buy-back from bug1685781 - vtun3 client should parse vtun2 server encr directives

This commit is contained in:
mtbishop 2008-01-07 22:12:48 +00:00
parent e971c621d2
commit a460c4bfc1
8 changed files with 332 additions and 15 deletions

View File

@ -1,4 +1,5 @@
3.0.2: 3.0.2:
ref1685781 - vtun3 client should parse vtun2 server encr directives (hch)
rfe1744575 - cfg_file.y bugs (mf) rfe1744575 - cfg_file.y bugs (mf)
rfe1738167 - build on c5 still fails (bc) rfe1738167 - build on c5 still fails (bc)
@ -68,7 +69,7 @@ ver 2.5:
Fixes to support both Linux TUN/TAP drivers. Fixes to support both Linux TUN/TAP drivers.
ver 2.5b1: ver 2.5b1:
Encryption fixes: improved challenge generation, padding check. Encryption fixes: improved challenge generation (jy), padding check.
Config parser fixes. Don't allow empty passwords. Config parser fixes. Don't allow empty passwords.
New config option to specify syslog logging facility. New config option to specify syslog logging facility.
Support for new Linux TUN/TAP driver. Support for new Linux TUN/TAP driver.

142
Credits Normal file
View File

@ -0,0 +1,142 @@
Author of this package is Maxim Krasnyansky <max_mk@yahoo.com>.
A lot of thanks to the following people for their suggestions and
contributions:
Gayaneh Krasnyanskaya(Max's Wife) <gayaneh@yahoo.com>
Initial Web site creation. And a lot of other help :)))
Alex Korenkov <alex@uznet.net>
Testing, bug reports.
Shukhrat Zakhidov <shukhrat@ishonch.uz>
Testing, bug reports, suggestions.
Dag Wieers <dag@mind.be>
Initial RPM packager specification file.
RedHat startup script.
Several bug reports.
SOCKS support suggestions.
Ted Rolle <ted@acacia.datacomm.com>
Spelling fixes.
Craig Sanders <cas@taz.net.au>
Debian startup script.
Catalin Ciocoiu <catalin@ccp.pub.ro>
Reported compilation problems.
Timur Danyarhojaev <tid@podolsk.ru>
Added client source address option.
Andreas Kainz <aka@gams.at>
RPM package improvements.
Chris Todd <christ@insynq.com>
Idea of challenge based authentication.
Initial BlowFish encryption code.
Suggestions.
Garet Krampe <garet@satix.net>
A lot of great ideas. Mailing list.
Web site mirror.
Denis Zapolsky <denis@granch.com.my>
Testing.
Vadim Zaliva <lord@crocodile.org>
Solaris patches. Suggestions.
Hurricane Floyd <floyd@hurricanes.org>
Max had several vacations.
Bishop had no power or water, and was able
to experience the Third World.
:)))))))))))))))))))
James B. MacLean <macleajb@Trademart-1.EDnet.NS.CA>
Client persist mode fix. Suggestions.
Paul <xerox@httpd.net>
Stress tests, bug reports, suggestions.
Maksim Yevenkin <m_evmenkin@yahoo.com>
TAP driver for FreeBSD.
Anthon Walters <anthon@ws.co.za>
Web site mirror. Testing. Initial FAQ.
Ryan Defelice <ryand@mobiletel.com>
OpenBSD package maintainer. Provided OpenBSD server for
development and testing
Alexander Bergolth <leo@strike.wu-wien.ac.at>
Initial multiple connection handling and host lock functionalities.
Improvements and fixes of source address option. Incorrect error
handling fix. Ideas. Suggestions.
Hubert Feyrer <feyrer@rfhs8012.fh-regensburg.de>
NetBSD package.
Hiroharu Tamaru <tamaru@ap.t.u-tokyo.ac.jp>
Updated FreeBSD 4.0 TUN driver support.
Terry Donaldson <tsd@geo-mis.com>
Provided Solaris 8.0 server for development and testing.
Daniel Podlejski <underley@underley.eu.org>
TUN/TAP driver modifications for 2.3.99-pre5 kernel.
Michael Tokarev <mjt@tls.msk.ru>
File descriptors and memory leaks fix.
Tons of other bug fixes and patches. Suggestions. Ideas.
Xavier <xavier@bru-noc.net>
European web site mirror.
Chris Snell <chris@bikeworld.com>
Mailing list archives.
Robert Stone <talby@trap.mtview.ca.us>
Security enhancements. Suggestions. Ideas.
Encryption and other subsystems rework for 3.X.
Steinar H. Gunderson <sgunderson@bigfoot.com>
Tons of stability fixes and problem reports.
Ideas and suggestions.
Yan Seiner <yan@cardinalengineering.com>
Testing. Bug reports. Suggestions.
James Yonan <jim@funnybee.ntlp.com>
Encryption and other fixes. Suggestions.
Greg Olszewski <noop@nwonknu.org>
Config parser and other fixes. Suggestions.
Kevin P. Fleming <kevin@labsysgrp.com>
Makefile and config parser enhancement.
Other minor fixes and suggestions.
Robert R. Wal <rrw@hell.pl>
Added support for iproute command.
Willems Luc <willems.luc@pandora.be>
Initial SuSE packaging. Testing.
Nickolai Zeldovich <nickolai@cs.stanford.edu>
mlockall() support to prevent VM collapse.
Dale Fountain <dpf-vtun@fountainbay.com>
Added multiple cipher support.
Added multiple cipher modes support.
Added support for different sized keys.
Re-sync ciphers when using non-ECB modes over a UDP connection.
Fixed Bug#908824 (persist=keep not re-applying routes)
Alan Grow <agrow-at-thegotonerd.com>
Added a Listening Address/Interface (rfe936523)
Cleaned up the code around that portion of the config.
Hans Carlos Hoffman <hchs.de>
Inventive method for vtund3c->vtund2s encryption (rfe1685781)

View File

@ -15,7 +15,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details. # GNU General Public License for more details.
# #
# $Id: Makefile.in,v 1.11.2.1 2007/06/29 05:26:33 mtbishop Exp $ # $Id: Makefile.in,v 1.11.2.2 2008/01/07 22:12:57 mtbishop Exp $
# #
CC = @CC@ CC = @CC@
CFLAGS = @CFLAGS@ @CPPFLAGS@ CFLAGS = @CFLAGS@ @CPPFLAGS@
@ -50,7 +50,7 @@ OBJS = main.o cfg_file.tab.o cfg_file.lex.o server.o client.o lib.o \
llist.o auth.o tunnel.o lock.o netlib.o \ llist.o auth.o tunnel.o lock.o netlib.o \
tun_dev.o tap_dev.o pty_dev.o pipe_dev.o \ tun_dev.o tap_dev.o pty_dev.o pipe_dev.o \
tcp_proto.o udp_proto.o \ tcp_proto.o udp_proto.o \
linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o lfd_legacy_encrypt.o
CONFIGURE_FILES = Makefile config.status config.cache config.h config.log CONFIGURE_FILES = Makefile config.status config.cache config.h config.log

27
auth.c
View File

@ -17,15 +17,12 @@
*/ */
/* /*
* $Id: auth.c,v 1.9.2.1 2007/06/29 05:25:45 mtbishop Exp $ * $Id: auth.c,v 1.9.2.2 2008/01/07 22:12:48 mtbishop Exp $
*/ */
/* /*
* Challenge based authentication. * Challenge based authentication.
* Thanx to Chris Todd<christ@insynq.com> for the good idea. * Thanx to Chris Todd<christ@insynq.com> for the good idea.
*
* Jim Yonan, 05/24/2001
* gen_chal rewrite to use better random number generator
*/ */
#include "config.h" #include "config.h"
@ -180,7 +177,10 @@ char *bf2cf(struct vtun_host *host)
return str; return str;
} }
/* return 1 on success, otherwise 0 */ /* return 1 on success, otherwise 0
Example:
FLAGS: <TuE1>
*/
int cf2bf(char *str, struct vtun_host *host) int cf2bf(char *str, struct vtun_host *host)
{ {
@ -188,6 +188,7 @@ int cf2bf(char *str, struct vtun_host *host)
int s; int s;
if( (ptr = strchr(str,'<')) ){ if( (ptr = strchr(str,'<')) ){
vtun_syslog(LOG_DEBUG,"Remote Server sends %s.", ptr);
ptr++; ptr++;
while(*ptr){ while(*ptr){
switch(*ptr++){ switch(*ptr++){
@ -229,10 +230,19 @@ int cf2bf(char *str, struct vtun_host *host)
ptr = p; ptr = p;
break; break;
case 'E': case 'E':
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p) /* new form is 'E10', old form is 'E', so remove the
ptr==p check */
if((s = strtol(ptr,&p,10)) == ERANGE) {
vtun_syslog(LOG_ERR,"Garbled encryption method. Bailing out.");
return 0; return 0;
}
host->flags |= VTUN_ENCRYPT; host->flags |= VTUN_ENCRYPT;
host->cipher = s; if (0 == s) {
host->cipher = VTUN_LEGACY_ENCRYPT;
vtun_syslog(LOG_INFO,"Remote server using older encryption.");
} else {
host->cipher = s;
}
ptr = p; ptr = p;
break; break;
case 'S': case 'S':
@ -244,6 +254,9 @@ int cf2bf(char *str, struct vtun_host *host)
} }
ptr = p; ptr = p;
break; break;
case 'F':
/* reserved for Feature transmit */
break;
case '>': case '>':
return 1; return 1;
default: default:

154
lfd_legacy_encrypt.c Normal file
View File

@ -0,0 +1,154 @@
/*
VTun - Virtual Tunnel over TCP/IP network.
Copyright (C) 1998-2000 Maxim Krasnyansky <max_mk@yahoo.com>
VTun has been derived from VPPP package by Maxim Krasnyansky.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
/*
* $Id: lfd_legacy_encrypt.c,v 1.1.4.1 2008/01/07 22:12:53 mtbishop Exp $
* Code added wholesale temporarily from lfd_encrypt 1.2.2.8
*/
/*
Encryption module uses software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)
Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*/
/*
* This lfd_encrypt module uses MD5 to create 128 bits encryption
* keys and BlowFish for actual data encryption.
* It is based on code written by Chris Todd<christ@insynq.com> with
* several improvements and modifications.
*/
#include "config.h"
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <syslog.h>
#include <strings.h>
#include <string.h>
#include "vtun.h"
#include "linkfd.h"
#include "lib.h"
#ifdef HAVE_SSL
#ifndef __APPLE_CC__
/* OpenSSL includes */
#include <openssl/md5.h>
#include <openssl/blowfish.h>
#else /* YAY - We're MAC OS */
#include <sys/md5.h>
#include <crypto/blowfish.h>
#endif /* __APPLE_CC__ */
#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16
#define ENC_KEY_SIZE 16
BF_KEY key;
char * enc_buf;
int alloc_legacy_encrypt(struct vtun_host *host)
{
if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){
vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor");
return -1;
}
BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL));
vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized");
return 0;
}
int free_legacy_encrypt()
{
lfd_free(enc_buf); enc_buf = NULL;
return 0;
}
int legacy_encrypt_buf(int len, char *in, char **out)
{
register int pad, p;
register char *in_ptr = in, *out_ptr = enc_buf;
/* 8 - ( len % 8 ) */
pad = (~len & 0x07) + 1; p = 8 - pad;
memset(out_ptr, 0, pad);
*out_ptr = (char) pad;
memcpy(out_ptr + pad, in_ptr, p);
BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT);
out_ptr += 8; in_ptr += p;
len = len - p;
for (p=0; p < len; p += 8)
BF_ecb_encrypt(in_ptr + p, out_ptr + p, &key, BF_ENCRYPT);
*out = enc_buf;
return len + 8;
}
int legacy_decrypt_buf(int len, char *in, char **out)
{
register int p;
for (p = 0; p < len; p += 8)
BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT);
p = *in;
if (p < 1 || p > 8) {
vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length");
return 0;
}
*out = in + p;
return len - p;
}
/*
* Module structure.
*/
struct lfd_mod lfd_legacy_encrypt = {
"Encryptor",
alloc_legacy_encrypt,
legacy_encrypt_buf,
NULL,
legacy_decrypt_buf,
NULL,
free_legacy_encrypt,
NULL,
NULL
};
#else /* HAVE_SSL */
int no_legacy_encrypt(struct vtun_host *host)
{
vtun_syslog(LOG_INFO, "Encryption is not supported");
return -1;
}
struct lfd_mod lfd_legacy_encrypt = {
"Encryptor",
no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif /* HAVE_SSL */

View File

@ -17,7 +17,7 @@
*/ */
/* /*
* $Id: linkfd.c,v 1.13.2.1 2007/06/29 05:26:19 mtbishop Exp $ * $Id: linkfd.c,v 1.13.2.2 2008/01/07 22:12:54 mtbishop Exp $
*/ */
#include "config.h" #include "config.h"
@ -365,8 +365,12 @@ int linkfd(struct vtun_host *host)
lfd_add_mod(&lfd_lzo); lfd_add_mod(&lfd_lzo);
if(host->flags & VTUN_ENCRYPT) if(host->flags & VTUN_ENCRYPT)
lfd_add_mod(&lfd_encrypt); if(host->cipher == VTUN_LEGACY_ENCRYPT) {
lfd_add_mod(&lfd_legacy_encrypt);
} else {
lfd_add_mod(&lfd_encrypt);
}
if(host->flags & VTUN_SHAPE) if(host->flags & VTUN_SHAPE)
lfd_add_mod(&lfd_shaper); lfd_add_mod(&lfd_shaper);

View File

@ -17,7 +17,7 @@
*/ */
/* /*
* $Id: linkfd.h,v 1.4.2.1 2007/06/29 05:26:21 mtbishop Exp $ * $Id: linkfd.h,v 1.4.2.2 2008/01/07 22:12:56 mtbishop Exp $
*/ */
#ifndef _LINKFD_H #ifndef _LINKFD_H
@ -87,6 +87,7 @@ struct lfd_mod {
extern struct lfd_mod lfd_zlib; extern struct lfd_mod lfd_zlib;
extern struct lfd_mod lfd_lzo; extern struct lfd_mod lfd_lzo;
extern struct lfd_mod lfd_encrypt; extern struct lfd_mod lfd_encrypt;
extern struct lfd_mod lfd_legacy_encrypt;
extern struct lfd_mod lfd_shaper; extern struct lfd_mod lfd_shaper;
#endif #endif

4
vtun.h
View File

@ -17,7 +17,7 @@
*/ */
/* /*
* $Id: vtun.h,v 1.12.2.1 2007/06/29 05:26:49 mtbishop Exp $ * $Id: vtun.h,v 1.12.2.2 2008/01/07 22:12:59 mtbishop Exp $
*/ */
#ifndef _VTUN_H #ifndef _VTUN_H
@ -155,6 +155,8 @@ extern llist host_list;
#define VTUN_ENC_AES256CFB 15 #define VTUN_ENC_AES256CFB 15
#define VTUN_ENC_AES256OFB 16 #define VTUN_ENC_AES256OFB 16
#define VTUN_LEGACY_ENCRYPT 999
/* Mask to drop the flags which will be supplied by the server */ /* Mask to drop the flags which will be supplied by the server */
#define VTUN_CLNT_MASK 0xf000 #define VTUN_CLNT_MASK 0xf000