vtun-3.0.3/aclocal.m40000644003736300373630000000251311776427571013747 0ustar bishopbishopdnl Test files AC_DEFUN( AC_TEST_FILES, [ ac_file_found=yes for f in $1; do if test ! -f $2/$f; then ac_file_found=no break; fi done if test "$ac_file_found" = "yes" ; then ifelse([$3], , :,[$3]) else ifelse([$4], , :,[$4]) fi ]) dnl Search for headers, add path to CPPFLAGS if found AC_DEFUN( AC_SEARCH_HEADERS, [ AC_MSG_CHECKING("for $1") ac_hdr_found=no for p in $2; do if test -n "$p"; then dir="$p" else dir="/usr/include" fi AC_TEST_FILES($1, $dir, [ ac_hdr_found=yes break ] ) done if test "$ac_hdr_found" = "yes" ; then if test -n "$p"; then CPPFLAGS="$CPPFLAGS -I$p" fi AC_MSG_RESULT( [($dir) yes] ) ifelse([$3], , :,[$3]) else AC_MSG_RESULT("no") ifelse([$4], , :,[$4]) fi ]) dnl Create links to all files($1) in the directory($2) AC_DEFUN( AC_LINK_DIR, [ for i in $1; do dnl if test -f $2/$i -a ! -f $i; then if test -f $2/$i; then AC_MSG_RESULT(linking $2/$i to $i) ln -f -s $2/$i $i fi done ]) dnl Create driver and protocol links dnl $1 - drivers list, $2 - os dir AC_DEFUN( AC_LINK_DRV, [ AC_MSG_RESULT( creating driver and protocol links ... ) AC_LINK_DIR($1, generic) if test "$2" != ""; then AC_LINK_DIR($1, $2) fi ]) vtun-3.0.3/auth.c0000644003736300373630000002107611203214173013172 0ustar bishopbishop/* VTun - Virtual Tunnel over TCP/IP network. Copyright (C) 1998-2008 Maxim Krasnyansky VTun has been derived from VPPP package by Maxim Krasnyansky. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. */ /* * $Id: auth.c,v 1.9.2.4 2009/04/24 09:15:33 mtbishop Exp $ */ /* * Challenge based authentication. * Thanx to Chris Todd for the good idea. */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETINET_TCP_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #include "vtun.h" #include "lib.h" #include "lock.h" #include "auth.h" /* Encryption and Decryption of the challenge key */ #ifdef HAVE_SSL #include #include #include void gen_chal(char *buf) { RAND_bytes(buf, VTUN_CHAL_SIZE); } void encrypt_chal(char *chal, char *pwd) { register int i; BF_KEY key; BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) BF_ecb_encrypt(chal + i, chal + i, &key, BF_ENCRYPT); } void decrypt_chal(char *chal, char *pwd) { register int i; BF_KEY key; BF_set_key(&key, 16, MD5(pwd,strlen(pwd),NULL)); for(i=0; i < VTUN_CHAL_SIZE; i += 8 ) BF_ecb_encrypt(chal + i, chal + i, &key, BF_DECRYPT); } #else /* HAVE_SSL */ void encrypt_chal(char *chal, char *pwd) { char * xor_msk = pwd; register int i, xor_len = strlen(xor_msk); for(i=0; i < VTUN_CHAL_SIZE; i++) chal[i] ^= xor_msk[i%xor_len]; } void inline decrypt_chal(char *chal, char *pwd) { encrypt_chal(chal, pwd); } /* Generate PSEUDO random challenge key. */ void gen_chal(char *buf) { register int i; srand(time(NULL)); for(i=0; i < VTUN_CHAL_SIZE; i++) buf[i] = (unsigned int)(255.0 * rand()/RAND_MAX); } #endif /* HAVE_SSL */ /* * Functions to convert binary flags to character string. * string format: * C - compression, S - speed for shaper and so on. */ char *bf2cf(struct vtun_host *host) { static char str[20], *ptr = str; *(ptr++) = '<'; switch( host->flags & VTUN_PROT_MASK ){ case VTUN_TCP: *(ptr++) = 'T'; break; case VTUN_UDP: *(ptr++) = 'U'; break; } switch( host->flags & VTUN_TYPE_MASK ){ case VTUN_TTY: *(ptr++) = 't'; break; case VTUN_PIPE: *(ptr++) = 'p'; break; case VTUN_ETHER: *(ptr++) = 'e'; break; case VTUN_TUN: *(ptr++) = 'u'; break; } if( (host->flags & VTUN_SHAPE) /* && host->spd_in */) ptr += sprintf(ptr,"S%d",host->spd_in); if( host->flags & VTUN_ZLIB ) ptr += sprintf(ptr,"C%d", host->zlevel); if( host->flags & VTUN_LZO ) ptr += sprintf(ptr,"L%d", host->zlevel); if( host->flags & VTUN_KEEP_ALIVE ) *(ptr++) = 'K'; if( host->flags & VTUN_ENCRYPT ) { if (host->cipher == VTUN_LEGACY_ENCRYPT) { /* use old flag method */ ptr += sprintf(ptr,"E"); } else { ptr += sprintf(ptr,"E%d", host->cipher); } } strcat(ptr,">"); return str; } /* return 1 on success, otherwise 0 Example: FLAGS: */ int cf2bf(char *str, struct vtun_host *host) { char *ptr, *p; int s; if( (ptr = strchr(str,'<')) ){ vtun_syslog(LOG_DEBUG,"Remote Server sends %s.", ptr); ptr++; while(*ptr){ switch(*ptr++){ case 't': host->flags |= VTUN_TTY; break; case 'p': host->flags |= VTUN_PIPE; break; case 'e': host->flags |= VTUN_ETHER; break; case 'u': host->flags |= VTUN_TUN; break; case 'U': host->flags &= ~VTUN_PROT_MASK; host->flags |= VTUN_UDP; break; case 'T': host->flags &= ~VTUN_PROT_MASK; host->flags |= VTUN_TCP; break; case 'K': host->flags |= VTUN_KEEP_ALIVE; break; case 'C': if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p) return 0; host->flags |= VTUN_ZLIB; host->zlevel = s; ptr = p; break; case 'L': if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p) return 0; host->flags |= VTUN_LZO; host->zlevel = s; ptr = p; break; case 'E': /* new form is 'E10', old form is 'E', so remove the ptr==p check */ if((s = strtol(ptr,&p,10)) == ERANGE) { vtun_syslog(LOG_ERR,"Garbled encryption method. Bailing out."); return 0; } host->flags |= VTUN_ENCRYPT; if (0 == s) { host->cipher = VTUN_LEGACY_ENCRYPT; vtun_syslog(LOG_INFO,"Remote server using older encryption."); } else { host->cipher = s; } ptr = p; break; case 'S': if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p) return 0; if( s ){ host->flags |= VTUN_SHAPE; host->spd_out = s; } ptr = p; break; case 'F': /* reserved for Feature transmit */ break; case '>': return 1; default: return 0; } } } return 0; } /* * Functions to convert binary key data to character string. * string format: */ char *cl2cs(char *chal) { static char str[VTUN_CHAL_SIZE*2+3], *chr="abcdefghijklmnop"; register char *ptr = str; register int i; *(ptr++) = '<'; for(i=0; i> 4) ]; *(ptr++) = chr[ (chal[i] & 0x0f) ]; } *(ptr++) = '>'; *ptr = '\0'; return str; } int cs2cl(char *str, char *chal) { register char *ptr = str; register int i; if( !(ptr = strchr(str,'<')) ) return 0; ptr++; if( !strtok(ptr,">") || strlen(ptr) != VTUN_CHAL_SIZE*2 ) return 0; for(i=0; i 0 ){ buf[sizeof(buf)-1]='\0'; strtok(buf,"\r\n"); if( !(str1=strtok(buf," :")) ) break; if( !(str2=strtok(NULL," :")) ) break; switch( stage ){ case ST_HOST: if( !strcmp(str1,"HOST") ){ host = strdup(str2); gen_chal(chal_req); print_p(fd,"OK CHAL: %s\n", cl2cs(chal_req)); stage = ST_CHAL; continue; } break; case ST_CHAL: if( !strcmp(str1,"CHAL") ){ if( !cs2cl(str2,chal_res) ) break; if( !(h = find_host(host)) ) break; decrypt_chal(chal_res, h->passwd); if( !memcmp(chal_req, chal_res, VTUN_CHAL_SIZE) ){ /* Auth successeful. */ /* Lock host */ if( lock_host(h) < 0 ){ /* Multiple connections are denied */ h = NULL; break; } print_p(fd,"OK FLAGS: %s\n", bf2cf(h)); } else h = NULL; } break; } break; } if( host ) free(host); if( !h ) print_p(fd,"ERR\n"); return h; } /* Authentication (Client side) */ int auth_client(int fd, struct vtun_host *host) { char buf[VTUN_MESG_SIZE], chal[VTUN_CHAL_SIZE]; int stage, success=0 ; stage = ST_INIT; while( readn_t(fd, buf, VTUN_MESG_SIZE, vtun.timeout) > 0 ){ buf[sizeof(buf)-1]='\0'; switch( stage ){ case ST_INIT: if( !strncmp(buf,"VTUN",4) ){ stage = ST_HOST; print_p(fd,"HOST: %s\n",host->host); continue; } break; case ST_HOST: if( !strncmp(buf,"OK",2) && cs2cl(buf,chal)){ stage = ST_CHAL; encrypt_chal(chal,host->passwd); print_p(fd,"CHAL: %s\n", cl2cs(chal)); continue; } break; case ST_CHAL: if( !strncmp(buf,"OK",2) && cf2bf(buf,host) ) success = 1; break; } break; } return success; } vtun-3.0.3/auth.h0000664003736300373630000000166110740524447013214 0ustar bishopbishop/* VTun - Virtual Tunnel over TCP/IP network. Copyright (C) 1998-2008 Maxim Krasnyansky VTun has been derived from VPPP package by Maxim Krasnyansky. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. */ /* * $Id: auth.h,v 1.3.2.2 2008/01/07 22:35:19 mtbishop Exp $ */ #define VTUN_CHAL_SIZE 16 #define ST_INIT 0 #define ST_HOST 1 #define ST_CHAL 2 struct vtun_host * auth_server(int fd); int auth_client(int fd, struct vtun_host *host); vtun-3.0.3/cfg_file.l0000664003736300373630000000756610740524451014022 0ustar bishopbishop%{ /* VTun - Virtual Tunnel over TCP/IP network. Copyright (C) 1998-2008 Maxim Krasnyansky VTun has been derived from VPPP package by Maxim Krasnyansky. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. */ /* * $Id: cfg_file.l,v 1.4.2.2 2008/01/07 22:35:21 mtbishop Exp $ */ #include "config.h" #include #include "vtun.h" #include "cfg_file.tab.h" #include "cfg_kwords.h" /* static buffer for strings */ char str_buf[255]; int find_keyword(struct kword *kw, char *str); #define ECHO {;} #define YY_DECL int yylex(void) /* Push and pop parser state */ static int stack[16]; static int ptr = 0; #define PUSH_STATE() \ do { \ if( ptr == 16 ){ \ yyerror("To many pushes to parser's state stack"); \ return K_ERROR; \ } \ stack[ptr++] = YY_START; \ } while(0) #define POP_STATE() \ do { \ if( !ptr ){ \ yyerror("To many pops from parser's state stack"); \ return K_ERROR; \ } \ BEGIN(stack[--ptr]); \ } while(0) int cfg_error(const char *ftm, ...); int yyerror(char *str); %} num [0-9]+ dnum {num}:{num} word [A-Za-z0-9\-\_+=\!\$\#\%\&\*\^\@@\\\~\.]+ wordnm {word}:{num} kword [A-Za-z0-9\_\-]+ comment \#.*\n fname [A-Za-z0-9\_\.\-]+ path (\/{fname})+ string \".*\" %x OPTION PARAM %% <*>[ \t] ; /* Skip spaces and tabs (All stages) */ <*>\n { lineno++; } /* (All stages) */ {comment} { lineno++; } /* Skip comments */ {kword} { int kw = find_keyword(cfg_keyword,yytext); if( kw != -1 ) return kw; /* Keyword not found, means host definition. */ yylval.str = yytext; return K_HOST; } {word} { yylval.str = yytext; return K_ERROR; } <*>\{ { PUSH_STATE(); BEGIN(OPTION); return *yytext; } <*>\} { POP_STATE(); return *yytext; }