[packages/vtun.git] / vtun-sslauth.patch

diff -ru vtun-2.5-orig/auth.c vtun-2.5/auth.c
--- vtun-2.5-orig/auth.c	Thu Sep  6 21:43:41 2001
+++ vtun-2.5/auth.c	Sat Feb 16 18:47:19 2002
@@ -26,6 +26,9 @@
  *
  * Jim Yonan, 05/24/2001
  * 	gen_chal rewrite to use better random number generator 
+ *
+ * Artur R. Czechowski <arturcz@hell.pl>, 02/16/2002
+ * 	Add support for connectin ssl to non-ssl vtuns (sslauth option)
  */ 
 
 #include "config.h"
@@ -70,7 +73,7 @@
    RAND_bytes(buf, VTUN_CHAL_SIZE);
 }
 
-void encrypt_chal(char *chal, char *pwd)
+void ssl_encrypt_chal(char *chal, char *pwd)
 { 
    register int i;
    BF_KEY key;
@@ -81,7 +84,7 @@
       BF_ecb_encrypt(chal + i,  chal + i, &key, BF_ENCRYPT);
 }
 
-void decrypt_chal(char *chal, char *pwd)
+void ssl_decrypt_chal(char *chal, char *pwd)
 { 
    register int i;
    BF_KEY key;
@@ -94,20 +97,6 @@
 
 #else /* HAVE_SSL */
 
-void encrypt_chal(char *chal, char *pwd)
-{ 
-   char * xor_msk = pwd;
-   register int i, xor_len = strlen(xor_msk);
-
-   for(i=0; i < VTUN_CHAL_SIZE; i++)
-      chal[i] ^= xor_msk[i%xor_len];
-}
-
-void inline decrypt_chal(char *chal, char *pwd)
-{ 
-   encrypt_chal(chal, pwd);
-}
-
 /* Generate PSEUDO random challenge key. */
 void gen_chal(char *buf)
 {
@@ -118,8 +107,33 @@
    for(i=0; i < VTUN_CHAL_SIZE; i++)
       buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
 }
+
+void ssl_encrypt_chal(char *chal, char *pwd)
+{
+	syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support");
+}
+
+void ssl_decrypt_chal(char *chal, char *pwd)
+{
+	syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support");
+}
+
 #endif /* HAVE_SSL */
 
+void nonssl_encrypt_chal(char *chal, char *pwd)
+{ 
+   char * xor_msk = pwd;
+   register int i, xor_len = strlen(xor_msk);
+
+   for(i=0; i < VTUN_CHAL_SIZE; i++)
+      chal[i] ^= xor_msk[i%xor_len];
+}
+
+void inline nonssl_decrypt_chal(char *chal, char *pwd)
+{ 
+   nonssl_encrypt_chal(chal, pwd);
+}
+
 /* 
  * Functions to convert binary flags to character string.
  * string format:  <CS64> 
@@ -336,7 +350,11 @@
 		   if( !(h = find_host(host)) )
 		      break;
 
-		   decrypt_chal(chal_res, h->passwd);   		
+		   if (h->sslauth) {
+		      ssl_decrypt_chal(chal_res, h->passwd);   		
+		   } else {
+		      nonssl_decrypt_chal(chal_res, h->passwd);   		
+		   }
 	
 		   if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){
 		      /* Auth successeful. */
@@ -388,7 +406,11 @@
 		   if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){
 		      stage = ST_CHAL;
 					
-		      encrypt_chal(chal,host->passwd);
+		      if (host->sslauth) {
+		         ssl_encrypt_chal(chal,host->passwd);
+		      } else {
+		         nonssl_encrypt_chal(chal,host->passwd);
+		      }
 		      print_p(fd,"CHAL: %s\n", cl2cs(chal));
 
 		      continue;
diff -ru vtun-2.5-orig/cfg_file.y vtun-2.5/cfg_file.y
--- vtun-2.5-orig/cfg_file.y	Sat Feb 16 15:49:22 2002
+++ vtun-2.5/cfg_file.y	Sat Feb 16 18:47:56 2002
@@ -73,7 +73,7 @@
 %token K_OPTIONS K_DEFAULT K_PORT K_PERSIST K_TIMEOUT
 %token K_PASSWD K_PROG K_PPP K_SPEED K_IFCFG K_FWALL K_ROUTE K_DEVICE 
 %token K_MULTI K_SRCADDR K_IFACE K_ADDR
-%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT
+%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT K_SSLAUTH
 %token K_UP K_DOWN K_SYSLOG K_IPROUTE
 
 %token <str> K_HOST K_ERROR
@@ -253,6 +253,13 @@
 			  parse_host->flags &= ~(VTUN_ZLIB | VTUN_LZO); 
 			}
 			compress
+
+  | K_SSLAUTH NUM 	{ 
+	      		  parse_host->sslauth = $2;
+
+			  if(vtun.sslauth == -1) 
+			     vtun.sslauth = $2; 	
+			}
 
   | K_ENCRYPT NUM 	{  
 			  if( $2 )
diff -ru vtun-2.5-orig/cfg_kwords.h vtun-2.5/cfg_kwords.h
--- vtun-2.5-orig/cfg_kwords.h	Sat Dec 29 18:01:01 2001
+++ vtun-2.5/cfg_kwords.h	Sat Feb 16 18:31:30 2002
@@ -36,6 +36,7 @@
    { "srcaddr",  K_SRCADDR }, 
    { "addr",  	 K_ADDR }, 
    { "iface",  	 K_IFACE }, 
+   { "sslauth",	 K_SSLAUTH }, 
    { "persist",	 K_PERSIST }, 
    { "multi",	 K_MULTI }, 
    { "iface",    K_IFACE }, 
diff -ru vtun-2.5-orig/vtun.h vtun-2.5/vtun.h
--- vtun-2.5-orig/vtun.h	Sat Dec 29 18:01:01 2001
+++ vtun-2.5/vtun.h	Sat Feb 16 18:31:30 2002
@@ -97,6 +97,9 @@
    int  rmt_fd;
    int  loc_fd;
 
+   /* SSL strong auth */
+   int  sslauth;
+
    /* Persist mode */
    int  persist;
 
@@ -170,6 +173,7 @@
 struct vtun_opts {
    int  timeout;
    int  persist;
+   int  sslauth;
 
    char *cfg_file;
Commit	Line	Data
8c9e995e	1	diff -ru vtun-2.5-orig/auth.c vtun-2.5/auth.c
	2	--- vtun-2.5-orig/auth.c Thu Sep 6 21:43:41 2001
	3	+++ vtun-2.5/auth.c Sat Feb 16 18:47:19 2002
	4	@@ -26,6 +26,9 @@
	5	*
	6	* Jim Yonan, 05/24/2001
	7	* gen_chal rewrite to use better random number generator
	8	+ *
	9	+ * Artur R. Czechowski <arturcz@hell.pl>, 02/16/2002
	10	+ * Add support for connectin ssl to non-ssl vtuns (sslauth option)
	11	*/
	12
	13	#include "config.h"
	14	@@ -70,7 +73,7 @@
	15	RAND_bytes(buf, VTUN_CHAL_SIZE);
	16	}
	17
	18	-void encrypt_chal(char chal, char pwd)
	19	+void ssl_encrypt_chal(char chal, char pwd)
	20	{
	21	register int i;
	22	BF_KEY key;
	23	@@ -81,7 +84,7 @@
	24	BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT);
	25	}
	26
	27	-void decrypt_chal(char chal, char pwd)
	28	+void ssl_decrypt_chal(char chal, char pwd)
	29	{
	30	register int i;
	31	BF_KEY key;
	32	@@ -94,20 +97,6 @@
	33
	34	#else /* HAVE_SSL */
	35
	36	-void encrypt_chal(char chal, char pwd)
	37	-{
	38	- char * xor_msk = pwd;
	39	- register int i, xor_len = strlen(xor_msk);
	40	-
	41	- for(i=0; i < VTUN_CHAL_SIZE; i++)
	42	- chal[i] ^= xor_msk[i%xor_len];
	43	-}
	44	-
	45	-void inline decrypt_chal(char chal, char pwd)
	46	-{
	47	- encrypt_chal(chal, pwd);
	48	-}
	49	-
	50	/* Generate PSEUDO random challenge key. */
	51	void gen_chal(char *buf)
	52	{
	53	@@ -118,8 +107,33 @@
	54	for(i=0; i < VTUN_CHAL_SIZE; i++)
	55	buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
	56	}
	57	+
	58	+void ssl_encrypt_chal(char chal, char pwd)
	59	+{
	60	+ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support");
	61	+}
	62	+
	63	+void ssl_decrypt_chal(char chal, char pwd)
	64	+{
65	+ syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support");
66	+}
67	+
68	#endif /* HAVE_SSL */
69
70	+void nonssl_encrypt_chal(char chal, char pwd)
71	+{
72	+ char * xor_msk = pwd;
73	+ register int i, xor_len = strlen(xor_msk);
74	+
75	+ for(i=0; i < VTUN_CHAL_SIZE; i++)
76	+ chal[i] ^= xor_msk[i%xor_len];
77	+}
78	+
79	+void inline nonssl_decrypt_chal(char chal, char pwd)
80	+{
81	+ nonssl_encrypt_chal(chal, pwd);
82	+}
83	+
84	/*
85	* Functions to convert binary flags to character string.
86	* string format: <CS64>
87	@@ -336,7 +350,11 @@
88	if( !(h = find_host(host)) )
89	break;
90
91	- decrypt_chal(chal_res, h->passwd);
92	+ if (h->sslauth) {
93	+ ssl_decrypt_chal(chal_res, h->passwd);
94	+ } else {
95	+ nonssl_decrypt_chal(chal_res, h->passwd);
96	+ }
97
98	if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){
99	/* Auth successeful. */
100	@@ -388,7 +406,11 @@
101	if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){
102	stage = ST_CHAL;
103
104	- encrypt_chal(chal,host->passwd);
105	+ if (host->sslauth) {
106	+ ssl_encrypt_chal(chal,host->passwd);
107	+ } else {
108	+ nonssl_encrypt_chal(chal,host->passwd);
109	+ }
110	print_p(fd,"CHAL: %s\n", cl2cs(chal));
111
112	continue;
113	diff -ru vtun-2.5-orig/cfg_file.y vtun-2.5/cfg_file.y
114	--- vtun-2.5-orig/cfg_file.y Sat Feb 16 15:49:22 2002
115	+++ vtun-2.5/cfg_file.y Sat Feb 16 18:47:56 2002
116	@@ -73,7 +73,7 @@
117	%token K_OPTIONS K_DEFAULT K_PORT K_PERSIST K_TIMEOUT
118	%token K_PASSWD K_PROG K_PPP K_SPEED K_IFCFG K_FWALL K_ROUTE K_DEVICE
119	%token K_MULTI K_SRCADDR K_IFACE K_ADDR
120	-%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT
121	+%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT K_SSLAUTH
122	%token K_UP K_DOWN K_SYSLOG K_IPROUTE
123
124	%token <str> K_HOST K_ERROR
125	@@ -253,6 +253,13 @@
126	parse_host->flags &= ~(VTUN_ZLIB \| VTUN_LZO);
127	}
128	compress
129	+
130	+ \| K_SSLAUTH NUM {
131	+ parse_host->sslauth = $2;
132	+
133	+ if(vtun.sslauth == -1)
134	+ vtun.sslauth = $2;
135	+ }
136
137	\| K_ENCRYPT NUM {
138	if( $2 )
139	diff -ru vtun-2.5-orig/cfg_kwords.h vtun-2.5/cfg_kwords.h
140	--- vtun-2.5-orig/cfg_kwords.h Sat Dec 29 18:01:01 2001
141	+++ vtun-2.5/cfg_kwords.h Sat Feb 16 18:31:30 2002
142	@@ -36,6 +36,7 @@
143	{ "srcaddr", K_SRCADDR },
144	{ "addr", K_ADDR },
145	{ "iface", K_IFACE },
146	+ { "sslauth", K_SSLAUTH },
147	{ "persist", K_PERSIST },
148	{ "multi", K_MULTI },
149	{ "iface", K_IFACE },
150	diff -ru vtun-2.5-orig/vtun.h vtun-2.5/vtun.h
151	--- vtun-2.5-orig/vtun.h Sat Dec 29 18:01:01 2001
152	+++ vtun-2.5/vtun.h Sat Feb 16 18:31:30 2002
153	@@ -97,6 +97,9 @@
154	int rmt_fd;
155	int loc_fd;
156
157	+ /* SSL strong auth */
158	+ int sslauth;
159	+
160	/* Persist mode */
161	int persist;
162
163	@@ -170,6 +173,7 @@
164	struct vtun_opts {
165	int timeout;
166	int persist;
167	+ int sslauth;
168
169	char *cfg_file;
170