diff options
Diffstat (limited to 'programs/_keycensor')
| -rw-r--r-- | programs/_keycensor/.cvsignore | 1 | ||||
| -rw-r--r-- | programs/_keycensor/Makefile | 43 | ||||
| -rw-r--r-- | programs/_keycensor/_keycensor.8 | 33 | ||||
| -rwxr-xr-x | programs/_keycensor/_keycensor.in | 52 |
4 files changed, 129 insertions, 0 deletions
diff --git a/programs/_keycensor/.cvsignore b/programs/_keycensor/.cvsignore new file mode 100644 index 000000000..97d0bb2bf --- /dev/null +++ b/programs/_keycensor/.cvsignore @@ -0,0 +1 @@ +_keycensor diff --git a/programs/_keycensor/Makefile b/programs/_keycensor/Makefile new file mode 100644 index 000000000..bc495328f --- /dev/null +++ b/programs/_keycensor/Makefile @@ -0,0 +1,43 @@ +# Makefile for miscelaneous programs +# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ + +FREESWANSRCDIR=../.. +include ${FREESWANSRCDIR}/Makefile.inc + +PROGRAM=_keycensor +PROGRAMDIR=${LIBDIR} + +include ../Makefile.program + +# +# $Log: Makefile,v $ +# Revision 1.1 2004/03/15 20:35:27 as +# added files from freeswan-2.04-x509-1.5.3 +# +# Revision 1.3 2002/08/02 16:01:15 mcr +# moved user visible programs to $PREFIX/libexec, while moving +# private files to $PREFIX/lib. +# +# Revision 1.2 2002/06/02 22:02:14 mcr +# changed TOPDIR->FREESWANSRCDIR in all Makefiles. +# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the +# kernel sense.) +# +# Revision 1.1 2002/04/24 07:55:32 mcr +# #include patches and Makefiles for post-reorg compilation. +# +# +# + diff --git a/programs/_keycensor/_keycensor.8 b/programs/_keycensor/_keycensor.8 new file mode 100644 index 000000000..89a97a9f9 --- /dev/null +++ b/programs/_keycensor/_keycensor.8 @@ -0,0 +1,33 @@ +.TH _KEYCENSOR 8 "25 Apr 2002" +.\" +.\" RCSID $Id: _keycensor.8,v 1.1 2004/03/15 20:35:27 as Exp $ +.\" +.SH NAME +ipsec _keycensor \- internal routine to remove sensitive information +.SH DESCRIPTION +.I _keycensor +is used by +.B ipsec barf +to process the /etc/ipsec.secrets file, removing private key info. +.SH "SEE ALSO" +ipsec(8), ipsec_barf(8) +.SH HISTORY +Man page written for the Linux FreeS/WAN project <http://www.freeswan.org/> +by Michael Richardson. Original program by Henry Spencer. +.\" +.\" $Log: _keycensor.8,v $ +.\" Revision 1.1 2004/03/15 20:35:27 as +.\" added files from freeswan-2.04-x509-1.5.3 +.\" +.\" Revision 1.2 2002/04/29 22:39:31 mcr +.\" added basic man page for all internal commands. +.\" +.\" Revision 1.1 2002/04/26 01:21:43 mcr +.\" while tracking down a missing (not installed) /etc/ipsec.conf, +.\" MCR has decided that it is not okay for each program subdir to have +.\" some subset (determined with -f) of possible files. +.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. +.\" Optional PROGRAM.5 files have been added to the makefiles. +.\" +.\" +.\" diff --git a/programs/_keycensor/_keycensor.in b/programs/_keycensor/_keycensor.in new file mode 100755 index 000000000..7d6f257e5 --- /dev/null +++ b/programs/_keycensor/_keycensor.in @@ -0,0 +1,52 @@ +#! /bin/sh +# implements key censoring for barf +# Copyright (C) 1999, 2002 Henry Spencer. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: _keycensor.in,v 1.1 2004/03/15 20:35:27 as Exp $ + +usage="Usage: $0 [file ...]" +me="ipsec _keycensor" + +for dummy +do + case "$1" in + --help) echo "$usage" ; exit 0 ;; + --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; + --) shift ; break ;; + -*) echo "$0: unknown option \`$1'" >&2 ; exit 2 ;; + *) break ;; + esac + shift +done + +awk ' /(sig|enc|auth)key[ \t]*=[ \t]*[^%]/ { + i = match($0, /key[ \t]*=[ \t]*/) + i += RLENGTH + cold = substr($0, 1, i-1) + hot = substr($0, i) + sub(/[ \t]+(#.*)?$/, "", hot) + q = "'"'"'" # single quote + if (hot ~ q) + cooled = "[cannot be condensed]" + else if (hot ~ /^0s/) + cooled = "[keyid " substr(hot, 3, 9) "]" + else { + run = "echo " q hot q " | md5sum" + run | getline + close(run) + cooled = "[sums to " substr($1, 1, 4) "...]" + } + print cold cooled + next + } + { print }' $* |