1 diff -ru vtun-2.5-orig/auth.c vtun-2.5/auth.c
2 --- vtun-2.5-orig/auth.c Thu Sep 6 21:43:41 2001
3 +++ vtun-2.5/auth.c Sat Feb 16 18:47:19 2002
6 * Jim Yonan, 05/24/2001
7 * gen_chal rewrite to use better random number generator
9 + * Artur R. Czechowski <arturcz@hell.pl>, 02/16/2002
10 + * Add support for connectin ssl to non-ssl vtuns (sslauth option)
15 RAND_bytes(buf, VTUN_CHAL_SIZE);
18 -void encrypt_chal(char *chal, char *pwd)
19 +void ssl_encrypt_chal(char *chal, char *pwd)
24 BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT);
27 -void decrypt_chal(char *chal, char *pwd)
28 +void ssl_decrypt_chal(char *chal, char *pwd)
36 -void encrypt_chal(char *chal, char *pwd)
38 - char * xor_msk = pwd;
39 - register int i, xor_len = strlen(xor_msk);
41 - for(i=0; i < VTUN_CHAL_SIZE; i++)
42 - chal[i] ^= xor_msk[i%xor_len];
45 -void inline decrypt_chal(char *chal, char *pwd)
47 - encrypt_chal(chal, pwd);
50 /* Generate PSEUDO random challenge key. */
51 void gen_chal(char *buf)
54 for(i=0; i < VTUN_CHAL_SIZE; i++)
55 buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX);
58 +void ssl_encrypt_chal(char *chal, char *pwd)
60 + syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support");
63 +void ssl_decrypt_chal(char *chal, char *pwd)
65 + syslog(LOG_ERR,"Cannot use `sslauth yes' without SSL support");
70 +void nonssl_encrypt_chal(char *chal, char *pwd)
72 + char * xor_msk = pwd;
73 + register int i, xor_len = strlen(xor_msk);
75 + for(i=0; i < VTUN_CHAL_SIZE; i++)
76 + chal[i] ^= xor_msk[i%xor_len];
79 +void inline nonssl_decrypt_chal(char *chal, char *pwd)
81 + nonssl_encrypt_chal(chal, pwd);
85 * Functions to convert binary flags to character string.
86 * string format: <CS64>
88 if( !(h = find_host(host)) )
91 - decrypt_chal(chal_res, h->passwd);
93 + ssl_decrypt_chal(chal_res, h->passwd);
95 + nonssl_decrypt_chal(chal_res, h->passwd);
98 if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){
99 /* Auth successeful. */
101 if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){
104 - encrypt_chal(chal,host->passwd);
105 + if (host->sslauth) {
106 + ssl_encrypt_chal(chal,host->passwd);
108 + nonssl_encrypt_chal(chal,host->passwd);
110 print_p(fd,"CHAL: %s\n", cl2cs(chal));
113 diff -ru vtun-2.5-orig/cfg_file.y vtun-2.5/cfg_file.y
114 --- vtun-2.5-orig/cfg_file.y Sat Feb 16 15:49:22 2002
115 +++ vtun-2.5/cfg_file.y Sat Feb 16 18:47:56 2002
117 %token K_OPTIONS K_DEFAULT K_PORT K_PERSIST K_TIMEOUT
118 %token K_PASSWD K_PROG K_PPP K_SPEED K_IFCFG K_FWALL K_ROUTE K_DEVICE
119 %token K_MULTI K_SRCADDR K_IFACE K_ADDR
120 -%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT
121 +%token K_TYPE K_PROT K_COMPRESS K_ENCRYPT K_KALIVE K_STAT K_SSLAUTH
122 %token K_UP K_DOWN K_SYSLOG K_IPROUTE
124 %token <str> K_HOST K_ERROR
126 parse_host->flags &= ~(VTUN_ZLIB | VTUN_LZO);
131 + parse_host->sslauth = $2;
133 + if(vtun.sslauth == -1)
139 diff -ru vtun-2.5-orig/cfg_kwords.h vtun-2.5/cfg_kwords.h
140 --- vtun-2.5-orig/cfg_kwords.h Sat Dec 29 18:01:01 2001
141 +++ vtun-2.5/cfg_kwords.h Sat Feb 16 18:31:30 2002
143 { "srcaddr", K_SRCADDR },
145 { "iface", K_IFACE },
146 + { "sslauth", K_SSLAUTH },
147 { "persist", K_PERSIST },
148 { "multi", K_MULTI },
149 { "iface", K_IFACE },
150 diff -ru vtun-2.5-orig/vtun.h vtun-2.5/vtun.h
151 --- vtun-2.5-orig/vtun.h Sat Dec 29 18:01:01 2001
152 +++ vtun-2.5/vtun.h Sat Feb 16 18:31:30 2002
157 + /* SSL strong auth */