buy-back from bug1685781 - vtun3 client should parse vtun2 server encr directives
This commit is contained in:
parent
e971c621d2
commit
a460c4bfc1
@ -1,4 +1,5 @@
|
||||
3.0.2:
|
||||
ref1685781 - vtun3 client should parse vtun2 server encr directives (hch)
|
||||
rfe1744575 - cfg_file.y bugs (mf)
|
||||
rfe1738167 - build on c5 still fails (bc)
|
||||
|
||||
@ -68,7 +69,7 @@ ver 2.5:
|
||||
Fixes to support both Linux TUN/TAP drivers.
|
||||
|
||||
ver 2.5b1:
|
||||
Encryption fixes: improved challenge generation, padding check.
|
||||
Encryption fixes: improved challenge generation (jy), padding check.
|
||||
Config parser fixes. Don't allow empty passwords.
|
||||
New config option to specify syslog logging facility.
|
||||
Support for new Linux TUN/TAP driver.
|
||||
|
142
Credits
Normal file
142
Credits
Normal file
@ -0,0 +1,142 @@
|
||||
Author of this package is Maxim Krasnyansky <max_mk@yahoo.com>.
|
||||
|
||||
A lot of thanks to the following people for their suggestions and
|
||||
contributions:
|
||||
|
||||
Gayaneh Krasnyanskaya(Max's Wife) <gayaneh@yahoo.com>
|
||||
Initial Web site creation. And a lot of other help :)))
|
||||
|
||||
Alex Korenkov <alex@uznet.net>
|
||||
Testing, bug reports.
|
||||
|
||||
Shukhrat Zakhidov <shukhrat@ishonch.uz>
|
||||
Testing, bug reports, suggestions.
|
||||
|
||||
Dag Wieers <dag@mind.be>
|
||||
Initial RPM packager specification file.
|
||||
RedHat startup script.
|
||||
Several bug reports.
|
||||
SOCKS support suggestions.
|
||||
|
||||
Ted Rolle <ted@acacia.datacomm.com>
|
||||
Spelling fixes.
|
||||
|
||||
Craig Sanders <cas@taz.net.au>
|
||||
Debian startup script.
|
||||
|
||||
Catalin Ciocoiu <catalin@ccp.pub.ro>
|
||||
Reported compilation problems.
|
||||
|
||||
Timur Danyarhojaev <tid@podolsk.ru>
|
||||
Added client source address option.
|
||||
|
||||
Andreas Kainz <aka@gams.at>
|
||||
RPM package improvements.
|
||||
|
||||
Chris Todd <christ@insynq.com>
|
||||
Idea of challenge based authentication.
|
||||
Initial BlowFish encryption code.
|
||||
Suggestions.
|
||||
|
||||
Garet Krampe <garet@satix.net>
|
||||
A lot of great ideas. Mailing list.
|
||||
Web site mirror.
|
||||
|
||||
Denis Zapolsky <denis@granch.com.my>
|
||||
Testing.
|
||||
|
||||
Vadim Zaliva <lord@crocodile.org>
|
||||
Solaris patches. Suggestions.
|
||||
|
||||
Hurricane Floyd <floyd@hurricanes.org>
|
||||
Max had several vacations.
|
||||
Bishop had no power or water, and was able
|
||||
to experience the Third World.
|
||||
:)))))))))))))))))))
|
||||
|
||||
James B. MacLean <macleajb@Trademart-1.EDnet.NS.CA>
|
||||
Client persist mode fix. Suggestions.
|
||||
|
||||
Paul <xerox@httpd.net>
|
||||
Stress tests, bug reports, suggestions.
|
||||
|
||||
Maksim Yevenkin <m_evmenkin@yahoo.com>
|
||||
TAP driver for FreeBSD.
|
||||
|
||||
Anthon Walters <anthon@ws.co.za>
|
||||
Web site mirror. Testing. Initial FAQ.
|
||||
|
||||
Ryan Defelice <ryand@mobiletel.com>
|
||||
OpenBSD package maintainer. Provided OpenBSD server for
|
||||
development and testing
|
||||
|
||||
Alexander Bergolth <leo@strike.wu-wien.ac.at>
|
||||
Initial multiple connection handling and host lock functionalities.
|
||||
Improvements and fixes of source address option. Incorrect error
|
||||
handling fix. Ideas. Suggestions.
|
||||
|
||||
Hubert Feyrer <feyrer@rfhs8012.fh-regensburg.de>
|
||||
NetBSD package.
|
||||
|
||||
Hiroharu Tamaru <tamaru@ap.t.u-tokyo.ac.jp>
|
||||
Updated FreeBSD 4.0 TUN driver support.
|
||||
|
||||
Terry Donaldson <tsd@geo-mis.com>
|
||||
Provided Solaris 8.0 server for development and testing.
|
||||
|
||||
Daniel Podlejski <underley@underley.eu.org>
|
||||
TUN/TAP driver modifications for 2.3.99-pre5 kernel.
|
||||
|
||||
Michael Tokarev <mjt@tls.msk.ru>
|
||||
File descriptors and memory leaks fix.
|
||||
Tons of other bug fixes and patches. Suggestions. Ideas.
|
||||
|
||||
Xavier <xavier@bru-noc.net>
|
||||
European web site mirror.
|
||||
|
||||
Chris Snell <chris@bikeworld.com>
|
||||
Mailing list archives.
|
||||
|
||||
Robert Stone <talby@trap.mtview.ca.us>
|
||||
Security enhancements. Suggestions. Ideas.
|
||||
Encryption and other subsystems rework for 3.X.
|
||||
|
||||
Steinar H. Gunderson <sgunderson@bigfoot.com>
|
||||
Tons of stability fixes and problem reports.
|
||||
Ideas and suggestions.
|
||||
|
||||
Yan Seiner <yan@cardinalengineering.com>
|
||||
Testing. Bug reports. Suggestions.
|
||||
|
||||
James Yonan <jim@funnybee.ntlp.com>
|
||||
Encryption and other fixes. Suggestions.
|
||||
|
||||
Greg Olszewski <noop@nwonknu.org>
|
||||
Config parser and other fixes. Suggestions.
|
||||
|
||||
Kevin P. Fleming <kevin@labsysgrp.com>
|
||||
Makefile and config parser enhancement.
|
||||
Other minor fixes and suggestions.
|
||||
|
||||
Robert R. Wal <rrw@hell.pl>
|
||||
Added support for iproute command.
|
||||
|
||||
Willems Luc <willems.luc@pandora.be>
|
||||
Initial SuSE packaging. Testing.
|
||||
|
||||
Nickolai Zeldovich <nickolai@cs.stanford.edu>
|
||||
mlockall() support to prevent VM collapse.
|
||||
|
||||
Dale Fountain <dpf-vtun@fountainbay.com>
|
||||
Added multiple cipher support.
|
||||
Added multiple cipher modes support.
|
||||
Added support for different sized keys.
|
||||
Re-sync ciphers when using non-ECB modes over a UDP connection.
|
||||
Fixed Bug#908824 (persist=keep not re-applying routes)
|
||||
|
||||
Alan Grow <agrow-at-thegotonerd.com>
|
||||
Added a Listening Address/Interface (rfe936523)
|
||||
Cleaned up the code around that portion of the config.
|
||||
|
||||
Hans Carlos Hoffman <hchs.de>
|
||||
Inventive method for vtund3c->vtund2s encryption (rfe1685781)
|
@ -15,7 +15,7 @@
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# $Id: Makefile.in,v 1.11.2.1 2007/06/29 05:26:33 mtbishop Exp $
|
||||
# $Id: Makefile.in,v 1.11.2.2 2008/01/07 22:12:57 mtbishop Exp $
|
||||
#
|
||||
CC = @CC@
|
||||
CFLAGS = @CFLAGS@ @CPPFLAGS@
|
||||
@ -50,7 +50,7 @@ OBJS = main.o cfg_file.tab.o cfg_file.lex.o server.o client.o lib.o \
|
||||
llist.o auth.o tunnel.o lock.o netlib.o \
|
||||
tun_dev.o tap_dev.o pty_dev.o pipe_dev.o \
|
||||
tcp_proto.o udp_proto.o \
|
||||
linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o
|
||||
linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o lfd_legacy_encrypt.o
|
||||
|
||||
CONFIGURE_FILES = Makefile config.status config.cache config.h config.log
|
||||
|
||||
|
27
auth.c
27
auth.c
@ -17,15 +17,12 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: auth.c,v 1.9.2.1 2007/06/29 05:25:45 mtbishop Exp $
|
||||
* $Id: auth.c,v 1.9.2.2 2008/01/07 22:12:48 mtbishop Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
* Challenge based authentication.
|
||||
* Thanx to Chris Todd<christ@insynq.com> for the good idea.
|
||||
*
|
||||
* Jim Yonan, 05/24/2001
|
||||
* gen_chal rewrite to use better random number generator
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
@ -180,7 +177,10 @@ char *bf2cf(struct vtun_host *host)
|
||||
return str;
|
||||
}
|
||||
|
||||
/* return 1 on success, otherwise 0 */
|
||||
/* return 1 on success, otherwise 0
|
||||
Example:
|
||||
FLAGS: <TuE1>
|
||||
*/
|
||||
|
||||
int cf2bf(char *str, struct vtun_host *host)
|
||||
{
|
||||
@ -188,6 +188,7 @@ int cf2bf(char *str, struct vtun_host *host)
|
||||
int s;
|
||||
|
||||
if( (ptr = strchr(str,'<')) ){
|
||||
vtun_syslog(LOG_DEBUG,"Remote Server sends %s.", ptr);
|
||||
ptr++;
|
||||
while(*ptr){
|
||||
switch(*ptr++){
|
||||
@ -229,10 +230,19 @@ int cf2bf(char *str, struct vtun_host *host)
|
||||
ptr = p;
|
||||
break;
|
||||
case 'E':
|
||||
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
|
||||
/* new form is 'E10', old form is 'E', so remove the
|
||||
ptr==p check */
|
||||
if((s = strtol(ptr,&p,10)) == ERANGE) {
|
||||
vtun_syslog(LOG_ERR,"Garbled encryption method. Bailing out.");
|
||||
return 0;
|
||||
}
|
||||
host->flags |= VTUN_ENCRYPT;
|
||||
host->cipher = s;
|
||||
if (0 == s) {
|
||||
host->cipher = VTUN_LEGACY_ENCRYPT;
|
||||
vtun_syslog(LOG_INFO,"Remote server using older encryption.");
|
||||
} else {
|
||||
host->cipher = s;
|
||||
}
|
||||
ptr = p;
|
||||
break;
|
||||
case 'S':
|
||||
@ -244,6 +254,9 @@ int cf2bf(char *str, struct vtun_host *host)
|
||||
}
|
||||
ptr = p;
|
||||
break;
|
||||
case 'F':
|
||||
/* reserved for Feature transmit */
|
||||
break;
|
||||
case '>':
|
||||
return 1;
|
||||
default:
|
||||
|
154
lfd_legacy_encrypt.c
Normal file
154
lfd_legacy_encrypt.c
Normal file
@ -0,0 +1,154 @@
|
||||
/*
|
||||
VTun - Virtual Tunnel over TCP/IP network.
|
||||
|
||||
Copyright (C) 1998-2000 Maxim Krasnyansky <max_mk@yahoo.com>
|
||||
|
||||
VTun has been derived from VPPP package by Maxim Krasnyansky.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: lfd_legacy_encrypt.c,v 1.1.4.1 2008/01/07 22:12:53 mtbishop Exp $
|
||||
* Code added wholesale temporarily from lfd_encrypt 1.2.2.8
|
||||
*/
|
||||
|
||||
/*
|
||||
Encryption module uses software developed by the OpenSSL Project
|
||||
for use in the OpenSSL Toolkit. (http://www.openssl.org/)
|
||||
Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This lfd_encrypt module uses MD5 to create 128 bits encryption
|
||||
* keys and BlowFish for actual data encryption.
|
||||
* It is based on code written by Chris Todd<christ@insynq.com> with
|
||||
* several improvements and modifications.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <syslog.h>
|
||||
#include <strings.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "vtun.h"
|
||||
#include "linkfd.h"
|
||||
#include "lib.h"
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
|
||||
#ifndef __APPLE_CC__
|
||||
/* OpenSSL includes */
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/blowfish.h>
|
||||
#else /* YAY - We're MAC OS */
|
||||
#include <sys/md5.h>
|
||||
#include <crypto/blowfish.h>
|
||||
#endif /* __APPLE_CC__ */
|
||||
|
||||
#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16
|
||||
#define ENC_KEY_SIZE 16
|
||||
|
||||
BF_KEY key;
|
||||
char * enc_buf;
|
||||
|
||||
int alloc_legacy_encrypt(struct vtun_host *host)
|
||||
{
|
||||
if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){
|
||||
vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor");
|
||||
return -1;
|
||||
}
|
||||
|
||||
BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL));
|
||||
|
||||
vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized");
|
||||
return 0;
|
||||
}
|
||||
|
||||
int free_legacy_encrypt()
|
||||
{
|
||||
lfd_free(enc_buf); enc_buf = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int legacy_encrypt_buf(int len, char *in, char **out)
|
||||
{
|
||||
register int pad, p;
|
||||
register char *in_ptr = in, *out_ptr = enc_buf;
|
||||
|
||||
/* 8 - ( len % 8 ) */
|
||||
pad = (~len & 0x07) + 1; p = 8 - pad;
|
||||
|
||||
memset(out_ptr, 0, pad);
|
||||
*out_ptr = (char) pad;
|
||||
memcpy(out_ptr + pad, in_ptr, p);
|
||||
BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT);
|
||||
out_ptr += 8; in_ptr += p;
|
||||
len = len - p;
|
||||
|
||||
for (p=0; p < len; p += 8)
|
||||
BF_ecb_encrypt(in_ptr + p, out_ptr + p, &key, BF_ENCRYPT);
|
||||
|
||||
*out = enc_buf;
|
||||
return len + 8;
|
||||
}
|
||||
|
||||
int legacy_decrypt_buf(int len, char *in, char **out)
|
||||
{
|
||||
register int p;
|
||||
|
||||
for (p = 0; p < len; p += 8)
|
||||
BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT);
|
||||
|
||||
p = *in;
|
||||
if (p < 1 || p > 8) {
|
||||
vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length");
|
||||
return 0;
|
||||
}
|
||||
|
||||
*out = in + p;
|
||||
|
||||
return len - p;
|
||||
}
|
||||
|
||||
/*
|
||||
* Module structure.
|
||||
*/
|
||||
struct lfd_mod lfd_legacy_encrypt = {
|
||||
"Encryptor",
|
||||
alloc_legacy_encrypt,
|
||||
legacy_encrypt_buf,
|
||||
NULL,
|
||||
legacy_decrypt_buf,
|
||||
NULL,
|
||||
free_legacy_encrypt,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
#else /* HAVE_SSL */
|
||||
|
||||
int no_legacy_encrypt(struct vtun_host *host)
|
||||
{
|
||||
vtun_syslog(LOG_INFO, "Encryption is not supported");
|
||||
return -1;
|
||||
}
|
||||
|
||||
struct lfd_mod lfd_legacy_encrypt = {
|
||||
"Encryptor",
|
||||
no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
|
||||
};
|
||||
|
||||
#endif /* HAVE_SSL */
|
8
linkfd.c
8
linkfd.c
@ -17,7 +17,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: linkfd.c,v 1.13.2.1 2007/06/29 05:26:19 mtbishop Exp $
|
||||
* $Id: linkfd.c,v 1.13.2.2 2008/01/07 22:12:54 mtbishop Exp $
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
@ -365,7 +365,11 @@ int linkfd(struct vtun_host *host)
|
||||
lfd_add_mod(&lfd_lzo);
|
||||
|
||||
if(host->flags & VTUN_ENCRYPT)
|
||||
lfd_add_mod(&lfd_encrypt);
|
||||
if(host->cipher == VTUN_LEGACY_ENCRYPT) {
|
||||
lfd_add_mod(&lfd_legacy_encrypt);
|
||||
} else {
|
||||
lfd_add_mod(&lfd_encrypt);
|
||||
}
|
||||
|
||||
if(host->flags & VTUN_SHAPE)
|
||||
lfd_add_mod(&lfd_shaper);
|
||||
|
3
linkfd.h
3
linkfd.h
@ -17,7 +17,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: linkfd.h,v 1.4.2.1 2007/06/29 05:26:21 mtbishop Exp $
|
||||
* $Id: linkfd.h,v 1.4.2.2 2008/01/07 22:12:56 mtbishop Exp $
|
||||
*/
|
||||
|
||||
#ifndef _LINKFD_H
|
||||
@ -87,6 +87,7 @@ struct lfd_mod {
|
||||
extern struct lfd_mod lfd_zlib;
|
||||
extern struct lfd_mod lfd_lzo;
|
||||
extern struct lfd_mod lfd_encrypt;
|
||||
extern struct lfd_mod lfd_legacy_encrypt;
|
||||
extern struct lfd_mod lfd_shaper;
|
||||
|
||||
#endif
|
||||
|
4
vtun.h
4
vtun.h
@ -17,7 +17,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: vtun.h,v 1.12.2.1 2007/06/29 05:26:49 mtbishop Exp $
|
||||
* $Id: vtun.h,v 1.12.2.2 2008/01/07 22:12:59 mtbishop Exp $
|
||||
*/
|
||||
|
||||
#ifndef _VTUN_H
|
||||
@ -155,6 +155,8 @@ extern llist host_list;
|
||||
#define VTUN_ENC_AES256CFB 15
|
||||
#define VTUN_ENC_AES256OFB 16
|
||||
|
||||
#define VTUN_LEGACY_ENCRYPT 999
|
||||
|
||||
/* Mask to drop the flags which will be supplied by the server */
|
||||
#define VTUN_CLNT_MASK 0xf000
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user