Major new upstream release, just ran svn-upgrade for now (and wrote some

debian/changelong entries).

1 files changed, 0 insertions, 438 deletions

diff --git a/programs/openac/openac.c b/programs/openac/openac.c
deleted file mode 100755
index 524a302d7..000000000
--- a/programs/openac/openac.c
+++ /dev/null
@@ -1,438 +0,0 @@
-/* Generation of X.509 attribute certificates
- * Copyright (C) 2002  Ueli Galizzi, Ariane Seiler
- * Copyright (C) 2004  Andreas Steffen
- * Zuercher Hochschule Winterthur, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: openac.c,v 1.18 2006/01/04 21:12:33 as Exp $
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <getopt.h>
-#include <ctype.h>
-#include <time.h>
-#include <gmp.h>
-
-#include <freeswan.h>
-
-#include "../pluto/constants.h"
-#include "../pluto/defs.h"
-#include "../pluto/mp_defs.h"
-#include "../pluto/log.h"
-#include "../pluto/asn1.h"
-#include "../pluto/certs.h"
-#include "../pluto/x509.h"
-#include "../pluto/crl.h"
-#include "../pluto/keys.h"
-#include "../pluto/ac.h"
-
-#include "build.h"
-
-#define OPENAC_PATH	"/etc/openac"
-#define OPENAC_SERIAL	"/etc/openac/serial"
-
-const char openac_version[] = "openac 0.3";
-
-/* by default the CRL policy is lenient */
-bool strict_crl_policy = FALSE;
-
-/* by default pluto does not check crls dynamically */
-long crl_check_interval = 0;
-
-/* by default pluto logs out after every smartcard use */
-bool pkcs11_keep_state = FALSE;
-
-static void
-usage(const char *mess)
-{
-    if (mess != NULL && *mess != '\0')
-	fprintf(stderr, "%s\n", mess);
-    fprintf(stderr
-	, "Usage: openac"
-	    " [--help]"
-	    " [--version]"
-	    " [--optionsfrom <filename>]"
-	    " [--quiet]"
-#ifdef DEBUG
-	    " \\\n\t"
-	    "      [--debug-all]"
-	    " [--debug-parsing]"
-	    " [--debug-raw]"
-	    " [--debug-private]"
-#endif
-	    " \\\n\t"
-	    "      [--days <days>]"
-	    " [--hours <hours>]"
-	    " \\\n\t"
-	    "      [--startdate <YYYYMMDDHHMMSSZ>]"
-	    " [--enddate <YYYYMMDDHHMMSSZ>]"
-	    " \\\n\t"
-	    "      --cert <certfile>"
-	    " --key <keyfile>"
-	    " [--password <password>]"
-	    " \\\n\t"
-	    "      --usercert <certfile>"
-	    " --groups <attr1,attr2,..>"
-	    " --out <filename>"
-	    "\n"
-    );
-    exit(mess == NULL? 0 : 1);
-}
-
-/*
- * read the last serial number from file
- */
-static chunk_t
-read_serial(void)
-{
-    MP_INT number;
-
-    char buf[BUF_LEN];
-    char bytes[BUF_LEN];
-
-    FILE *fd = fopen(OPENAC_SERIAL, "r");
-
-    /* serial number defaults to 0 */
-    size_t len = 1;
-    bytes[0] = 0x00;
-
-    if (fd)
-    {
-	if (fscanf(fd, "%s", buf))
-	{
-	    err_t ugh = ttodata(buf, 0, 16, bytes, BUF_LEN, &len);
-
-	    if (ugh != NULL)
-		plog("  error reading serial number from %s: %s"
-		    , OPENAC_SERIAL, ugh);
-	}
-	fclose(fd);
-    }
-    else
-	plog("  file '%s' does not exist yet - serial number set to 01"
-	    , OPENAC_SERIAL);
-
-    /* conversion of read serial number to a multiprecision integer
-     * and incrementing it by one
-     * and representing it as a two's complement octet string
-     */
-    n_to_mpz(&number, bytes, len);
-    mpz_add_ui(&number, &number, 0x01);
-    serial = mpz_to_n(&number, 1 + mpz_sizeinbase(&number, 2)/BITS_PER_BYTE);
-    mpz_clear(&number);
-
-    return serial;
-}
-
-/*
- * write back the last serial number to file
- */
-static void
-write_serial(chunk_t serial)
-{
-    char buf[BUF_LEN];
-
-    FILE *fd = fopen(OPENAC_SERIAL, "w");
-
-    if (fd)
-    {
-	datatot(serial.ptr, serial.len, 16, buf, BUF_LEN);
-	plog("  serial number is %s", buf);
-	fprintf(fd, "%s\n", buf);
-	fclose(fd);
-    }
-    else
-	plog("  could not open file '%s' for writing", OPENAC_SERIAL);
-}
-
-/*
- * global variables accessible by both main() and build.c
- */
-x509cert_t *user   = NULL;
-x509cert_t *signer = NULL;
-
-ietfAttrList_t *groups = NULL;
-struct RSA_private_key *signerkey = NULL;
-
-time_t notBefore = 0;
-time_t notAfter = 0;
-
-chunk_t serial;
-
-
-int
-main(int argc, char **argv)
-{
-    char *keyfile = NULL;
-    char *certfile = NULL;
-    char *usercertfile = NULL;
-    char *outfile = NULL;
-
-    cert_t signercert = empty_cert;
-    cert_t usercert = empty_cert;
-
-    chunk_t attr_cert = empty_chunk;
-    x509acert_t *ac = NULL;
-
-    const time_t default_validity = 24*3600; 	/* 24 hours */
-    time_t validity = 0;
-
-    prompt_pass_t pass;
-
-    pass.secret[0] = '\0';
-    pass.prompt = TRUE;
-    pass.fd = STDIN_FILENO;
-
-    log_to_stderr = TRUE;
-
-    /* handle arguments */
-    for (;;)
-    {
-#	define DBG_OFFSET 256
-	static const struct option long_opts[] = {
-	    /* name, has_arg, flag, val */
-	    { "help", no_argument, NULL, 'h' },
-	    { "version", no_argument, NULL, 'v' },
-	    { "optionsfrom", required_argument, NULL, '+' },
-	    { "quiet", no_argument, NULL, 'q' },
-	    { "cert", required_argument, NULL, 'c' },
-	    { "key", required_argument, NULL, 'k' },
-	    { "password", required_argument, NULL, 'p' },
-	    { "usercert", required_argument, NULL, 'u' },
-	    { "groups", required_argument, NULL, 'g' },
-	    { "days", required_argument, NULL, 'D' },
-	    { "hours", required_argument, NULL, 'H' },
-	    { "startdate", required_argument, NULL, 'S' },
-	    { "enddate", required_argument, NULL, 'E' },
-	    { "out", required_argument, NULL, 'o' },
-#ifdef DEBUG
-	    { "debug-all", no_argument, NULL, 'A' },
-	    { "debug-raw", no_argument, NULL, DBG_RAW + DBG_OFFSET },
-	    { "debug-parsing", no_argument, NULL, DBG_PARSING + DBG_OFFSET },
-	    { "debug-private", no_argument, NULL, DBG_PRIVATE + DBG_OFFSET },
-#endif
-	    { 0,0,0,0 }
-	};
-	
-	int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:", long_opts, NULL);
-
-	/* Note: "breaking" from case terminates loop */
-	switch (c)
-	{
-	case EOF:	/* end of flags */
-	    break;
-
-	case 0: /* long option already handled */
-	    continue;
-
-	case ':':	/* diagnostic already printed by getopt_long */
-	case '?':	/* diagnostic already printed by getopt_long */
-	    usage(NULL);
-	    break;   /* not actually reached */
-
-	case 'h':	/* --help */
-	    usage(NULL);
-	    break;	/* not actually reached */
-
-	case 'v':	/* --version */
-		printf("%s\n", openac_version);
-	    exit(0);
-	    break;	/* not actually reached */
-
-	case '+':	/* --optionsfrom <filename> */
-	    {
-		char path[BUF_LEN];
-
-		if (*optarg == '/')	/* absolute pathname */
-		    strncpy(path, optarg, BUF_LEN);
-		else			/* relative pathname */
-		    snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg);
-		optionsfrom(path, &argc, &argv, optind, stderr);
-		/* does not return on error */
-	    }
-	    continue;
-
-	case 'q':	/* --quiet */
-	    log_to_stderr = TRUE;
-	    continue;
-
-	case 'c':	/* --cert */
-	    certfile = optarg;
-	    continue;
-
-	case 'k':	/* --key */
-	    keyfile = optarg;
-	    continue;
-
-	case 'p':	/* --key */
-	    pass.prompt = FALSE;
-	    strncpy(pass.secret, optarg, sizeof(pass.secret));
-	    continue;
-
-	case 'u':	/* --usercert */
-	    usercertfile = optarg;
-	    continue;
-
-	case 'g':	/* --groups */
-	    decode_groups(optarg, &groups);
-	    continue;
-
-	case 'D':	/* --days */
-            if (optarg == NULL || !isdigit(optarg[0]))
-                usage("missing number of days");
-            {
-                char *endptr;
-                long days = strtol(optarg, &endptr, 0);
-
-                if (*endptr != '\0' || endptr == optarg
-                || days <= 0)
-                    usage("<days> must be a positive number");
-                validity += 24*3600*days;
-            }
-	    continue;
-
-	case 'H':	/* --hours */
-            if (optarg == NULL || !isdigit(optarg[0]))
-                usage("missing number of hours");
-            {
-                char *endptr;
-                long hours = strtol(optarg, &endptr, 0);
-
-                if (*endptr != '\0' || endptr == optarg
-                || hours <= 0)
-                    usage("<hours> must be a positive number");
-                validity += 3600*hours;
-            }
-	    continue;
-
-	case 'S':	/* --startdate */
-            if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
-                usage("date format must be YYYYMMDDHHMMSSZ");
-	    {
-		chunk_t date = { optarg, 15 };
-		notBefore = asn1totime(&date, ASN1_GENERALIZEDTIME);
-	    }
-	    continue;
-
-	case 'E':	/* --enddate */
-            if (optarg == NULL || strlen(optarg) != 15 || optarg[14] != 'Z')
-                usage("date format must be YYYYMMDDHHMMSSZ");
-	    {
-		chunk_t date = { optarg, 15 };
-		notAfter = asn1totime(&date, ASN1_GENERALIZEDTIME);
-	    }
-	    continue;
-
-	case 'o':	/* --outt */
-	    outfile = optarg;
-	    continue	    ;
-
-#ifdef DEBUG
-	case 'A':	/* --debug-all */
-	    base_debugging = DBG_ALL;
-	    continue;
-#endif
-	default:
-#ifdef DEBUG
-	    if (c >= DBG_OFFSET)
-	    {
-		base_debugging |= c - DBG_OFFSET;
-		continue;
-	    }
-#undef	    DBG_OFFSET
-#endif
-	    bad_case(c);
-	}
-	break;
-    }
-
-    init_log("openac");
-    cur_debugging = base_debugging;
-
-    if (optind != argc)
-	usage("unexpected argument");
-
-    /* load the signer's RSA private key */
-    if (keyfile != NULL)
-    {
-	err_t ugh = NULL;
-
-	signerkey = alloc_thing(RSA_private_key_t, "RSA private key");
-	ugh = load_rsa_private_key(keyfile, &pass, signerkey);
-
-	if (ugh != NULL)
-	{
-	    free_RSA_private_content(signerkey);
-	    pfree(signerkey);
-	    plog("%s", ugh);
-	    exit(1);
-	}
-    }
-
-    /* load the signer's X.509 certificate */
-    if (certfile != NULL)
-    {
-	if (!load_cert(certfile, "signer cert", &signercert))
-	    exit(1);
-	signer = signercert.u.x509;
-    }
-
-    /* load the users's X.509 certificate */
-    if (usercertfile != NULL)
-    {
-	if (!load_cert(usercertfile, "user cert", &usercert))
-	    exit(1);
-	user = usercert.u.x509;
-    }
-    
-    /* compute validity interval */
-    validity = (validity)? validity : default_validity;
-    notBefore = (notBefore) ? notBefore : time(NULL);
-    notAfter = (notAfter) ? notAfter : notBefore + validity;
-
-    /* build and parse attribute certificate */
-    if (user != NULL && signer != NULL && signerkey != NULL)
-    {
-	/* read the serial number and increment it by one */
-	serial = read_serial();
-
-	attr_cert = build_attr_cert();
-	ac = alloc_thing(x509acert_t, "x509acert");
-	*ac = empty_ac;
-	parse_ac(attr_cert, ac);
-	
-	/* write the attribute certificate to file */
-	if (write_chunk(outfile, "attribute cert", attr_cert, 0022, TRUE))
-	    write_serial(serial);
-    }
-
-    /* delete all dynamic objects */
-    if (signerkey != NULL)
-    {
-	free_RSA_private_content(signerkey);
-	pfree(signerkey);
-    }
-    free_x509cert(signercert.u.x509);
-    free_x509cert(usercert.u.x509);
-    free_ietfAttrList(groups);
-    free_acert(ac);
-    pfree(serial.ptr);
-
-#ifdef LEAK_DETECTIVE
-    report_leaks();
-#endif /* LEAK_DETECTIVE */
-    close_log();
-    exit(0);
-}