motiejus/vtun
1
Fork 0
Code Releases Activity

if the password supplied is 32 bit long, we should use it AS if

Browse Source
This commit is contained in:
Vincent Malguy 2015-10-09 18:00:06 +02:00
parent 17058b59af
commit 502ba4ac9b
3 changed files with 101 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
auth.c
View File

@ -1,9 +1,9 @@
/*
/*
VTun - Virtual Tunnel over TCP/IP network.
Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
VTun has been derived from VPPP package by Maxim Krasnyansky.
VTun has been derived from VPPP package by Maxim Krasnyansky.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -18,12 +18,12 @@
/*
* $Id: auth.c,v 1.9.2.5 2013/07/07 19:54:20 mtbishop Exp $
*/
*/
/*
* Challenge based authentication.
* Challenge based authentication.
* Thanx to Chris Todd<christ@insynq.com> for the good idea.
*/
*/
#include "config.h"
@ -63,6 +63,8 @@ static int derive_key(struct vtun_host *host)
{
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
int ret = -1;
size_t bin_len;
const char ** const hex_end;
if (host->key != NULL) {
return 0;
@ -70,17 +72,27 @@ static int derive_key(struct vtun_host *host)
if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) {
return -1;
}
sodium_hex2bin(host->key, HOST_KEYBYTES,host->passwd,
strlen(host->passwd), "", &bin_len, hex_end);
if (bin_len == HOST_KEYBYTES) {
vtun_syslog(LOG_ERR,"supplied password is long enough to be the secret");
return 0;
}
vtun_syslog(LOG_ERR,"supplied password is %i bits, adjusting it to 32 bits", bin_len);
memset(salt, 0xd1, sizeof salt);
if (crypto_pwhash_scryptsalsa208sha256
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
ret = 0;
}
sodium_memzero(host->passwd, strlen(host->passwd));
free(host->passwd);
host->passwd = NULL;
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host);
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
ret = 0;
}
sodium_memzero(host->passwd, strlen(host->passwd));
free(host->passwd);
host->passwd = NULL;
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host);
return ret;
}
@ -96,11 +108,11 @@ static void auth_chal(char *chal, const struct vtun_host *host)
host->key, HOST_KEYBYTES);
}
/*
/*
* Functions to convert binary flags to character string.
* string format: <CS64>
* string format: <CS64>
* C - compression, S - speed for shaper and so on.
*/
*/
static char *bf2cf(struct vtun_host *host)
{
@ -120,12 +132,12 @@ static char *bf2cf(struct vtun_host *host)
switch( host->flags & VTUN_TYPE_MASK ){
case VTUN_TTY:
*(ptr++) = 't';
*(ptr++) = 't';
break;
case VTUN_PIPE:
*(ptr++) = 'p';
break;
break;
case VTUN_ETHER:
*(ptr++) = 'e';
@ -134,7 +146,7 @@ static char *bf2cf(struct vtun_host *host)
case VTUN_TUN:
*(ptr++) = 'u';
break;
}
}
if( (host->flags & VTUN_SHAPE) /* && host->spd_in */)
ptr += sprintf(ptr,"S%d",host->spd_in);
@ -157,7 +169,7 @@ static char *bf2cf(struct vtun_host *host)
return str;
}
/* return 1 on success, otherwise 0
/* return 1 on success, otherwise 0
Example:
FLAGS: <TuE1>
*/
@ -167,10 +179,10 @@ static int cf2bf(char *str, struct vtun_host *host)
char *ptr, *p;
int s;
if( (ptr = strchr(str,'<')) ){
if( (ptr = strchr(str,'<')) ){
vtun_syslog(LOG_DEBUG,"Remote Server sends %s.", ptr);
ptr++;
while(*ptr){
while(*ptr){
switch(*ptr++){
case 't':
host->flags |= VTUN_TTY;
@ -196,17 +208,17 @@ static int cf2bf(char *str, struct vtun_host *host)
host->flags |= VTUN_KEEP_ALIVE;
break;
case 'C':
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
return 0;
host->flags |= VTUN_ZLIB;
host->zlevel = s;
host->zlevel = s;
ptr = p;
break;
case 'L':
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
return 0;
host->flags |= VTUN_LZO;
host->zlevel = s;
host->zlevel = s;
ptr = p;
break;
case 'E':
@ -221,11 +233,11 @@ static int cf2bf(char *str, struct vtun_host *host)
ptr = p;
break;
case 'S':
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
return 0;
if( s ){
host->flags |= VTUN_SHAPE;
host->spd_out = s;
host->spd_out = s;
}
ptr = p;
break;
@ -242,10 +254,10 @@ static int cf2bf(char *str, struct vtun_host *host)
return 0;
}
/*
/*
* Functions to convert binary key data to character string.
* string format: <char_data>
*/
* string format: <char_data>
*/
static char *cl2cs(char *chal)
{
@ -255,9 +267,9 @@ static char *cl2cs(char *chal)
*(ptr++) = '<';
for(i=0; i<VTUN_CHAL_SIZE; i++){
*(ptr++) = chr[ ((chal[i] & 0xf0) >> 4) ];
*(ptr++) = chr[ ((chal[i] & 0xf0) >> 4) ];
*(ptr++) = chr[ (chal[i] & 0x0f) ];
}
}
*(ptr++) = '>';
*ptr = '\0';
@ -270,24 +282,24 @@ static int cs2cl(char *str, char *chal)
register char *ptr = str;
register int i;
if( !(ptr = strchr(str,'<')) )
if( !(ptr = strchr(str,'<')) )
return 0;
ptr++;
if( !strtok(ptr,">") || strlen(ptr) != VTUN_CHAL_SIZE*2 )
return 0;
for(i=0; i<VTUN_CHAL_SIZE && *ptr; i++, ptr+=2) {
chal[i] = (*ptr - 'a') << 4;
chal[i] = (*ptr - 'a') << 4;
chal[i] |= *(ptr+1) - 'a';
}
return 1;
}
}
/* Authentication (Server side) */
struct vtun_host * auth_server(int fd)
{
char chal_req[VTUN_CHAL_SIZE], chal_res[VTUN_CHAL_SIZE];
char chal_req[VTUN_CHAL_SIZE], chal_res[VTUN_CHAL_SIZE];
char buf[VTUN_MESG_SIZE], *str1, *str2;
struct vtun_host *h = NULL;
char *host = NULL;
@ -323,23 +335,23 @@ struct vtun_host * auth_server(int fd)
case ST_CHAL:
if( !strcmp(str1,"CHAL") ){
if( !cs2cl(str2,chal_res) )
break;
break;
if( !(h = find_host(host)) )
break;
derive_key(h);
auth_chal(chal_req, h);
if( !sodium_memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){
/* Auth successeful. */
/* Lock host */
/* Lock host */
if( lock_host(h) < 0 ){
/* Multiple connections are denied */
h = NULL;
break;
}
print_p(fd,"OK FLAGS: %s\n", bf2cf(h));
}
print_p(fd,"OK FLAGS: %s\n", bf2cf(h));
} else
h = NULL;
}
@ -352,7 +364,7 @@ struct vtun_host * auth_server(int fd)
free(host);
if( !h )
print_p(fd,"ERR\n");
print_p(fd,"ERR\n");
return h;
}
@ -362,7 +374,7 @@ int auth_client(int fd, struct vtun_host *host)
{
char buf[VTUN_MESG_SIZE], chal[VTUN_CHAL_SIZE];
int stage, success=0 ;
stage = ST_INIT;
while( readn_t(fd, buf, VTUN_MESG_SIZE, vtun.timeout) > 0 ){
@ -374,7 +386,7 @@ int auth_client(int fd, struct vtun_host *host)
print_p(fd,"HOST: %s\n",host->host);
continue;
}
break;
break;
case ST_HOST:
if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){
@ -385,8 +397,8 @@ int auth_client(int fd, struct vtun_host *host)
continue;
}
break;
break;
case ST_CHAL:
if( !strncmp(buf,"OK",2) && cf2bf(buf,host) )
success = 1;

48
main.c
View File

@ -1,9 +1,9 @@
/*
/*
VTun - Virtual Tunnel over TCP/IP network.
Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
VTun has been derived from VPPP package by Maxim Krasnyansky.
VTun has been derived from VPPP package by Maxim Krasnyansky.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -18,7 +18,7 @@
/*
* $Id: main.c,v 1.9.2.7 2013/07/07 20:31:22 mtbishop Exp $
*/
*/
#include "config.h"
@ -62,7 +62,7 @@ extern int optind,opterr,optopt;
extern char *optarg;
/* for the NATHack bit. Is our UDP session connected? */
int is_rmt_fd_connected=1;
int is_rmt_fd_connected=1;
int main(int argc, char *argv[], char *env[])
{
@ -83,13 +83,13 @@ int main(int argc, char *argv[], char *env[])
vtun.cfg_file = VTUN_CONFIG_FILE;
vtun.persist = -1;
vtun.timeout = -1;
/* Dup strings because parser will try to free them */
vtun.ppp = strdup("/usr/sbin/pppd");
vtun.ifcfg = strdup("/sbin/ifconfig");
vtun.route = strdup("/sbin/route");
vtun.fwall = strdup("/sbin/ipchains");
vtun.iproute = strdup("/sbin/ip");
vtun.fwall = strdup("/sbin/ipchains");
vtun.iproute = strdup("/sbin/ip");
vtun.svr_name = NULL;
vtun.svr_addr = NULL;
@ -140,7 +140,7 @@ int main(int argc, char *argv[], char *env[])
vtun.persist = 1;
break;
case 't':
vtun.timeout = atoi(optarg);
vtun.timeout = atoi(optarg);
break;
case 'q':
vtun.quiet = 1;
@ -149,7 +149,7 @@ int main(int argc, char *argv[], char *env[])
usage();
exit(1);
}
}
}
reread_config(0);
if (vtun.syslog != LOG_DAEMON) {
@ -167,18 +167,18 @@ int main(int argc, char *argv[], char *env[])
}
hst = argv[optind++];
if( !(host = find_host(hst)) ){
if( !(host = find_host(hst)) ){
vtun_syslog(LOG_ERR,"Host %s not found in %s", hst, vtun.cfg_file);
exit(1);
}
vtun.svr_name = strdup(argv[optind]);
}
/*
}
/*
* Now fill uninitialized fields of the options structure
* with default values.
*/
* with default values.
*/
if(vtun.bind_addr.port == -1)
vtun.bind_addr.port = VTUN_PORT;
if(vtun.persist == -1)
@ -193,11 +193,11 @@ int main(int argc, char *argv[], char *env[])
case VTUN_INETD:
sock = dup(0);
#if defined(HAVE_WORKING_FORK) || defined(HAVE_WORKING_VFORK)
dofork = 0;
dofork = 0;
#endif
break;
}
#ifdef HAVE_SODIUM
if (sodium_init() != 0) {
abort();
@ -226,7 +226,7 @@ int main(int argc, char *argv[], char *env[])
}
if(svr){
memset(&sa,0,sizeof(sa));
memset(&sa,0,sizeof(sa));
sa.sa_handler=reread_config;
sigaction(SIGHUP,&sa,NULL);
@ -240,28 +240,28 @@ int main(int argc, char *argv[], char *env[])
exit(1);
#endif
}
server(sock);
} else {
} else {
init_title(argc,argv,env,"vtund[c]: ");
client(host);
}
closelog();
return 0;
}
/*
/*
* Very simple PID file creation function. Used by server.
* Overrides existing file.
* Overrides existing file.
*/
static void write_pid(void)
{
FILE *f;
if( !(f=fopen(VTUN_PID_FILE,"w")) ){
vtun_syslog(LOG_ERR,"Can't write PID file");
vtun_syslog(LOG_ERR,"Can't write PID file %s", VTUN_PID_FILE);
return;
}

33
server.c
View File

@ -1,9 +1,9 @@
/*
/*
VTun - Virtual Tunnel over TCP/IP network.
Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
VTun has been derived from VPPP package by Maxim Krasnyansky.
VTun has been derived from VPPP package by Maxim Krasnyansky.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -18,7 +18,7 @@
/*
* $Id: server.c,v 1.9.2.4 2013/07/07 19:55:14 mtbishop Exp $
*/
*/
#include "config.h"
@ -74,22 +74,22 @@ static void connection(int sock)
opt = sizeof(struct sockaddr_in);
if( getsockname(sock, (struct sockaddr *) &my_addr, &opt) < 0 ){
vtun_syslog(LOG_ERR, "Can't get local socket address");
exit(1);
exit(1);
}
ip = strdup(inet_ntoa(cl_addr.sin_addr));
io_init();
if( (host=auth_server(sock)) ){
if( (host=auth_server(sock)) ){
sa.sa_handler=SIG_IGN;
sa.sa_flags=SA_NOCLDWAIT;;
sigaction(SIGHUP,&sa,NULL);
vtun_syslog(LOG_INFO,"Session %s[%s:%d] opened", host->host, ip,
vtun_syslog(LOG_INFO,"Session %s[%s:%d] opened", host->host, ip,
ntohs(cl_addr.sin_port) );
host->rmt_fd = sock;
host->rmt_fd = sock;
host->sopt.laddr = strdup(inet_ntoa(my_addr.sin_addr));
host->sopt.lport = vtun.bind_addr.port;
host->sopt.raddr = strdup(ip);
@ -100,7 +100,7 @@ static void connection(int sock)
vtun_syslog(LOG_INFO,"Session %s closed", host->host);
/* Unlock host. (locked in auth_server) */
/* Unlock host. (locked in auth_server) */
unlock_host(host);
} else {
vtun_syslog(LOG_INFO,"Denied connection from %s:%d", ip,
@ -127,18 +127,17 @@ static void listener(void)
vtun_syslog(LOG_ERR, "Can't fill in listen socket");
exit(1);
}
if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){
vtun_syslog(LOG_ERR,"Can't create socket");
exit(1);
}
opt=1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
vtun_syslog(LOG_ERR,"Can't bind to the socket");
exit(1);
vtun_syslog(LOG_ERR,"Can't bind to the socket %s", inet_ntoa(my_addr.sin_addr));
exit(1);
}
if( listen(s, 10) ){
@ -158,7 +157,7 @@ static void listener(void)
while( (!server_term) || (server_term == VTUN_SIG_HUP) ){
opt=sizeof(cl_addr);
if( (s1=accept(s,(struct sockaddr *)&cl_addr,&opt)) < 0 )
continue;
continue;
switch( fork() ){
case 0:
@ -171,8 +170,8 @@ static void listener(void)
close(s1);
break;
}
}
}
}
}
#endif
void server(int sock)
@ -201,5 +200,5 @@ void server(int sock)
case VTUN_INETD:
connection(sock);
break;
}
}
}