]>
Commit | Line | Data |
---|---|---|
8c9e995e | 1 | diff -ru vtun-2.5-orig/auth.c vtun-2.5/auth.c |
2 | --- vtun-2.5-orig/auth.c Thu Sep 6 21:43:41 2001 | |
3 | +++ vtun-2.5/auth.c Sat Feb 16 18:47:19 2002 | |
4 | @@ -26,6 +26,9 @@ | |
5 | * | |
6 | * Jim Yonan, 05/24/2001 | |
7 | * gen_chal rewrite to use better random number generator | |
8 | + * | |
9 | + * Artur R. Czechowski <arturcz@hell.pl>, 02/16/2002 | |
10 | + * Add support for connectin ssl to non-ssl vtuns (sslauth option) | |
11 | */ | |
12 | ||
13 | #include "config.h" | |
14 | @@ -70,7 +73,7 @@ | |
15 | RAND_bytes(buf, VTUN_CHAL_SIZE); | |
16 | } | |
17 | ||
18 | -void encrypt_chal(char *chal, char *pwd) | |
19 | +void ssl_encrypt_chal(char *chal, char *pwd) | |
20 | { | |
21 | register int i; | |
22 | BF_KEY key; | |
23 | @@ -81,7 +84,7 @@ | |
24 | BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT); | |
25 | } | |
26 | ||
27 | -void decrypt_chal(char *chal, char *pwd) | |
28 | +void ssl_decrypt_chal(char *chal, char *pwd) | |
29 | { | |
30 | register int i; | |
31 | BF_KEY key; | |
32 | @@ -94,20 +97,6 @@ | |
33 | ||
34 | #else /* HAVE_SSL */ | |
35 | ||
36 | -void encrypt_chal(char *chal, char *pwd) | |
37 | -{ | |
38 | - char * xor_msk = pwd; | |
39 | - register int i, xor_len = strlen(xor_msk); | |
40 | - | |
41 | - for(i=0; i < VTUN_CHAL_SIZE; i++) | |
42 | - chal[i] ^= xor_msk[i%xor_len]; | |
43 | -} | |
44 | - | |
45 | -void inline decrypt_chal(char *chal, char *pwd) | |
46 | -{ | |
47 | - encrypt_chal(chal, pwd); | |
48 | -} | |
49 | - | |
50 | /* Generate PSEUDO random challenge key. */ | |
51 | void gen_chal(char *buf) | |
52 | { | |
53 | @@ -118,8 +107,33 @@ | |
54 | for(i=0; i < VTUN_CHAL_SIZE; i++) | |
55 | buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX); | |
56 | } | |
57 | + | |
58 | +void ssl_encrypt_chal(char *chal, char *pwd) | |
59 | +{ | |
60 | + syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support"); | |
61 | +} | |
62 | + | |
63 | +void ssl_decrypt_chal(char *chal, char *pwd) | |
64 | +{ | |
65 | + syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support"); | |
66 | +} | |
67 | + | |
68 | #endif /* HAVE_SSL */ | |
69 | ||
70 | +void nonssl_encrypt_chal(char *chal, char *pwd) | |
71 | +{ | |
72 | + char * xor_msk = pwd; | |
73 | + register int i, xor_len = strlen(xor_msk); | |
74 | + | |
75 | + for(i=0; i < VTUN_CHAL_SIZE; i++) | |
76 | + chal[i] ^= xor_msk[i%xor_len]; | |
77 | +} | |
78 | + | |
79 | +void inline nonssl_decrypt_chal(char *chal, char *pwd) | |
80 | +{ | |
81 | + nonssl_encrypt_chal(chal, pwd); | |
82 | +} | |
83 | + | |
84 | /* | |
85 | * Functions to convert binary flags to character string. | |
86 | * string format: <CS64> | |
87 | @@ -336,7 +350,11 @@ | |
88 | if( !(h = find_host(host)) ) | |
89 | break; | |
90 | ||
91 | - decrypt_chal(chal_res, h->passwd); | |
92 | + if (h->sslauth) { | |
93 | + ssl_decrypt_chal(chal_res, h->passwd); | |
94 | + } else { | |
95 | + nonssl_decrypt_chal(chal_res, h->passwd); | |
96 | + } | |
97 | ||
98 | if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){ | |
99 | /* Auth successeful. */ | |
100 | @@ -388,7 +406,11 @@ | |
101 | if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){ | |
102 | stage = ST_CHAL; | |
103 | ||
104 | - encrypt_chal(chal,host->passwd); | |
105 | + if (host->sslauth) { | |
106 | + ssl_encrypt_chal(chal,host->passwd); | |
107 | + } else { | |
108 | + nonssl_encrypt_chal(chal,host->passwd); | |
109 | + } | |
110 | print_p(fd,"CHAL: %s\n", cl2cs(chal)); | |
111 | ||
112 | continue; | |
113 | diff -ru vtun-2.5-orig/cfg_file.y vtun-2.5/cfg_file.y | |
114 | --- vtun-2.5-orig/cfg_file.y Sat Feb 16 15:49:22 2002 | |
115 | +++ vtun-2.5/cfg_file.y Sat Feb 16 18:47:56 2002 | |
116 | @@ -73,7 +73,7 @@ | |
117 | %token K_OPTIONS K_DEFAULT K_PORT K_PERSIST K_TIMEOUT | |
118 | %token K_PASSWD K_PROG K_PPP K_SPEED K_IFCFG K_FWALL K_ROUTE K_DEVICE | |
119 | %token K_MULTI K_SRCADDR K_IFACE K_ADDR | |
120 | -%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT | |
121 | +%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT K_SSLAUTH | |
122 | %token K_UP K_DOWN K_SYSLOG K_IPROUTE | |
123 | ||
124 | %token <str> K_HOST K_ERROR | |
125 | @@ -253,6 +253,13 @@ | |
126 | parse_host->flags &= ~(VTUN_ZLIB | VTUN_LZO); | |
127 | } | |
128 | compress | |
129 | + | |
130 | + | K_SSLAUTH NUM { | |
131 | + parse_host->sslauth = $2; | |
132 | + | |
133 | + if(vtun.sslauth == -1) | |
134 | + vtun.sslauth = $2; | |
135 | + } | |
136 | ||
137 | | K_ENCRYPT NUM { | |
138 | if( $2 ) | |
139 | diff -ru vtun-2.5-orig/cfg_kwords.h vtun-2.5/cfg_kwords.h | |
140 | --- vtun-2.5-orig/cfg_kwords.h Sat Dec 29 18:01:01 2001 | |
141 | +++ vtun-2.5/cfg_kwords.h Sat Feb 16 18:31:30 2002 | |
142 | @@ -36,6 +36,7 @@ | |
143 | { "srcaddr", K_SRCADDR }, | |
144 | { "addr", K_ADDR }, | |
145 | { "iface", K_IFACE }, | |
146 | + { "sslauth", K_SSLAUTH }, | |
147 | { "persist", K_PERSIST }, | |
148 | { "multi", K_MULTI }, | |
149 | { "iface", K_IFACE }, | |
150 | diff -ru vtun-2.5-orig/vtun.h vtun-2.5/vtun.h | |
151 | --- vtun-2.5-orig/vtun.h Sat Dec 29 18:01:01 2001 | |
152 | +++ vtun-2.5/vtun.h Sat Feb 16 18:31:30 2002 | |
153 | @@ -97,6 +97,9 @@ | |
154 | int rmt_fd; | |
155 | int loc_fd; | |
156 | ||
157 | + /* SSL strong auth */ | |
158 | + int sslauth; | |
159 | + | |
160 | /* Persist mode */ | |
161 | int persist; | |
162 | ||
163 | @@ -170,6 +173,7 @@ | |
164 | struct vtun_opts { | |
165 | int timeout; | |
166 | int persist; | |
167 | + int sslauth; | |
168 | ||
169 | char *cfg_file; | |
170 |