$crpt->password = '******'; $crpt->chapid = 1; $crpt->challenge = pack('H*', '102DB5DF085D3041'); printf("ChallResp : %s\nexpected : d39bfaf5d6855a948c8c81a85947502c\n", bin2hex($crpt->challengeResponse())); echo "\n"; echo "MS-CHAPv1 str2unicode\n"; $crpt = new Crypt_CHAP_MSv1(); printf("Passed 123 as Number:%s\n", bin2hex($crpt->str2unicode(123))); printf("Passed 123 as String:%s\n", bin2hex($crpt->str2unicode('123'))); echo "MS-CHAPv1 TEST\n"; $crpt->password = '******'; $crpt->challenge = pack('H*', '102DB5DF085D3041'); $unipw = $crpt->str2unicode($pass); printf("Unicode PW: %s\nexpected : 4d00790050007700\n", bin2hex($unipw)); printf("NT HASH : %s\nexpected : fc156af7edcd6c0edde3337d427f4eac\n", bin2hex($crpt->ntPasswordHash())); printf("NT Resp : %s\nexpected : 4e9d3c8f9cfd385d5bf4d3246791956ca4c351ab409a3d61\n", bin2hex($crpt->challengeResponse())); printf("LM HASH : %s\nexpected : 75ba30198e6d1975aad3b435b51404ee\n", bin2hex($crpt->lmPasswordHash())); printf("LM Resp : %s\nexpected : 91881d0152ab0c33c524135ec24a95ee64e23cdc2d33347d\n", bin2hex($crpt->lmChallengeResponse())); //printf ("Response : %s\nexpected : unknown\n", bin2hex($crpt->response())); echo "\n"; echo "MS-CHAPv2 TEST\n"; $crpt = new Crypt_CHAP_MSv2(); $crpt->username = '******'; $crpt->password = '******'; printf("Username : %s\nexpected : 55736572\n", bin2hex($crpt->username)); $crpt->authChallenge = pack('H*', '5b5d7c7d7b3f2f3e3c2c602132262628'); $crpt->peerChallenge = pack('H*', '21402324255E262A28295F2B3A337C7E'); $nthash = $crpt->ntPasswordHash(); printf("NT HASH : %s\nexpected : 44ebba8d5312b8d611474411f56989ae\n", bin2hex($nthash)); $nthashhash = $crpt->ntPasswordHashHash($nthash); printf("NT HASH-HASH : %s\nexpected : 41c00c584bd2d91c4017a2a12fa59f3f\n", bin2hex($nthashhash));
/** * Check username and password against RADIUS authentication backend. * * @param string $username User name to check * @param string $password User password to check * @return int Authentication success (0 = fail, 1 = success) FIXME bool */ function radius_authenticate($username, $password) { global $config, $rad; radius_init(); if ($username && $rad) { //print_vars(radius_server_secret($rad)); radius_create_request($rad, RADIUS_ACCESS_REQUEST); radius_put_attr($rad, RADIUS_USER_NAME, $username); switch (strtolower($config['auth_radius_method'])) { // CHAP-MD5 see RFC1994 case 'chap': case 'chap_md5': $chapid = 1; // Specify a CHAP identifier //$challenge = mt_rand(); // Generate a challenge //$cresponse = md5(pack('Ca*', $chapid, $password.$challenge), TRUE); new Crypt_CHAP(); // Pre load class $crpt = new Crypt_CHAP_MD5(); $crpt->password = $password; $challenge = $crpt->challenge; $resp_md5 = $crpt->challengeResponse(); $resp = pack('C', $chapid) . $resp_md5; radius_put_attr($rad, RADIUS_CHAP_PASSWORD, $resp); // Add the Chap-Password attribute radius_put_attr($rad, RADIUS_CHAP_CHALLENGE, $challenge); // Add the Chap-Challenge attribute. break; // MS-CHAPv1 see RFC2433 // MS-CHAPv1 see RFC2433 case 'mschapv1': $chapid = 1; // Specify a CHAP identifier $flags = 1; // 0 = use LM-Response, 1 = use NT-Response (we not use old LM) new Crypt_CHAP(); // Pre load class $crpt = new Crypt_CHAP_MSv1(); $crpt->password = $password; $challenge = $crpt->challenge; $resp_lm = str_repeat("", 24); $resp_nt = $crpt->challengeResponse(); $resp = pack('CC', $chapid, $flags) . $resp_lm . $resp_nt; radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp); radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge); break; // MS-CHAPv2 see RFC2759 // MS-CHAPv2 see RFC2759 case 'mschapv2': $chapid = 1; // Specify a CHAP identifier $flags = 1; // 0 = use LM-Response, 1 = use NT-Response (we not use old LM) new Crypt_CHAP(); // Pre load class $crpt = new Crypt_CHAP_MSv2(); $crpt->username = $username; $crpt->password = $password; $challenge = $crpt->authChallenge; $challenge_p = $crpt->peerChallenge; $resp_nt = $crpt->challengeResponse(); // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response $resp = pack('CCa16a8a24', $chapid, $flags, $challenge_p, str_repeat("", 8), $resp_nt); radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp); radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge); break; // PAP (Plaintext) // PAP (Plaintext) default: radius_put_attr($rad, RADIUS_USER_PASSWORD, $password); } // Puts standard attributes $radius_ip = get_ip_version($config['auth_radius_nas_address']) ? $config['auth_radius_nas_address'] : $_SERVER['SERVER_ADDR']; if (get_ip_version($radius_ip) == 6) { // FIXME, not sure that this work correctly radius_put_attr($rad, RADIUS_NAS_IPV6_ADDRESS, $radius_ip); } else { radius_put_addr($rad, RADIUS_NAS_IP_ADDRESS, $radius_ip); } $radius_id = empty($config['auth_radius_id']) ? get_localhost() : $config['auth_radius_id']; radius_put_attr($rad, RADIUS_NAS_IDENTIFIER, $radius_id); //radius_put_attr($rad, RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL); //radius_put_attr($rad, RADIUS_SERVICE_TYPE, RADIUS_FRAMED); //radius_put_attr($rad, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP); radius_put_attr($rad, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1'); $response = radius_send_request($rad); //print_vars($response); switch ($response) { case RADIUS_ACCESS_ACCEPT: // An Access-Accept response to an Access-Request indicating that the RADIUS server authenticated the user successfully. //echo 'Authentication successful'; return 1; break; case RADIUS_ACCESS_REJECT: // An Access-Reject response to an Access-Request indicating that the RADIUS server could not authenticate the user. //echo 'Authentication failed'; break; case RADIUS_ACCESS_CHALLENGE: // An Access-Challenge response to an Access-Request indicating that the RADIUS server requires further information // in another Access-Request before authenticating the user. //echo 'Challenge required'; break; default: print_error('A RADIUS error has occurred: ' . radius_strerror($rad)); } } //session_logout(); return 0; }