Major new upstream release, just ran svn-upgrade for now (and wrote some

debian/changelong entries).

5 files changed, 0 insertions, 625 deletions

diff --git a/programs/ipsec/.cvsignore b/programs/ipsec/.cvsignore
deleted file mode 100644
index 70025a7f8..000000000
--- a/programs/ipsec/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-ipsec
diff --git a/programs/ipsec/Makefile b/programs/ipsec/Makefile
deleted file mode 100644
index fdff3728a..000000000
--- a/programs/ipsec/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-# Makefile for miscelaneous programs
-# Copyright (C) 2002  Michael Richardson	<mcr@freeswan.org>
-# 
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: Makefile,v 1.2 2006/02/10 11:27:31 as Exp $
-
-FREESWANSRCDIR=../..
-include ${FREESWANSRCDIR}/Makefile.inc
-
-PROGRAM=ipsec
-PROGRAMDIR=${SBINDIR}
-MANPROGPREFIX:=./
-LIBFILES:=$(wildcard distro.txt)
-
-include ../Makefile.program
-
-install:: ipsec
-	@$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec
-
diff --git a/programs/ipsec/distro.txt b/programs/ipsec/distro.txt
deleted file mode 100644
index 80f4192a4..000000000
--- a/programs/ipsec/distro.txt
+++ /dev/null
@@ -1 +0,0 @@
-distributed by Andreas Steffen <andreas.steffen@strongswan.org>
diff --git a/programs/ipsec/ipsec.8 b/programs/ipsec/ipsec.8
deleted file mode 100644
index 823289372..000000000
--- a/programs/ipsec/ipsec.8
+++ /dev/null
@@ -1,336 +0,0 @@
-.TH IPSEC 8 "9 February 2006"
-.\" RCSID $Id: ipsec.8,v 1.3 2006/02/09 19:47:38 as Exp $
-.SH NAME
-ipsec \- invoke IPsec utilities
-.SH SYNOPSIS
-.B ipsec
-command [ argument ...]
-.sp
-.B ipsec start|update|reload|restart|stop
-.sp
-.B ipsec up|down|route|unroute
-\fIconnectionname\fP
-.sp
-.B ipsec status|statusall
-[
-\fIconnectionname\fP
-]
-.sp
-.B ipsec listalgs|listpubkeys|listcerts
-[
-.B \-\-utc
-]
-.br
-.B ipsec listcacerts|listaacerts|listocspcerts
-[
-.B \-\-utc
-]
-.br
-.B ipsec listacerts|listgroups|listcainfos
-[
-.B \-\-utc
-]
-.br
-.B ipsec listcrls|listocsp|listcards|listall
-[
-.B \-\-utc
-]
-.sp
-.B ipsec rereadsecrets|rereadgroups
-.br
-.B ipsec rereadcacerts|rereadaacerts|rereadocspcerts
-.br
-.B ipsec rereadacerts|rereadcrls|rereadall
-.sp
-.B ipsec purgeocsp
-.sp
-.B ipsec
-[
-.B \-\-help
-] [
-.B \-\-version
-] [
-.B \-\-versioncode
-] [
-.B \-\-copyright
-]
-.br
-.B ipsec
-[
-.B \-\-directory
-] [
-.B \-\-confdir
-]
-.SH DESCRIPTION
-.I Ipsec
-invokes any of several utilities involved in controlling the IPsec
-encryption/authentication system,
-running the specified
-.I command
-with the specified
-.IR argument s
-as if it had been invoked directly.
-This largely eliminates possible name collisions with other software,
-and also permits some centralized services.
-.PP
-The commands
-.BR start ,
-.BR update ,
-.BR reload ,
-.BR restart ,
-and
-.BR stop
-are built-in and are used to control the
-.BR "ipsec starter"
-utility, an extremely fast replacement for the traditional
-.BR ipsec
-.BR setup
-script.
-.PP
-The commands
-.BR up,
-.BR down,
-.BR route,
-.BR unroute,
-.BR status,
-.BR statusall,
-.BR listalgs,
-.BR listpubkeys,
-.BR listcerts,
-.BR listcacerts,
-.BR listaacerts,
-.BR listocspcerts,
-.BR listacerts,
-.BR listgroups,
-.BR listcainfos,
-.BR listcrls,
-.BR listocsp,
-.BR listcards,
-.BR listall,
-.BR rereadsecrets,
-.BR rereadgroups,
-.BR rereadcacerts,
-.BR rereadaacerts,
-.BR rereadocspcerts,
-.BR rereadacerts,
-.BR rereadcrls,
-and
-.BR rereadall
-are also built-in and completely replace the corresponding
-.BR "ipsec auto"
-\-\-\fIoperation\fP"
-commands. Communication with the pluto daemon happens via the
-.BR "ipsec whack"
-socket interface.
-.PP
-In particular,
-.I ipsec
-supplies the invoked
-.I command
-with a suitable PATH environment variable,
-and also provides IPSEC_DIR,
-IPSEC_CONFS, and IPSEC_VERSION environment variables,
-containing respectively
-the full pathname of the directory where the IPsec utilities are stored,
-the full pathname of the directory where the configuration files live,
-and the IPsec version number.
-.PP
-.B "ipsec start"
-calls
-.BR "ipsec starter"
-which in turn starts \fIpluto\fR.
-.PP
-.B "ipsec update"
-sends a \fIHUP\fR signal to
-.BR "ipsec starter"
-which in turn determines any changes in \fIipsec.conf\fR
-and updates the configuration on the running \fIpluto\fR daemon, correspondingly.
-.PP
-.B "ipsec reload"
-sends a \fIUSR1\fR signal to
-.BR "ipsec starter"
-which in turn reloads the whole configuration on the running \fIpluto\fR daemon
-based on the actual \fIipsec.conf\fR.
-.PP
-.B "ipsec restart"
-executes
-.B "ipsec stop"
-followed by
-.BR "ipsec start".
-.PP
-.B "ipsec stop"
-stops \fIipsec\fR by sending a \fITERM\fR signal to
-.BR "ipsec starter".
-.PP
-.B "ipsec up"
-\fIname\fP tells the \fIpluto\fP daemon to start up connection \fIname\fP.
-.PP
-.B "ipsec down"
-\fIname\fP tells the \fIpluto\fP daemon to take down connection \fIname\fP.
-.PP
-.B "ipsec route"
-\fIname\fP tells the \fIpluto\fP daemon to install a route for connection
-\fIname\fP.
-.PP
-.B "ipsec unroute"
-\fIname\fP tells the \fIpluto\fP daemon to take down the route for connection
-\fIname\fP.
-.PP
-.B "ipsec status"
-[ \fIname\fP ]  gives concise status information either on connection
-\fIname\fP or if the \fIname\fP argument is lacking, on all connections.
-.PP
-.B "ipsec statusall"
-[ \fIname\fP ]  gives detailed status information either on connection
-\fIname\fP or if the \fIname\fP argument is lacking, on all connections.
-.PP
-.B "ipsec listalgs"
-returns a list all supported IKE encryption and hash algorithms, the available
-Diffie-Hellman groups, as well as all supported ESP encryption and authentication
-algorithms.
-.PP
-.B "ipsec listpubkeys"
-returns a list of RSA public keys that were either loaded in raw key format
-or extracted from X.509 and|or OpenPGP certificates.
-.PP
-.B "ipsec listcerts"
-returns a list of X.509 and|or OpenPGP certificates that were loaded locally
-by the \fIpluto\fP daemon.
-.PP
-.B "ipsec listcacerts"
-returns a list of X.509 Certification Authority (CA) certificates that were
-loaded locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/cacerts/\fP
-directory or received in PKCS#7-wrapped certificate payloads via the  IKE
-protocol.
-.PP
-.B "ipsec listaacerts"
-returns a list of X.509 Authorization Authority (AA) certificates that were
-loaded locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/aacerts/\fP
-directory.
-.PP
-.B "ipsec listocspcerts"
-returns a list of X.509 OCSP Signer certificates that were either loaded
-locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/ocspcerts/\fP
-directory or were sent by an OCSP server.
-.PP
-.B "ipsec listacerts"
-returns a list of X.509 Attribute certificates that were loaded locally by
-the \fIpluto\fP daemon from the \fI/etc/ipsec.d/acerts/\fP directory.
-.PP
-.B "ipsec listgroups"
-returns a list of groups that are used to define user authorization profiles.
-.PP
-.B "ipsec listcainfos"
-returns certification authority information (CRL distribution points, OCSP URIs,
-LDAP servers) that were defined by
-.BR ca
-sections in \fIipsec.conf\fP.
-.PP
-.B "ipsec listcrls"
-returns a list of Certificate Revocation Lists (CRLs).
-.PP
-.B "ipsec listocsp"
-returns revocation information fetched from OCSP servers.
-.PP
-.B "ipsec listcards"
-returns a list of certificates residing on smartcards.
-.PP
-.B "ipsec listall"
-returns all information generated by the list commands above. Each list command 
-can be called with the
-\-\-url
-option which displays all dates in UTC instead of local time.
-.PP
-.B "ipsec rereadsecrets"
-flushes and rereads all secrets defined in \fIipsec.conf\fP.
-.PP
-.B "ipsec rereadcacerts"
-reads all certificate files contained in the \fI/etc/ipsec.d/cacerts\fP
-directory and adds them to \fIpluto\fP's list of Certification Authority (CA) certificates.
-.PP
-.B "ipsec rereadaacerts"
-reads all certificate files contained in the \fI/etc/ipsec.d/aacerts\fP
-directory and adds them to \fIpluto\fP's list of Authorization Authority (AA) certificates.
-.PP
-.B "ipsec rereadocspcerts" 
-reads all certificate files contained in the \fI/etc/ipsec.d/ocspcerts/\fP
-directory and adds them to \fIpluto\fP's list of OCSP signer certificates.
-.PP
-.B "ipsec rereadacerts"
-operation reads all certificate files contained in the  \fI/etc/ipsec.d/acerts/\fP
-directory and adds them to \fIpluto\fP's list of attribute certificates.
-.PP
-.B "ipsec rereadcrls"
-reads  all Certificate  Revocation Lists (CRLs) contained in the
-\fI/etc/ipsec.d/crls/\fP directory and adds them to \fIpluto\fP's list of CRLs.
-.PP
-.B "ipsec rereadall"
-is  equivalent  to  the  execution  of  \fBrereadsecrets\fP,
-\fBrereadcacerts\fP, \fBrereadaacerts\fP, \fBrereadocspcerts\fP,
-\fBrereadacerts\fP, and \fBrereadcrls\fP.
-.PP
-.B "ipsec \-\-help"
-lists the available commands.
-Most have their own manual pages, e.g.
-.IR ipsec_auto (8)
-for
-.IR auto .
-.PP
-.B "ipsec \-\-version"
-outputs version information about Linux strongSwan.
-A version code of the form ``U\fIxxx\fR/K\fIyyy\fR''
-indicates that the user-level utilities are version \fIxxx\fR
-but the kernel portion appears to be version \fIyyy\fR
-(this form is used only if the two disagree).
-.PP
-.B "ipsec \-\-versioncode"
-outputs \fIjust\fR the version code,
-with none of
-.BR \-\-version 's
-supporting information,
-for use by scripts.
-.PP
-.B "ipsec \-\-copyright"
-supplies boring copyright details.
-.PP
-.B "ipsec \-\-directory"
-reports where
-.I ipsec
-thinks the IPsec utilities are stored.
-.PP
-.B "ipsec \-\-confdir"
-reports where
-.I ipsec
-thinks the IPsec configuration files are stored.
-.SH FILES
-/usr/local/lib/ipsec	usual utilities directory
-.SH ENVIRONMENT
-.PP
-The following environment variables control where strongSwan finds its
-components.
-The
-.B ipsec
-command sets them if they are not already set.
-.nf
-.na
-IPSEC_EXECDIR	directory containing published commands
-IPSEC_LIBDIR	directory containing internal executables
-IPSEC_SBINDIR	directory containing \fBipsec\fP command
-IPSEC_CONFS	directory containing configuration files
-.ad
-.fi
-.SH SEE ALSO
-.hy 0
-.na
-ipsec.conf(5), ipsec.secrets(5),
-ipsec_barf(8),
-.ad
-.hy
-.PP
-.SH HISTORY
-Written for Linux FreeS/WAN
-<http://www.freeswan.org>
-by Henry Spencer.
-Updated and extended for Linux strongSwan
-<http://www.strongswan.org>
-by Andreas Steffen.
diff --git a/programs/ipsec/ipsec.in b/programs/ipsec/ipsec.in
deleted file mode 100755
index 1c657b9e7..000000000
--- a/programs/ipsec/ipsec.in
+++ /dev/null
@@ -1,259 +0,0 @@
-#! /bin/sh
-# prefix command to run stuff from our programs directory
-# Copyright (C) 1998-2002  Henry Spencer.
-# 
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: ipsec.in,v 1.14 2006/05/25 11:52:03 as Exp $
-
-IPSEC_NAME=strongSwan
-
-# where the private directory and the config files are
-IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"
-IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"
-IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"
-IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"
-
-IPSEC_DIR="$IPSEC_LIBDIR"
-export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
-
-IPSEC_STARTER_PID="/var/run/starter.pid"
-
-# standardize PATH, and export it for everything else's benefit
-PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
-export PATH
-
-# things not to be listed in --help command list
-DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'
-
-# version numbering (details filled in by build)
-# Possibly should call a C program to invoke the version_code() function
-# instead, but for performance's sake, we inline it here (and only here).
-version="xxx"
-
-# export the version information
-IPSEC_VERSION="$version"
-export IPSEC_VERSION
-
-# function for the funky user/kernel version stuff
-fixversion() {
-	if test -f /proc/net/ipsec_version
-	then
-	stack=" (KLIPS)"
-	kv="`awk '{print $NF}' /proc/net/ipsec_version`"
-	else
-                if test -f /proc/net/pfkey
-                then
-			stack=" (native)"
-                        kv="`uname -r`"
-                else
-                        kv="(no kernel code presently loaded)"
-                fi
-	fi
-	if test " $kv" != " $version"
-	then
-	version="U$version/K$kv"
-	fi
-	version="$version$stack"
-}
-
-case "$1" in
-'')
-	echo "Usage: ipsec command argument ..."
-	echo "Use --help for list of commands, or see ipsec(8) manual page"
-	echo "or the $IPSEC_NAME documentation for names of the common ones."
-	echo "Most have their own manual pages, e.g. ipsec_auto(8)."
-	echo "See <http://www.strongswan.org> for more general info."
-	exit 0
-	;;
---help)
-	echo "Usage: ipsec command argument ..."
-	echo "where command is one of:"
-	echo "	start|restart  arguments..."
-	echo "	update|reload|stop"
-	echo "	up|down|route|unroute <connectionname>"
-	echo "	status|statusall [<connectionname>]"
-	echo "	ready"
-	echo "	listalgs|listpubkeys|listcerts [--utc]"
-	echo "	listcacerts|listaacerts|listocspcerts [--utc]"
-	echo "	listacerts|listgroups|listcainfos [--utc]"
-	echo "	listcrls|listocsp|listcards|listall [--utc]"
-	echo "	rereadsecrets|rereadgroups"
-	echo "	rereadcacerts|rereadaacerts|rereadocspcerts"
-	echo "	rereadacerts|rereadcrls|rereadall"
-	echo "	purgeocsp"
-	echo "	scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
-        echo "	barf"
-	echo "	openac"
-	echo "	pluto"
-	echo "	scepclient"
-	echo "	secrets"
-	echo "	starter"
-	echo "	version"
-	echo "	whack"
-	echo
-	echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
-	exit 0
-	;;
---versioncode)
-	fixversion
-	echo "$version"
-	exit 0
-	;;
---copyright)
-	set _copyright
-	# and fall through, invoking "ipsec _copyright"
-	;;
---directory)
-	echo "$IPSEC_DIR"
-	exit 0
-	;;
---confdir)
-	echo "$IPSEC_CONFS"
-	exit 0
-	;;
-down)
-	shift
-	if [ "$#" -ne 1 ]
-	then
-	    echo "Usage: ipsec down <connection name>"
-	    exit 1
-	fi
-	$IPSEC_EXECDIR/whack --name "$1" --terminate
-	exit 0
-	;;
-listalgs|listpubkeys|listcerts|listcacerts|\
-listaacerts|listocspcerts|listacerts|listgroups|\
-listcainfos|listcrls|listocsp|listcards|\
-listall|purgeocsp|rereadsecrets|rereadgroups|\
-rereadcacerts|rereadaacerts|rereadocspcerts|\
-rereadacerts|rereadcrls|rereadall)
-	op="$1"
-	shift
-        $IPSEC_EXECDIR/whack "$@" "--$op"
-	exit 0
-	;;
-ready)
-	shift
-	$IPSEC_EXECDIR/whack --listen
-	exit 0
-	;;
-reload)
-	if test -e $IPSEC_STARTER_PID 
-	then
-	    echo "Reloading strongSwan IPsec configuration..." >&2
-	    kill -s USR1 `cat $IPSEC_STARTER_PID`
-	else
-	    echo "ipsec starter is not running" >&2
-	fi
-	exit 0
-	;;
-restart)
-	$IPSEC_SBINDIR/ipsec stop
-	sleep 2
-	shift
-	$IPSEC_SBINDIR/ipsec start "$@"
-	exit 0
-	;;
-route|unroute)
-	op="$1"
-	shift
-	if [ "$#" -ne 1 ]
-	then
-	    echo "Usage: ipsec $op <connection name>"
-	    exit 1
-	fi
-	$IPSEC_EXECDIR/whack --name "$1" "--$op"
-	exit 0
-	;;
-scencrypt|scdecrypt)
-	op="$1"
-	shift
-        $IPSEC_EXECDIR/whack "--$op" "$@"
-	exit 0
-	;;
-start)
-	shift
-	exec $IPSEC_EXECDIR/starter "$@"
-	;;
-status|statusall)
-	op="$1"
-	shift
-	if test $# -eq 0
-	then
-	    $IPSEC_EXECDIR/whack "--$op"
-	else
-	    $IPSEC_EXECDIR/whack --name "$1" "--$op"
-	fi
-	exit 0
-	;;
-stop)
-	if test -e $IPSEC_STARTER_PID 
-	then
-	    echo "Stopping strongSwan IPsec..." >&2
-	    kill `cat $IPSEC_STARTER_PID`
-	else
-	    echo "ipsec starter is not running" >&2
-	fi
-	exit 0
-	;;
-up)
-	shift
-	if [ "$#" -ne 1 ]
-	then
-	    echo "Usage: ipsec up <connection name>"
-	    exit 1
-	fi
-	$IPSEC_EXECDIR/whack --name "$1" --initiate
-	exit 0
-	;;
-update)
-	if test -e $IPSEC_STARTER_PID 
-	then
-	    echo "Updating strongSwan IPsec configuration..." >&2
-	    kill -s HUP `cat $IPSEC_STARTER_PID`
-	else
-	    echo "ipsec starter is not running" >&2
-	fi
-	exit 0
-	;;
-version|--version)
-	fixversion
-	echo "Linux $IPSEC_NAME $version"
-	echo "See \`ipsec --copyright' for copyright information."
-	if [ -f $IPSEC_LIBDIR/distro.txt ]
-	then
-	    cat $IPSEC_LIBDIR/distro.txt
-	fi
-	exit 0
-	;;
---*)
-	echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
-	exit 1
-	;;
-esac
-
-cmd="$1"
-shift
-
-path="$IPSEC_EXECDIR/$cmd"
-
-if test ! -x "$path" 
-then
-    path="$IPSEC_LIBDIR/$cmd"
-    if test ! -x "$path"
-    then
-	echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
-	exit 1
-    fi
-fi
-
-exec $path "$@"