:%s\n", bin2hex($crpt->str2unicode('123'))); echo "MS-CHAPv1 TEST\n"; $crpt->password = '******'; $crpt->challenge = pack('H*', '102DB5DF085D3041'); $unipw = $crpt->str2unicode($pass); printf("Unicode PW: %s\nexpected : 4d00790050007700\n", bin2hex($unipw)); printf("NT HASH : %s\nexpected : fc156af7edcd6c0edde3337d427f4eac\n", bin2hex($crpt->ntPasswordHash())); printf("NT Resp : %s\nexpected : 4e9d3c8f9cfd385d5bf4d3246791956ca4c351ab409a3d61\n", bin2hex($crpt->challengeResponse())); printf("LM HASH : %s\nexpected : 75ba30198e6d1975aad3b435b51404ee\n", bin2hex($crpt->lmPasswordHash())); printf("LM Resp : %s\nexpected : 91881d0152ab0c33c524135ec24a95ee64e23cdc2d33347d\n", bin2hex($crpt->lmChallengeResponse())); //printf ("Response : %s\nexpected : unknown\n", bin2hex($crpt->response())); echo "\n"; echo "MS-CHAPv2 TEST\n"; $crpt = new Crypt_CHAP_MSv2();
/** * Check username and password against RADIUS authentication backend. * * @param string $username User name to check * @param string $password User password to check * @return int Authentication success (0 = fail, 1 = success) FIXME bool */ function radius_authenticate($username, $password) { global $config, $rad; radius_init(); if ($username && $rad) { //print_vars(radius_server_secret($rad)); radius_create_request($rad, RADIUS_ACCESS_REQUEST); radius_put_attr($rad, RADIUS_USER_NAME, $username); switch (strtolower($config['auth_radius_method'])) { // CHAP-MD5 see RFC1994 case 'chap': case 'chap_md5': $chapid = 1; // Specify a CHAP identifier //$challenge = mt_rand(); // Generate a challenge //$cresponse = md5(pack('Ca*', $chapid, $password.$challenge), TRUE); new Crypt_CHAP(); // Pre load class $crpt = new Crypt_CHAP_MD5(); $crpt->password = $password; $challenge = $crpt->challenge; $resp_md5 = $crpt->challengeResponse(); $resp = pack('C', $chapid) . $resp_md5; radius_put_attr($rad, RADIUS_CHAP_PASSWORD, $resp); // Add the Chap-Password attribute radius_put_attr($rad, RADIUS_CHAP_CHALLENGE, $challenge); // Add the Chap-Challenge attribute. break; // MS-CHAPv1 see RFC2433 // MS-CHAPv1 see RFC2433 case 'mschapv1': $chapid = 1; // Specify a CHAP identifier $flags = 1; // 0 = use LM-Response, 1 = use NT-Response (we not use old LM) new Crypt_CHAP(); // Pre load class $crpt = new Crypt_CHAP_MSv1(); $crpt->password = $password; $challenge = $crpt->challenge; $resp_lm = str_repeat("", 24); $resp_nt = $crpt->challengeResponse(); $resp = pack('CC', $chapid, $flags) . $resp_lm . $resp_nt; radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp); radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge); break; // MS-CHAPv2 see RFC2759 // MS-CHAPv2 see RFC2759 case 'mschapv2': $chapid = 1; // Specify a CHAP identifier $flags = 1; // 0 = use LM-Response, 1 = use NT-Response (we not use old LM) new Crypt_CHAP(); // Pre load class $crpt = new Crypt_CHAP_MSv2(); $crpt->username = $username; $crpt->password = $password; $challenge = $crpt->authChallenge; $challenge_p = $crpt->peerChallenge; $resp_nt = $crpt->challengeResponse(); // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response $resp = pack('CCa16a8a24', $chapid, $flags, $challenge_p, str_repeat("", 8), $resp_nt); radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp); radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge); break; // PAP (Plaintext) // PAP (Plaintext) default: radius_put_attr($rad, RADIUS_USER_PASSWORD, $password); } // Puts standard attributes $radius_ip = get_ip_version($config['auth_radius_nas_address']) ? $config['auth_radius_nas_address'] : $_SERVER['SERVER_ADDR']; if (get_ip_version($radius_ip) == 6) { // FIXME, not sure that this work correctly radius_put_attr($rad, RADIUS_NAS_IPV6_ADDRESS, $radius_ip); } else { radius_put_addr($rad, RADIUS_NAS_IP_ADDRESS, $radius_ip); } $radius_id = empty($config['auth_radius_id']) ? get_localhost() : $config['auth_radius_id']; radius_put_attr($rad, RADIUS_NAS_IDENTIFIER, $radius_id); //radius_put_attr($rad, RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL); //radius_put_attr($rad, RADIUS_SERVICE_TYPE, RADIUS_FRAMED); //radius_put_attr($rad, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP); radius_put_attr($rad, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1'); $response = radius_send_request($rad); //print_vars($response); switch ($response) { case RADIUS_ACCESS_ACCEPT: // An Access-Accept response to an Access-Request indicating that the RADIUS server authenticated the user successfully. //echo 'Authentication successful'; return 1; break; case RADIUS_ACCESS_REJECT: // An Access-Reject response to an Access-Request indicating that the RADIUS server could not authenticate the user. //echo 'Authentication failed'; break; case RADIUS_ACCESS_CHALLENGE: // An Access-Challenge response to an Access-Request indicating that the RADIUS server requires further information // in another Access-Request before authenticating the user. //echo 'Challenge required'; break; default: print_error('A RADIUS error has occurred: ' . radius_strerror($rad)); } } //session_logout(); return 0; }
public function setMsChapPassword($password, $challenge = null) { $chap = new \Crypt_CHAP_MSv1(); $chap->chapid = mt_rand(1, 255); $chap->password = $password; if (is_null($challenge)) { $chap->generateChallenge(); } else { $chap->challenge = $challenge; } $response = "" . str_repeat("", 24) . $chap->ntChallengeResponse(); $this->setIncludeMessageAuthenticator(); $this->setVendorSpecificAttribute(VendorId::MICROSOFT, 11, $chap->challenge); $this->setVendorSpecificAttribute(VendorId::MICROSOFT, 1, $response); return $this; }
public function __construct() { //$this->Crypt_CHAP_MSv1(); // removed for dapphp/radius parent::__construct(); $this->generateChallenge('peerChallenge', 16); $this->generateChallenge('authChallenge', 16); }