buy-back from bug1685781 - vtun3 client should parse vtun2 server encr directives

2008-01-07 22:12:48 +00:00 · 2008-01-07 22:12:48 +00:00 · a460c4bfc1
parent e971c621d2
commit a460c4bfc1
8 changed files with 332 additions and 15 deletions
--- a/3
+++ b/3
@ -1,4 +1,5 @@
 3.0.2:
+	ref1685781 - vtun3 client should parse vtun2 server encr directives (hch)
 	rfe1744575 - cfg_file.y bugs (mf)
 	rfe1738167 - build on c5 still fails (bc)

@ -68,7 +69,7 @@ ver 2.5:
 	 Fixes to support both Linux TUN/TAP drivers.

 ver 2.5b1:
-	 Encryption fixes: improved challenge generation, padding check.
+	 Encryption fixes: improved challenge generation (jy), padding check.
 	 Config parser fixes. Don't allow empty passwords.
 	 New config option to specify syslog logging facility.
 	 Support for new Linux TUN/TAP driver.
--- a/142
+++ b/142
@ -0,0 +1,142 @@
+Author of this package is Maxim Krasnyansky <max_mk@yahoo.com>.
+
+A lot of thanks to the following people for their suggestions and 
+contributions:
+
+Gayaneh Krasnyanskaya(Max's Wife) <gayaneh@yahoo.com> 
+	Initial Web site creation. And a lot of other help :)))  
+
+Alex Korenkov <alex@uznet.net> 
+	Testing, bug reports.
+
+Shukhrat Zakhidov <shukhrat@ishonch.uz>
+	Testing, bug reports, suggestions.
+
+Dag Wieers <dag@mind.be>
+	Initial RPM packager specification file. 
+	RedHat startup script. 
+	Several bug reports. 
+	SOCKS support suggestions.
+
+Ted Rolle <ted@acacia.datacomm.com> 
+	Spelling fixes.
+
+Craig Sanders <cas@taz.net.au> 
+	Debian startup script.
+
+Catalin Ciocoiu <catalin@ccp.pub.ro> 
+	Reported compilation problems. 
+
+Timur Danyarhojaev <tid@podolsk.ru> 
+	Added client source address option.
+
+Andreas Kainz <aka@gams.at>
+	RPM package improvements.
+
+Chris Todd <christ@insynq.com>
+	Idea of challenge based authentication. 
+	Initial BlowFish encryption code. 
+	Suggestions.
+
+Garet Krampe <garet@satix.net> 
+	A lot of great ideas. Mailing list.
+	Web site mirror.
+
+Denis Zapolsky <denis@granch.com.my> 
+	Testing. 
+
+Vadim Zaliva <lord@crocodile.org>
+	Solaris patches.  Suggestions.
+
+Hurricane Floyd <floyd@hurricanes.org> 
+	Max had several vacations.
+	Bishop had no power or water, and was able
+	   to experience the Third World.
+	:)))))))))))))))))))
+
+James B. MacLean <macleajb@Trademart-1.EDnet.NS.CA> 
+	Client persist mode fix. Suggestions.
+
+Paul <xerox@httpd.net> 
+	Stress tests, bug reports, suggestions.
+
+Maksim Yevenkin <m_evmenkin@yahoo.com>
+	TAP driver for FreeBSD.
+
+Anthon Walters <anthon@ws.co.za>
+	Web site mirror. Testing. Initial FAQ.
+
+Ryan Defelice <ryand@mobiletel.com> 
+	OpenBSD package maintainer. Provided OpenBSD server for 
+	development and testing
+
+Alexander Bergolth <leo@strike.wu-wien.ac.at>
+	Initial multiple connection handling and host lock functionalities.
+	Improvements and fixes of source address option. Incorrect error 
+	handling fix. Ideas. Suggestions.
+
+Hubert Feyrer <feyrer@rfhs8012.fh-regensburg.de>
+	NetBSD package.
+
+Hiroharu Tamaru <tamaru@ap.t.u-tokyo.ac.jp>
+	Updated FreeBSD 4.0 TUN driver support. 
+
+Terry Donaldson <tsd@geo-mis.com>
+	Provided Solaris 8.0 server for development and testing.
+
+Daniel Podlejski <underley@underley.eu.org>
+	TUN/TAP driver modifications for 2.3.99-pre5 kernel.
+
+Michael Tokarev <mjt@tls.msk.ru>
+	File descriptors and memory leaks fix. 
+	Tons of other bug fixes and patches. Suggestions. Ideas.
+
+Xavier <xavier@bru-noc.net>
+	European web site mirror.
+
+Chris Snell <chris@bikeworld.com>
+	Mailing list archives.
+
+Robert Stone <talby@trap.mtview.ca.us>
+	Security enhancements. Suggestions. Ideas.
+	Encryption and other subsystems rework for 3.X.
+
+Steinar H. Gunderson <sgunderson@bigfoot.com>
+	Tons of stability fixes and problem reports. 
+	Ideas and suggestions.
+
+Yan Seiner <yan@cardinalengineering.com>
+	Testing. Bug reports. Suggestions.
+
+James Yonan <jim@funnybee.ntlp.com>
+	Encryption and other fixes. Suggestions.
+
+Greg Olszewski <noop@nwonknu.org>
+	Config parser and other fixes. Suggestions.
+
+Kevin P. Fleming <kevin@labsysgrp.com>
+	Makefile and config parser enhancement.
+	Other minor fixes and suggestions.
+
+Robert R. Wal <rrw@hell.pl>
+	Added support for iproute command.
+
+Willems Luc <willems.luc@pandora.be>
+	Initial SuSE packaging.  Testing.
+
+Nickolai Zeldovich <nickolai@cs.stanford.edu>
+	mlockall() support to prevent VM collapse.
+
+Dale Fountain <dpf-vtun@fountainbay.com>
+	Added multiple cipher support.
+	Added multiple cipher modes support.
+	Added support for different sized keys.
+	Re-sync ciphers when using non-ECB modes over a UDP connection.
+	Fixed Bug#908824 (persist=keep not re-applying routes)
+
+Alan Grow <agrow-at-thegotonerd.com>
+	Added a Listening Address/Interface (rfe936523)
+	Cleaned up the code around that portion of the config.
+
+Hans Carlos Hoffman <hchs.de>
+	Inventive method for vtund3c->vtund2s encryption (rfe1685781)
--- a/Makefile.in
+++ b/Makefile.in
@ -15,7 +15,7 @@
 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #   GNU General Public License for more details.
 #
-#   $Id: Makefile.in,v 1.11.2.1 2007/06/29 05:26:33 mtbishop Exp $
+#   $Id: Makefile.in,v 1.11.2.2 2008/01/07 22:12:57 mtbishop Exp $
 #  
 CC = @CC@
 CFLAGS = @CFLAGS@ @CPPFLAGS@
@ -50,7 +50,7 @@ OBJS = main.o cfg_file.tab.o cfg_file.lex.o server.o client.o lib.o \
       llist.o auth.o tunnel.o lock.o netlib.o  \
       tun_dev.o tap_dev.o pty_dev.o pipe_dev.o \
       tcp_proto.o udp_proto.o \
-       linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o 
+       linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o lfd_legacy_encrypt.o

 CONFIGURE_FILES = Makefile config.status config.cache config.h config.log 

--- a/auth.c
+++ b/auth.c
@ -17,15 +17,12 @@
 */

 /*
- * $Id: auth.c,v 1.9.2.1 2007/06/29 05:25:45 mtbishop Exp $
+ * $Id: auth.c,v 1.9.2.2 2008/01/07 22:12:48 mtbishop Exp $
 */ 

 /*
 * Challenge based authentication. 
 * Thanx to Chris Todd<christ@insynq.com> for the good idea.
- *
- * Jim Yonan, 05/24/2001
- * 	gen_chal rewrite to use better random number generator 
 */ 

 #include "config.h"
@ -180,7 +177,10 @@ char *bf2cf(struct vtun_host *host)
     return str;
 }

-/* return 1 on success, otherwise 0 */
+/* return 1 on success, otherwise 0 
+   Example:
+   FLAGS: <TuE1>
+*/

 int cf2bf(char *str, struct vtun_host *host)
 {
@ -188,6 +188,7 @@ int cf2bf(char *str, struct vtun_host *host)
     int s;

     if( (ptr = strchr(str,'<')) ){ 
+	vtun_syslog(LOG_DEBUG,"Remote Server sends %s.", ptr);
 	ptr++;
 	while(*ptr){  
 	   switch(*ptr++){
@ -229,10 +230,19 @@ int cf2bf(char *str, struct vtun_host *host)
 		ptr = p;
 		break;
 	     case 'E':
-		if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p) 
+	        /* new form is 'E10', old form is 'E', so remove the
+		   ptr==p check */
+		if((s = strtol(ptr,&p,10)) == ERANGE) {
+		   vtun_syslog(LOG_ERR,"Garbled encryption method.  Bailing out.");
 		   return 0;
+		}
 		host->flags |= VTUN_ENCRYPT;
-		host->cipher = s; 
+		if (0 == s) {
+		   host->cipher = VTUN_LEGACY_ENCRYPT;
+		   vtun_syslog(LOG_INFO,"Remote server using older encryption.");
+		} else {
+		   host->cipher = s; 
+		}
 		ptr = p;
 		break;
     	     case 'S':
@ -244,6 +254,9 @@ int cf2bf(char *str, struct vtun_host *host)
 		}
 		ptr = p;
 		break;
+	     case 'F':
+	        /* reserved for Feature transmit */
+	       break;
 	     case '>':
 	        return 1;
 	     default:
--- a/lfd_legacy_encrypt.c
+++ b/lfd_legacy_encrypt.c
@ -0,0 +1,154 @@
+/*  
+    VTun - Virtual Tunnel over TCP/IP network.
+
+    Copyright (C) 1998-2000  Maxim Krasnyansky <max_mk@yahoo.com>
+
+    VTun has been derived from VPPP package by Maxim Krasnyansky. 
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+ */
+
+/*
+ * $Id: lfd_legacy_encrypt.c,v 1.1.4.1 2008/01/07 22:12:53 mtbishop Exp $
+ * Code added wholesale temporarily from lfd_encrypt 1.2.2.8
+ */ 
+
+/*
+   Encryption module uses software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit. (http://www.openssl.org/)       
+   Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ */
+
+/*
+ * This lfd_encrypt module uses MD5 to create 128 bits encryption
+ * keys and BlowFish for actual data encryption.
+ * It is based on code written by Chris Todd<christ@insynq.com> with 
+ * several improvements and modifications.  
+ */
+
+#include "config.h"
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <syslog.h>
+#include <strings.h>
+#include <string.h>
+
+#include "vtun.h"
+#include "linkfd.h"
+#include "lib.h"
+
+#ifdef HAVE_SSL
+
+#ifndef __APPLE_CC__
+/* OpenSSL includes */
+#include <openssl/md5.h>
+#include <openssl/blowfish.h>
+#else /* YAY - We're MAC OS */
+#include <sys/md5.h>
+#include <crypto/blowfish.h>
+#endif  /* __APPLE_CC__ */
+
+#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16 
+#define ENC_KEY_SIZE 16
+
+BF_KEY key;
+char * enc_buf;
+
+int alloc_legacy_encrypt(struct vtun_host *host)
+{
+   if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){
+      vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor");
+      return -1;
+   }
+
+   BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL));
+
+   vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized");
+   return 0;
+}
+
+int free_legacy_encrypt()
+{
+   lfd_free(enc_buf); enc_buf = NULL;
+   return 0;
+}
+
+int legacy_encrypt_buf(int len, char *in, char **out)
+{ 
+   register int pad, p;
+   register char *in_ptr = in, *out_ptr = enc_buf;
+
+   /* 8 - ( len % 8 ) */
+   pad = (~len & 0x07) + 1; p = 8 - pad;
+
+   memset(out_ptr, 0, pad);
+   *out_ptr = (char) pad;
+   memcpy(out_ptr + pad, in_ptr, p);  
+   BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT);
+   out_ptr += 8; in_ptr += p; 
+   len = len - p;
+
+   for (p=0; p < len; p += 8)
+      BF_ecb_encrypt(in_ptr + p,  out_ptr + p, &key, BF_ENCRYPT);
+
+   *out = enc_buf;
+   return len + 8;
+}
+
+int legacy_decrypt_buf(int len, char *in, char **out)
+{
+   register int p;
+
+   for (p = 0; p < len; p += 8)
+      BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT);
+
+   p = *in;
+   if (p < 1 || p > 8) {
+      vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length");
+      return 0;
+   }
+
+   *out = in + p;
+
+   return len - p;
+}
+
+/* 
+ * Module structure.
+ */
+struct lfd_mod lfd_legacy_encrypt = {
+     "Encryptor",
+     alloc_legacy_encrypt,
+     legacy_encrypt_buf,
+     NULL,
+     legacy_decrypt_buf,
+     NULL,
+     free_legacy_encrypt,
+     NULL,
+     NULL
+};
+
+#else  /* HAVE_SSL */
+
+int no_legacy_encrypt(struct vtun_host *host)
+{
+     vtun_syslog(LOG_INFO, "Encryption is not supported");
+     return -1;
+}
+
+struct lfd_mod lfd_legacy_encrypt = {
+     "Encryptor",
+     no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+#endif /* HAVE_SSL */
--- a/linkfd.c
+++ b/linkfd.c
@ -17,7 +17,7 @@
 */

 /*
- * $Id: linkfd.c,v 1.13.2.1 2007/06/29 05:26:19 mtbishop Exp $
+ * $Id: linkfd.c,v 1.13.2.2 2008/01/07 22:12:54 mtbishop Exp $
 */

 #include "config.h"
@ -365,8 +365,12 @@ int linkfd(struct vtun_host *host)
 	lfd_add_mod(&lfd_lzo);

     if(host->flags & VTUN_ENCRYPT)
-	lfd_add_mod(&lfd_encrypt);
-
+       if(host->cipher == VTUN_LEGACY_ENCRYPT) {
+	 lfd_add_mod(&lfd_legacy_encrypt);
+       } else {
+	 lfd_add_mod(&lfd_encrypt);
+       }
+     
     if(host->flags & VTUN_SHAPE)
 	lfd_add_mod(&lfd_shaper);

--- a/linkfd.h
+++ b/linkfd.h
@ -17,7 +17,7 @@
 */

 /*
- * $Id: linkfd.h,v 1.4.2.1 2007/06/29 05:26:21 mtbishop Exp $
+ * $Id: linkfd.h,v 1.4.2.2 2008/01/07 22:12:56 mtbishop Exp $
 */ 

 #ifndef _LINKFD_H
@ -87,6 +87,7 @@ struct lfd_mod {
 extern struct lfd_mod lfd_zlib;
 extern struct lfd_mod lfd_lzo;
 extern struct lfd_mod lfd_encrypt;
+extern struct lfd_mod lfd_legacy_encrypt;
 extern struct lfd_mod lfd_shaper;

 #endif
--- a/vtun.h
+++ b/vtun.h
@ -17,7 +17,7 @@
 */

 /*
- * $Id: vtun.h,v 1.12.2.1 2007/06/29 05:26:49 mtbishop Exp $
+ * $Id: vtun.h,v 1.12.2.2 2008/01/07 22:12:59 mtbishop Exp $
 */ 

 #ifndef _VTUN_H
@ -155,6 +155,8 @@ extern llist host_list;
 #define VTUN_ENC_AES256CFB	15
 #define VTUN_ENC_AES256OFB	16

+#define VTUN_LEGACY_ENCRYPT	999
+
 /* Mask to drop the flags which will be supplied by the server */
 #define VTUN_CLNT_MASK  0xf000