Major new upstream release, just ran svn-upgrade for now (and wrote some

debian/changelong entries).

1 files changed, 0 insertions, 319 deletions

diff --git a/programs/pluto/whack.h b/programs/pluto/whack.h
deleted file mode 100644
index 755918a2c..000000000
--- a/programs/pluto/whack.h
+++ /dev/null
@@ -1,319 +0,0 @@
-/* Structure of messages from whack to Pluto proper.
- * Copyright (C) 1998-2001  D. Hugh Redelmeier.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: whack.h,v 1.17 2006/10/19 15:18:43 as Exp $
- */
-
-#ifndef _WHACK_H
-#define _WHACK_H
-
-#include <freeswan.h>
-
-#include "smartcard.h"
-
-/* Since the message remains on one host, native representation is used.
- * Think of this as horizontal microcode: all selected operations are
- * to be done (in the order declared here).
- *
- * MAGIC is used to help detect version mismatches between whack and Pluto.
- * Whenever the interface (i.e. this struct) changes in form or
- * meaning, change this value (probably by changing the last number).
- *
- * If the command only requires basic actions (status or shutdown),
- * it is likely that the relevant part of the message changes less frequently.
- * Whack uses WHACK_BASIC_MAGIC in those cases.
- *
- * NOTE: no value of WHACK_BASIC_MAGIC may equal any value of WHACK_MAGIC.
- * Otherwise certain version mismatches will not be detected.
- */
-
-#define WHACK_BASIC_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 24)
-#define WHACK_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 26)
-
-typedef struct whack_end whack_end_t;
-
-/* struct whack_end is a lot like connection.h's struct end
- * It differs because it is going to be shipped down a socket
- * and because whack is a separate program from pluto.
- */
-struct whack_end {
-    char *id;		/* id string (if any) -- decoded by pluto */
-    char *cert;		/* path string (if any) -- loaded by pluto  */
-    char *ca;		/* distinguished name string (if any) -- parsed by pluto */
-    char *groups;	/* access control groups (if any) -- parsed by pluto */
-    ip_address
-	host_addr,
-	host_nexthop,
-	host_srcip;
-    ip_subnet client;
-
-    bool key_from_DNS_on_demand;
-    bool has_client;
-    bool has_client_wildcard;
-    bool has_port_wildcard;
-    bool has_srcip;
-    bool has_natip;
-    bool modecfg;
-    bool hostaccess;
-    certpolicy_t sendcert;
-    char *updown;		/* string */
-    u_int16_t host_port;	/* host order */
-    u_int16_t port;		/* host order */
-    u_int8_t protocol;
-#ifdef VIRTUAL_IP
-    char *virt;
-#endif
- };
-
-typedef struct whack_message whack_message_t;
-
-struct whack_message {
-    unsigned int magic;
-
-    /* for WHACK_STATUS: */
-    bool whack_status;
-    bool whack_statusall;
-
-
-    /* for WHACK_SHUTDOWN */
-    bool whack_shutdown;
-
-    /* END OF BASIC COMMANDS
-     * If you change anything earlier in this struct, update WHACK_BASIC_MAGIC.
-     */
-
-    /* name is used in connection, ca and initiate */
-    size_t name_len;	/* string 1 */
-    char *name;
-
-    /* for WHACK_OPTIONS: */
-
-    bool whack_options;
-
-    lset_t debugging;	/* only used #ifdef DEBUG, but don't want layout to change */
-
-    /* for WHACK_CONNECTION */
-
-    bool whack_connection;
-    bool whack_async;
-
-    lset_t policy;
-    time_t sa_ike_life_seconds;
-    time_t sa_ipsec_life_seconds;
-    time_t sa_rekey_margin;
-    unsigned long sa_rekey_fuzz;
-    unsigned long sa_keying_tries;
-
-    /* For DPD 3706 - Dead Peer Detection */
-    time_t dpd_delay;
-    time_t dpd_timeout;
-    dpd_action_t dpd_action;
-
-    /*  note that each end contains string 2/5.id, string 3/6 cert,
-     *  and string 4/7 updown
-     */
-    whack_end_t left;
-    whack_end_t right;
-
-    /* note: if the client is the gateway, the following must be equal */
-    sa_family_t addr_family;	/* between gateways */
-    sa_family_t tunnel_addr_family;	/* between clients */
-
-    char *ike;		/* ike algo string (separated by commas) */
-    char *pfsgroup;	/* pfsgroup will be "encapsulated" in esp string for pluto */
-    char *esp;		/* esp algo string (separated by commas) */
-
-    /* for WHACK_KEY: */
-    bool whack_key;
-    bool whack_addkey;
-    char *keyid;	/* string 8 */
-    enum pubkey_alg pubkey_alg;
-    chunk_t keyval;	/* chunk */
-
-    /* for WHACK_MYID: */
-    bool whack_myid;
-    char *myid;	/* string 7 */
-
-    /* for WHACK_ROUTE: */
-    bool whack_route;
-
-    /* for WHACK_UNROUTE: */
-    bool whack_unroute;
-
-    /* for WHACK_INITIATE: */
-    bool whack_initiate;
-
-    /* for WHACK_OPINITIATE */
-    bool whack_oppo_initiate;
-    ip_address oppo_my_client, oppo_peer_client;
-
-    /* for WHACK_TERMINATE: */
-    bool whack_terminate;
-
-    /* for WHACK_DELETE: */
-    bool whack_delete;
-
-    /* for WHACK_DELETESTATE: */
-    bool whack_deletestate;
-    so_serial_t whack_deletestateno;
-
-    /* for WHACK_LISTEN: */
-    bool whack_listen, whack_unlisten;
-
-    /* for WHACK_CRASH - note if a remote peer is known to have rebooted */
-    bool whack_crash;
-    ip_address whack_crash_peer;
-
-    /* for WHACK_LIST */
-    bool whack_utc;
-    lset_t whack_list;
-
-    /* for WHACK_PURGEOCSP */
-    bool whack_purgeocsp;
-
-    /* for WHACK_REREAD */
-    u_char whack_reread;
-
-    /* for WHACK_CA */
-    bool whack_ca;
-    bool whack_strict;
-
-    char *cacert;
-    char *ldaphost;
-    char *ldapbase;
-    char *crluri;
-    char *crluri2;
-    char *ocspuri;
-
-    /* for WHACK_SC_OP */
-    sc_op_t whack_sc_op;
-    int inbase, outbase;
-    char *sc_data;
-
-    /* space for strings (hope there is enough room):
-     * Note that pointers don't travel on wire.
-     *  1 connection name [name_len]
-     *  2 left's name [left.host.name.len]
-     *  3 left's cert
-     *  4 left's ca
-     *  5 left's groups
-     *  6 left's updown
-     *  7 right's name [left.host.name.len]
-     *  8 right's cert
-     *  9 right's ca
-     * 10 right's groups
-     * 11 right's updown
-     * 12 keyid
-     * 13 myid
-     * 14 cacert
-     * 15 ldaphost
-     * 16 ldapbase
-     * 17 crluri
-     * 18 crluri2
-     * 19 ocspuri
-     * 20 ike
-     " 21 esp
-     * 22 rsa_data
-     * plus keyval (limit: 8K bits + overhead), a chunk.
-     */
-    size_t str_size;
-    char string[2048];
-};
-
-/* Codes for status messages returned to whack.
- * These are 3 digit decimal numerals.  The structure
- * is inspired by section 4.2 of RFC959 (FTP).
- * Since these will end up as the exit status of whack, they
- * must be less than 256.
- * NOTE: ipsec_auto(8) knows about some of these numbers -- change carefully.
- */
-enum rc_type {
-    RC_COMMENT,		/* non-commital utterance (does not affect exit status) */
-    RC_WHACK_PROBLEM,	/* whack-detected problem */
-    RC_LOG,		/* message aimed at log (does not affect exit status) */
-    RC_LOG_SERIOUS,	/* serious message aimed at log (does not affect exit status) */
-    RC_SUCCESS,		/* success (exit status 0) */
-
-    /* failure, but not definitive */
-
-    RC_RETRANSMISSION = 10,
-
-    /* improper request */
-
-    RC_DUPNAME = 20,	/* attempt to reuse a connection name */
-    RC_UNKNOWN_NAME,	/* connection name unknown or state number */
-    RC_ORIENT,		/* cannot orient connection: neither end is us */
-    RC_CLASH,		/* clash between two Road Warrior connections OVERLOADED */
-    RC_DEAF,		/* need --listen before --initiate */
-    RC_ROUTE,		/* cannot route */
-    RC_RTBUSY,		/* cannot unroute: route busy */
-    RC_BADID,		/* malformed --id */
-    RC_NOKEY,		/* no key found through DNS */
-    RC_NOPEERIP,	/* cannot initiate when peer IP is unknown */
-    RC_INITSHUNT,	/* cannot initiate a shunt-oly connection */
-    RC_WILDCARD,	/* cannot initiate when ID has wildcards */
-    RC_NOVALIDPIN,	/* cannot initiate without valid PIN */
-
-    /* permanent failure */
-
-    RC_BADWHACKMESSAGE = 30,
-    RC_NORETRANSMISSION,
-    RC_INTERNALERR,
-    RC_OPPOFAILURE,	/* Opportunism failed */
-
-    /* entry of secrets */
-    RC_ENTERSECRET = 40,
-    
-    /* progress: start of range for successful state transition.
-     * Actual value is RC_NEW_STATE plus the new state code.
-     */
-    RC_NEW_STATE = 100,
-
-    /* start of range for notification.
-     * Actual value is RC_NOTIFICATION plus code for notification
-     * that should be generated by this Pluto.
-     */
-    RC_NOTIFICATION = 200	/* as per IKE notification messages */
-};
-
-/* options of whack --list*** command */
-
-#define LIST_NONE	0x0000	/* don't list anything */
-#define LIST_ALGS	0x0001	/* list all registered IKE algorithms */
-#define LIST_PUBKEYS	0x0002	/* list all public keys */
-#define LIST_CERTS	0x0004	/* list all host/user certs */
-#define LIST_CACERTS	0x0008	/* list all ca certs */
-#define LIST_ACERTS	0x0010	/* list all attribute certs */
-#define LIST_AACERTS	0x0020	/* list all aa certs */
-#define LIST_OCSPCERTS	0x0040	/* list all ocsp certs */
-#define LIST_GROUPS	0x0080	/* list all access control groups */
-#define LIST_CAINFOS	0x0100	/* list all ca information records */
-#define LIST_CRLS	0x0200	/* list all crls */
-#define LIST_OCSP	0x0400	/* list all ocsp cache entries */
-#define LIST_CARDS	0x0800	/* list all smartcard records */
-
-#define LIST_ALL	LRANGES(LIST_ALGS, LIST_CARDS)  /* all list options */
-
-/* options of whack --reread*** command */
-
-#define REREAD_NONE	  0x00	/* don't reread anything */
-#define REREAD_SECRETS	  0x01	/* reread /etc/ipsec.secrets */
-#define REREAD_CACERTS	  0x02	/* reread certs in /etc/ipsec.d/cacerts */
-#define REREAD_AACERTS	  0x04	/* reread certs in /etc/ipsec.d/aacerts */
-#define REREAD_OCSPCERTS  0x08	/* reread certs in /etc/ipsec.d/ocspcerts */
-#define REREAD_ACERTS     0x10	/* reread certs in /etc/ipsec.d/acerts */
-#define REREAD_CRLS	  0x20	/* reread crls in /etc/ipsec.d/crls */
-
-#define REREAD_ALL	LRANGES(REREAD_SECRETS, REREAD_CRLS)  /* all reread options */
-
-#endif /* _WHACK_H */