New release 5.9.6.5

FIX: Better Raspberry Pi support
FIX: ShowLog() method (used by -showlog option) was buggy

Dockerfile

@@ -15,8 +15,8 @@
 # Please check https://www\.multiOTP.net/ and you will find the magic button ;-)
 #
 # @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
-# @version   5.9.6.1
-# @date      2023-05-10
+# @version   5.9.6.5
+# @date      2023-07-07
 # @since     2013-11-29
 # @copyright (c) 2013-2023 SysCo systemes de communication sa
 # @copyright GNU Lesser General Public License
@@ -46,7 +46,7 @@ MAINTAINER Andre Liechti <andre.liechti@multiotp.net>
 LABEL Description="multiOTP open source, running on Debian ${DEBIAN} with PHP${PHPVERSION}." \
       License="LGPL-3.0" \
       Usage="docker run -v [PATH/TO/MULTIOTP/DATA/VOLUME]:/etc/multiotp -v [PATH/TO/FREERADIUS/CONFIG/VOLUME]:/etc/freeradius -v [PATH/TO/MULTIOTP/LOG/VOLUME]:/var/log/multiotp -v [PATH/TO/FREERADIUS/LOG/VOLUME]:/var/log/freeradius -p [HOST WWW PORT NUMBER]:80 -p [HOST SSL PORT NUMBER]:443 -p [HOST RADIUS-AUTH PORT NUMBER]:1812/udp -p [HOST RADIUS-ACCNT PORT NUMBER]:1813/udp -d multiotp-open-source" \
-      Version="5.9.6.1"
+      Version="5.9.6.5"
 
 ARG DEBIAN_FRONTEND=noninteractive
 

README.md

@@ -6,7 +6,7 @@ multiOTP open source is OATH certified for HOTP/TOTP
 (c) 2010-2023 SysCo systemes de communication sa  
 https://www.multiotp.net/
 
-Current build: 5.9.6.1 (2023-05-10)
+Current build: 5.9.6.5 (2023-07-07)
 
 Binary download: https://download.multiotp.net/ (including virtual appliance image)
 
@@ -154,6 +154,8 @@ WHAT'S NEW IN THIS 5.9.x RELEASE
 CHANGE LOG OF RELEASED VERSIONS
 ===============================
 ```
+2023-07-07 5.9.6.5 FIX: Better Raspberry Pi support
+                   FIX: ShowLog() method (used by -showlog option) was buggy
 2023-05-10 5.9.6.1 FIX: Automated concurrent access for the same user with "Without2FA" token could corrupt the user file
                    FIX: Any files backend operation is now secured with explicit lock mechanism
                    ENH: Template updated to print bigger QRcode for "MOTP-XML" tokens
@@ -1593,7 +1595,7 @@ MULTIOTP COMMAND LINE TOOL
 ==========================
 
 ``` 
-multiOTP 5.9.6.1 (2023-05-10)
+multiOTP 5.9.6.5 (2023-07-07)
 (c) 2010-2023 SysCo systemes de communication sa
 http://www.multiOTP.net   (you can try the [Donate] button ;-)
 
@@ -2109,8 +2111,8 @@ Visit https://forum.multiotp.net/ for additional support
 ``` 
 
 ``` 
-Hash verification for multiotp_5.9.6.1.zip 
-SHA256:136725420e72d4dc5af1b64b084be7028338aead437a022ac803c77d71623891 
-SHA1:240355ceef9c4b23aff11984039c1de93a45f04b 
-MD5:569863c9532db4b6224b243526af2117 
+Hash verification for multiotp_5.9.6.5.zip 
+SHA256:c17f48e035340f33055d2d786f9a9ed44cea1ba8dbc81dbc3788d46501c51465 
+SHA1:1d1d7550198b9d480d646e2c1c29f2e67ac64d69 
+MD5:a51547307b18456dd971a8deab303dfe 
 ``` 

check.multiotp.class.php

@@ -22,8 +22,8 @@
  * PHP 5.4.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
- * @version   5.9.6.1
- * @date      2023-05-10
+ * @version   5.9.6.5
+ * @date      2023-07-07
  * @since     2013-07-10
  * @copyright (c) 2013-2023 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License

checkmultiotp.cmd

@@ -11,8 +11,8 @@ REM
 REM Windows batch file for Windows 2K/XP/2003/7/2008/8/2012/10/2019
 REM
 REM @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
-REM @version   5.9.6.1
-REM @date      2023-05-10
+REM @version   5.9.6.5
+REM @date      2023-07-07
 REM @since     2010-07-10
 REM @copyright (c) 2010-2023 SysCo systemes de communication sa
 REM @copyright GNU Lesser General Public License

launcher/ReadMe.txt

@@ -15,8 +15,8 @@ The multiOTP C++ launcher is simply used to launch PHP
 and run multiotp.windows.php with the provided arguments.
 
 @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
-@version   5.9.6.1
-@date      2023-05-10
+@version   5.9.6.5
+@date      2023-07-07
 @since     2016-12-08
 @copyright (c) 2010-2023 SysCo systemes de communication sa
 @copyright GNU Lesser General Public License

launcher/launcher.cpp

@@ -14,8 +14,8 @@
  * and run multiotp.windows.php with the provided arguments.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
- * @version   5.9.6.1
- * @date      2023-05-10
+ * @version   5.9.6.5
+ * @date      2023-07-07
  * @since     2016-12-08
  * @copyright (c) 2010-2023 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License
@@ -68,8 +68,8 @@
 #include <iostream>
 
 #define SOFTWARE    "LAUNCHPHPMULTIOTP"
-#define VER_NUMBER  "5.9.6.1"
-#define VER_DATE    "2023-05-10"
+#define VER_NUMBER  "5.9.6.5"
+#define VER_DATE    "2023-07-07"
 
 void replaceAll(std::string& str, const std::string& from, const std::string& to) {
     if (from.empty())

multiotp.class.php

@@ -72,8 +72,8 @@
  * PHP 5.4.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
- * @version   5.9.6.1
- * @date      2023-05-10
+ * @version   5.9.6.5
+ * @date      2023-07-07
  * @since     2010-06-08
  * @copyright (c) 2010-2023 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License
@@ -277,8 +277,8 @@ class Multiotp
  * @brief     Main class definition of the multiOTP project.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
- * @version   5.9.6.1
- * @date      2023-05-10
+ * @version   5.9.6.5
+ * @date      2023-07-07
  * @since     2010-07-18
  */
 {
@@ -393,8 +393,8 @@ class Multiotp
    * @retval  void
    *
    * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
-   * @version   5.9.6.1
-   * @date      2023-05-10
+   * @version   5.9.6.5
+   * @date      2023-07-07
    * @since     2010-07-18
    */
   function __construct(
@@ -418,11 +418,11 @@ function __construct(
 
       if (!isset($this->_class)) { $this->_class = base64_decode('bXVsdGlPVFA='); }
       if (!isset($this->_version)) {
-        $temp_version = '@version   5.9.6.1'; // You should add a suffix for your changes (for example 5.0.3.2-andy-2016-10-XX)
+        $temp_version = '@version   5.9.6.5'; // You should add a suffix for your changes (for example 5.0.3.2-andy-2016-10-XX)
         $this->_version = nullable_trim(mb_substr($temp_version, 8));
       }
       if (!isset($this->_date)) {
-        $temp_date = '@date      2023-05-10'; // You should update the date with the date of your changes
+        $temp_date = '@date      2023-07-07'; // You should update the date with the date of your changes
         $this->_date = nullable_trim(mb_substr($temp_date, 8));
       }
       if (!isset($this->_copyright)) { $this->_copyright = base64_decode('KGMpIDIwMTAtMjAyMyBTeXNDbyBzeXN0ZW1lcyBkZSBjb21tdW5pY2F0aW9uIHNh'); }
@@ -2751,7 +2751,7 @@ function SendWeeklyAnonymousStat()
       $encoded_stats_value = urlencode(base64_encode($rsa->encrypt(json_encode($stats_array))));
       $result_stats = $this->PostHttpDataXmlRequest($encoded_stats_value, "http://stats.multiotp.net/", 5);
       // if (FALSE !== mb_strpos($result_stats, "OK")) {
-      // We have to upgrade the anonymous last update even if the answer id not correct, because we could be offline
+      // We have to upgrade the anonymous last update even if the answer is not correct, because we could be offline
 
       if ((FALSE !== mb_strpos($result_stats, "<infoweb>")) && (FALSE !== mb_strpos($result_stats, "</infoweb>"))) {
           $infoweb_start = mb_strpos($result_stats, "<infoweb>") + mb_strlen("<infoweb>");
@@ -3684,19 +3684,15 @@ function ShowLog(
                       $result = FALSE;
                   } else {
                       while ($aRow = $rResult->fetch_assoc()) {
-                          if ($as_result) {
-                              $result.= nullable_trim($aRow['datetime'].' '.$aRow['user']).' '.$aRow['logentry']."\n";
-                          }
+                        $result.= nullable_trim($aRow['datetime'].' '.$aRow['user']).' '.$aRow['logentry']."\n";
                       }                         
                   }
               } elseif (!($rResult = mysql_query($sQuery, $this->_mysql_database_link))) {
                   $this->WriteLog("Error: Unable to access the database: ".mysql_error(), FALSE, FALSE, 41, 'System', '', 3);
                   $result = FALSE;
               } else {
                   while ($aRow = mysql_fetch_assoc($rResult)) {
-                      if ($as_result) {
-                          $result.= nullable_trim($aRow['datetime'].' '.$aRow['user']).' '.$aRow['logentry']."\n";
-                      }
+                    $result.= nullable_trim($aRow['datetime'].' '.$aRow['user']).' '.$aRow['logentry']."\n";
                   }                         
               }
           }
@@ -3710,9 +3706,7 @@ function ShowLog(
                   $result = FALSE;
               } else {
                   while ($aRow = pg_fetch_assoc($rResult)) {
-                      if ($as_result) {
-                          $result.= nullable_trim($aRow['datetime'].' '.$aRow['user']).' '.$aRow['logentry']."\n";
-                      }
+                    $result.= nullable_trim($aRow['datetime'].' '.$aRow['user']).' '.$aRow['logentry']."\n";
                   }                         
               }
           }
@@ -3721,9 +3715,7 @@ function ShowLog(
         if ($log_file_handle = @fopen($this->GetLogFolder().$this->GetLogFileName(),"r")) {
           flock($log_file_handle, LOCK_SH);
           while (!feof($log_file_handle)) {
-            if ($as_result) {
-              $result.= nullable_trim(fgets($log_file_handle))."\n";
-            }
+            $result.= nullable_trim(fgets($log_file_handle))."\n";
           }
           fclose($log_file_handle);
         }
@@ -6160,6 +6152,22 @@ function GetNtKey()
   }
 
 
+  function GenerateNTMLv2(
+    $account,
+    $password,
+    $domain = "",
+    $client_challenge = "",
+    $server_challenge = ""
+  ) {
+    $unicode_password= iconv ( 'UTF-8', 'UTF-16LE', $password );
+
+    $NTLM_Key = mhash ( MHASH_MD4, $unicode_password);
+    $NTLM_Hash = mhash ( MHASH_MD5, iconv ( 'UTF-8', 'UTF-16LE', strtoupper ( $account ) . $domain ), $NTLM_Key );
+    $NTLM_Chal_Hash = mhash ( MHASH_MD5, pack ( "H*", $server_challenge . $client_challenge ), $NTLM_Hash );
+
+    return strtoupper ( bin2hex ( $NTLM_Chal_Hash ) );
+  }
+
   function SetState(
       $value
   ) {
@@ -8312,7 +8320,7 @@ function CheckMsChapResponse(
 
 
   function CalculateMsChap2Response(
-      $user,
+      $account,
       $secret,
       $domain = "",
       $hex_mschap_challenge = '',
@@ -8354,7 +8362,7 @@ function CalculateMsChap2Response(
       /*
       $kr = hash_hmac('md5',
                       pack('H*',hash('md4', $hash)),
-                      $this->Convert2Unicode(strtoupper($user).$domain)
+                      $this->Convert2Unicode(strtoupper($account).$domain)
                      ); // ! THIS NON-MB strtoupper must stay as is !
 
       $nt_response_sig = hash_hmac('md5',
@@ -8376,7 +8384,7 @@ function CalculateMsChap2Response(
       }
       else
       {
-          $challenge = substr(pack('H*',hash('sha1', $peer_challenge.$mschap_challenge.$user)), 0, 8);
+          $challenge = substr(pack('H*',hash('sha1', $peer_challenge.$mschap_challenge.$account)), 0, 8);
       }
 
       $hash = substr($hash.str_repeat("\0",21), 0, 21);
@@ -8406,13 +8414,13 @@ function CalculateMsChap2Response(
 
 
   function CheckMsChap2Response(
-      $user,
+      $account,
       $secret,
       $domain = '',
       $hex_mschap_challenge = '',
       $hex_mschap2_response = ''
   ) {
-      $result = $this->CalculateMsChap2Response($user, $secret, $domain, $hex_mschap_challenge, $hex_mschap2_response);
+      $result = $this->CalculateMsChap2Response($account, $secret, $domain, $hex_mschap_challenge, $hex_mschap2_response);
 
       return ($this->GetMsChap2Response() == strtolower($result));
   }
@@ -21823,6 +21831,7 @@ function CallApi(
   }
 
 
+  // The XmlServer is called from the client side using PostHttpDataXmlRequest function
   function XmlServer($data)
   {
       // $this->WriteLog("Info: Host received the following request: $data", FALSE, FALSE, 8888, 'Debug', '');

multiotp.cli.header.php

@@ -35,8 +35,8 @@
  * PHP 5.4.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
- * @version   5.9.6.1
- * @date      2023-05-10
+ * @version   5.9.6.5
+ * @date      2023-07-07
  * @since     2010-06-08
  * @copyright (c) 2010-2023 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License

multiotp.cli.proxy.php

@@ -15,8 +15,8 @@
  * PHP 5.4.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
- * @version   5.9.6.1
- * @date      2023-05-10
+ * @version   5.9.6.5
+ * @date      2023-07-07
  * @since     2010-06-08
  * @copyright (c) 2010-2023 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License